Cisco ISE: Adding Network Devices

In ISE, switches are referred to as a Network Access Device (NAD).  Other NAD devices include wireless LAN controllers and VPN concentrators.  NADs are responsible for enforcing ISE policies on devices connecting to the network with MAB authentication via RADIUS, as well as authorization of remote device administration over SSH via TACACS+.

Before a switch will act as a NAD, it needs to be added to ISE as an object and configured for use as both a RADIUS and TACACS server with a shared key.

To add a new switch to act as a NAD in ISE:

  1. Navigate to Administration > Network Resources > Network Devices.
  2. Click the + Add button.
  3. Configure the following attribute fields:
    1. Name: Type in the hostname of the switch.
    1. IP Address:         Type the management IP address of the switch.
    1. Location:            Click the drop-down and select Location.
    1. IPSEC:                 Click the drop-down and select Is IPSEC Device.
    1. Device Type:      Click the drop-down and select Device-Type.
  4. Click the checkbox next to RADIUS Authentication Settings and configure the Shared Secret.
  5. Click the checkbox next to TACACS Authentication Settings and configure the Shared Secret.
  6. Click the Submit button to complete the configuration.

To edit the configuration of an existing device:

  1. Navigate to Administration > Network Resources > Network Devices.
  2. Click the checkbox next to the device to configure.
    Tip:  You can click the Show: drop down box and select Quick Filter option to search for a specific device using the Name or IP column.
  3. Click the Edit button.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s