Solved: Re: New ISE Node unable to process TACACS requests

pnowikow · ‎01-05-2021

Good morning all,

Yesterday I added a new node to our existing ISE 2.7 patch 2 cluster. I then added the TACACS, RADIUS and Dynamic Author entries to the existing sections of config, the switch doesn't work for TACACS requests. It works fine for RADIUS requests and authenticates endpoints. What am I missing?

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 54 WS-C2960X-48FPD-L 15.2(7)E2 C2960X-UNIVERSALK9-M

Thanks,

Pete

yalbikaw · ‎01-05-2021

did you enable the device administration on the node settings when you added it to the cluster ?

from deployment please check the node and check box the device administration

View solution in original post

balaji.bandi · ‎01-05-2021

Can you post the config of Switch, and what you see live Logs on ISE ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

pnowikow · ‎01-05-2021

Here's the switch config for TACACS

aaa new-model
aaa group server tacacs+ ISE_TACACS
server-private (Working IP #1) key (key)
server-private (Working IP #2) key 7 (key)
server-private (Failing IP) key 7 (key)

yalbikaw · ‎01-05-2021

did you enable the device administration on the node settings when you added it to the cluster ?

from deployment please check the node and check box the device administration

pnowikow · ‎01-05-2021

Man, that's embarrassing but you were right. I'm good to go now!

Thanks for the help,