Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2220
Views
5
Helpful
5
Replies

ISE collection filter

Go to solution
Staring Hamster
Level 1
Level 1

‎02-20-2022 10:40 AM

Hi everyone! I'm trying to create a collection filter for EEM user in Tacacs live logs, but some why it doesn't work. Am i doing something wrong?

Capture.PNG

  

Capture.PNG

1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Staring Hamster

‎02-20-2022 09:36 PM

You're running ISE 2.3 patch 2 which means you do not have the ability to filter TACACS authorization requests (bug id CSCvb45390). To enable this feature and fix the behavior you're seeing, you need to download and install the most recent patch for your version. You can get this here, patch 7, ise-patchbundle-2.3.0.298-Patch7-19080206.SPA.x86_64.tar.gz. This is also the last patch that will be provided for ISE 2.3. 
https://software.cisco.com/download/home/283801620/type/283802505/release/2.3.0

ISE 2.3 is also end of life, support ended for it June 17th 2020, you should consider upgrading to newer version.
https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-741734.html

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎02-20-2022 02:05 PM - edited ‎02-20-2022 02:05 PM

Which version and patch are you running? There was a bug/enhancement request for this fixed in recent versions, 2.2p15, 2.3p6, 2.4p6, and 2.6+.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb45390

0 Helpful

Go to solution
Staring Hamster
Level 1
Level 1
In response to Damien Miller

‎02-20-2022 08:43 PM

we're running the following version and patch

Preview file
9 KB
0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Staring Hamster

‎02-20-2022 09:36 PM

You're running ISE 2.3 patch 2 which means you do not have the ability to filter TACACS authorization requests (bug id CSCvb45390). To enable this feature and fix the behavior you're seeing, you need to download and install the most recent patch for your version. You can get this here, patch 7, ise-patchbundle-2.3.0.298-Patch7-19080206.SPA.x86_64.tar.gz. This is also the last patch that will be provided for ISE 2.3. 
https://software.cisco.com/download/home/283801620/type/283802505/release/2.3.0

ISE 2.3 is also end of life, support ended for it June 17th 2020, you should consider upgrading to newer version.
https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-741734.html

0 Helpful

Go to solution
Staring Hamster
Level 1
Level 1
In response to Damien Miller

‎02-20-2022 10:03 PM

Thank you for your response. I have one more question. Is there any way to filter out AAA accounting for this user in next releases? For example in ISE 3.0

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Staring Hamster

‎02-20-2022 10:41 PM

Yes, 2.7, 3.0, and 3.1 all have this fix integrated regardless of patch level. 

0 Helpful
Customers Also Viewed These Support Documents