cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
465
Views
0
Helpful
3
Replies

Can ISE TACACS report users IP address for logins failure in live logs

wags
Beginner
Beginner

On an ISE deployment that is running TACACS for access control of network routers and switches, is it possible to get the IP address of the user end-stations to display in the details of live logs?

 

ISE 3.1/operation/TACACS/live logs/

you can see that a bad userid was entered.  When you select the details, you get a lot of information, but unless I am missing something, I do not see the end-station IP address.

 

Anyone who has corporate scanners knows there are a lot of noise generated by attempts from those devices, but sometimes you would like to quickly check a failure that looks a bit odd/different to determine if it is friend or foe.

 

TIA

1 Accepted Solution

Accepted Solutions

andrewswanson
Rising star
Rising star

On ISE 2.7 I can see the end user's IP in the TACACs live logs under the column "Remote Address". Is this attribute enabled for display in the live logs? Click on the gear icon at the top right of the TACACs live logs to confirm.

 

hth

Andy

View solution in original post

3 Replies 3

MHM Cisco World
Advisor
Advisor

I think you need DHCP profile which make SW send IP address of host to ISE.