How To: ISE TACACS+ Configuration for Cisco NX-OS Network Devices

January 2016


Terminal Access Controller Access Control System Plus (TACACS+) is a client-server protocol that provides centralized security control for management access to routers and many other types of network access devices. TACACS+ provides these AAA services:

  • Authentication – Who the users are
  • Authorization – What they are allowed to do
  • Accounting – Who did what and when


This document provides configuration examples for TACACS+ with the Cisco Identity Services Engine (ISE) as the TACACS+ server and a Cisco NX-OS network device as the TACACS+ client.


This guide divides the activities into two parts to enable ISE to manage administrative access for Cisco IOS based network devices.

  • Part 1 – Configure ISE for Device Admin
  • Part 2 – Configure Cisco NX-OS for TACACS+


The information in this document is based on the software and hardware versions below:

  • ISE VMware virtual appliance, Release 2.0
  • Cisco Nexus1000V (N1Kv) for VMware vSphere, Cisco NX-OS 5.2(1)SV3(1.10)