This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I just like to ask about initial setup for acs 5.4 on appliance SNS 3415, the acs i'm planning to build will be standalone and not join to domain, on the initial set up name-server, primary and secondar dns is asking to configure, since it is not joining to the domain, is it necessary to configure it? or should i leave it blank? the acs also will be map to RSA server fro two factor authentication.
Need you advise thanks in advance.
you can either join it to domain and also you cant join it to the domain.
it is your your wish but you have to have users inside the acs localy in order to authenticate with the ACS 5.4
Feel free to contact if you have question regarding ACS 5.4
thanks for the response appreciate it, my users should be local only and devices will be enroled on acs will be cisco device which will use tacacs.
If it is not too much to ask do you have guide documents configuring acs 5.4 for device authenthicaion, authorization and accounting. I'm just newbie on acs.
thanks in advance.
1. you need to create your users inside the ACS local user database
2. then join the cisco devices with acs so that acs and cisco devices talk with each other
this is how acs and cisco devices work together.
what do you want to configure acs for
1. as a login services to telnet or ssh to your cisco devices
2. as a vpn login authentication services
Appreciate your response on this.
For the initial set up as a login for ssh on cisco device. But we have vpn, in the future were planing to integrate also with acs. For now will just set up as device access. What I'm try to achive is to have level of access to the device for a certain users,I would also want to group each users for their department. in this setup it will be easier for me to identify logs and audit on monitoring and who are accessing the devices.
You will need to add your dns server details in the initial config of the ACS. The RSA token server and RADIUS identity servers in your external identity stores require dns lookups.
I have just finished configuring an ACS 5.4 for RSA two-factor authentication, if you find yourself stuck at any point just post!
I have set up the acs 5.4 and rsa server success full and able to authenticate however when it comes to authorization command from the device it says authorization failed