I hope someone can help me out here as I am totally stumped!!!

I've recently installed ISE and have gone through the setup and started adding devices with a standard AAA Radius Configuration.

The first one I've done works perectly but any subsequent device I try to add seems to be giving me problems in that when I try to log onto them using either the local-admin account I've configured or my domain account which has also been configured via an AD External ID Source it doesn't log into the device and comes back with

% Authorisation Failed

This is despite using the exact same commands that I used on my original device that is working fine!!

Here is teh config that is applied to both the devices

aaa new-model

Username local-admin privilege 15 password password

aaa group server radius ISE_Servers

server 10.200.1.19 auth-port 1645 acct-port 1646

server 10.200.2.19 auth-port 1645 acct-port 1646

aaa authentication login default group ISE_Servers local

aaa authentication enable default group ISE_Servers enable

aaa authorization exec default group ISE_Servers local if-authenticated

aaa accounting exec default start-stop group ISE_Servers

aaa accounting send stop-record authentication failure

aaa accounting commands 0 default start-stop group ISE_Servers

aaa accounting commands 1 default start-stop group ISE_Servers

aaa accounting commands 15 default start-stop group ISE_Servers

aaa accounting connection default start-stop group ISE_Servers

radius-server host 10.200.1.19 key Th4m3-Acc355

radius-server host 10.200.2.19 key Th4m3-Acc355

I've also run radius debugging which returned the following

083260: 24w1d: RADIUS: Pick NAS IP for u=0x26FC4D4 tableid=0 cfg_addr=0.0.0.0

083261: 24w1d: RADIUS: ustruct sharecount=1

083262: 24w1d: Radius: radius_port_info() success=1 radius_nas_port=1

083263: 24w1d: RADIUS(00000000): Send Access-Request to 10.200.1.19:1645 id 1645/12, len 80

083264: 24w1d: RADIUS:  authenticator 37 DE 3F 3F 39 2A 36 20 - FB 2E 43 1C 3D F3 C7 B7

083265: 24w1d: RADIUS:  NAS-IP-Address      [4]   6   192.168.10.248

083266: 24w1d: RADIUS:  NAS-Port            [5]   6   2

083267: 24w1d: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]

083268: 24w1d: RADIUS:  User-Name           [1]   11  "$$-jregan"

083269: 24w1d: RADIUS:  Calling-Station-Id  [31]  13  "10.200.1.19"

083270: 24w1d: RADIUS:  User-Password       [2]   18  *

083271: 24w1d: RADIUS: Received from id 1645/12 10.200.1.19:1645, Access-Accept, len 159

083272: 24w1d: RADIUS:  authenticator E6 CA 66 80 AA E2 39 0F - FE FE 7C 3D 50 A7 17 CC

083273: 24w1d: RADIUS:  User-Name           [1]   11  "$$-jregan"

083274: 24w1d: RADIUS:  State               [24]  40

083275: 24w1d: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 61  [ReauthSession:0a]

083276: 24w1d: RADIUS:   63 38 30 31 31 33 30 30 30 30 30 30 39 30 35 31  [c801130000009051]

083277: 24w1d: RADIUS:   37 39 34 32 45 33                                [7942E3]

083278: 24w1d: RADIUS:  Class               [25]  57

083279: 24w1d: RADIUS:   43 41 43 53 3A 30 61 63 38 30 31 31 33 30 30 30  [CACS:0ac80113000]

083280: 24w1d: RADIUS:   30 30 30 39 30 35 31 37 39 34 32 45 33 3A 54 4D  [00090517942E3:TM]

083281: 24w1d: RADIUS:   2D 56 4D 2D 49 53 45 30 31 2F 31 35 32 31 30 37  [-VM-ISE01/152107]

083282: 24w1d: RADIUS:   35 36 33 2F 36 37 39                             [563/679]

083283: 24w1d: RADIUS:  Termination-Action  [29]  6   1

083284: 24w1d: RADIUS:  Vendor, Cisco       [26]  25

083285: 24w1d: RADIUS:   Cisco AVpair       [1]   19  "shell:priv-lvl=15"

083286: 24w1d: RADIUS: saved authorization data for user 26FC4D4 at 2703008

083287: 24w1d: RADIUS: cisco AVPair "shell:priv-lvl=15"

083288: 24w1d: RADIUS: no appropriate authorization type for user.

008420: 19w4d: RADIUS(00000238): Config NAS IP: 0.0.0.0

008421: 19w4d: RADIUS/ENCODE(00000238): acct_session_id: 55

008422: 19w4d: RADIUS(00000238): sending

008423: 19w4d: RADIUS/ENCODE: Best Local IP-Address 192.168.10.7 for Radius-Server 10.200.1.19

008424: 19w4d: RADIUS(00000238): Send Access-Request to 10.200.1.19:1645 id 1645/79, len 127

008425: 19w4d: RADIUS:  authenticator C0 41 17 99 51 1E DE 63 - 7B BB 8F 26 23 A3 A0 C5

008426: 19w4d: RADIUS:  User-Name           [1]   11  "$$-jregan"

008427: 19w4d: RADIUS:  User-Password       [2]   18  *

008428: 19w4d: RADIUS:  NAS-Port            [5]   6   1

008429: 19w4d: RADIUS:  NAS-Port-Id         [87]  6   "tty1"

008430: 19w4d: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]

008431: 19w4d: RADIUS:  Calling-Station-Id  [31]  14  "192.168.2.51"

008432: 19w4d: RADIUS:  State               [24]  40

008433: 19w4d: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 61  [ReauthSession:0a]

