TACACS+ and RADIUS Livelogs

mike.mcvay · ‎11-14-2016

I had a full demonstration license for ISE 2.0. Then I installed a permanent Base 100 license and a permanent Device Administration license for the ISE. My TACACS+ and RADIUS AAA works (network device polices grant AAA) but the Live-log displays to aid in monitoring and debug no longer work after the demonstration license expired. Is there a separate license required to use the Live-Log and Report Log functions in ISE? I cannot find any specific information in the ISE Licensing.

kthiruve · ‎11-14-2016

Hi Mike,

The base license supports 802.1x authentication, guest functionality and few others. It does not support profiling, posture for example, BYOD, MDM etc. So please bear that in mind. The workcenter for TACACS+ should have TACACS+ logs in operations section and you may want to use that for troubleshooting or debugging.

Here is the ordering guide for reference. If you still have issues, it could be a defect.

http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

Please update the latest ISE 2.0 patch 4 and check the open caveats in the release notes.

There are a couple of live logs fixes as I can see.

http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

Thanks

Krishnan

mike.mcvay · ‎11-14-2016

Krishnan,

We also have the Device Admin license for the TACACS. We did have the full demonstration license running while I developed all my policies and was used to seeing Livelogs for both RADIUS and TACACS for debug. However, when the demonstration license expired and we only had the BASE and Device Admin, the livelogs and Reports disappeared. I’ll see if Patch 4 fixes the issue but suspect some hidden aspect of the plus, advanced, or Apex license is the real issue.

Thank you for your help,

Mike