09-27-2018 07:17 AM
Hello experts,
ISE 2.4p3 masks the unknow usernames (unknown to all its identity stores) in its live log with "INVALID". I use "Administration >> Settings >> Protocols >> RADIUS >> Disclose invalid username" checkbox to display the unknowns. It lasts for 30 mins then turns off and seems there no way to adjust the duration. Can this be configured for permant on ISE 2.4p3? Thanks!
Solved! Go to Solution.
09-27-2018 07:22 AM
09-27-2018 11:07 AM
Enhancement to permanently disclose username or change duration (https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh91118) is planned with next version of ISE. We have started accepting beta registration for 2.5 if you are interested:
09-27-2018 07:22 AM
09-27-2018 09:40 AM
09-27-2018 10:30 AM
09-27-2018 11:07 AM
Enhancement to permanently disclose username or change duration (https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh91118) is planned with next version of ISE. We have started accepting beta registration for 2.5 if you are interested:
07-14-2022 02:17 PM
Was this ever done? I'm on a 3.X version and am seeing this in my logs during my initial configuration. Going to Administration - System - Settings - Protocols - RADIUS, I don't see an option for this?
Of course I am trying with TACACS and don't see a "protocol" for tacacs specifically?
07-14-2022 02:59 PM
As per the Admin Guide, the 'Disclose Invalid Usernames' option is available in the Administration > System > Settings > Security Settings page.
07-14-2022 04:29 PM
Hi @cnorborg ,
!version 2.4
In Administration > System > Settings > Protocols > RADIUS > Suppression & Reports > Authentication Details > Disclose invalid usernames
!version 2.6+
In Administration > System > Settings > Security Settings > Disclose invalid usernames
About " ... and don't see a "protocol" for tacacs specifically ... ", there is "no protocol" for TACACS+.
Hope this helps !!!
11-14-2022 06:04 AM
Does anyone knows if permanently activating this option will affect global performances of the deployment? I didn't find anything about this topic on the Net...Thanks in advance for your feedbacks
11-14-2022 03:01 PM
There should be no performance impact by having the option enabled. The feature was added to improve security, not to improve performance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide