Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ise and switch authentication and privilege level

Hi Guys,

I'm working on an eval on vmware. I have got everything working for wlan authentication and I’m working on shell authentication for switches. On the ACS you have the possibility to give the user privilege level on the switch. You can do this with shell profiles in ACS.

Is there a way to get this done in ISE? I was thinking to make a result policy elements but I can't find a shell profile or privilege attributes like in ACS.

For the record, switch authentication is working with Active Directory. I only need to know how to give the right return attribute.

I appreciate any help!


New Member

ise and switch authentication and privilege level

ISE (as of now) doesnt support TACACS+ ; hence you will not be able to do shell profiles/priv. commands.

New Member

Re: ise and switch authentication and privilege level


You were in the right area. 

Policy->Results->Authorization->Authorization Profiles.

Create AuthZ profile for Access-Accept and Under the Advanced Attributes Settings you can use:

Cisco:cisco-av-pair = shell:priv-lvl=15

or whatever privilege level you want to assign.

On your AuthZ rule, match the conditions and apply the created profile.


I've tested this recently

CreatePlease to create content