Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
3850
Views
0
Helpful
16
Replies

Cisco ISE 2.3 TACACS and dot1x not working !!!!

Go to solution
f.arabi1991
Level 1
Level 1

ā€Ž06-11-2018 11:27 AM - edited ā€Ž02-21-2020 10:58 AM

Hello

I installed Cisco ISE 2.3 primary and secondary , ISE joined to AD and it is operational also secondary node is joined to primary successfully and it is operational too , all TACACS and dot1x configs are fine because I use these configs in another project and it works.

in this project ISE is installed in Datacenter Building and Network Devices located in another building (building 2) connecting by Fiber , from ISE I have the ping of all switches in building 2  and vice versa but TACACS and dot1x not work.I check TACACS shared key on both cisco switches and ISE many times and it was same, I attach my debugs from switch  when I use this command: test aaa group tacacs username password

and at below I put my switch config for tacacs:

 

 

aaa new-model

tacacs server ISE-PRIMARY
address <ise ip add>
key <key>
timeout 3

!
!
aaa group server tacacs+ <name>
server name ISE-PRIMARY
ip tacacs source-interface <management VLAN>
!
aaa authentication login default group <group-name> local
aaa authentication enable default group <group-name> enable
aaa authorization config-commands
aaa authorization exec default group <group-name> local
aaa authorization commands 1 default group <group-name> local
aaa authorization commands 15 default group <group-name> local
aaa accounting exec default start-stop group <group-name>
aaa accounting commands 1 default start-stop group <group-name>
aaa accounting commands 15 default start-stop group <group-name>

aaa session-id common

 

 

 

 

Labels:
Preview file
412 KB
0 Helpful
16 Replies 16

Go to solution
f.arabi1991
Level 1
Level 1
In response to Rob Ingram

ā€Ž06-13-2018 06:48 AM - edited ā€Ž06-13-2018 06:56 AM

the problem fixed, yoooohooooooo , see the screenshot , the primary node unchecked on this page for device administration, I checked mark it and the problem solved,of course this screen shot is from my home lab , I took this screen shot for other readers which face with this problem , and Thank you RJI for your support during this time :) but its very Weird the ISE setting from my home lab have this check mark for both nodes(primary & secondary) by default but at project the primary node  unchecked by default . I dont know why 

 

primary-secondary.PNG

0 Helpful

Go to solution
f.arabi1991
Level 1
Level 1
In response to Rob Ingram

ā€Ž06-13-2018 03:39 AM - edited ā€Ž06-13-2018 03:39 AM

maybe because I changed ISE primary and Secondary Console host name ,this is happend? 

0 Helpful
Customers Also Viewed These Support Documents