008434: 19w4d: RADIUS:   63 38 30 31 31 33 30 30 30 30 30 30 38 43 35 31  [c801130000008C51]

008435: 19w4d: RADIUS:   37 39 33 46 32 33            [ 793F23]

008436: 19w4d: RADIUS:  NAS-IP-Address      [4]   6   192.168.10.7

008437: 19w4d: RADIUS: Received from id 1645/79 10.200.1.19:1645, Access-Accept, len 159

008438: 19w4d: RADIUS:  authenticator 7D 10 74 E1 96 86 9C FD - 4D C5 E7 5D 54 2B 18 A9

008439: 19w4d: RADIUS:  User-Name           [1]   11  "$$-jregan"

008440: 19w4d: RADIUS:  State               [24]  40

008441: 19w4d: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 61  [ReauthSession:0a]

008442: 19w4d: RADIUS:   63 38 30 31 31 33 30 30 30 30 30 30 38 43 35 31  [c801130000008C51]

008443: 19w4d: RADIUS:   37 39 33 46 32 33            [ 793F23]

008444: 19w4d: RADIUS:  Class               [25]  57

008445: 19w4d: RADIUS:   43 41 43 53 3A 30 61 63 38 30 31 31 33 30 30 30  [CACS:0ac80113000]

008446: 19w4d: RADIUS:   30 30 30 38 43 35 31 37 39 33 46 32 33 3A 54 4D  [0008C51793F23:TM]

008447: 19w4d: RADIUS:   2D 56 4D 2D 49 53 45 30 31 2F 31 35 32 31 30 37  [-VM-ISE01/152107]

008448: 19w4d: RADIUS:   35 36 33 2F 36 37 36           [ 563/676]

008449: 19w4d: RADIUS:  Termination-Action  [29]  6   1

008450: 19w4d: RADIUS:  Vendor, Cisco       [26]  25

008451: 19w4d: RADIUS:   Cisco AVpair       [1]   19  "shell:priv-lvl=15"

008452: 19w4d: RADIUS(00000238): Received from id 1645/79

TbS6966#

the debug output for the working device is as follows

008420: 19w4d: RADIUS(00000238): Config NAS IP: 0.0.0.0
008421: 19w4d: RADIUS/ENCODE(00000238): acct_session_id: 55
008422: 19w4d: RADIUS(00000238): sending
008423: 19w4d: RADIUS/ENCODE: Best Local IP-Address 192.168.10.7 for Radius-Server 10.200.1.19
008424: 19w4d: RADIUS(00000238): Send Access-Request to 10.200.1.19:1645 id 1645/79, len 127
008425: 19w4d: RADIUS:  authenticator C0 41 17 99 51 1E DE 63 - 7B BB 8F 26 23 A3 A0 C5
008426: 19w4d: RADIUS:  User-Name           [1]   11  "$$-jregan"
008427: 19w4d: RADIUS:  User-Password       [2]   18  *
008428: 19w4d: RADIUS:  NAS-Port            [5]   6   1
008429: 19w4d: RADIUS:  NAS-Port-Id         [87]  6   "tty1"
008430: 19w4d: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
008431: 19w4d: RADIUS:  Calling-Station-Id  [31]  14  "192.168.2.51"
008432: 19w4d: RADIUS:  State               [24]  40
008433: 19w4d: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 61  [ReauthSession:0a]
008434: 19w4d: RADIUS:   63 38 30 31 31 33 30 30 30 30 30 30 38 43 35 31  [c801130000008C51]
008435: 19w4d: RADIUS:   37 39 33 46 32 33            [ 793F23]
008436: 19w4d: RADIUS:  NAS-IP-Address      [4]   6   192.168.10.7
008437: 19w4d: RADIUS: Received from id 1645/79 10.200.1.19:1645, Access-Accept, len 159
008438: 19w4d: RADIUS:  authenticator 7D 10 74 E1 96 86 9C FD - 4D C5 E7 5D 54 2B 18 A9
008439: 19w4d: RADIUS:  User-Name           [1]   11  "$$-jregan"
008440: 19w4d: RADIUS:  State               [24]  40
008441: 19w4d: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 61  [ReauthSession:0a]
008442: 19w4d: RADIUS:   63 38 30 31 31 33 30 30 30 30 30 30 38 43 35 31  [c801130000008C51]
008443: 19w4d: RADIUS:   37 39 33 46 32 33            [ 793F23]
008444: 19w4d: RADIUS:  Class               [25]  57
008445: 19w4d: RADIUS:   43 41 43 53 3A 30 61 63 38 30 31 31 33 30 30 30  [CACS:0ac80113000]
008446: 19w4d: RADIUS:   30 30 30 38 43 35 31 37 39 33 46 32 33 3A 54 4D  [0008C51793F23:TM]
008447: 19w4d: RADIUS:   2D 56 4D 2D 49 53 45 30 31 2F 31 35 32 31 30 37  [-VM-ISE01/152107]
008448: 19w4d: RADIUS:   35 36 33 2F 36 37 36           [ 563/676]
008449: 19w4d: RADIUS:  Termination-Action  [29]  6   1
008450: 19w4d: RADIUS:  Vendor, Cisco       [26]  25
008451: 19w4d: RADIUS:   Cisco AVpair       [1]   19  "shell:priv-lvl=15"
008452: 19w4d: RADIUS(00000238): Received from id 1645/79

If anyone has experienced this before or know of a document that can assist I would be eternally grateful

Thanks