Preview Tool

Cisco Bug: CSCvu55772 - ISE 2.6 TACACS+ Endstation Network Condition high step latency while accessing the NAD via console

Last Modified

Jun 30, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.6(0.902) 2.6(0.903) 2.6(0.904) 2.6(0.905) 2.6(0.906)

Description (partial)

This issue is seen in both customer deployment and customer lab repro. But issue is not reproducible in my lab with exact same setup
This issue is not seen in ISE 2.6, ISE 2.6 P1 but starting from P2 it's seen on customer environment

It happens with following authorization rules configured. Users are internal users

One for Automation access - with endstation network condition and internal user
One for Manual access - with internal users

Endstation network condition contains only IP addresses of endstations
The issue is seen when trying to access NAD - C9300 via console with Manual access users. There is big latency seen in: 15048  Queried PIP - Network Condition.Cisco CSPC IP (Step latency=10011ms Step latency=10011ms)
Thus TACACS+ request times out and user can't access the device
When accessing with console instead of IP this condition returns "async" and it can't get evaluated

When we swap the places of conditions in automation access rule so that endstation network condition comes last then this issue with Manual access users aren't seen.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.