12-10-2018 01:42 AM
Hi,
we have configured cisco ISE for authentication and authorization.
The setup works fine but sometimes we have the problem that users are not authorized.
In 8 of 10 login attempts the authentication is fine for the nexus 7702 but no authorization request is sent to the ISE.
Other nexus like 7706 dont have this problem, aaa and tacacs config are identically.
Also the NXOS version is the same 8.1.1. We only observed this behavior with the nexus 7702.
Anyone see the same issue?
Best regards
Andre
Solved! Go to Solution.
12-10-2018 02:54 AM
02-05-2019 04:38 AM
The problem was solved by removing the single-connection in the tacacs-server host config.
Unclear why the same config and OS works with 7706 but not with 7702.
12-10-2018 02:25 AM
12-10-2018 02:50 AM
Hi,
which debug commands would you suggest for the nexus? On the ISE we did some TCP dumps were we can see that there are rarely authorization requests from the nexus 7702.
André
12-10-2018 02:54 AM
12-10-2018 03:12 AM
Hi,
thank you, we will check this.
Best regards
André
02-05-2019 04:38 AM
The problem was solved by removing the single-connection in the tacacs-server host config.
Unclear why the same config and OS works with 7706 but not with 7702.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide