ā10-07-2024 03:00 AM
I found interesting things in ISE 3.2. I configured policy set for some users after some time I wanted to get report "TACACS Command Accounting" and for users with policy set I could see only two commands
terminal no monitor
terminal pager 0
but if I open detail report on the "Live Logs" I can see that there are commands which I permited
for other users without comands policy sets (just priv 15) I can see all the command which were performed on the device
problem only for FW
ā10-07-2024 05:27 AM
What is "FW"? Sounds like the NAD is not sending or is not properly configured for TACACS+ Accounting.
ā10-07-2024 05:49 AM
Firewall, not properly? But why for users without tacacs command policy sets I can see every commands via report?
ā10-07-2024 05:52 AM
What is the firewall device? Maybe that particular NAD doesn't send TACACS+ accounting when a command set is applied for TACACS+ Authorization? Not sure. Where as if no command set is assigned then the NAD does send TACACS+ accounting?
ā10-07-2024 05:58 AM
It's different, frp1010/2120/4125 with asa software. Don't know why, I just delete command set for particular users and after it I can see via report. And I can see every commands for users with command set via Tacacs Live page. Strange behaviour
ā10-07-2024 06:06 AM
ā10-08-2024 01:50 AM
We are going to move to FTD next year.
ā10-07-2024 06:11 AM - edited ā10-07-2024 06:18 AM
The command is from FMC for firepower so you need to config fmc with ISE tacacs
Also same for ASDM (not sure how we can config it).
I. E. FW need to use cli for tacacs work correctly
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide