cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
281
Views
0
Helpful
3
Replies
Highlighted
Beginner

Use current ISE with Cisco UCS manager

Hello,

I am trying to allow users that get AAA from ISE to our newer UCS manager. I have added the ISE to the provider group but for some reson is not authenticating network users that currently have access to other network gear.

3 REPLIES 3
Highlighted
Cisco Employee

Re: Use current ISE with Cisco UCS manager

I moved your discussion to Unified Computing System Discussions because the issue most likely specific to the configuration in UCS manager.

For ISE side, the troubleshoot should always start with the live logs.

Highlighted
Cisco Employee

Re: Use current ISE with Cisco UCS manager

Greetings.

I am assuming you have reviewed the authentication config guide at https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/4-0/b_Cisco_UCS_Admin_Mgmt_Guide_4-0/b_Cisco_UCS_Admin_Mgmt_Guide_4-0_chapter_0100.html

UCSM supports, radius, TACACS+, and LDAP.

As authentication mechanisms are time sensitive, please make sure the UCSM is pointed to same NTP time source as your ISE.

Please note that the UCSM uses a local role called 'admin' and not 'network-admin' that you sometimes see on other nxos devices.

 

Kirk...

Cisco Employee

Re: Use current ISE with Cisco UCS manager

An additional tip for troubleshooting authentication from the UCS side would be to utilize the 'debug aaa all' command.

 

1) SSH to the virtual IP for UCSM.

2) Run 'connect nxos'

3) Run 'debug aaa all'

4) Run an authentication attempt to UCSM with the desired username and password

 

You will likely want to log the session to collect the output.  Finally you'll need to run 'undebug all' at the conclusion of your testing to turn the debug off.

 

This information should provide a reasonable base of data with which to start your investigation.  This may be best reviewed by Cisco directly should the output not provide anything of value.

CreatePlease to create content
Content for Community-Ad
Software Conformance Survey