cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2441
Views
0
Helpful
2
Replies

TACACS Live Logs bug? Maybe?

baker82
Level 1
Level 1

Has anyone experienced an issue where the tacacs live logs are not displaying in the correct the authorization profile? 

 

I configured a tacacs device to point to ISE.

I ssh'ed to the device using an enabled internal username and password. 

 

The live logs show authentication as passed and shows the successful authentication profile but beside it in the selected authorization profile, it's blank. If I open the details of the auth, and scroll down to "selected authorization profile" it names the selected shell profile. Not the authorization line name. Also I'm able to auth to the device successfully. 

 

Just FYI, this is a new installation of ISE. I used the migration tool to migrate everything from ACS 5.6 to ISE 2.4 patch 6. Everything seems to be working great besides this little issue.

 

All my radius policys work perfect. 

 

Ideas? 

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

T+ authentication and authorization are two separate events. We should see something like below:

Screen Shot 2019-07-15 at 8.16.21 PM.png

If that is not similar to yours, you might need to engage Cisco TAC to troubleshoot.

In ISE 2.3+, we do also see Selected Authorization Profile in the details report for the authentication event. That is to compensate some login security issue with NX-OS.

View solution in original post

2 Replies 2

hslai
Cisco Employee
Cisco Employee

T+ authentication and authorization are two separate events. We should see something like below:

Screen Shot 2019-07-15 at 8.16.21 PM.png

If that is not similar to yours, you might need to engage Cisco TAC to troubleshoot.

In ISE 2.3+, we do also see Selected Authorization Profile in the details report for the authentication event. That is to compensate some login security issue with NX-OS.

Thank you. Ill engage TAC for the issue.