We're having a strange issue with our Nexus 9ks and wondering if anyone else has seen it before.
We use ISE as our AAA server with a normal TACACS+ connection but every time we attempt to connect to the switches, the 1st attempt succeeds from ISEs perspective but the switch closes the connection. The second connection attempt always succeeds. The user would just be local to the ISE store and tacacs timeout is set to 30 seconds. Theres no failures at all I can find.
We don't have the same issue on any of the catalyst switches with the same configurations.
Anyone come across this before?
You can check on the ISE what is the reason for rejection, is the ISE users or ISE uses external authentication against LDAP/AD ?
To Identify the issue, if we could enable debug logs and send to syslogto co-related when the problem occurs or simulate the issue to understand what went wrong between ?
Do you have any CoPP policy in place on the switch ?