Hi Community, I am having some difficulty making my two Routers (ISR4431 and ISR4451) to work on TACACS.

The configs are here:

Router# show run | sec aaa

aaa new-model

aaa group server tacacs+ ISE-TACACS

server name ISESERVERPAN01

server name ISESERVERPAN02

ip vrf forwarding mgmt-interface

aaa group server radius ISE-RADIUS

server name ISESERVERPAN01

server name ISESERVERPAN02

aaa authentication login default group ISE-TACACS local

aaa authentication dot1x default group ISE-RADIUS

aaa authorization config-commands

aaa authorization exec default group ISE-TACACS local

aaa authorization commands 1 default group ISE-TACACS local

aaa authorization commands 15 default group ISE-TACACS local

aaa authorization network default group ISE-RADIUS

aaa authorization auth-proxy default group ISE-RADIUS

aaa accounting update newinfo periodic 2880

aaa accounting dot1x default start-stop group ISE-RADIUS

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group ISE-TACACS

aaa accounting commands 15 default start-stop group ISE-TACACS

aaa session-id common

Router# show run | sec tacacs

aaa group server tacacs+ ISE-TACACS

server name ISESERVERPAN02

server name ISESERVERPAN01

ip vrf forwarding mgmt-interface

aaa accounting exec default start-stop group tacacs+

ip tacacs source-interface GigabitEthernet0/0/3

tacacs server ISESERVERPAN01

address ipv4 10.10.10.10

key 7 1234567890987654321

tacacs server ISESERVERPAN02

address ipv4 10.10.10.11

key 7 1234567890987654321

The devices was added to ISE devices with these config

TACACS Authentication Settings
>Shared Secret = 1234567890987654321

>Enable Single Connection Mode = Unchecked and Radio Button is on Legacy Cisco Device

I tried to play on this section but still to no avail. I even don't get any logs for my account when I checked on TACACS Live Logs.

Take note that all other devices that we have are working. These Routers are the only devices that we cannot add to TACACS.