Network Access Control

Resolved! 802.1x wireless authenticaiton against RADIUS authenticator

Hi all, Would like to check out some client side setting on Wireless 802.1x authenticaiton. Network setup is using - Cisco WLC 7.2 and AP3500, - ACS 5.3 - Microsoft Windows server 2008 hosting AD and CA services (same machine) - Client OS is Microsof...

Resolved! csutil for remote acs server

Hi all, Can i run csutil remotely from my machine to access another acs server ?

ISE and iPads

I have been playing with ISE for a few weeks now. I want to get the thoughts of other more experienced ISE users. I have concluded, it is best to use EAP-TLS with CERTS to differentiate between corporate owned iPads and BYOD iPads. Although ISE does ...

New ACS appliance not showing FQDN hostname in GUI

I've installed two new ACS appliances in our environment running 5.3. I've just configured the basics to get it on the network (ie DNS, default GW, IP address). Looking at both running configs, they are identical with exception to the IP addresses....

ACS 5.3 Patch

Trying to install the just release patch 7 for ACS. Downloaded the release notes and am following them for patch installation. First thing I noticed is when downloading the patch although the file has a .tar.gpg extension, when I download it through...

IDFW AD Agent - DC status is "down"

I have set up an AD Agent on a 2008 R2 member server and added two 2008 R2 DCs through "adacfg dc create". Both DCs have account logon audit logging activated and they were working, showing status of "UP" when running the "adacfg dc list" for abou...

ACS 5.3 Secondary instance logs missing

Hi Folks,I have a dual appliance set up; with a distributed deployment. I am using my primary box as the log collector and I noticed today that if I point a networking device at my secondary instance for authentications nothing shows up in the logs a...

Resolved! ISE 1.1.1 Windows NAC client posture checking loop

Hi all,Just upgraded Cisco ISE to 1.1.1 in my lab/demo environment and am now having problems with a basic posture implementation. In short I connect to a wireless SSID and check posture based on the presence of a file. The NAC agent is declaring my ...

Replacing client IP by RADIUS attributes using a WLC

Hello.I'm trying to replace the client's IP in a wireless network using an IP configured in the RADIUS. We have tried with an ACS and now with a Microsoft's NPS and on both scenarios, i see in the WLC that the client should have the replaced IP but w...

ISE 1.1.1 - RegisteredDevices Identity Group

Working on building a ISE 1.1.1 system to match our internal security policies, and have hit a dilemma. Here goes:The requirement states that there need to be differing network authorization profiles for different device types: Domain PCs, Non-Domain...

Problem with work group bridge authentication with ACS 5.x

EAP-TLS authentication for workgoup brdige fails.Folloing is the log on ACSAuthentication failed 12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain12811 Extracted TLS Certificate message containing clien...

ACS v5.2.0.26.3 - AD Join/Rejoin/Disconnect Problems

Hi!I see under the Active Directory tab that the AD Connectivity status is suddenly set to Disconnected.But if I click the Test Connection button, the result comes back Successful.So then I'm stuck....Is there a way to rejoin the ACS into AD?I have d...

NAM and "unprotected identity pattern" not working as expected

Hi,I'm trying to test such 802.1x wired environment:windows xp sp3 as supplicantwindows NPS as radius server 2960 as authenticatorlatest anyconnect (3.1.01065) + nam and standalone profile editorI have a question:Could someone explain me the differen...

Rejected ACS local-certificate with surrogate CA

I'm going crazy because of clients rejecting ACS certificate.I have deployed successfully one ACS 5.2 in a HQ with EAP-TLS and PEAP and everything is working fine. There is only one main CA.Problem is while deploying another ACS 5.2 against another A...