03-13-2019 06:40 AM
Hi guys,
One of my clients is asking if it’s possible for a tacacs user account in ISE to bypass all logging and audit type features ?
Such an account will only authenticate and the password should never be decipherable.
Any sort of auth logs including accounting and commands run should never be recorded at all.
Could you let me know if that’s even possible ? To me it sounds this goes against the AAA method.
Thank you
Sam
03-13-2019 06:50 AM
03-13-2019 08:53 AM
Collection filters for TACACS was just added in patch 6. You can now filter out all logs for given usernames just like you are able to do for RADIUS. Basically the same collection filters now apply to both.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide