4. ISE 2 3: Device Administration (TACACS+)
62.8 هزار بار بازدید -
7 سال پیش
-
Cisco ISE provides centralized control
Cisco ISE provides centralized control of wired, wireless, and VPN with a threat focused lens. It also provides TACACS+.
Cisco ISE supports device administration using the Terminal Access Controller Access-Control System (TACACS+) security protocol to control and audit the configuration of network devices. The network devices are configured to query ISE for authentication and authorization of device administrator actions, and send accounting messages for ISE to log the actions. It facilitates granular control of who can access which network device and change the associated network settings. An ISE administrator can create policy sets that allow TACACS results, such as command sets and shell profiles, to be selected in authorization policy rules in a device administration access service. The ISE Monitoring node provides enhanced reports related to device administration. The Work Center menu contains all the device administration pages, which acts as a single start point for ISE administrators.
ISE requires a Device Administration license to use TACACS+.
**********************************
Please note: I did not show the condition creation for the authorization policy. This is done under "Work Centers/Device Administration/Policy Elements/Conditions/Library Conditions" then at the editor (left side of the screen) click the attribute - select "TACACS-User" Equals [the username] in my example. Now this condition is available as a selection within the authorization policy.
***************************
Cisco ISE supports device administration using the Terminal Access Controller Access-Control System (TACACS+) security protocol to control and audit the configuration of network devices. The network devices are configured to query ISE for authentication and authorization of device administrator actions, and send accounting messages for ISE to log the actions. It facilitates granular control of who can access which network device and change the associated network settings. An ISE administrator can create policy sets that allow TACACS results, such as command sets and shell profiles, to be selected in authorization policy rules in a device administration access service. The ISE Monitoring node provides enhanced reports related to device administration. The Work Center menu contains all the device administration pages, which acts as a single start point for ISE administrators.
ISE requires a Device Administration license to use TACACS+.
**********************************
Please note: I did not show the condition creation for the authorization policy. This is done under "Work Centers/Device Administration/Policy Elements/Conditions/Library Conditions" then at the editor (left side of the screen) click the attribute - select "TACACS-User" Equals [the username] in my example. Now this condition is available as a selection within the authorization policy.
***************************
7 سال پیش
در تاریخ 1396/05/15 منتشر شده
است.
62,888
بـار بازدید شده