Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
@JaVa808
It's (assigning priv 15 and restrictive command-set) not a "hack" (workaround). It's a legit method of doing things while maintaining access control.
In the article you linked, they mentioned the following:
If you have Cisco ACS (TACACS+) s...
@joshhunter ,
How are you "proxying" the requests from one ISE to another?Which version is the 'Central ISE'?
I'd suggest you enable DEBUG for the component called 'runtime-AAA' on the central ISE and check there.
The log to check would be prrt-serv...
Hi @joshhunter
To absolutely confirm that is indeed this attribute which is not letting the Central ISE match that AuthZ rule, can you please remove the condition where you are looking for this.
So, if this attribute is really the problem, you shoul...
