How to add Network Access Device to ISE 3.0

Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: ISE 3.0
Platform: ISE Virtual Appliance, ISE Physical Appliance 

When a RADIUS client (switch, firewall, AP controller, etc.) is prompted to communicate with a RADIUS server it must be defined as Network Access Device (NAD) on the RADIUS server (ISE in this case). Otherwise, all authentication attempts will result in a failure. Before NAD is added to ISE 3.0, it is still possible to define the structure of NAD for better organization. Groups, NAD Locations, and Types can be specified. These attributes can be used while building Authentication (AuthC) and Authorization (AuthZ) rules.  

Follow the steps below to define new network device groups and add a new network device to ISE.  

Step 1 – Navigate to the Network Device Groups menu

Step 2 – Add a Device Type Group

In our case, we name the group “Test”

Step 3 – Add a Device Location Group

We’ll call our location “Lab”

Step 4 – Navigate to Network Devices Menu

Step 5 – Add a new Device

Don’t forget to include it in previously configured groups.

After saving the changes, the device should be accessible via RADIUS, implying that the RADIUS server is specified on the device itself.

In our previous mini-tutorial, you can also check how to add NAD to ISE 2.1