01-15-2014 10:20 PM - edited 03-10-2019 09:17 PM
hi team,
I just like to ask about initial setup for acs 5.4 on appliance SNS 3415, the acs i'm planning to build will be standalone and not join to domain, on the initial set up name-server, primary and secondar dns is asking to configure, since it is not joining to the domain, is it necessary to configure it? or should i leave it blank? the acs also will be map to RSA server fro two factor authentication.
Need you advise thanks in advance.
01-15-2014 10:25 PM
Jaspher,
you can either join it to domain and also you cant join it to the domain.
it is your your wish but you have to have users inside the acs localy in order to authenticate with the ACS 5.4
Feel free to contact if you have question regarding ACS 5.4
Waisudin Farzam
please rate
01-15-2014 10:39 PM
Hi Waisudin,
thanks for the response appreciate it, my users should be local only and devices will be enroled on acs will be cisco device which will use tacacs.
If it is not too much to ask do you have guide documents configuring acs 5.4 for device authenthicaion, authorization and accounting. I'm just newbie on acs.
thanks in advance.
01-15-2014 10:54 PM
Jaspher,
1. you need to create your users inside the ACS local user database
2. then join the cisco devices with acs so that acs and cisco devices talk with each other
this is how acs and cisco devices work together.
what do you want to configure acs for
1. as a login services to telnet or ssh to your cisco devices
2. as a vpn login authentication services
RG
01-15-2014 11:55 PM
Hi Waisudin,
Appreciate your response on this.
For the initial set up as a login for ssh on cisco device. But we have vpn, in the future were planing to integrate also with acs. For now will just set up as device access. What I'm try to achive is to have level of access to the device for a certain users,I would also want to group each users for their department. in this setup it will be easier for me to identify logs and audit on monitoring and who are accessing the devices.
01-16-2014 04:05 AM
Hi Jaspher,
You will need to add your dns server details in the initial config of the ACS. The RSA token server and RADIUS identity servers in your external identity stores require dns lookups.
I have just finished configuring an ACS 5.4 for RSA two-factor authentication, if you find yourself stuck at any point just post!
Cheers.
01-23-2014 12:18 AM
Hi Nix,
I have set up the acs 5.4 and rsa server success full and able to authenticate however when it comes to authorization command from the device it says authorization failed
01-23-2014 12:39 AM
it looks that i create from the authorization is not working it falls on the default rule at the bottom which has deny rule.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide