Cisco ISE: Device Administration and Network Access (Explained)
Device Administration
We can control the access who can log in to a network device via Console, Telnet, SSH, or any other methods.
Device Administration is a process of AAA to control the access of network devices, which can by any method.
A device administrator is a user, who logs into the Network Devices such as Switches, Routers, etc. to configure and maintain the administered devices.
Network Access
– Network access can provide the identity of the device or user to the AAA server.
– AAA server has a key role in Network Access authentication and authorization.
– To filter legitimate users AAA Network access authentication is required.
– AAA authenticates the devices & control what these users are authorized for.
AAA Options
– Cisco Provides separate ways to implement AAA servers.
– The 2 main protocols are TACACS+ and RADIUS (Remote Authentication Dial-in User Service).
AAA with TACACS+ Protocol
– TACACS+ stands for Terminal Access Controller Access Control System Plus.
– TACACS+ is a Cisco Proprietary protocol, which is used to deliver AAA security services.
– TACACS+ provides centralized authorization to access the Network Devices (Switches, Routers, etc.).
– It provides the control on CLI Commands in a network as per user or group.
– It encrypts the entire packet but leaves a standard TACACS+ header.
AAA with RADIUS Protocol
– RADIUS stands for Remote Authentication Dial-in User Service.
– It is a protocol that secures the network against unauthorized access.
– NAD (Network Access Device) runs the RADIUS protocol and sends an authentication request to a AAA server.
– It contains user authentication and network service access information.
– It does not limit the administrators to which commands can be executed or not.
– RADIUS encrypts the password of the access-request packet only from client to server.
– It combines authentication and authorization processes.
We hope that we have cleared your doubts and have given you a better understanding of the 2 main protocols of Cisco ISE (Identity Services Engine) which are TACACS+ and RADIUS.
Now, you know about these protocols in detail, and you also know that which one is useful for you or your organization. As far as Zindagi Technologies is concerned then we are ready to help your organization in planning, designing, and deployment of various services like Data Centre deployment, collaboration services, Network Automation, IoT Services, Security Services, and Managed Services. We provide the solution for all these devices and as per your requirements also. Please connect with us at Zindagi Technologies or you can call us on +919773973971.
Author
Jagjeet Singh
Senior Network Security Consultant