https://community.cisco.com/t5/network-access-control/key-precedence-when-using-aaa-group-server-and-radius-server/m-p/1767426#M439721 <P>Looking at the following configuration on a Cisco Router:</P> <P>&nbsp;</P> <P>!<BR />aaa group server radius 8021x<BR />&nbsp; <SPAN style="color: #ff0000;">server-private 192.168.1.1</SPAN> auth-port 1812 acct-port 1813 key <SPAN style="color: #ff0000;">SECRET-A</SPAN><BR />!<BR />aaa group server radius radius-auth<BR /><SPAN style="color: #333333;"> server-private 192.168.2.1</SPAN> auth-port 1645 acct-port 1646 key SECRET-B<BR />!<BR /><SPAN style="color: #0000ff;">radius-server host 192.168.1.1</SPAN> auth-port 1812 acct-port 1813 key <SPAN style="color: #0000ff;">SECRET-C</SPAN><BR />!<BR /><BR />The question is:</P> <P>&nbsp;</P> <P>When considering the radius server 192.168.1.1 which password / key will take precedence: <SPAN style="color: #ff0000;">SECRET-A</SPAN> or<SPAN style="color: #0000ff;"> SECRET-B</SPAN> ?</P> <P>&nbsp;</P> <P>Reading the documentation posted below the answer is:</P> <P>&nbsp;</P> <P><SPAN style="color: #ff0000;">SECRET-A</SPAN>, because:<BR />In cases where both global commands and server commands are used, the server command will take precedence over the global command.</P> <P>&nbsp;</P> <P>Does anyone know if this is correct ? Which key will take precedence ?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>See:</P> <P>&nbsp;</P> <P>See: <A href="http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001168" target="_blank">http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001168</A></P> <P>&nbsp;</P> <P>See: <A href="http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001482" target="_blank">http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001482</A></P> Mon, 24 Feb 2020 19:11:01 GMT klaustecnico 2020-02-24T19:11:01Z https://community.cisco.com/t5/network-access-control/key-precedence-when-using-aaa-group-server-and-radius-server/m-p/1767426#M439721 <P>Looking at the following configuration on a Cisco Router:</P> <P>&nbsp;</P> <P>!<BR />aaa group server radius 8021x<BR />&nbsp; <SPAN style="color: #ff0000;">server-private 192.168.1.1</SPAN> auth-port 1812 acct-port 1813 key <SPAN style="color: #ff0000;">SECRET-A</SPAN><BR />!<BR />aaa group server radius radius-auth<BR /><SPAN style="color: #333333;"> server-private 192.168.2.1</SPAN> auth-port 1645 acct-port 1646 key SECRET-B<BR />!<BR /><SPAN style="color: #0000ff;">radius-server host 192.168.1.1</SPAN> auth-port 1812 acct-port 1813 key <SPAN style="color: #0000ff;">SECRET-C</SPAN><BR />!<BR /><BR />The question is:</P> <P>&nbsp;</P> <P>When considering the radius server 192.168.1.1 which password / key will take precedence: <SPAN style="color: #ff0000;">SECRET-A</SPAN> or<SPAN style="color: #0000ff;"> SECRET-B</SPAN> ?</P> <P>&nbsp;</P> <P>Reading the documentation posted below the answer is:</P> <P>&nbsp;</P> <P><SPAN style="color: #ff0000;">SECRET-A</SPAN>, because:<BR />In cases where both global commands and server commands are used, the server command will take precedence over the global command.</P> <P>&nbsp;</P> <P>Does anyone know if this is correct ? Which key will take precedence ?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>See:</P> <P>&nbsp;</P> <P>See: <A href="http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001168" target="_blank">http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001168</A></P> <P>&nbsp;</P> <P>See: <A href="http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001482" target="_blank">http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001482</A></P> Mon, 24 Feb 2020 19:11:01 GMT https://community.cisco.com/t5/network-access-control/key-precedence-when-using-aaa-group-server-and-radius-server/m-p/1767426#M439721 klaustecnico 2020-02-24T19:11:01Z