cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
392
Views
0
Helpful
2
Replies
Highlighted
Beginner

TACACS Live Logs bug? Maybe?

Has anyone experienced an issue where the tacacs live logs are not displaying in the correct the authorization profile? 

 

I configured a tacacs device to point to ISE.

I ssh'ed to the device using an enabled internal username and password. 

 

The live logs show authentication as passed and shows the successful authentication profile but beside it in the selected authorization profile, it's blank. If I open the details of the auth, and scroll down to "selected authorization profile" it names the selected shell profile. Not the authorization line name. Also I'm able to auth to the device successfully. 

 

Just FYI, this is a new installation of ISE. I used the migration tool to migrate everything from ACS 5.6 to ISE 2.4 patch 6. Everything seems to be working great besides this little issue.

 

All my radius policys work perfect. 

 

Ideas? 

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: TACACS Live Logs bug? Maybe?

T+ authentication and authorization are two separate events. We should see something like below:

Screen Shot 2019-07-15 at 8.16.21 PM.png

If that is not similar to yours, you might need to engage Cisco TAC to troubleshoot.

In ISE 2.3+, we do also see Selected Authorization Profile in the details report for the authentication event. That is to compensate some login security issue with NX-OS.

2 REPLIES 2
Cisco Employee

Re: TACACS Live Logs bug? Maybe?

T+ authentication and authorization are two separate events. We should see something like below:

Screen Shot 2019-07-15 at 8.16.21 PM.png

If that is not similar to yours, you might need to engage Cisco TAC to troubleshoot.

In ISE 2.3+, we do also see Selected Authorization Profile in the details report for the authentication event. That is to compensate some login security issue with NX-OS.

Beginner

Re: TACACS Live Logs bug? Maybe?

Thank you. Ill engage TAC for the issue.