cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2139
Views
0
Helpful
7
Replies

ACS 5.4 setup

jlucero2424
Level 1
Level 1

hi team,

I just like to ask about initial setup for acs 5.4 on appliance SNS 3415, the acs i'm planning to build will be standalone and not join to domain, on the initial set up name-server, primary and secondar dns is asking to configure, since it is not joining to the domain, is it necessary to configure it? or should i leave it blank? the acs also will be map to RSA server fro two factor authentication.

Need you advise thanks in advance.

7 Replies 7

Waisudin Farzam
Level 1
Level 1

Jaspher,

you can either join it to domain and also you cant join it to the domain.

it is your your wish but you have to have users inside the acs localy in order to authenticate with the ACS 5.4

Feel free to contact if you have question regarding ACS 5.4

Waisudin Farzam

please rate

Waisudin Farzam
SNE

P E: wfarzam@gmail.com
S E: wais.farzam@gmail.com
S: wais.farzam

Certified Cisco ID: CSCO11404095
CCNA, CCNP, CCNA Sec, and CCIE R&S v4.0 Written Certified

Hi Waisudin,

thanks for the response appreciate it, my users should be local only and devices will be enroled on acs will be cisco device which will use tacacs.

If it is not too much to ask do you have guide documents configuring acs 5.4 for device authenthicaion, authorization and accounting. I'm just newbie on acs.

thanks in advance.

Jaspher,

1. you need to create your users inside the ACS local user database

2. then join the cisco devices with acs so that acs and cisco devices talk with each other

this is how acs and cisco devices work together.

what do you want to configure acs for

1. as a login services to telnet or ssh to your cisco devices

2. as a vpn login authentication services

RG

Waisudin Farzam
SNE

P E: wfarzam@gmail.com
S E: wais.farzam@gmail.com
S: wais.farzam

Certified Cisco ID: CSCO11404095
CCNA, CCNP, CCNA Sec, and CCIE R&S v4.0 Written Certified

Hi Waisudin,

Appreciate your response on this.

For the initial set up as a login for ssh on cisco device. But we have vpn, in the future were planing to integrate also with acs. For now will just set up as device access. What I'm try to achive is to have level of access to the device for a certain users,I would also want to group each users for their department. in this setup it will be easier for me to identify logs and audit on monitoring and who are accessing the devices.

nix-patheon
Level 1
Level 1

Hi Jaspher,

You will need to add your dns server details in the initial config of the ACS. The RSA token server and RADIUS identity servers in your external identity stores require dns lookups.

I have just finished configuring an ACS 5.4 for RSA two-factor authentication, if you find yourself stuck at any point just post!

Cheers.

Hi Nix,

I have set up the acs 5.4 and rsa server success full and able to authenticate however when it comes to authorization command from the device it says authorization failed

logs acs.jpg

it looks that i create from the authorization is not working it falls on the default rule at the bottom which has deny rule.