cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1722
Views
0
Helpful
3
Replies

Use current ISE with Cisco UCS manager

CarlosGarcia84
Level 1
Level 1

Hello,

I am trying to allow users that get AAA from ISE to our newer UCS manager. I have added the ISE to the provider group but for some reson is not authenticating network users that currently have access to other network gear.

3 Replies 3

hslai
Cisco Employee
Cisco Employee

I moved your discussion to Unified Computing System Discussions because the issue most likely specific to the configuration in UCS manager.

For ISE side, the troubleshoot should always start with the live logs.

Kirk J
Cisco Employee
Cisco Employee

Greetings.

I am assuming you have reviewed the authentication config guide at https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/4-0/b_Cisco_UCS_Admin_Mgmt_Guide_4-0/b_Cisco_UCS_Admin_Mgmt_Guide_4-0_chapter_0100.html

UCSM supports, radius, TACACS+, and LDAP.

As authentication mechanisms are time sensitive, please make sure the UCSM is pointed to same NTP time source as your ISE.

Please note that the UCSM uses a local role called 'admin' and not 'network-admin' that you sometimes see on other nxos devices.

 

Kirk...

Evan Mickel
Cisco Employee
Cisco Employee

An additional tip for troubleshooting authentication from the UCS side would be to utilize the 'debug aaa all' command.

 

1) SSH to the virtual IP for UCSM.

2) Run 'connect nxos'

3) Run 'debug aaa all'

4) Run an authentication attempt to UCSM with the desired username and password

 

You will likely want to log the session to collect the output.  Finally you'll need to run 'undebug all' at the conclusion of your testing to turn the debug off.

 

This information should provide a reasonable base of data with which to start your investigation.  This may be best reviewed by Cisco directly should the output not provide anything of value.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: