02-26-2019 06:54 AM - edited 02-21-2020 11:03 AM
Hello Experts,
Can someone help me with the below issue,
- I have ISE standalone running on 2.6, i have enabled the device administration for TACACS services and configured required steps on my Firewall and Switch.
aaa-server ise1 protocol tacacs+
aaa-server ise1 (Inside) host <ISE IP>
key *****
aaa authentication ssh console ise1 LOCAL
aaa authentication enable console ise1 LOCAL
aaa authentication http console ise1 LOCAL
aaa authorization command ise1 LOCAL
aaa accounting ssh console ise1
aaa accounting serial console ise1
aaa accounting enable console ise1
aaa accounting command ise1
aaa authentication secure-http-client
aaa authorization exec authentication-server auto-enable
1. I am seeing continues Authentication failure logs on ISE with INVALID username on my Firewall which is hitting the default profile.
2. when i tried to authenticate with AD user, the authentication is successful but authorization is hitting to the default deny profile.
Can someone help me did i done something wrong on my TACACS configuration or Is it a Bug?
Thanks
Sumanth