About mike.gusway

mike.gusway · 02-28-2025

Hello,I'm working on getting our 3850 and 9000 series switches changed over to TACACS+ authentication using ISE 3.1 and DUO for MFA. I followed this article:Duo MFA Integration with ISE for TACACS+ Device Administration with Microsoft Active Director...

mike.gusway · 02-01-2024

We have 2 new c9300X-48HXN-E switches, and both have the 9300X-NM-8Y uplink module. This module has 8 physical SFP+ ports but the switches only show 6 interfaces, Twe1/1/1-6. If I plug a transceiver into any of the first 6 I see it show up in the swi...

mike.gusway · 01-15-2019

Hello, We have installed a 9407 in a new building down the street from our primary datacenter, which has a VPC pair of Nexus 3Ks). We have 2 separate ISPs each providing us a real-time L2 link to that building. The intention is to provide redundant c...

mike.gusway · 02-28-2025

Answering my own question from earlier. On the switch I was testing with, there was a default "tacacs-server timeout 5" that doesn't show up in running-config unless you show running-confg all. I changed that value to 30 and now we have a proper 30 s...

mike.gusway · 02-28-2025

Answering my own question here in case someone else runs into the same issue.If I ran test aaa group tacacs+ username password legacyI would get the DUO push on my phone and the switch would say no response received from tacacs server if I waited 5 s...

mike.gusway · 02-28-2025

I have this (almost) working with ISE 3.1 and a 3850 switch. We were using TACACS+ already. I added DUO to the mix and when entering my password in the SSH session, I only have maybe 3 seconds before the switch says End of keyboard-interactive prompt...

mike.gusway · 02-05-2024

According to TAC, this is a hardware limitation of the c9300X-48HXN-E and we can only use 6 of the 8 ports on the 9300X-NM-8Y.From TAC: "About your issue, unfortunately we are facing a limitation - it is an expected behavior. Exactly the same ports y...

mike.gusway · 01-16-2024

Same scenario for me as well. This workaround solved the issue. Trying to add the latest Cisco Secure Client 5.1.1.42 for Windows and MacOS.

Member Since	‎08-04-2017 08:20 AM
Date Last Visited	‎04-22-2025 08:49 AM
Posts	11
Total Helpful Votes Received	2

User Statistics

User Activity

Cisco Switch login behavior with ISE, TACACS+ and DUO for MFA

9300X-NM-8Y only shows 6 TwentyFiveGigE interfaces

Connecting 2 switches with unequal speed links

Re: Protecting Access to Network devices with ISE TACACS+ and DUO MFA

Re: Cisco Switch login behavior with ISE, TACACS+ and DUO for MFA

Re: Protecting Access to Network devices with ISE TACACS+ and DUO MFA

Re: 9300X-NM-8Y only shows 6 TwentyFiveGigE interfaces

Re: Adding Client Image fails