This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I understand in ISE, repeated RADIUS requests can be suppressed under Administration>System>Settings>Protocols>RADIUS. Screenshot attached.
Are there plans to extend this suppression capability to TACACS?
The scenario is customer runs a monthly vulnerability scan on their infrastructure devices (switches, WLCs, firewalls). Vulnerability scan software makes repeated login attempts on the infrastructure devices, which is flooding ISE and causing adverse performance issues. Can suppression be configured for TACACS requests as well? If not, what is the recommended workaround?
Thanks in advance.
Solved! Go to Solution.
Hi Hsing and Thomas,
Thanks for the replies. I have already provided the customer recommendations, including limiting access to infrastructure devices to management endpoints, control plane policing for management protocols on infrastructure devices, etc. However, as ISE is positioned as the replacement for ACS, and since there is RADIUS suppression available, I would think TACACS suppression should be a natural extension of that.
Thanks again for the insights.
Hello, I have a customer asking this same question and I'm wondering if there's any discussions with the BU that came of this feature request. The customer would like to suppress the service account logs that they see in their TACACS Live Logs. Currently I recommended a filter but they'd like to know if there's a way to do it without a filter.