05-17-2022 01:33 AM
Anyone know how to renew an expired trustsec PAC on ISE? I'm asking this because we can't SSH into our switches any more. W keep getting "expired PAC" when trying to log in. When we check ISE, we see that the PAC expired for quite a while ago. Check the attached images.
I can't find a document on how to renew it. Only configuration
Solved! Go to Solution.
06-13-2023 05:28 PM
I raised a case about this in 2021 and despite "fixing" it at the time still have it happen across most of our fleet. In case this is easier for some people than visiting the switch with a console cable, if you have HTTPS to the switch configured with a local user you can use that to run the required CLI (Administration -> CLI -> "cts refresh pac" / "show cts pacs".
08-04-2023 03:47 AM
But what was the root cause ? Why does the device not renew the PAC automatically ?
Is there a BugID for this ?
Thanks
Thomas
12-11-2023 03:22 AM
Hi,
So we got to the bottom of this with TAC.
The issue is due to authentication events for WLC user in ISE not logged in the prrt-server.log.
08-30-2023 03:32 AM
There is a second topic for the same issue
https://community.cisco.com/t5/network-access-control/unable-to-log-into-wlc/td-p/4668655
This seems to renew correctly on the 1st automated attempt and fails on the second.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide