cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6677
Views
0
Helpful
2
Replies

Device Type - Failure Reason: 22017 Selected Identity Source is DenyAccess

bhinder119
Level 1
Level 1

Hi Guys,

 

I'm having issues authenticating (TACACS+ w/AD) to my routers when I set the device type to "routers". When I try logging in, my prompt gives me access denied. ISE gives the below error: When I set device type to "All Device Types", I'm able to authenticate with no issue. Am I able to edit the authentication policies for my "router" device type? I attached a screenshot of the error.

 

Thanks!

 

Failure Reason22017 Selected Identity Source is DenyAccess
ResolutionSelect a different Identity Source
1 Accepted Solution

Accepted Solutions

Mike.Cifelli
VIP Alumni
VIP Alumni
I cant see how your T+ device admin policies are configured, but I would take a look there (located under Work Centers->Device Administration->Device Admin Policy Sets). There are definitely conditions that you can utilize to meet your requirement of how you wish to break the NAD types and/or locations down to push policy that way. It sounds like you are not matching the currently configured policy. See here for more info: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/Workflow/b_device_administration_2_4.html

View solution in original post

2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni
I cant see how your T+ device admin policies are configured, but I would take a look there (located under Work Centers->Device Administration->Device Admin Policy Sets). There are definitely conditions that you can utilize to meet your requirement of how you wish to break the NAD types and/or locations down to push policy that way. It sounds like you are not matching the currently configured policy. See here for more info: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/Workflow/b_device_administration_2_4.html

That was it! I needed to create a new policy/condition for my "routers" device type group. 

 

Thanks for your help!!