Guest

Preview Tool

Cisco Bug: CSCvv04167 - Support For Custom "Service-Argument" Field In ISE TACACS+

Last Modified

Aug 07, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.4(0.911)

Description (partial)

Symptom:
Authorization Does Not Work As Expected When Custom "Service-Argument" Is Receive On ISE.

ISE behaves differently when custom Service-Argument is sent from the Managed Network Device for TACACS+.
When Service-Argument=Shell which is default in Cisco Devices Ex:WAAS Command Set is selected. 
and Authorization Result can be seen as "{Type=Authorization; Author-Reply-Status=PassAdd; }

However when Service-Argument is custom Ex: Service-Argument=abcd  sent from WAAS device then Shell profile is selected and Authorization Result can be seen as "{Type=Authorization; Author-Reply-Status=PassAdd; AVPair=priv-lvl=15; }"

Conditions:
Custom "Service-Argument" is sent from Managed Network Device
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.