No accounting for WLC with ISE TACACS

ammahend · ‎05-23-2017

We have configured TACACS for one of the WLC running code 8.0.140.0, TACACS server is ISE 2.1.0.474 with patch 3.

Authentication and authorization is working fine but I do not see any accounting logs on ISE.

any suggestions ??

-hope this helps-

Marvin Rhoads · ‎05-24-2017

Are you looking under the TACACS live log on the ISE PAN interface for the accounting records?

ammahend · ‎05-24-2017

Yes Marvin, that's why I know authentication and authorization for "tacacs" is working fine. But I don't see any accounting logs for wlc.

i have tacacs configure for switches too and I see accounting logs for switches

-hope this helps-

Marvin Rhoads · ‎05-24-2017

Also please verify that you added and enabled ISE as the TACACS Accounting server. Security > AAA > TACACS+ > Accounting in the WLC

This needs to be done in addition to setting it as the Authentication and Authorization server.

The complete guide for WLC + TACACS on ISE can be found here:

https://communities.cisco.com/docs/DOC-68194

ammahend · ‎05-24-2017

It is configured. I will try couple of more things else open up a TAC case.

-hope this helps-

ammahend · ‎05-24-2017

So just to update, I learned that wlc has been sending all accounting logs all along, but it does not show under tacacs live logs, unlike switches, it only shows when you run a tacacs report for accounting.

I don't know if this is an expected behavior.

-hope this helps-