cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

496
Views
11
Helpful
6
Replies
Highlighted
Contributor

TACACS Suppression

Hello,

I understand in ISE, repeated RADIUS requests can be suppressed under Administration>System>Settings>Protocols>RADIUS.  Screenshot attached.  Untitled.tiff


Are there plans to extend this suppression capability to TACACS?


The scenario is customer runs a monthly vulnerability scan on their infrastructure devices (switches, WLCs, firewalls).  Vulnerability scan software makes repeated login attempts on the infrastructure devices, which is flooding ISE and causing adverse performance issues.  Can suppression be configured for TACACS requests as well?  If not, what is the recommended workaround?


Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

No, log suppression is for RADIUS only but not for T+. No known workaround.

View solution in original post

6 REPLIES 6
Highlighted
Cisco Employee

No, log suppression is for RADIUS only but not for T+. No known workaround.

View solution in original post

Highlighted
Cisco Employee

Recommended workaround is to throttle their tool's usage to a more acceptable level of performance impact.

Highlighted

Hi Hsing and Thomas,

Thanks for the replies.  I have already provided the customer recommendations, including limiting access to infrastructure devices to management endpoints, control plane policing for management protocols on infrastructure devices, etc.  However, as ISE is positioned as the replacement for ACS, and since there is RADIUS suppression available, I would think TACACS suppression should be a natural extension of that.

Thanks again for the insights.

Highlighted

I'll forward your request to the Product Manager!

Highlighted

Hello, I have a customer asking this same question and I'm wondering if there's any discussions with the BU that came of this feature request. The customer would like to suppress the service account logs that they see in their TACACS Live Logs. Currently I recommended a filter but they'd like to know if there's a way to do it without a filter.

 

Thanks!

Highlighted

The fix CSCvb45390 is likely coming in next patch releases of shipping ISE 2.x.

Content for Community-Ad