Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
1
Helpful
2
Replies

TACACS - 9300 switch GUI

Go to solution
craiglebutt
Enthusiast
Enthusiast

‎04-21-2023 07:23 AM

Hi

I've added a 9300 switch on to ISE and and using the Gui which is working.

My question is I can see a lot of entries being logged on tacacs for authtication, seem to keep login while on the switch, is this normal?

 

aaa new-model
!
!
aaa group server tacacs+ ISE_Group
server name
server name
server name
!
aaa authentication fail-message ^CCCCCCC_______Failed login in via ISE. Try again.^C
aaa authentication login default group ISE_Group local
aaa authentication enable default group ISE_Group enable
aaa authentication login GUILogin group ISE_Group local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group ISE_Group local
aaa authorization commands 0 default group ISE_Group local
aaa authorization commands 1 default group ISE_Group local
aaa authorization commands 15 default group ISE_Group local
aaa accounting exec default start-stop group ISE_Group
aaa accounting commands 0 default start-stop group ISE_Group
aaa accounting commands 1 default start-stop group ISE_Group
aaa accounting commands 15 default start-stop group ISE_Group
aaa accounting connection default start-stop group ISE_Group
!
aaa session-id common

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎04-21-2023 07:29 AM

@craiglebutt authentication or authorisation? You should see an authorisation entry in the TACACS live logs for each command being run on the switch, which is authorised on ISE.

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎04-21-2023 07:29 AM

@craiglebutt authentication or authorisation? You should see an authorisation entry in the TACACS live logs for each command being run on the switch, which is authorised on ISE.

Go to solution
MHM Cisco World
VIP
VIP

‎04-21-2023 07:52 AM

you run HTTP in SW, this is why ? you must disable the HTTP

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents