Using ISE as Radius for device login. Have a primary/secondary server, both synced and apparently no issues. However, Radius authentication only works for a short time and only after we make a change and save it. We are using DUO MFA, and we get the DUO push on the first and maybe second login, but then it fails until we make another minor change and save.
Running v 3.2 in VMware, each server has 2 NICs, but only the management NIC is in use, and is used for both ISE admin UI and for Radius.
We are NOT licensed for TACACS+ because our vendor said Radius will work just fine, but we won't have the same level of logging and accounting. So we do not have the 'Device Admin' setting enabled on either server. We tried it both with and without that setting enabled, but when enabled our UI shows that we are out of compliance because we don't own the license for TACACS+.