Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
155
Views
0
Helpful
3
Replies

Trouble Authenticating Huawei Switch with Cisco ISE via HWTACACS

anfeldendani1996
Level 1
Level 1

‎04-23-2025 03:42 AM

Hi everyone,

I’m trying to integrate a Huawei switch (CE series) with Cisco ISE using HWTACACS for AAA, but I can't even get basic authentication to work.

Here’s what I’ve done so far:

  • Enabled TACACS+ service on ISE and added the Huawei switch as a network device with the correct IP and shared secret.

  • On the Huawei side, I’ve configured aaa, authentication-scheme, and hwtacacs-server parameters pointing to the ISE IP.

  • The shared secret matches, and I’ve set the fallback to local just in case.

But when I attempt to SSH into the switch using a test user configured in ISE, authentication fails completely.

Has anyone successfully made Huawei switches authenticate via TACACS+ on Cisco ISE?

thank youu

0 Helpful
3 Replies 3

marce1000
Hall of Fame
Hall of Fame

‎04-23-2025 04:09 AM

 

      - Check ISE live logs for the authentication attempt and find or try to find the reason that it failed,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

anfeldendani1996
Level 1
Level 1
In response to marce1000

‎04-23-2025 04:35 AM

hello @marce1000 , 

unfortunattly i don't find any related log in live log 

i have tried also with tcpdump but there is no traffic captured when i try to login . 

the communcation is successful between the ISE and the huawei switch , 

regards 

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to anfeldendani1996

‎04-23-2025 04:47 AM

 

  - If there is no traffic then there is a configuration problem on the Huawei :
    Check this documentation for guidelines : https://support.huawei.com/enterprise/en/doc/DOC1000114005/e8a19705/configuring-cisco-ise-to-authenticate-common-access-users-and-acs-to-authenticate-switch-administrators

                           Apparently you can also test radius on Huawei :   https://info.support.huawei.com/network/ptmngsys/Web/tsrev_s/en/content/s/34_edesk_Portal_Authentication_Fails/edesk_Portal_Authentication_Fails_edesk006.html
                            You will need to get this working with a positive result,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents