cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
325
Views
2
Helpful
7
Replies

Cisco ISE doesn't show set commands in TACACS Command Accounting

dijix1990
VIP
VIP

I found interesting things in ISE 3.2. I configured policy set for some users after some time I wanted to get report "TACACS Command Accounting" and for users with policy set I could see only two commands

terminal no monitor
terminal pager 0

but if I open detail report on the "Live Logs" I can see that there are commands which I permited

for other users without comands policy sets (just priv 15) I can see all the command which were performed on the device

problem only for FW

 

 

7 Replies 7

What is "FW"?  Sounds like the NAD is not sending or is not properly configured for TACACS+ Accounting.

Firewall, not properly? But why for users without tacacs command policy sets I can see every commands via report? 

What is the firewall device?  Maybe that particular NAD doesn't send TACACS+ accounting when a command set is applied for TACACS+ Authorization?  Not sure.  Where as if no command set is assigned then the NAD does send TACACS+ accounting?

It's different, frp1010/2120/4125 with asa software. Don't know why, I just delete command set for particular users and after it I can see via report. And I can see every commands for users with command set via Tacacs Live page. Strange behaviour 

Thatā€™s weird for sure, I would open a TAC case. Why ASA and not FTD though? Nothing to do with the question just curious

We are going to move to FTD next year.

The command is from FMC for firepower so you need to config fmc with ISE tacacs

Also same for ASDM (not sure how we can config it).

I. E. FW need to use cli for tacacs work correctly 

https://docs.calebsargeant.com/en/latest/networking/cisco/core-security/network-security-with-cisco-firepower/2.-configuring-aaa-on-an-ftd-appliance-for-use-with-cisco-ise.html

MHM