Network Access Control

Hi,in Cisco IOS Security Command Reference (link here), page 66 it says:The following example shows how to create an AAA authentication list called MIS-access. This authenticationfirst tries to contact a TACACS+ server. If no server is found, TACACS+...

What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affe...

hi ,i want to import users to ACS 4.2 with the static ip address  assigned to every user.i have found the format of the file  to add users but  i did not find how can i add the static ip to this file.ADD:Dchira:CSDB:backup:PROFILE:4

I have a customer who likes to deny access to any Android devices on its guest service. (The network has an anchor WLC, the authentication is set as LWA)First I tried setting a simple AuthZ rule indicating "if Device-OS equals Android, then Deny Acce...

ISE 1.2 with patch 8 has been installed and Works fine.Using AnyConnect Secure Mobility Client (NAM) 3.1.04072 and Cisco NAC Agent version 4.9.1013Scenario is EAP Chaining which does machine authentication + User AuthenticationAfter NAC Agent Pops up...

Is it possible to have Ikev1 Site to Site VPN's with Cisco ASA 8.4(3) using external policies from an ACS 5.2?I currently have many site to site VPN's with internal group policies and different set of firewalls with the same rules, so changing one st...

All,I have 4 ISE appliances version 1.1.2  running in my networ called nodeA, nodeB, nodeC and nodeD.  - NodeA is Primary Admin and Secondary Monitoring,- NodeB is Secondary Admin and Primary Monitoring,- NodeC is Policy node,- NodeD is Policy node,T...

Hello,I'm in the process of setting up Primary & Secondary ACS 5.5 servers and need to assign a SSL certificate from our internal CA to each one of the nodes.Is it possible to generate a CSR with a SAN field? Regards

Hi, I'd like to know if there is a way to manage access policies without using web interface.I'd like to create dynamic scripts to change easily the rules and I hadn't see anything about this subject on guides. Regards, Angélique

I have the context directory agent 1.0 patch 2 installed and running.  It works good mostly.  We have a duel stack running ipv6 and ipv4 on our workstations.  They connect to the AD with ipv6, so the mapping is for ipv6.  Is there a way to get the ip...

We have setup Wireless certificate authentication using ACS 5.3. It uses a stand alone certificate chain and all certificates were installed and correctly setup on the ACS. We have rules setup that look for a specific common name in the User personal...

Hi everybody,I am just wondering if anyone knows how perform compliance module on a new ISE installation to get the AV and AS updates, while the ISE is "offline", (not connected to Cisco/Internet). The ISE has Advance Service license, but the custome...