Verify TACACS between Cisco ISE and Cisco DNA center

Today we are going to verify the intergration between Cisco ISE and Cisco DNA Center is configured and is focused on TACACS

As if the setup is SD-Access, you should know DNA Center and Cisco ISE should be integrated. As ISE is an integral part of SD-Access environment and each port of the SD Access fabric edge node authenticates the connecting endpoint and and after obtaining its access attributes from the Cisco ISE tags all communications from the endpoint.

Verify on the DNA center Side

Step 1Navigate to DNAC GUI -> System Settings-> Settings-> Authentication and Policy Servers. Once you navigate you need to verify TACACS protocol is configured and the ISE status is "ACTIVE". 

Fig 1.1- DNA Center Authentication and Policy Servers

Ok and if you think, TACACS protocol is not configured, you will need to configure and enable before proceeding. For that you need to see the below screen to configure the TACACS protocol

Fig 1.2- DNA Center Authentication and TACACS

Verify on the Cisco ISE Side

Step 1: Enable Device Admin Service. On Cisco ISE, navigate to Administration → System → Deployment , "Enable Device Admin Service

Fig 1.3- Cisco ISE Device Admin Service

Step 2: Configure TACACS Command Sets

Navigate to Work Centers → Device Administration → Policy Elements → Results → TACACS Command Sets → add the command set and select "Permit any command that is not listed below" option

Fig 1.4- Cisco ISE TACACS Command Set

Step 3: Configure TACACS Profiles

Navigate to Work Centers → Device Administration → Policy Elements add details as mentioned below & mention "cisco-av-pair" or "Cisco-AVPair" with required Role value.

Fig 1.5- Cisco ISE TACACS Profile

Step 4: Configure Authentication & Authorization Policies for TACACS

Navigate to Work Center → Device Administration → Device Admin Policy Set → Default

Fig 1.6- Cisco ISE TACACS Profile Default

So may be next steps can be configuring the network devices for the Cisco DNA Center  to use TACACS and add users and groups for the role in the Cisco DNA Center on to the Cisco ISE.