06-25-2019 07:36 AM - edited 06-25-2019 07:38 AM
This is a weird ISE behavior. I tried to login to a switch. My SSH session gets established but when I tried to enter the enable password I gets rejected 3 time with a message "authentication failed". the 4 time it works
SG350>en
Password:************
Password:************
Password:************
Password:************
authentication failed
SG350>en
Password:************
SG350#25-Jun-2019 07:19:25 %AAA-I-CONNECT: User CLI session for user kay over ssh , source 10.10.20.145 destination 10.10.20.45 ACCEPTED
SG350# sho log
25-Jun-2019 07:19:25 :%AAA-I-CONNECT: User CLI session for user kay over ssh , source 10.10.20.145 destination 10.10.20.45 ACCEPTED
25-Jun-2019 07:19:19 :%AAA-W-REJECT: New ssh connection, source 10.10.20.145 destination 10.10.20.45 REJECTED
25-Jun-2019 07:19:14 :%AAA-W-REJECT: New ssh connection, source 10.10.20.145 destination 10.10.20.45 REJECTED
25-Jun-2019 07:19:10 :%AAA-W-REJECT: New ssh connection, source 10.10.20.145 destination 10.10.20.45 REJECTED
06-25-2019 03:00 PM
on the surface, this does seem weird. But in situations like this, please provide us the config (show run | in aaa) and also some parts in ISE (AuthN / AuthZ) so that we can provide some meaningful answers. Software versions of ISE and Switch are often useful too.
Are you using TACACS Single Connect Mode on the ISE Network Device config?
07-01-2019 09:31 PM
Adding to Arne Bier ...
Please also check the live logs to ensure the requests made to ISE and matched the expected rules.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide