Network Access Control

We are running ISE 1.0.4 with a requirement that on the surface is simple, but fails to execute properly no matter how I tweak it it.  It is:VPN users either need to be within a certain AD group orThey need to authenticate against RSA.I set authentic...

I am trying to do RADIUS authentication for APC (UPS) using ACS 5.2 Appliance. It is working fine with ACS 4.2, but unfortunately not with ACS 5.2. I tried creating RADIUS VSA (Vendor Specific Attributes) for APC in ACS 5.2.According to the APC dicti...

Hi,I have ACS 5.1, I have created a user with privilege 15. I need to allow a single command buy command set.I have configured command set. in command set setting i have unchecked "Permit any command that is not in the table below"and added command a...

Hi Team;I am facing issue that my Cisco ACS 5.2.0.26 is not getting time sync through NTP server. In my case NTP server is Nexus 7K (all other switches are sync) with OS 5.2.3asee the output below:ACS-1/admin# sh ntp Primary NTP   : X.X.X.2synchronis...

aaa new-modelaaa authentication login default localusername aaa password aaausername bbb password bbbuser aaa should have ssh and telnet access.user bbb  is only used for vpn authentication, i dont want him to access router via ssh or telnet ,even in...

I am trying to have my wireless users authenticate the machines on one vlan and then based upon the user id from AD switch to another vlan if required.  I have it working just fine except when the user logs on and ACS forces the new vlan, the IP stac...

Hi,I need to configure SSH2 in all my routers and switchs, we have to block telnet and enable SSH2 with TACACS+ authentication. How to do this? can any one give me the steps .Thanks

I'm trying to get SCEP enrollment for BYOD on-boarding to work with a Win2k3 server, so far it keeps failing. On the ISE (1.1.1), when I enter the path to the SCEP server ('https://<W2k3_srv_name>/certsrv/mscep/mscep.dll') the connectivity test fails...

Hi All Cisco NAC Experts,  I am currently experiencing a Cisco NAC NAC3315-SVR hang issue.The issue was already happened for few time on the same server and the symptom when NAC server hung includes no response to ICMP ping, no response to SSH reques...

The ISE user guides suggest to use a username called 'test-radius' as option to the 'radius-server host' commands. This will cause the respective NAD (a Cat3560 in my case) to make an authentication check on each configured ISE every 60 minutes.The p...

Hello group,                I am facing a strange problem with my ISE deployment.In test environment I have used ISE from version 1.0 to the latest. Currenty what I have is 1.1.1 wit latest patch.I have configured dot1x and central web authentication...

HiI'm a bit new to Cisco and i find this AAA a bit confusing...I've turend on AAA by:aaa new-modeland it created me:aaa authentication login default localCan I use this "default" list for WebVPN ? And what would be a different if i create new "sslvpn...

We have a workng NAC 4.9.0 environment. When looking through the documentaiton areas I only see setup info for VPN concentrator and NAC in band. Are there setup examples with an ASA runnign newer code (8.6). The second piece is that I have some confu...