https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545608#M530152 <HTML><HEAD></HEAD><BODY><P>No, log suppression is for RADIUS only but not for T+. No known workaround.</P></BODY></HTML> Tue, 18 Apr 2017 21:09:27 GMT hslai 2017-04-18T21:09:27Z https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545607#M530151 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I understand in ISE, repeated RADIUS requests can be suppressed under <SPAN style="color: #000000; font-family: Calibri; font-size: 14.666666984558105px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px;">Administration&gt;System&gt;Settings&gt;Protocols&gt;RADIUS.&nbsp; Screenshot attached.&nbsp; <IMG alt="Untitled.tiff" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/106351_Untitled.tiff" style="max-width: 620px; height: auto;" /><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Calibri; font-size: 14.666666984558105px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px;"><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Calibri; font-size: 14.666666984558105px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px;">Are there plans to extend this suppression capability to TACACS?</SPAN></P><P><SPAN style="color: #000000; font-family: Calibri; font-size: 14.666666984558105px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px;"><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Calibri; font-size: 14.666666984558105px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px;">The scenario is customer runs a monthly vulnerability scan on their infrastructure devices (switches, WLCs, firewalls).&nbsp; Vulnerability scan software makes repeated login attempts on the infrastructure devices, which is flooding ISE and causing adverse performance issues.&nbsp; Can suppression be configured for TACACS requests as well?&nbsp; If not, what is the recommended workaround?</SPAN></P><P><SPAN style="color: #000000; font-family: Calibri; font-size: 14.666666984558105px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px;"><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Calibri; font-size: 14.666666984558105px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px;">Thanks in advance.<BR /></SPAN></P></BODY></HTML> Tue, 18 Apr 2017 04:30:32 GMT https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545607#M530151 Allen P Chen 2017-04-18T04:30:32Z https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545608#M530152 <HTML><HEAD></HEAD><BODY><P>No, log suppression is for RADIUS only but not for T+. No known workaround.</P></BODY></HTML> Tue, 18 Apr 2017 21:09:27 GMT https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545608#M530152 hslai 2017-04-18T21:09:27Z https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545609#M530154 <HTML><HEAD></HEAD><BODY><P>Recommended workaround is to throttle their tool's usage to a more acceptable level of performance impact.</P></BODY></HTML> Tue, 18 Apr 2017 21:13:32 GMT https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545609#M530154 thomas 2017-04-18T21:13:32Z https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545610#M530155 <HTML><HEAD></HEAD><BODY><P>Hi Hsing and Thomas,</P><P></P><P>Thanks for the replies.&nbsp; I have already provided the customer recommendations, including limiting access to infrastructure devices to management endpoints, control plane policing for management protocols on infrastructure devices, etc.&nbsp; However, as ISE is positioned as the replacement for ACS, and since there is RADIUS suppression available, I would think TACACS suppression should be a natural extension of that.</P><P></P><P>Thanks again for the insights.</P></BODY></HTML> Tue, 18 Apr 2017 21:18:30 GMT https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545610#M530155 Allen P Chen 2017-04-18T21:18:30Z https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545611#M530156 <HTML><HEAD></HEAD><BODY><P>I'll forward your request to the Product Manager!</P></BODY></HTML> Tue, 18 Apr 2017 21:24:04 GMT https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3545611#M530156 thomas 2017-04-18T21:24:04Z https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3730068#M530157 <P>Hello, I have a customer asking this same question and I'm wondering if there's any discussions with the BU that came of this feature request. The customer would like to suppress the service account logs that they see in their TACACS Live Logs. Currently I recommended a filter but they'd like to know if there's a way to do it without a filter. </P> <P>&nbsp;</P> <P>Thanks!</P> Mon, 22 Oct 2018 18:02:35 GMT https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3730068#M530157 rwehe 2018-10-22T18:02:35Z https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3730164#M530158 <P>The fix&nbsp;CSCvb45390 is likely coming in next patch releases of&nbsp;shipping ISE 2.x.</P> Mon, 22 Oct 2018 20:22:46 GMT https://community.cisco.com/t5/network-access-control/tacacs-suppression/m-p/3730164#M530158 hslai 2018-10-22T20:22:46Z