Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
935
Views
2
Helpful
7
Replies

Cisco ISE doesn't show set commands in TACACS Command Accounting

dijix1990
VIP Alumni
VIP Alumni

‎10-07-2024 03:00 AM

I found interesting things in ISE 3.2. I configured policy set for some users after some time I wanted to get report "TACACS Command Accounting" and for users with policy set I could see only two commands

terminal no monitor
terminal pager 0

but if I open detail report on the "Live Logs" I can see that there are commands which I permited

for other users without comands policy sets (just priv 15) I can see all the command which were performed on the device

problem only for FW

 

 

2 people had this problem
Labels:
7 Replies 7

ahollifield
VIP
VIP

‎10-07-2024 05:27 AM

What is "FW"?  Sounds like the NAD is not sending or is not properly configured for TACACS+ Accounting.

0 Helpful

dijix1990
VIP Alumni
VIP Alumni
In response to ahollifield

‎10-07-2024 05:49 AM

Firewall, not properly? But why for users without tacacs command policy sets I can see every commands via report? 

0 Helpful

ahollifield
VIP
VIP
In response to dijix1990

‎10-07-2024 05:52 AM

What is the firewall device?  Maybe that particular NAD doesn't send TACACS+ accounting when a command set is applied for TACACS+ Authorization?  Not sure.  Where as if no command set is assigned then the NAD does send TACACS+ accounting?

0 Helpful

dijix1990
VIP Alumni
VIP Alumni
In response to ahollifield

‎10-07-2024 05:58 AM

It's different, frp1010/2120/4125 with asa software. Don't know why, I just delete command set for particular users and after it I can see via report. And I can see every commands for users with command set via Tacacs Live page. Strange behaviour 

ahollifield
VIP
VIP
In response to dijix1990

‎10-07-2024 06:06 AM

That’s weird for sure, I would open a TAC case. Why ASA and not FTD though? Nothing to do with the question just curious
0 Helpful

dijix1990
VIP Alumni
VIP Alumni
In response to ahollifield

‎10-08-2024 01:50 AM

We are going to move to FTD next year.

0 Helpful

MHM Cisco World
VIP
VIP
In response to dijix1990

‎10-07-2024 06:11 AM - edited ‎10-07-2024 06:18 AM

The command is from FMC for firepower so you need to config fmc with ISE tacacs

Also same for ASDM (not sure how we can config it).

I. E. FW need to use cli for tacacs work correctly 

https://docs.calebsargeant.com/en/latest/networking/cisco/core-security/network-security-with-cisco-firepower/2.-configuring-aaa-on-an-ftd-appliance-for-use-with-cisco-ise.html

MHM

0 Helpful
Top