Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9485
Views
80
Helpful
18
Replies

Import Network Devices into ISE 2.4 Authentication Protocol Required?

Go to solution
kevink707
Level 1
Level 1

‎05-04-2018 11:34 AM - edited ‎02-21-2020 10:55 AM

I'm attempting to import network devices into ISE 2.4.

Following the template found in https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01001.pdf

 

The documentation says that Authentication:Protocol:String(6) is optional and the only valid value is "RADIUS".

 

My import is failing with the message: Failed Value for attribute Protocol is mandatory

Putting TACACS in that field is rejected.

Putting RADIUS in that field is accepted, however then I believe I need to manually edit each device to uncheck Radius (I have tens of thousands of devices so this is not very practical).

 

Any suggestions?

1 person had this problem
Labels:
0 Helpful
18 Replies 18

Go to solution
mumustha
Cisco Employee
Cisco Employee

‎07-12-2018 06:17 PM

Hi Kevin,

 

I might be late to the party.

I suspect that this could be caused due to the bug in ISE 2.3/2.4 described in the below link :

 https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj13401

 

A workaround has been defined in the link which is to remove "FALS" under "Enable Multi Shared Secret:String(128)". 

 

Hope that helps

Go to solution
rbrtcrlsn89
Level 1
Level 1
In response to mumustha

‎08-11-2019 08:13 PM

I never EVER post anything on the Cisco forums, however this time I'm going to.

 

Why is isn't this the answer that's marked as the solution?!?!?!

 

Thank you sir!

Go to solution
mumustha
Cisco Employee
Cisco Employee
In response to rbrtcrlsn89

‎08-11-2019 10:29 PM

I am glad I was able to inspire.

And please you may skip calling anyone “Sir” here.
0 Helpful

Go to solution
Tim K
Level 1
Level 1

‎01-17-2019 12:42 PM

I had the same issue. I found a bug that has the fix action. I have pasted the results of it below for those that don't have a CCO account. Removing FALSE from the field listed below fixed the problem for me.

 

ISE "Failed Value for attribute Protocol is mandatory" when importing network device
CSCvj13401
 
Description
Symptom:
"Failed Value for attribute Protocol is mandatory" error message, when trying to Import Network device through CSV

Conditions:
having NAD that is configured for TACACS and was previously exported from ISE to a CSV

Workaround:
removing "FALS" under "Enable Multi Shared Secret:String(128)" and the import will work fine
Customers Also Viewed These Support Documents