Verify TACACS between Cisco ISE and Cisco DNA center
Today we are going to verify the intergration between Cisco ISE and Cisco DNA Center is configured and is focused on TACACS
As if the setup is SD-Access, you should know DNA Center and Cisco ISE should be integrated. As ISE is an integral part of SD-Access environment and each port of the SD Access fabric edge node authenticates the connecting endpoint and and after obtaining its access attributes from the Cisco ISE tags all communications from the endpoint.
Verify on the DNA center Side
Step 1: Navigate to DNAC GUI -> System Settings-> Settings-> Authentication and Policy Servers. Once you navigate you need to verify TACACS protocol is configured and the ISE status is "ACTIVE".
 |
| Fig 1.1- DNA Center Authentication and Policy Servers |
Ok and if you think, TACACS protocol is not configured, you will need to configure and enable before proceeding. For that you need to see the below screen to configure the TACACS protocol
 |
| Fig 1.2- DNA Center Authentication and TACACS |
Verify on the Cisco ISE Side
Step 1: Enable Device Admin Service. On Cisco ISE, navigate to Administration → System → Deployment , "Enable Device Admin Service
 |
| Fig 1.3- Cisco ISE Device Admin Service |
Step 2: Configure TACACS Command Sets
Navigate to Work Centers → Device Administration → Policy Elements → Results → TACACS Command Sets → add the command set and select "Permit any command that is not listed below" option
 |
| Fig 1.4- Cisco ISE TACACS Command Set |
Step 3: Configure TACACS Profiles
Navigate to Work Centers → Device Administration → Policy Elements add details as mentioned below & mention "cisco-av-pair" or "Cisco-AVPair" with required Role value.
 |
| Fig 1.5- Cisco ISE TACACS Profile |
Step 4: Configure Authentication & Authorization Policies for TACACS
Navigate to Work Center → Device Administration → Device Admin Policy Set → Default
 |
| Fig 1.6- Cisco ISE TACACS Profile Default |
So may be next steps can be configuring the network devices for the Cisco DNA Center to use TACACS and add users and groups for the role in the Cisco DNA Center on to the Cisco ISE.
