Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
204
Views
0
Helpful
3
Replies

Cisco ISE Network Devices

Netmart
Level 3
Level 3

‎06-23-2025 05:48 PM - edited ‎06-23-2025 05:49 PM

Hello,

For some reason, a AAA Tacacs request is hitting the wrong TACACs profile, instead of Priv15, Priv Lev1 is assigned.

I checked this particular node and it appears to be present as /32 in one device group and as /20 in a second one:

Network Device List sequence:

Link: Administration > Network Resources > Network Devices List

#1 List: 10.23.140.100/32

#6 List: 10.23.128.0/20

What approach does ISE take in Network Device List:

Top to bottom and/or the one with longest prefix match.

 

Please advise.

Thanks.

 

Labels:
0 Helpful
3 Replies 3

Greg Gibbs
Cisco Employee
Cisco Employee

‎06-23-2025 08:28 PM

Longest prefix match

0 Helpful

Netmart
Level 3
Level 3

‎06-26-2025 05:51 PM - edited ‎06-26-2025 05:53 PM

Thank you Greg.

For some reason, it seems to hit the less precise prefix match: #6 List: 10.23.128.0/20.

Is there any best practice/recommendation to troubleshoot this [beyond analyzing accounting logs].

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee
In response to Netmart

‎06-26-2025 07:54 PM

AFAIK, the longest prefix match should be used so this could be a bug. It would be best to open a TAC case to confirm and investigate.

0 Helpful
Customers Also Viewed These Support Documents