https://community.cisco.com/t5/network-access-control/acs-5-1-questions/m-p/1579924#M258421 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Please find answers inline:</P><P><SPAN style="background-color: #f8fafd;">1) Is it possible&nbsp; to generate report for the users who are inactive for say last 30 days?&nbsp; Customer is looking to audit these users to see if they really need&nbsp; access to any device.</SPAN></P><P>[ANS] You can generate user reports using several items including reports for the last 30 days:</P><P><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/" /></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/9/9/7/9799-User_Reports.jpg" class="jive-image" /></P><P></P><P><SPAN style="background-color: #f8fafd;">2)&nbsp; Are there any known issues while assigning the priviligaes level to&nbsp; users. In current implementation of this customer users are always&nbsp; logged into priv 1 though they are assigning the priv level of 5. I&nbsp; understand with ACS 4.x we can enable the exec process and assign the&nbsp; priv under user/group policy. What are the configurations that customer&nbsp; might be possiby missing in this case?</SPAN></P><P>[ANS] You can do exactly the same implementation in ACS 5.x. Simply create Authorization profiles to apply to the users that succesfully authenticate.</P><P></P><P></P><P><SPAN style="background-color: #f8fafd;">3)&nbsp; Is there any SNMP or other notification available in ACS 5.1 where&nbsp; admin can be notified at the time a particulat set of user logs in. </SPAN></P><P>[ANS] You can create "Alarms" that will send notification via e-mail and/or to a syslog server:</P><TABLE border="0" cellspacing="0" class="cuesBreadcrumbTable" id="cuesBreadcrumbTable"><TBODY><TR><TD><SPAN class="cuesBreadcrumbStatic">Monitoring and Reports</SPAN> &gt; </TD><TD class="cuesBreadcrumbMore" style="display: none;">... &gt; </TD><TD title="Alarms"><SPAN class="cuesBreadcrumbStatic">Alarms</SPAN> &gt; </TD><TD title="Thresholds"><SPAN class="cuesBreadcrumbStatic">Thresholds</SPAN> &gt; </TD><TD><SPAN class="cuesBreadcrumbLast">Add</SPAN></TD></TR></TBODY></TABLE><P></P><P></P><P>HTH,<BR />Tiago</P><P></P><DIV class="jive-rendered-content"><DIV class="jive-rendered-content"><P>--</P><P>If&nbsp; this helps you and/or answers your question please mark the question as&nbsp; "answered" and/or rate it, so other users can easily find it.</P></DIV></DIV></BODY></HTML> Tue, 28 Dec 2010 09:45:23 GMT Tiago Antunes 2010-12-28T09:45:23Z https://community.cisco.com/t5/network-access-control/acs-5-1-questions/m-p/1579923#M258409 <P><SPAN style="background-color: #f8fafd;">Acs Experts,</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">Need quick answers to few questions related to ACS 5.1 for a customer. I have not used the ACS5.1 yet so watch out for the easy questions <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;">1) Is it possible to generate report for the users who are inactive for say last 30 days? Customer is looking to audit these users to see if they really need access to any device.</SPAN></P><P><SPAN style="background-color: #f8fafd;">2) Are there any known issues while assigning the priviligaes level to users. In current implementation of this customer users are always logged into priv 1 though they are assigning the priv level of 5. I understand with ACS 4.x we can enable the exec process and assign the priv under user/group policy. What are the configurations that customer might be possiby missing in this case?</SPAN></P><P><SPAN style="background-color: #f8fafd;">3) Is there any SNMP or other notification available in ACS 5.1 where admin can be notified at the time a particulat set of user logs in. </SPAN></P><P></P><P></P><P></P><P><SPAN style="background-color: #f8fafd;">Thanks</SPAN></P> Mon, 11 Mar 2019 00:40:31 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-questions/m-p/1579923#M258409 sjhamb 2019-03-11T00:40:31Z https://community.cisco.com/t5/network-access-control/acs-5-1-questions/m-p/1579924#M258421 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Please find answers inline:</P><P><SPAN style="background-color: #f8fafd;">1) Is it possible&nbsp; to generate report for the users who are inactive for say last 30 days?&nbsp; Customer is looking to audit these users to see if they really need&nbsp; access to any device.</SPAN></P><P>[ANS] You can generate user reports using several items including reports for the last 30 days:</P><P><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/" /></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/9/9/7/9799-User_Reports.jpg" class="jive-image" /></P><P></P><P><SPAN style="background-color: #f8fafd;">2)&nbsp; Are there any known issues while assigning the priviligaes level to&nbsp; users. In current implementation of this customer users are always&nbsp; logged into priv 1 though they are assigning the priv level of 5. I&nbsp; understand with ACS 4.x we can enable the exec process and assign the&nbsp; priv under user/group policy. What are the configurations that customer&nbsp; might be possiby missing in this case?</SPAN></P><P>[ANS] You can do exactly the same implementation in ACS 5.x. Simply create Authorization profiles to apply to the users that succesfully authenticate.</P><P></P><P></P><P><SPAN style="background-color: #f8fafd;">3)&nbsp; Is there any SNMP or other notification available in ACS 5.1 where&nbsp; admin can be notified at the time a particulat set of user logs in. </SPAN></P><P>[ANS] You can create "Alarms" that will send notification via e-mail and/or to a syslog server:</P><TABLE border="0" cellspacing="0" class="cuesBreadcrumbTable" id="cuesBreadcrumbTable"><TBODY><TR><TD><SPAN class="cuesBreadcrumbStatic">Monitoring and Reports</SPAN> &gt; </TD><TD class="cuesBreadcrumbMore" style="display: none;">... &gt; </TD><TD title="Alarms"><SPAN class="cuesBreadcrumbStatic">Alarms</SPAN> &gt; </TD><TD title="Thresholds"><SPAN class="cuesBreadcrumbStatic">Thresholds</SPAN> &gt; </TD><TD><SPAN class="cuesBreadcrumbLast">Add</SPAN></TD></TR></TBODY></TABLE><P></P><P></P><P>HTH,<BR />Tiago</P><P></P><DIV class="jive-rendered-content"><DIV class="jive-rendered-content"><P>--</P><P>If&nbsp; this helps you and/or answers your question please mark the question as&nbsp; "answered" and/or rate it, so other users can easily find it.</P></DIV></DIV></BODY></HTML> Tue, 28 Dec 2010 09:45:23 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-questions/m-p/1579924#M258421 Tiago Antunes 2010-12-28T09:45:23Z https://community.cisco.com/t5/network-access-control/acs-5-1-questions/m-p/1579925#M258446 <HTML><HEAD></HEAD><BODY><P>Sorry to bring this post back but I was looking at the ACS 5.x doc and I could not find where I can control the size of the database used on this report. </P><P></P><P>On ACS 4.x if I go to system configuration &gt; logging &gt; TACACS+ Accounting I can tell the ACS what is the size I allow it to keep, but could not find it on ACS 5.x. I need to keep enough for 90 days </P></BODY></HTML> Fri, 15 Feb 2013 21:21:46 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-questions/m-p/1579925#M258446 Rodrigo Gurriti 2013-02-15T21:21:46Z