Network Access Control

Hi All,I'm currently having an issue where specific vendor attributes from my Mikrotik NAS are not being logged int the Local accounting CSV.  I installed the VSA's and they show as an option under system/logging in which I choose to log this case "M...

We have a group in TACACS ACS4.2.  I configure it can do show command. When logged, it can do show command some parameters, like show ip interface, but it cannot do show running-config. it says "command authorization failed". Any idea?thanks,Han

I have an ACS 5.1 server running on VMWare that I'm trying to upgrade to v5.3. When I run the application upgrade command it ran for 5 hrs then it ran out of virtual disk space. It then gets hung in a rebooting loop that I have do delete and restore ...

I have generated request and our CA server gave us two files, one is cerificate from CA itself, one is the certificate CA created for the ACS. I used the "Bind CA Signed Cerficate"  under "local cerficate\add"Option to bind the latter. it shows succe...

In order to restrict access to websites on our internal network, would we be able to put an ASA in front of the web server and force users to authenticate through the ASA and, once authenticated, allow only port 80 or 443 traffic for that use?  The A...

hi everyone,Thank you for your help in advance. I am new to v5.3, and I am not good at VPN. So hope you can help.I just have my consultant to configure this correctly just today. Currently, there is only one rule for the access policy (Single Result ...

Hi,I am trying to get wired WebAuth working with NAC Guest Server. In the switch_login.html file example, what should be changed for this line:ngsOptions.actionUrl = https://1.1.1.1/;Should this be an IP address on the switch? Shoul I have this point...

Hi all, i'm trying to configure acs 5.2 to LDAP external idenity store, when LDAP failes ACS 5.2 should use internal indenity store. I configured A sequence to use LDAP 1st then Internal and i shut off the link to the LDAP but ACS will not use intern...

We want to use eap-ttls and ldap (not AD).  That isn't supported.So we want to go PEAP, but the only methods are PEAP-MSCHAP or PEAP-GTC.  Now the docs say PEAP-GTC supports ldap on the identity store.So is GTC simply GTC without a token card? (simpl...

Hi We have following configuration for aaa on L3 switchCASE 1aaa authentication login default group radius localaaa authentication enable default enableaaa authorization exec default group radius if-authenticated aaa authorization commands 15 default...

Hello,I have the following situation. I have two ACS, a primary (ACS1) and a secondary (ACS2) with software version 5.1.0.44.2.Because of a corrupted file system I had to reinstall the secondary ACS Appliance (ACS2).I used the software version 5.3.0....

I continue to export a Certificate Signing Request for our local CA.  They insist they are getting a parsing error (Invalid algorithm specified) when they cut and past or import the file I send them.  In fact, they have stated that they have had this...

In ACS 5.3 .0.40 the backup of the view database stopped working.There seems that a backup stucked in progress.Incremental backup is configured, I cannot edit the configuration in "Monitoring Configuration -> Data management -> Removal and Backup" - ...