cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

127
Views
0
Helpful
4
Replies
Beginner

Nexus 9k - First login rejected

Hi Guys

 

We're having a strange issue with our Nexus 9ks and wondering if anyone else has seen it before.

 

We use ISE as our AAA server with a normal TACACS+ connection but every time we attempt to connect to the switches, the 1st attempt succeeds from ISEs perspective but the switch closes the connection. The second connection attempt always succeeds. The user would just be local to the ISE store and tacacs timeout is set to 30 seconds. Theres no failures at all I can find.

 

We don't have the same issue on any of the catalyst switches with the same configurations.

 

Anyone come across this before?

 

Thanks!

Eoin

4 REPLIES 4
VIP Advisor

Re: Nexus 9k - First login rejected

You can check on the ISE what is the reason for rejection, is the ISE users or ISE uses external authentication against LDAP/AD ?

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: Nexus 9k - First login rejected

Hi Balaji

Thats the thing. ISE doesnt reject the connection. That gives successful Authentication and Authorization. The connection shuts down on the switch side.
Highlighted
VIP Advisor

Re: Nexus 9k - First login rejected

To Identify the issue, if we could enable debug logs and send  to syslogto co-related when the problem occurs or simulate the issue to understand what went wrong between ?

 

Do you have any CoPP policy in place on the switch ?

BB
*** Rate All Helpful Responses ***
Beginner

Re: Nexus 9k - First login rejected

Theres no CoPP policy on the switches outside of what comes with the default image.
We could easily replicate the issue as its with every logon and we have a syslog server. Just have to select which debugs to turn on.
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards