why do device adminnistration using cisco identity service engine (ISE)

This time, I would like to explain why enterprises use one of the Cisco Solution called Device Administration feature in ISE (Identify Service Engine).
‍‍‍‍‍‍
Mainly it is for Authentication, Authorization and Accounting which is called AAA shortly.‍‍‍‍‍‍
‍‍‍‍‍‍
Normally in enterprises which haven’t applied Device Administration Features, user accounts must be configured in all single network devices such as Switches and routers. However, if we use Device Administration Features in ISE, we would only have to create respective user accounts by adding Device IP and Device name of all network devices at GUI (Graphical User Interface) of ISE. On the other way, we can make centralized management for all user accounts of all devices from ISE.‍‍‍‍‍‍
‍‍‍‍‍‍
Device Administration Features contain Authentication in which users can be examined by whether he has access for the devices or not. ISE uses Authentication Protocols such as TACACS+ or RADIUS. There we can define and limit which commands that a user can run in network devices (switches or routers).
‍‍‍‍‍‍
For example, we can specify the Authorization Level like an admin user can run all of the commands for switches, a normal user can only use show commands, etc. Moreover, Accounting in which can record who accessed which network devices, which commands he run and which configuration changes were made, and it occurred when, etc. It meant that we can get centralized visibility of user actions.‍‍‍‍‍‍
‍‍‍‍‍‍
Above are the reasons why enterprises use Device Administration Features of ISE (Identity Search Engine).

Don’t forget to share this post!