authentication failed

BigK · ‎06-25-2019

This is a weird ISE behavior. I tried to login to a switch. My SSH session gets established but when I tried to enter the enable password I gets rejected 3 time with a message "authentication failed". the 4 time it works

SG350>en
Password:************
Password:************
Password:************
Password:************
authentication failed

SG350>en
Password:************
SG350#25-Jun-2019 07:19:25 %AAA-I-CONNECT: User CLI session for user kay over ssh , source 10.10.20.145 destination 10.10.20.45 ACCEPTED

SG350# sho log

25-Jun-2019 07:19:25 :%AAA-I-CONNECT: User CLI session for user kay over ssh , source 10.10.20.145 destination 10.10.20.45 ACCEPTED

25-Jun-2019 07:19:19 :%AAA-W-REJECT: New ssh connection, source 10.10.20.145 destination 10.10.20.45 REJECTED

25-Jun-2019 07:19:14 :%AAA-W-REJECT: New ssh connection, source 10.10.20.145 destination 10.10.20.45 REJECTED

25-Jun-2019 07:19:10 :%AAA-W-REJECT: New ssh connection, source 10.10.20.145 destination 10.10.20.45 REJECTED

Arne Bier · ‎06-25-2019

on the surface, this does seem weird. But in situations like this, please provide us the config (show run | in aaa) and also some parts in ISE (AuthN / AuthZ) so that we can provide some meaningful answers. Software versions of ISE and Switch are often useful too.

Are you using TACACS Single Connect Mode on the ISE Network Device config?

hslai · ‎07-01-2019

Adding to Arne Bier ...

Please also check the live logs to ensure the requests made to ISE and matched the expected rules.