How to add Network Access Device to ISE 3.0

Design & Configure

Cisco ISE 3.0: Adding NAD to ISE 

Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: ISE 3.0
Platform: ISE Virtual Appliance, ISE Physical Appliance 

When a RADIUS client (switch, firewall, AP controller, etc.) is prompted to communicate with a RADIUS server it must be defined as Network Access Device (NAD) on the RADIUS server (ISE in this case). Otherwise, all authentication attempts will result in a failure. Before NAD is added to ISE 3.0, it is still possible to define the structure of NAD for better organization. Groups, NAD Locations, and Types can be specified. These attributes can be used while building Authentication (AuthC) and Authorization (AuthZ) rules.  

Follow the steps below to define new network device groups and add a new network device to ISE. 

Step 1 – Navigate to the Network Device Groups menu

Network Device Groups Cisco ISE

Step 2 – Add a Device Type Group

In our case, we name the group “Test”

Device Type Group Name

 

Step 3 – Add a Device Location Group

We’ll call our location “Lab”

Device Location Group modal

Step 4 – Navigate to Network Devices Menu

Network Access Device Cisco

 

Step 5 – Add a new Device

Don’t forget to include it in previously configured groups.

ISE 3.0 configuration

Device profile cisco ise

Radius authentication settings

Radius DTLS Settings

Radius General Settings

After saving the changes, the device should be accessible via RADIUS, implying that the RADIUS server is specified on the device itself.

 

In our previous mini-tutorial, you can also check how to add NAD to ISE 2.1

 

Author: Jaroslaw Banakh
 
PreviousNext
 

Newsletter