- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 04:31 AM
Hello all,
we are running ISE 2.3 with patch 6. I tried to add some new devices to authenticate via tacacs+, but ISE does not always authenticate the users. In the tacacs live logs, I do not see the username that was manually entered, but instead of that I see "username#random_number#", which was clearly not entered!
Any ideas?
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 09:26 AM
Hi,
I recommend you work with the TAC to investigate this issue further. It could be an issue with the network access device or ISE.
Regards,
-Tim

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 09:26 AM
Hi,
I recommend you work with the TAC to investigate this issue further. It could be an issue with the network access device or ISE.
Regards,
-Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2019 07:06 AM
Hello Tim,
I was able to find what is causing the issue. The problem is with Nexus 7K with 7 VDCs. If the first attempt to authenticate to the device is unsuccessful (wrong password), then when trying for the second/third time, the tacacs logs show username followed by #vdc_number# for the second attempt, #vdc_number##vdc_number# for the third attempt and the device responds with "too many authentication failures". If I then login with the correct credentials everything is ok.
The question is why the devices adds #vdc_number# to the username, causing ISE to fail?
Thank you in advance,
Katerina
