Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1566
Views
11
Helpful
6
Replies

TACACS Suppression

Go to solution
Allen P Chen
Level 5
Level 5

‎04-17-2017 09:30 PM

Hello,

I understand in ISE, repeated RADIUS requests can be suppressed under Administration>System>Settings>Protocols>RADIUS.  Screenshot attached.  Untitled.tiff


Are there plans to extend this suppression capability to TACACS?


The scenario is customer runs a monthly vulnerability scan on their infrastructure devices (switches, WLCs, firewalls).  Vulnerability scan software makes repeated login attempts on the infrastructure devices, which is flooding ISE and causing adverse performance issues.  Can suppression be configured for TACACS requests as well?  If not, what is the recommended workaround?


Thanks in advance.

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎04-18-2017 02:09 PM

No, log suppression is for RADIUS only but not for T+. No known workaround.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
hslai
Cisco Employee
Cisco Employee

‎04-18-2017 02:09 PM

No, log suppression is for RADIUS only but not for T+. No known workaround.

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-18-2017 02:13 PM

Recommended workaround is to throttle their tool's usage to a more acceptable level of performance impact.

0 Helpful

Go to solution
Allen P Chen
Level 5
Level 5
In response to thomas

‎04-18-2017 02:18 PM

Hi Hsing and Thomas,

Thanks for the replies.  I have already provided the customer recommendations, including limiting access to infrastructure devices to management endpoints, control plane policing for management protocols on infrastructure devices, etc.  However, as ISE is positioned as the replacement for ACS, and since there is RADIUS suppression available, I would think TACACS suppression should be a natural extension of that.

Thanks again for the insights.

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to Allen P Chen

‎04-18-2017 02:24 PM

I'll forward your request to the Product Manager!

Go to solution
rwehe
Cisco Employee
Cisco Employee
In response to thomas

‎10-22-2018 11:02 AM

Hello, I have a customer asking this same question and I'm wondering if there's any discussions with the BU that came of this feature request. The customer would like to suppress the service account logs that they see in their TACACS Live Logs. Currently I recommended a filter but they'd like to know if there's a way to do it without a filter.

 

Thanks!

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to rwehe

‎10-22-2018 01:22 PM

The fix CSCvb45390 is likely coming in next patch releases of shipping ISE 2.x.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents