Network Access Control

different authoriztion levels based on device ip/location

Hi allwhat i need is simple when a user admin-HQ logs AAA sever should send a level 15 to him (shell:priv-lvl=15) , however when he logs to a router in branch AAA server should send level 7 to him.ie for same attribute and user two d...

Radius Return Attribute to set Duplex settings?

Hi All,I am doing 802.1X for a user on Cisco 3650 and wanted the Radius Server to return an attribute to set the Duplex setting of the port. Is it possible? If it's possible then please help me with the correct Radius Return Attribute.Thanks in Advan...

Wireless Guest Portal with Device registration

Hi,I have configured the ISE for wireless guest authentication. Once i got the guest portal and enter usernam/password, it redirecting to Self Provisioning portal for Device Registration. (attached)I have unchecked the option "enable my device porta...

Resolved! ACS 5.2 Tacacs+ Authorization

Hi AllI have an ACS 5.2 running, where we have setup Tacacs authentiation on network devices - switches, routers etc.It's working fine with external authentication towards a specific AD group for all devices.Im trying to segment the access based on ...

Problem with ACS/tacacs user for router backups only

I run a process every night that logs into about 500 routers via ssh and pulls the running-config for backing up. This has run for quite a while with a tacacs login account that has privilege level 15.I want to change this process to run with a user ...

Resolved! Dynamic ACL for External Radius Accounts (ACS 5.3)

We have a Cisco ACS 5.2 server that queries another radius server for certain AnyConnect VPN connections. We already use dynamic access-lists for some users in the Interal Identity Users Store. We would like to tie in a dynamic access-list to users i...

CRL Validation fails on ACS 5.2.0.26.3

Hi,We are using ACS v5.2.0.26.3 in 802.1X certificate based authentication. Now, when we added CRL functionality into ACS it fails in CRL validation and gives following error message:LastErrorMessage=CRL PKI verification failed Certificate Revocation...

Never disable account in ACS 5.x

Hi,I'm currently setting my ACS 5.x for oridinary person to disable account if password not changed for certain date, But some VIP accounts need to exclude from this condition, any solution? Thanks in adv.

CiscoSecure ACS v4.2 - block users with number of unsuccessful auth retries

Hi experts,I recently took over support of our old Cisco ACS 4.2. I don't really know too much about it. What I know is that the ACS is used as a Radius server doing wireless 802.1x authentication. It is using Windows AD as the backend user database....

Local Access router/switch if Radius Server Fails

Dear allI have configured Windows IAS server to access Cisco devices.this is workiing fine, i can access switch console Using Local user.when i put "login authentication local_access" under line vty 0 4, i cant access switch using radius user or lo...

authentication through RADIUS server....

hi everyone... i am doing some project under the title design a global authentication system for distributed wireless neworks which involve " authentication through RADIUS server " in which teacher told us that you have to made virtual circuits b/w s...

ACS 5.3 for Network Access Control

Hi Everyone,We recently deployed ACS 5.3 on a VM, while the main purpose of implementation was to control access (authentication/authorization) on network devices; Can we use the same user to authenticate users' access to our wired network? So only u...

Use of proxy distribution table in ACS v4.0

HI All,We are running with Cisco ACS v4.0 AAA server, Here I need the use of Proxy distribution table.Why is this required and what is the functionality of it.RegardsSuresh

Resolved! Catalyst express 520 and NAC

Hi to all,I'm having an issue registering some ws-ce520-24pc-k9 in my NAC server v4.9(1), I've completed all the snmp configuration and when i register the switch in the nac it is added ok but when i try to manage the ports in order to add them to a ...

Resolved! ACS 5.1 questions

Acs Experts,Need quick answers to few questions related to ACS 5.1 for a customer. I have not used the ACS5.1 yet so watch out for the easy questions 1) Is it possible to generate report for the users who are inactive for say last 30 days? Customer i...

Network Access Control

Forum Posts

different authoriztion levels based on device ip/location

Radius Return Attribute to set Duplex settings?

Wireless Guest Portal with Device registration

Resolved! ACS 5.2 Tacacs+ Authorization

Problem with ACS/tacacs user for router backups only

Resolved! Dynamic ACL for External Radius Accounts (ACS 5.3)

CRL Validation fails on ACS 5.2.0.26.3

Never disable account in ACS 5.x

CiscoSecure ACS v4.2 - block users with number of unsuccessful auth retries

Local Access router/switch if Radius Server Fails

authentication through RADIUS server....

ACS 5.3 for Network Access Control

Use of proxy distribution table in ACS v4.0

Resolved! Catalyst express 520 and NAC

Resolved! ACS 5.1 questions

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Cisco ISE PIC 3.4

SSO ISE ADMIN Access with Cisco Duo

ISE RADIUS persistence on Citrix Netscaler query

Linux - Posture and SSH

FMC API to update SNORT

ISE upgrade from 3.2 to 3.3

TEAP Problem with Windows 10, ISE 3.2 with Patch 7 and EAP Chaining...

Setup wizard not working for virtualized ISE 3.3

Renewing or Deleting ISE Data Connect Trusted Certificate

ISE backup and restore