cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

945
Views
0
Helpful
3
Replies
Highlighted
Beginner

ACS 5.2 appliance cli access

Hi~

Could you please tell me how can I make user access for CLI (shell) on ACS appliance by means of WEB GUI. The point is that I have ACSAdmin as well as another administrator role users, but can't get access to appliance through SSH (Permission denied (publickey,password,keyboard-interactive).). I need to troubleshoot RADIUS requests from my APC Networc Management Cards, by means of some sort of tcpdump, becouse I dont get any logs in ACS from APC cards.

3 REPLIES 3
Highlighted
Enthusiast

I don't think there is a way of getting CLI access on an ACS appliance. If you're not seeing any activity in the ACS logs from your APC cards then either you need to enable more detailed logging on the ACS applicance or the RADIUS requests from the APC cards aren't reaching the ACS applicance. Are there any firewalls, etc between the two devices that might be blocking RADIUS packets?

Highlighted

then either you need to enable more detailed logging on the ACS applicance

How can I do this?

or the RADIUS requests from the APC cards aren't reaching the ACS applicance

This is what I'm trying to find out.

Are there any firewalls, etc between the two devices that might be blocking RADIUS packets?

No man, there is a clear IP connectivity between, but problem is that I can't troubleshoot RADIUS requests/replies on this part of transmission nor from APC side neither from ACS. I check all possible log records in "Monitoring and Reports" tab, but didn't find any request from APC devices.

Also, if you have any configuration examples for APC (APC9630) devices RADIUS authentication by ACS 5.2 will be appreciated for the information. I have followed this  howto to configure VSA and apply policy, but still it doesn't work. I just want to verify are the RADIUS requests reach ACS or not.

Thank you.

Highlighted

Max logging: System Configuration, Logging, make sure CSV Failed...., CSV Passed....., CSV RADIUS.... are checked. If not click the log name to enable and make sure the "Log to CSV XXXX" tick box is checked. While there, make sure the relevant logging features are in the Logged Attributes column.

If you've done this and nothing appears in the logs it's likely the RADIUS requests from the APC cards aren't reaching the ACS. You could try using the alternative RADIUS ports 1812/1813 or 1645/1646. The other option is to use Wireshark to capture the packets leaving the APC cards and see if it's actually sending any RADIUS requests and if so where they are going.

I don't have any example configs for this setup but the above steps should help you identify where it's failing.