Solved: Cisc ISE problem with TACACS

umeshunited · ‎08-09-2018

Hi All,

I am having problem with my ISE and legacy switches.

I have to delete switch and re add it to ISE in order to make TACACS work.

Is there any compatibility issue with legacy deivces ?

hslai · ‎08-30-2018

As you were able to get it to work by removing and re-adding the network devices to ISE, it's potentially an issue in ISE. Please open a TAC case to troubleshoot if the project later resumed and the problem continuing.

View solution in original post

Nidhi · ‎08-09-2018

What is the switch model here ? you might want to check the data sheet for this switch.

as long as this switch supports TACACS+ functions, it will work with ISE.

Thanks,

Nidhi

paul · ‎08-10-2018

What issue are you having? There are many version of TACACS configs and TACACS has been around for many years. All should work with ISE, but the syntax on the switch is different and what features of TACACS are supported are different depending on IOS version.

umeshunited · ‎08-11-2018

Hi Pual ,

We are having mix of old and new switches. So we have prepared two set of commands.

We are facing strange issue. We first added all switches in ISE. Now when we configure aaa on switch it won't work. We have to remove that switch and add it again in ISE then only it will work.

Also first we will try set-1 commands if it does not work we will go for set-2.

---------- Set - 1 (For latest IOS versions)--------------

tacacs server AUTH

address ipv4 x.x.x.x

key KEYVALUE

!

aaa group server tacacs+ Tacacs_Server

server name AUTH

ip tacacs source-interface XXX

------------- Set -2 (Old versions)--------------

aaa group server tacacs TACACS_Servers

server x.x.x.x

tacacs-server host x.x.x.x key KEYVALUE

ip tacacs source-interface XXX

umeshunited · ‎08-11-2018

Hi Nidhi,

We have 3750 having code, 12.2 . After applying aaa configuration on switch it did not work. I had to remove switch from ISE and re added it.

umeshunited · ‎08-11-2018

Hi Nidhi,

We have 3750 having code, 12.2 . After applying aaa configuration on switch it did not work. I had to remove switch from ISE and re added it.

michaeljosuecruza · ‎08-11-2018

Hello umeshunited,

Could you

1. What error shows or be more explicit when it says "it stops working"

2. The present problem is only with the legacy

3. You have new switches working with TACACS +

4. What version of Cisco ISE has running.

Thank you for your time, I am waiting to help.

Best regards,

umeshunited · ‎08-25-2018

Hi michaeljosuecruza

Client has currently paused ISE installation , so as of now no progress from client.

Thank you.

hslai · ‎08-30-2018

As you were able to get it to work by removing and re-adding the network devices to ISE, it's potentially an issue in ISE. Please open a TAC case to troubleshoot if the project later resumed and the problem continuing.

thomas · ‎08-31-2018

It sounds like this is better handled as a troubleshooting session with TAC since you aren't providing enough useful details (switch configs, policy screenshots, etc.)