Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
890
Views
0
Helpful
2
Replies

Cisco ISE 2.2 Tacacs+ authen works and authoriz not work with WLC 2504

sampansampan
Level 1
Level 1

‎09-05-2018 07:11 AM - edited ‎03-11-2019 01:49 AM

Hi

 

I have a problem between ISE and WLC use taccas authentication.

 

- ISE Version 2.2

- WLC 2504 software Version 8.3.141

 

- i have wlc 3 locations (A,B,C)

- ISE Install at site A, 

- WLC (A) can authentication and authorization with ISE,

- WLC (B,C) can authentication but can't authorization with ISE,

- ISE shown error message below.

"TACACS: Invalid TACACS+ request packet - possibly mismatched Shared Secrets"

- shared secrets are configure correct.

- i try to create authorization policy permit any but still not work.

 

 

*** Tacacs work fine because all switch can use tacacs+


Anyone can help?

 

Thank you.

 

 

 

 

Preview file
6 KB
Preview file
7 KB
0 Helpful
2 Replies 2

Jhosbell Verdesca De Aguiar
Cisco Employee
Cisco Employee

‎09-05-2018 09:42 AM

Are you doing NAT for the other two sites?

How are the sites connected? If it is through a DMVPN or some tunnels that add overhead, do you have ip tcp adjust-mss 1360 on one of the interfaces to prevent fragmentation?

If you can share a snippet of the AuthZ result removing any sensitive information would be good.
** Please rate helpful posts **

CCIE #58023
0 Helpful

sampansampan
Level 1
Level 1
In response to Jhosbell Verdesca De Aguiar

‎09-13-2018 02:27 AM

Thank you for your reply

 

Site works

ISE use MSS = 1460
WLC use  MSS = 1394

 

Site not work

ISE use MSS = 1460
WLC use  MSS = 1380

 

how can i fix its?

 

 

0 Helpful
Customers Also Viewed These Support Documents