Hello everyone,
NOTE: This is a new deployment of DNAC into an already existing network.
So here is the scenario. The network device is using local authentication for SSH access. The DNA center has been integrated into Cisco ISE. DNAC has been configured to enable TACACS once the device has been provisioned. We have configured DNAC with both the local admin account password and the new TACACS account.
So in order to onboard the switch, the current local account is used. When the switch is provisioned with the TACACS the local account no longer works. We then have to push down the TACACS password to the newly added switch. This works fine. However, ISE does not update the switch device configuration deployment password (View Image Below) with the TACACS account. It keeps the original local admin account instead of changing it to the TACACS account.
NOTE: The local admin account and the TACACS account have different names
If the account/password is not updated this will prevent the deployment of TrustSec, as the switch will not get STG updates from ISE. Any ideas on how we can have ISE update the password to the TACACS account? Or perhaps we are going about this the wrong way...
Thank you in advance for your assistance.