Network Access Control

ISE 1.0 Posture and Client provisioning

I've configured 802.1x with dynamic VLAN for users and MAB for phones - it works fine. Now I wanna to implement client provisioning and posture validation for users. After reading ISE user guide there are still several big questions:1. Is it possible...

NAC and switchport port-security

Dear,FriendsI have NAC working on Out-Of-Band Vitual Gateway. When I Enable Port Security on the CAM, this don't work very well.I need allow two mac-address for interface, one workstation and one phone.The first User is authenticated and placed in th...

Resolved! ACS 5.2 and AD

Hi,We have ACS Engine 4.1 and want to upgrade it to 5.x. Is the new version of ACS 5.2 allows a user to belong to several groups of AD ? Best regards

Doubt adding NAC Server to Manager

Hi all.I have a pair of managers in HA mode and a pair of servers in HA mode. The solution is working in OOB Virtual Gateway.When i add the server in the manager, which IP address must i use, the service IP address or the physical Ip address.I'm runn...

invalid switch configuration-oob error

Hi all,We are using NAC in OOB Virtual Gateway mode only for wireless users.But we are facing an error on user PC stating that, invalid switch configuration-OOB error:OOB client MAC ADD/IP ADD not found. Please contact your net...

IPv6 Client support in ACS 5.2?

Hi everybody!Does anyone know if Cisco has or is planning to have support for IPv6 Network Devices and AAA Clients? The user guide sems to only refer to IPv4 addresses... Has anyone heard of roadmap for such support? If not, is there alternative that...

CSACSE-1113-K9 Password Recovery

I just just purchassed a CSACSE-1113-K9 and I need to wipe the Administrator password. I am also not sure what the default login credentials even are. There doesn't seem to be much out there for this device or maybe I'm just looking in the wrong plac...

ACS5.1 and OTP

Does anyone have a quick overview of how to setup how to communicate with ACS5.1 using an OTP server?I want the user to be authenicated in AD then send out the OTP if credentials are correct.ThanksSi

acs 5.2 shell authorization sets

Can someone point me to a guide on how to configure shell auth sets in 5.2I have done it in 4.2 but can't seem to get it working in new versionRequirement is to just allow shut / no shut command but as soon as I give access to config terminal the use...

Resolved! Enable Secret Password Missing in Config.

Recently I came across a router (Cisco 3845, IOS 12.4) configured for TACACS, one local username and an enable password. Going through the configuration I noticed the router didn't have an enable secret password which I thought was strange. The TA...

802.1x multidomain not working

Hello team:I configured multidomain on a Cisco 3650 port (12.2(53)SE1), and connected a 7941 Phone and laptop behind it. The phone gets successfully authenticated but the PC does not get fully connected. The PC adapter´s icon shows a "authentication ...

Resolved! ACS5.1 Updating Internal User Database

Hi,Using a CSV file, I can not add user in the internal database of the ACSI have a permanent "error File Format Validation Failed"However the file I want to import is a really CSV file. Do anyone had the same problem or does anyone know how to ge...

Resolved! ACS5.1 - AD and RADIUS attributes mapping

hi,I'm trying to dynamically assign IP address for VPN users from AD (without IAS service). Is it possible???I know that there is a restriction that "Dial-in users are not supported by AD in ACS (note in "acsuserguide51") but Im not exacly sure what...

Windows Server 2003 IAS RADIUS with Cisco AP541n

Hi,I'm trying to use my Cisco AP541n as a RADIUS client connected to a Windows Server 2003 IAS using PEAP-MSCHAPv2.The communication between the AP and IAS seems to be OK, according to Wireshark (Access-Requests and Access-Accepts), but my AP doesn't...

Resolved! How do you set up VPN on ACS 5.2?

Hi all,I am working on getting ACS to authenticate VPN users. I have a wireless/TACACS policy in place and working.Can someone help me with the set up of the Authorization profile as well as the policy?Thanks,Randy

Network Access Control

Forum Posts

ISE 1.0 Posture and Client provisioning

NAC and switchport port-security

Resolved! ACS 5.2 and AD

Doubt adding NAC Server to Manager

invalid switch configuration-oob error

IPv6 Client support in ACS 5.2?

CSACSE-1113-K9 Password Recovery

ACS5.1 and OTP

acs 5.2 shell authorization sets

Resolved! Enable Secret Password Missing in Config.

802.1x multidomain not working

Resolved! ACS5.1 Updating Internal User Database

Resolved! ACS5.1 - AD and RADIUS attributes mapping

Windows Server 2003 IAS RADIUS with Cisco AP541n

Resolved! How do you set up VPN on ACS 5.2?

Congratulations to the July 2023 Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

Trustsec - CTS enabled - Devices lose connection

ISE 3.1 Tacacs Command set regex - restricting "COPY" - SOLVED

SGACLs deploy in a reverse sequence on APs

Grace Period with Posture Lease

ISE Passive Identity agent errors

Adding NVM XML into ISE for AnyConnectProfile

MAB in ISE

AnyConnect 4.10.x and Single sign on Problems

ISE VM installation using the iso file

Cisco ISE Passive Identity Question