cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2204
Views
10
Helpful
7
Replies
joshhunter
Enthusiast

TACACS Proxy with Service-Argument Attribute not working Issue

Hello, we are trying to utilize TACACS Proxy for the following scenario,

 

WLC < ----- > ISE2.6-Patch5 < ----- proxying ----- > Central ISE

 

We are using the 'Service-Argument' attribute in the proxied request as below screenshot and we see this on both ISE and in packet captures. When we create a rule however it is not matched using this attribute. 

 

thumbnail_image005.jpgthumbnail_image019.png

 

The Central ISE does not match this in any of the following cases “EQUALS, CONTAINS, IN, STARTSWITH or MATCHES”.

 

 

7 REPLIES 7
Anurag Sharma
Cisco Employee

Hi @joshhunter 

To absolutely confirm that is indeed this attribute which is not letting the Central ISE match that AuthZ rule, can you please remove the condition where you are looking for this.

So, if this attribute is really the problem, you should match that particular AuthZ rule with the other two conditions in place.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.
joshhunter
Enthusiast