08-22-2019 11:03 PM
Hey all, I'm seeing an issue with one of our PSNs which has stopped serving TACACS authentication. PSN2 works fine PSN1 is sending a TCP reset. Running ISE 2.4 patch 7.
PSN2
telnet 2.2.2.2 49
Trying 2.2.2.2, 49 ... Open
PSN1
telnet 1.1.1.1 49
Trying 1.1.1.1, 49 ...
% Connection refused by remote host
The application services look fine and the deployment screen has a green tick on the PSN. I have checked and the Device Admin role is ticked under the PSN and it is utilizing a license for it.
Does anyone know where I can find some more info on the specific services running? Which log or command can give me an output specifically on the TACACS service? It is also running RADIUS and profiling roles too but those services are running fine.
Thanks in advance for any help.
PSN1/admin# show application status ise
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 3256
Database Server running 115 PROCESSES
Application Server running 27263
Profiler Database running 6292
ISE Indexing Engine disabled
AD Connector running 18370
M&T Session Database disabled
M&T Log Collector disabled
M&T Log Processor disabled
Certificate Authority Service running 18103
EST Service running 18470
SXP Engine Service disabled
Docker Daemon running 7701
TC-NAC Service disabled
Wifi Setup Helper Container disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
PassiveID WMI Service disabled
PassiveID Syslog Service disabled
PassiveID API Service disabled
PassiveID Agent Service disabled
PassiveID Endpoint Service disabled
PassiveID SPAN Service disabled
DHCP Server (dhcpd) disabled
DNS Server (named) disabled
ISE RabbitMQ Container running 9152
08-23-2019 05:57 AM
05-30-2023 06:42 AM
Probably you need to enable the Device Admin service under Deployment and then Edit the PSN persona services and enable Device Admin (Be careful that the Device Admin is use a dedicated licenses)
05-30-2023 09:34 PM
ISE 2.4 is already EoL/EoS:
Suggestion is to first upgrade the ISE deployment, test and update the results here.
12-07-2023 06:10 AM
ISE 2.4 was not EoL when the question was asked in 2019. Unfortunately, the OP didn't respond to the questions in the first response so there's no way of knowing what the actual resolution for them was.
12-06-2023 02:01 PM - edited 12-06-2023 02:05 PM
Check if Device Administration Service is enabled on that PSN.
Go to Administration -- Deployment -- click on the PSN, click on the checkbox next to Device Administration
12-07-2023 04:12 AM
Hi Team,
I'm posting in this forum, since I see the relevant discussion is running. Need support on finding the API[ansible]
a. Trying to find the API for enabling PSN work centers -> Overview -> Deployment -> Device Administration Deployment
=> Activate ISE Nodes for Device Administration
None
All Policy Service Nodes ------ > Finding API to enable the same via ansible
Specific Nodes
b. Similarly, trying to find API to enable Administration - >Network devices - > Network Device - Default Device
=> Default Network Device Status
Disable to Enable ---- > Need API for the same to use in Ansible.
This is to set password under TACACS
TACACS Authentication Settings
Enable TACACS
Shared Secret ____________
12-07-2023 06:07 AM
Please open a new question in this forum for this topic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide