I'm having trouble understanding AAA processing logic. I just followed this guide to set up differentiated user level authentication profiles via TACACS+ on ACS version 5.6:http://www.security-solutions.co.za/Cisco-ACS-5.2-Role-Based-Authentication-A...

Before considering solutions, I must explain that there are two things I can NOT consider - First, migrating to a controller-based environment.  My preference, but not an option. Second, upgrading the drivers on the client machines, again my preferen...