Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1424
Views
0
Helpful
2
Replies

Cisco ISE 2.6 TACACS+ Issue

Go to solution
Sergey Bezpalov
Level 1
Level 1

‎02-25-2019 01:56 PM - edited ‎03-08-2019 07:14 PM

Hello,

I have VM with Cisco ISE 2.6 (upgraded from 2.4).

I create Policy Set for some Fortinet devices with special TACACS Profile, and thise profile have several Custom Attributes.

Then authentication is passed my devices not get attributes, respond have only "{Authen-Reply-Status=Pass; }"

What could be the matter?

Thanks.

Preview file
61 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergey Bezpalov
Level 1
Level 1

‎04-27-2019 10:23 AM

Issue was on Forti (Gate/Analyzer) part.

 

config system admin tacacs
    edit "ISE-Cluster"
        set server "10.1.2.3"
        set key Where are we going with Piglet big-big secret
        set authen-type mschap
        set authorization enable
    next
end

Key set is "authorization enable", more info can be find here

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-27-2019 01:21 PM

Please enter this command on your NAD global config and test:
radius-server vsa send

This command allows you to recognize and user vendor-specific attributes.

HTH!
0 Helpful

Go to solution
Sergey Bezpalov
Level 1
Level 1

‎04-27-2019 10:23 AM

Issue was on Forti (Gate/Analyzer) part.

 

config system admin tacacs
    edit "ISE-Cluster"
        set server "10.1.2.3"
        set key Where are we going with Piglet big-big secret
        set authen-type mschap
        set authorization enable
    next
end

Key set is "authorization enable", more info can be find here

 

0 Helpful
Customers Also Viewed These Support Documents