cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
298
Views
0
Helpful
1
Replies

ISE Radius only works after a change for a short time

billy_maclin
Level 1
Level 1

Using ISE as Radius for device login. Have a primary/secondary server, both synced and apparently no issues. However, Radius authentication only works for a short time and only after we make a change and save it. We are using DUO MFA, and we get the DUO push on the first and maybe second login, but then it fails until we make another minor change and save.

Running v 3.2 in VMware, each server has 2 NICs, but only the management NIC is in use, and is used for both ISE admin UI and for Radius.

We are NOT licensed for TACACS+ because our vendor said Radius will work just fine, but we won't have the same level of logging and accounting. So we do not have the 'Device Admin' setting enabled on either server. We tried it both with and without that setting enabled, but when enabled our UI shows that we are out of compliance because we don't own the license for TACACS+.

1 Reply 1

billy_maclin
Level 1
Level 1

Also note that AD authentication works perfectly. It is only when we add the DUO authentication that ISE behaves this way.