Cisco Bug: CSCvu55772 - ISE 2.6 TACACS+ Endstation Network Condition high step latency while accessing the NAD via console
Jun 30, 2020
- Cisco Identity Services Engine
Known Affected Releases
2.6(0.902) 2.6(0.903) 2.6(0.904) 2.6(0.905) 2.6(0.906)
Symptom: This issue is seen in both customer deployment and customer lab repro. But issue is not reproducible in my lab with exact same setup This issue is not seen in ISE 2.6, ISE 2.6 P1 but starting from P2 it's seen on customer environment Conditions: It happens with following authorization rules configured. Users are internal users One for Automation access - with endstation network condition and internal user One for Manual access - with internal users Endstation network condition contains only IP addresses of endstations The issue is seen when trying to access NAD - C9300 via console with Manual access users. There is big latency seen in: 15048 Queried PIP - Network Condition.Cisco CSPC IP (Step latency=10011ms Step latency=10011ms) Thus TACACS+ request times out and user can't access the device When accessing with console instead of IP this condition returns "async" and it can't get evaluated When we swap the places of conditions in automation access rule so that endstation network condition comes last then this issue with Manual access users aren't seen.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases