11-02-2017 06:45 AM - edited 02-21-2020 10:37 AM
Working on a fresh deployment of ISE 2.3 with Patch one applied. I've setup authentication into ISE to use AD, but some data is being filtered. I've created a single AD group for admin access, and I've created the linkage between that group and super admin menu access group. It is odd. I can see the alarms on the summary page and I click an alarm, but when it opens the alarm page I cannot acknologe the alarm. Other things are off as well, like when I go to network devices I can see that there are network devices, in the right hand corner it shows 0 selected | Total 130, but none are displayed. Has anyone else run into this issue?
11-02-2017 07:08 AM
Well, that didn't take too long to resolve. I added menu access, but no data access. :-(
It is working fine now.
11-02-2017 08:34 AM
Good catch!
You're not alone - I did the same thing myself when I first setup RBAC on ISE.
11-02-2017 08:36 AM
11-02-2017 08:40 AM - edited 11-02-2017 06:18 PM
There is an identified bug on admin access when using AD accounts & duplicated default profiles (RBAC issue). Not sure if it was solved on 2.3. On my case, NO matter if I assigned super admin privileges to an specific AD Group, acknowledging the alarms is disabled, some tabs are not displayed, changing menu/data access visibility randomly works, etc. Answer I got was, you cannot duplicate or modify the default profiles for network administrator, helpdesk, etc. By now, I use the internal super admin account to manage the admin access profiles and permissions.
11-02-2017 08:43 AM
I'm opening a TAC case to verify if that is the issue in this case. I'm having another issue so I figured it makes sense to check.
11-10-2017 05:38 AM
TAC has had the case for a week and no response.
11-10-2017 05:50 AM
You should call the TAC and ask that your case be re-queued and/or to speak to the duty manager.
Assuming it was opened with the default severity level (Severity 3) you should have an initial response within 72 hours and updates at least every 72 hours thereafter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide