https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204526#M592246 <P>The command is from FMC for firepower so you need to config fmc with ISE tacacs</P> <P>Also same for ASDM (not sure how we can config it).</P> <P>I. E. FW need to use cli for tacacs work correctly&nbsp;</P> <P><A href="https://docs.calebsargeant.com/en/latest/networking/cisco/core-security/network-security-with-cisco-firepower/2.-configuring-aaa-on-an-ftd-appliance-for-use-with-cisco-ise.html" target="_blank">https://docs.calebsargeant.com/en/latest/networking/cisco/core-security/network-security-with-cisco-firepower/2.-configuring-aaa-on-an-ftd-appliance-for-use-with-cisco-ise.html</A></P> <P>MHM</P> Mon, 07 Oct 2024 13:18:12 GMT MHM Cisco World 2024-10-07T13:18:12Z https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204420#M592231 <P>I found interesting things in ISE 3.2. I configured policy set for some users after some time I wanted to get report "TACACS Command Accounting" and for users with policy set I could see only two commands</P> <LI-CODE lang="markup">terminal no monitor terminal pager 0</LI-CODE> <P>but if I open detail report on the&nbsp;<A class="" href="https://ise02-nsk.global.bcs/admin/#monitor/tacacs_logs/monitor_dashboard_tacacsauthandauthz_v2" data-item-id="monitor_dashboard_tacacsauthandauthz_v2" data-level="3" target="_blank">"Live Logs</A>" I can see that there are commands which I permited</P> <P>for other users without comands policy sets (just priv 15) I can see all the command which were&nbsp;<SPAN class="EzKURWReUAB5oZgtQNkl" data-src-align="0:11">performed on the device</SPAN></P> <P><SPAN class="EzKURWReUAB5oZgtQNkl" data-src-align="0:11">problem only for FW</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 07 Oct 2024 10:00:02 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204420#M592231 dijix1990 2024-10-07T10:00:02Z https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204495#M592236 <P>What is "FW"?&nbsp; Sounds like the NAD is not sending or is not properly configured for TACACS+ Accounting.</P> Mon, 07 Oct 2024 12:27:20 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204495#M592236 ahollifield 2024-10-07T12:27:20Z https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204512#M592239 <P>Firewall, not properly? But why for users without tacacs command policy sets I can see every commands via report?&nbsp;</P> Mon, 07 Oct 2024 12:49:46 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204512#M592239 dijix1990 2024-10-07T12:49:46Z https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204513#M592240 <P>What is the firewall device?&nbsp; Maybe that particular NAD doesn't send TACACS+ accounting when a command set is applied for TACACS+ Authorization?&nbsp; Not sure.&nbsp; Where as if no command set is assigned then the NAD does send TACACS+ accounting?</P> Mon, 07 Oct 2024 12:52:19 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204513#M592240 ahollifield 2024-10-07T12:52:19Z https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204517#M592242 <P>It's different, frp1010/2120/4125 with asa software. Don't know why, I just delete command set for particular users and after it I can see via report. And I can see every commands for users with command set via Tacacs Live page. Strange behaviour&nbsp;</P> Mon, 07 Oct 2024 12:58:37 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204517#M592242 dijix1990 2024-10-07T12:58:37Z https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204522#M592245 That’s weird for sure, I would open a TAC case. Why ASA and not FTD though? Nothing to do with the question just curious <BR /> Mon, 07 Oct 2024 13:06:10 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204522#M592245 ahollifield 2024-10-07T13:06:10Z https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204526#M592246 <P>The command is from FMC for firepower so you need to config fmc with ISE tacacs</P> <P>Also same for ASDM (not sure how we can config it).</P> <P>I. E. FW need to use cli for tacacs work correctly&nbsp;</P> <P><A href="https://docs.calebsargeant.com/en/latest/networking/cisco/core-security/network-security-with-cisco-firepower/2.-configuring-aaa-on-an-ftd-appliance-for-use-with-cisco-ise.html" target="_blank">https://docs.calebsargeant.com/en/latest/networking/cisco/core-security/network-security-with-cisco-firepower/2.-configuring-aaa-on-an-ftd-appliance-for-use-with-cisco-ise.html</A></P> <P>MHM</P> Mon, 07 Oct 2024 13:18:12 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5204526#M592246 MHM Cisco World 2024-10-07T13:18:12Z https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5205068#M592280 <P>We are going to move to FTD next year.</P> Tue, 08 Oct 2024 08:50:26 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-doesn-t-show-set-commands-in-tacacs-command-accounting/m-p/5205068#M592280 dijix1990 2024-10-08T08:50:26Z