Network Access Control

CRL error

I just noticed that I was not able to connect because there was na expired CRL in my CA chain. After some investigation, it turns out the ACS server can't get the CRL information from the CA server. It was working at one time. Does anyone know wha...

Resolved! Default Device Admin (Tacacs+)

ACS 5.1Default Device AdminIdentity:Single Result (internal list and AD1)Group Mapping:Rule1:(anyone in AD/Administrators=Group/AdminGroup)Default: Standard userAuthorization:Rule1: (anyone in Group/AdminGroup, permit all commands)Default: Deny All C...

Cisco NAC Guest Server AD lookups slow

I am deploying two NAC Guest Servers with replication. I have added two DC servers for AD authentication and set up AD single sign on. The problem I am getting is that local users can authenticate fine.but AD users take more than two minutes to gain ...

Require Computer Certificate And user credentials

Hi All,I'm trying to test 802.1x authentication in a lab environment with some standalone 1131AGs and a Server 2008 R2 NPS server. I've been able to set up a few different scenarios but none have met all my requirements:Scenario 1:Laptops in the doma...

Resolved! Configure the ACS 5.1 appliance to connect to the AD

Pls advise.This is a new installation.I did to configure the ACS to connect to the AD to authenticate users and retrieve the user information for group mapping as following step.Go to Users and Identity Stores > External Identity Stores > Active Dire...

Resolved! ACS 5.1 User Add

My ACS 4.0 has roughly 3000 users most of which are assigned to the default group. 99% of the 3000 users authenticate against the Windows database. ACS 4.0 only stores the username (no local passwords). The migration tool (to ACS 5.1) inserted the...

802.1x credentials failure with ACS 5.2

Hi all,I recently tried to deploy an ACS appliance with version 5.2 installed on it for a customer. After setting up the WLC to use the ACS as a radius server, and successfully testing connection from the ACS to the AD,I get an error message " 12321 ...

authentication mac-move permit with NAC

Hi,I have 2 switches with NAC configured on it. i also have "authentication mac-move permit" configured on my 2 switches that are connected togther. my understanding is authentication mac-move permit does not work with 802.1x enabled ports.so i would...

ACS 5.2 and EAP-TLS

I am trying to set up EAP-TLS authentication for my wireless access points, but I can't sign my ACS certificate with my enterprise CA certificate.If I generate a self-signed certificate on the ACS server, and try to sign it on my CA, I get an ASN tag...

ACS 5.2 integration with LDAP

HI Can anyone please provide me Step by Step procedure for integrating LDAP with ACS 5.2 .RegardsDiburaj

ACS - users in more than 1 group

Hi,is there an option to set users in more than 1 group on the ACS..for example an user in tacacs group and wireless group and citrix group. if so how do i go about doing it ?Thanks

ACS5.1 - IOX AAA ( behind Firewall)

I have some issue with IOX Tacacs+ client at public domain, pointing to ACS at internal network, both ACS ia NAT by firewall. Please refer to attached diagram.When user login into the IOX device, it sucessful login but was not assgined with any userg...

Question Re IAS/RADIUS 802.1x Authentiction on SG300 Switches

Good Morning All,We have just aquired one of these new SG300 series switches which gives us the ability to play around with 802.1x authentication.We have everything configured correctly for any clients which have 802.1x (eg PC's, IP Phones)Our proble...

ASA L2L IPSec + Radius Authenticator + how change authentication to CHAP

HelloHow it looks like:1. ASA terminale a L2L IPSec2. ASA is a authenticator for employees by L2L IPsec using IAS RadiusWhat need:How to change on ASA default Radius authentication PAP to CHAP?I need that employees need to authenticate by IPSEC ASA i...

ACS 5-1-0-44-3 and AD Intergration

HelloJust installed the above version of ACS as an appliance on an ESX 4.0.0. Server.I am trying to add this to our domain using AD Identity StoreI enter in the domain name ( in FQDN not netbios format ) and enter in my admin username/password par an...

Network Access Control

Forum Posts

CRL error

Resolved! Default Device Admin (Tacacs+)

Cisco NAC Guest Server AD lookups slow

Require Computer Certificate And user credentials

Resolved! Configure the ACS 5.1 appliance to connect to the AD

Resolved! ACS 5.1 User Add

802.1x credentials failure with ACS 5.2

authentication mac-move permit with NAC

ACS 5.2 and EAP-TLS

ACS 5.2 integration with LDAP

ACS - users in more than 1 group

ACS5.1 - IOX AAA ( behind Firewall)

Question Re IAS/RADIUS 802.1x Authentiction on SG300 Switches

ASA L2L IPSec + Radius Authenticator + how change authentication to CHAP

ACS 5-1-0-44-3 and AD Intergration

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

ISE PLR generation issue

Cisco ISE 3.2 My devices portal- remove the device status column

Module Types

Failed due to Process timeout from Java error after each Agentless pos

Agentless Posture - Some questions...

Enforcing TrustSec Configuration changes to ASA by CoA. Supported?

ISE - count authenticated and not authenticated endpoints

Phantom Authentication Sessions Appearing on a Switchport

Error: Authentication encountered an error due to network, AD DNS

Cisco ISE with Meraki Group Policies