04-11-2019 04:31 AM
Hello all,
we are running ISE 2.3 with patch 6. I tried to add some new devices to authenticate via tacacs+, but ISE does not always authenticate the users. In the tacacs live logs, I do not see the username that was manually entered, but instead of that I see "username#random_number#", which was clearly not entered!
Any ideas?
Solved! Go to Solution.
04-11-2019 09:26 AM
Hi,
I recommend you work with the TAC to investigate this issue further. It could be an issue with the network access device or ISE.
Regards,
-Tim
04-11-2019 09:26 AM
Hi,
I recommend you work with the TAC to investigate this issue further. It could be an issue with the network access device or ISE.
Regards,
-Tim
04-19-2019 07:06 AM
Hello Tim,
I was able to find what is causing the issue. The problem is with Nexus 7K with 7 VDCs. If the first attempt to authenticate to the device is unsuccessful (wrong password), then when trying for the second/third time, the tacacs logs show username followed by #vdc_number# for the second attempt, #vdc_number##vdc_number# for the third attempt and the device responds with "too many authentication failures". If I then login with the correct credentials everything is ok.
The question is why the devices adds #vdc_number# to the username, causing ISE to fail?
Thank you in advance,
Katerina
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide