Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
0
Helpful
2
Replies

ACS 5.1 questions

Go to solution
sjhamb
Cisco Employee
Cisco Employee

‎12-27-2010 11:25 PM - edited ‎03-10-2019 05:40 PM

Acs Experts,

Need quick answers to few questions related to ACS 5.1 for a customer. I have not used the ACS5.1 yet so watch out for the easy questions

1) Is it possible to generate report for the users who are inactive for say last 30 days? Customer is looking to audit these users to see if they really need access to any device.

2) Are there any known issues while assigning the priviligaes level to users. In current implementation of this customer users are always logged into priv 1 though they are assigning the priv level of 5. I understand with ACS 4.x we can enable the exec process and assign the priv under user/group policy. What are the configurations that customer might be possiby missing in this case?

3) Is there any SNMP or other notification available in ACS 5.1 where admin can be notified at the time a particulat set of user logs in.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tiago Antunes
Cisco Employee
Cisco Employee

‎12-28-2010 01:45 AM

Hi,

Please find answers inline:

1) Is it possible  to generate report for the users who are inactive for say last 30 days?  Customer is looking to audit these users to see if they really need  access to any device.

[ANS] You can generate user reports using several items including reports for the last 30 days:

2)  Are there any known issues while assigning the priviligaes level to  users. In current implementation of this customer users are always  logged into priv 1 though they are assigning the priv level of 5. I  understand with ACS 4.x we can enable the exec process and assign the  priv under user/group policy. What are the configurations that customer  might be possiby missing in this case?

[ANS] You can do exactly the same implementation in ACS 5.x. Simply create Authorization profiles to apply to the users that succesfully authenticate.

3)  Is there any SNMP or other notification available in ACS 5.1 where  admin can be notified at the time a particulat set of user logs in.

[ANS] You can create "Alarms" that will send notification via e-mail and/or to a syslog server:

Monitoring and Reports > Alarms > Thresholds > Add

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Tiago Antunes
Cisco Employee
Cisco Employee

‎12-28-2010 01:45 AM

Hi,

Please find answers inline:

1) Is it possible  to generate report for the users who are inactive for say last 30 days?  Customer is looking to audit these users to see if they really need  access to any device.

[ANS] You can generate user reports using several items including reports for the last 30 days:

2)  Are there any known issues while assigning the priviligaes level to  users. In current implementation of this customer users are always  logged into priv 1 though they are assigning the priv level of 5. I  understand with ACS 4.x we can enable the exec process and assign the  priv under user/group policy. What are the configurations that customer  might be possiby missing in this case?

[ANS] You can do exactly the same implementation in ACS 5.x. Simply create Authorization profiles to apply to the users that succesfully authenticate.

3)  Is there any SNMP or other notification available in ACS 5.1 where  admin can be notified at the time a particulat set of user logs in.

[ANS] You can create "Alarms" that will send notification via e-mail and/or to a syslog server:

Monitoring and Reports > Alarms > Thresholds > Add

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

Go to solution
Rodrigo Gurriti
Level 3
Level 3
In response to Tiago Antunes

‎02-15-2013 01:21 PM

Sorry to bring this post back but I was looking at the ACS 5.x doc and I could not find where I can control the size of the database used on this report.

On ACS 4.x if I go to system configuration > logging > TACACS+ Accounting I can tell the ACS what is the size I allow it to keep, but could not find it on ACS 5.x. I need to keep enough for 90 days

0 Helpful
Customers Also Viewed These Support Documents