Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1925
Views
5
Helpful
5
Replies

Cisco ACS Radius configuration

Go to solution
zafar_118
Level 1
Level 1

‎09-11-2013 03:07 PM - edited ‎03-10-2019 08:53 PM

Hello,

I am trying to configure radius authentication on cisco ACS but running into issue. When i configure my Network Device Group in AAA Client setup to be one of radius device groups, my authentications are failing with authentication failure code as "

CS password invalid" but when i change my Network Device Group to "Not Assigned", everything starts working.

On my AAA client, when authentication are failing, i am seeing

packet from RADIUS server <ip address>  fails verification:

Please note that AAA client is a non cisco device.

Any suggestions?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎09-12-2013 02:34 AM

It seems you're running ACS 4.x. You're facing this issues because the key defined on the NDG level (XYZ network device group in your case) over-rides the key at the AAA client level.  Please make sure that you don't have different secret key on the AAA  client inside the NDG and on the NDG itself.

Not assigned is working because there is no key defined in that NDG.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NetCfg.html#wp342738

"Each device that is assigned to the Network Device Group will use the shared key that you enter here. The key that was assigned to the device  when it was added to the system is ignored. If the key entry is null, the AAA client key is used."

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

5 Replies 5

Go to solution
Naveen Kumar
Level 4
Level 4

‎09-11-2013 09:30 PM

Which ACS version you are using?

ACS 4.0 is having this problem, If you are using the same, please update and try.

0 Helpful

Go to solution
zafar_118
Level 1
Level 1
In response to Naveen Kumar

‎09-12-2013 06:39 AM

Hi Nkumarsr,

It is infact ACS v4.0. Is there any cisco bug/document related to this issue?

Thanks

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎09-12-2013 02:34 AM

It seems you're running ACS 4.x. You're facing this issues because the key defined on the NDG level (XYZ network device group in your case) over-rides the key at the AAA client level.  Please make sure that you don't have different secret key on the AAA  client inside the NDG and on the NDG itself.

Not assigned is working because there is no key defined in that NDG.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NetCfg.html#wp342738

"Each device that is assigned to the Network Device Group will use the shared key that you enter here. The key that was assigned to the device  when it was added to the system is ignored. If the key entry is null, the AAA client key is used."

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Go to solution
zafar_118
Level 1
Level 1
In response to Jatin Katyal

‎09-12-2013 06:48 AM

Hi Jatin,

Thanks, that was the issue. When i first created the NDG, it did not pay attention to the field.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to zafar_118

‎09-12-2013 01:35 PM

Glad to know zafar.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful
Customers Also Viewed These Support Documents