Network Access Control

alcatel 7750 SR integration with cisco ACS for ftp and snmp access ?

Hi all,i am using cisco ACS5.3 to gurant aaa services in my network witch comprise alcatel routers 7750 SR and SAM.Actually, the 7750SR is integrated the the ACS and the authentcation order is tacacs local, witch means that if the user is not in acs ...

How to have different Roles on different VDC's?

I have ACS 5.3 running TACACS+ and Nexus 7K with 2 x non-default VDC's, VDC-OTV and VDC-CR.I want my TACACS account to have role "vdc-admin" on VDC-CR, and "vdc-operator" on VDC-OTV.What is the best way to achieve this?I tried putting the VDC's into ...

Resolved! 802.1x ISE, LDAP, and OSX 10.8.2

We are in the slow process of setting up ISE for 802.1x for all our users. Our Windows guys are working great so far with AD, but or Mac guys use their own LDAP server. I have sucessfully configured the LDAP server into ISE and I am able to authentic...

Cisco NAC CAM issue 3315 Series

When booting up it gets stuck at:..........SELinux: Disabled at runtime.type=1404 audit(1363211439.273:2): selinux=0 auid=4294967295 ses=4294967295Please I need some advice. Attached is a pic I took

NCS TACACS+ with ACS 4.2

Hi thereI tried to configure TACACS+ authentication / authorization for NCS via ACS 4.2. For that I followed the configuration guide:1. Configured the service for NCS with HTTP (see attachment)2. Added the tasks to the user (see attachment)When I try...

RADIUS/DECODE: parse unknown cisco vsa "profile-name" - IGNORE

Dear Team,I have faced an issue with dot1x mab authorization between cisco switch 3750 and ISE 1.1. I have cisco IP phone connected on port # gig1/0/1 to authenticated through MAB with cisco ISE--------------------------------------------------------...

Drive mapping during posture remediation

I am doing ISE (1.1.1) deployment for client. The customer is using AD logon script do do drive map to a nas server. My posture remediation acl is blocking drive mapping unless I use 'permit ip any any' which is a security hole. My acl should be modi...

Resolved! ISE vlan enclosure

Here is my scenario.I have some industrial machines that doesn't support Antivirus and we even put them on the domain, because of the risk of a security breach. But at the same time those machines need to access the NAS to copy some configuration fil...

Resolved! ISE Issue with DNS

Hello Techies,I am facing challenge while configuring ISE to join AD. Domain Name lookup fails. DNS is working perfectly fine;nslookup works fine on ISE for simple domain names, but on long domain names it fails while throwing the following error;;;...

ACS showing incorrect timestamp in logs.

Hi...We recently installed a patch 5.3.0.40.2 in our ACS server. Post patch installation its showing wrong timestamp. ACS server clock and timezone configuration if correct but still logs showing wrong timestamp. We configurgure timezone Asia/Kalkota...

certificate format

HiI have a certificate from GoDaddy and it contains:1st) Device2nd) Intermediate3rd) Root-----BEGIN CERTIFICATE-----blaablaablaaasdaas;dkjfa;sdkfj-----END CERTIFICATE----------BEGIN CERTIFICATE-----asdfasdfasdfasdfasdfasdfasdfd-----END CERTIFICATE---...

Read-only access to switches

Hi,I'm trying to figure out what is the best way to limite access to Cisco switch. I'm using AAA and radius for authentication.My goal is to create a user that will have only "enable" access (all the show commands, etc..). I would like to deny access...

Resolved! PEAP Auth with Cisco ACS 5.3 and Lotus Notes DB

Hi,i want to authenticate wireless clients against username/passwords stored in a lotus notes database. Network: PEAP SSID->Accesspoint->4404 WLAN Controller->ACS 5.3->Notes DBIs this possible?I can connect to the ldap and query groups and attributes...

device restrictions in ACS 5.3

Hi all, In our scenario, easy vpn users are being authenticated by acs 5.3 successfully. We have created seperate user group for these users. The issue is, these users are also able to access our routers using their username/password. I want to restr...

ISE Authz rules with location based device

Hi forumers'I have a POC situation as below:A policy to restirct contractor only able to log-in to the network using AP-01There's no problem for me to do the authentication and authorization rules for me to get the contractor connect, but my challeng...

Network Access Control

Forum Posts

alcatel 7750 SR integration with cisco ACS for ftp and snmp access ?

How to have different Roles on different VDC's?

Resolved! 802.1x ISE, LDAP, and OSX 10.8.2

Cisco NAC CAM issue 3315 Series

NCS TACACS+ with ACS 4.2

RADIUS/DECODE: parse unknown cisco vsa "profile-name" - IGNORE

Drive mapping during posture remediation

Resolved! ISE vlan enclosure

Resolved! ISE Issue with DNS

ACS showing incorrect timestamp in logs.

certificate format

Read-only access to switches

Resolved! PEAP Auth with Cisco ACS 5.3 and Lotus Notes DB

device restrictions in ACS 5.3

ISE Authz rules with location based device

Necesito configurar un portal de invitados "hibrido" en ISE 2.7

ISE Accept certificates without validating purpose will break 802.1AR

Cisco ISE JSON SMS

Occasional delay in assigning ISE SGTs to client traffic on NAD

Secure Client - Debian Posture Module

CSCwq14246 - ISE internal disk check - ISE VM read/write issues

Cisco Catalyst 1300 and Dynamic VLAN

ciaco ISE 2.7 to 3.1 but it's using internal CA for authentication

Domain-joined computer and MAB

Cisco ISE - Is it possible to send AD Group in RADIUS access accept?