02-28-2022 05:59 AM
Hello,
In DNAC, I'm unable to turn on TACACS protocol to an existing Authentication & Policy Server (ISE).
Observed in DNAC 2.2.2.8 and 2.2.3.4.
As soon as I check the TACACS checkbox, the "Add" button is greyed out and the TACACS port is set to '0' without being able to modify it.
Anyone else faced this issue?
How can I turn it on so I can use TACACS on the Network Settings page?
Best regards,
Sylvain.
Solved! Go to Solution.
03-10-2022 08:38 AM
Hi guys,
I finally opened a TAC case and the engineer manually modified the database in DNAC to set the TACACS port to 49.
The reason she gave me is: DNAC<->ISE integration has been performed with an older DNAC version (1.3.1.2 in my case) and at that time, there was some kind of a bug in DNAC. We (client) viewed the issue only now because we never tried before to enable TACACS as part of the integration.
She has to confirm us if it was publicly documented or internal to Cisco only.
And the multiple upgrades we've done to reach 2.2.3.4 never fixed the issue. As stated by the TAC, this has to be manually fixed. It is not corrected via upgrades.
We still currently have an issue to integrate ISE into DNAC but this is because of another issue (pxgrid).
Once this 2nd issue and TACACS is correctly enabled and available in the Network Settings page, I will make this post as the Accepted Solution so you guys know how to progress and fix the issue.
Have a good day folks,
Sylvain.
02-28-2022 08:46 AM
Anyone else faced this issue?
-FYSA I have also seen this issue in existing deployments when attempting to add T+ server to existing AAA servers in DNAC. I believe the port 0 is simply a cosmetic issue (I suggest pinging TAC to be sure).
As soon as I check the TACACS checkbox, the "Add" button is greyed out and the TACACS port is set to '0' without being able to modify it.
-IMO another cosmetic issue, re-type in the account password used for integration with ISE. The add button will appear afterwards.
03-02-2022 02:08 AM
Hi Mike,
Thanks for the answer.
Unfortunately the Add button stays greyed out even after re-entering the password.
Regards,
Sylvain.
03-10-2022 08:38 AM
Hi guys,
I finally opened a TAC case and the engineer manually modified the database in DNAC to set the TACACS port to 49.
The reason she gave me is: DNAC<->ISE integration has been performed with an older DNAC version (1.3.1.2 in my case) and at that time, there was some kind of a bug in DNAC. We (client) viewed the issue only now because we never tried before to enable TACACS as part of the integration.
She has to confirm us if it was publicly documented or internal to Cisco only.
And the multiple upgrades we've done to reach 2.2.3.4 never fixed the issue. As stated by the TAC, this has to be manually fixed. It is not corrected via upgrades.
We still currently have an issue to integrate ISE into DNAC but this is because of another issue (pxgrid).
Once this 2nd issue and TACACS is correctly enabled and available in the Network Settings page, I will make this post as the Accepted Solution so you guys know how to progress and fix the issue.
Have a good day folks,
Sylvain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide