US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
Phone: +1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43

How to add Network Access Device to ISE 3.0

Design & Configure

Cisco ISE 3.0: Adding NAD to ISE 

Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: ISE 3.0
Platform: ISE Virtual Appliance, ISE Physical Appliance 

When a RADIUS client (switch, firewall, AP controller, etc.) is prompted to communicate with a RADIUS server it must be defined as Network Access Device (NAD) on the RADIUS server (ISE in this case). Otherwise, all authentication attempts will result in a failure. Before NAD is added to ISE 3.0, it is still possible to define the structure of NAD for better organization. Groups, NAD Locations, and Types can be specified. These attributes can be used while building Authentication (AuthC) and Authorization (AuthZ) rules.  

Follow the steps below to define new network device groups and add a new network device to ISE. 

Step 1 – Navigate to the Network Device Groups menu

Network Device Groups Cisco ISE

Step 2 – Add a Device Type Group

In our case, we name the group “Test”

Device Type Group Name


Step 3 – Add a Device Location Group

We’ll call our location “Lab”

Device Location Group modal

Step 4 – Navigate to Network Devices Menu

Network Access Device Cisco


Step 5 – Add a new Device

Don’t forget to include it in previously configured groups.

ISE 3.0 configuration

Device profile cisco ise

Radius authentication settings

Radius DTLS Settings

Radius General Settings

After saving the changes, the device should be accessible via RADIUS, implying that the RADIUS server is specified on the device itself.


In our previous mini-tutorial, you can also check how to add NAD to ISE 2.1


Author: Jaroslaw Banakh