Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
798
Views
0
Helpful
0
Comments

Extended authentication fails for AAA clients with Cisco Secure ACS

TCC_2
Level 10
Level 10

‎06-22-2009 05:13 PM - edited ‎02-21-2020 09:56 PM

Core issue

There can be many reasons if extended authentication fails for a device, but one of the common reasons is that the Network Device Group (NDG) key takes precedence over the AAA client key.

Currently, ACS provides the ability to define a key for a whole NDG, which is then applied to all devices in that NDG. Even if the individual NAS has its own key defined, the NDG key takes precedence. This was done in order to allow users to quickly define one key for many devices, but it is not common for a group setting to automatically override an individual setting.

Resolution

The current workaround is not to define a key under the NDG if you want individual keys on all NASes.

Note: A enhancement request has been opened in Cisco bug ID CSCsi92512 in order to provide the ability to override the NDG key with the NAS individual key setting.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents