Network Access Control

Remote Desktop to machine that is 802.1x authenticated by user(wired), port is down

Hi All;802.1x is working properly, 802.1x port is up,but;when I do a remote desktop to machine that is 802.1x authenticated by anuser(Wired), first, login to pc successfuly then(3 minutes) is switch port down..Debug radius authenticationDebug aaa au...

Resolved! ACS 5 ip local pool alternative

Hi therewe have the problem with ACS 5.3, that ip local pools are not supported anymore. Before we had a ACS 4.2 where the PPPoE configuration below worked (pool was dynamically configured in the user or group attributes of ACS 4.2). Now we would lik...

Resolved! How many devices (MAB) can be authenticated via the internal identity stores ACS 5.3? ACS 1120 (802.1x))

Hi,I´m currently looking for a document that specify how many MAC addresses can be stored and authenticated via an ACS (1120)? I prefer to use the internal identity store over AD or LDAP for MAB authentication for 802.1X project.I would like to know ...

Use of locally configured accounts alongside ACS

There are a few situations were I'd like to be able to use the locally configured account on a device but still have ACS in place.I want to complete this WITHOUT adding the locally configured account into ACS.I have tried setting the advanced option ...

Juniper SSG and Cisco ACS v5.x Configuration

I searched for a long time unsuccessfully trying to find a resolution to my SSG320M and Cisco ACS v5.x TACACS dilemma. I finally got it working in my network, so I'm posting the resolution here in case anyone else is looking.Configure the Juniper (C...

MDA for IP-Phone Authentication (voice and data domain)

Guys,Please help me, do you have any hint for my case.My client want to do authentication for their ip-phones. I have checked in cisco documentation, this can be done with 802.1x implementation with MDA (voice and data domain). With this configuratio...

Procedure to migrate from ACS SE 4.0.1 (1112) to ACS SE 5.2 (1121)

Hello,I have to migrate two appliances ACS SE 1112 under 4.0.1 to new two appliances ACS SE 1121 under 5.2 version.I would like to clarify the procedure to do it by minimizing down time impact.I saw there are Migration Utility and Import Tool but do ...

Resolved! How to change guest password in NGS?

Hi,Can someone help me providing info on how a guest user can change his or her own password when NGS (NAC Guest Server) is the Radius server?It would also be helpfull to know if admins or sponsor can change that password too, thoug my guess is it is...

ACS 5.3 Accounting

Hello all,I need to help with accounting in ACS 5.3. When I setup accounting on WLC 440x / 5508 ACS takes them as an authentication request and fail.Here are some logs what I see in acsview:Dec 9,11 6:05:11.783 PMRadius authentication failed for USER...

Resolved! Using CHAP with RADIUS authentication

HiI have configured a Cisco 877 router to send RADIUS requests when a user logs in to the console (Line Console or Line VTY) using the following config:aaa new-modelaaa authentication login default group radiusaaa authentication ppp default group rad...

More "command authorization failed" issues

I have read the other posts from users with this issue, but their solutions have not helped in my case.Fully patched 5.3 ACS virtual server. Sample switch config AAA setup:aaa new-modelaaa authentication login default group tacacs+ local-caseaaa aut...

ACS 4.2 sybase issue

Hi All I am currently have issue's with the SQL on a Windows ACS server 4.2. the error message is:AUTH 24/01/2012 11:13:03 E 0092 2732 0x0 ODBC Operation faild with the following information: Message=[Sybase][ODBC Driver][Adaptive Server Anywhere]Spe...

TACACS Failover Problem in N7K

Guys,Have you ever found the problem that if I set two tacacs server in my N7K and the primary tacacs server fail, won't switch over to another tacacs server.Thank you.

CoA Session Query and invalid signature (err=2)!

When the portal/radius client sends a CoA-Req (session query); the ISG responds with a CoA-ACK however the portal receives an error message stating “rad_verify: Received CoA-ACK packet from client 172.X.X.X port 3799 with invalid signature (err=2)!...

The sessions are always in attempting state!

Hello,I am currently having trouble with the subscriber sessions in ASR 1k. The sessions are always in the attempting state with the ASR configured as a DHCP Relay server. The clients fails to receive an IP and I notice from the captures that the ASR...

Network Access Control

Forum Posts

Remote Desktop to machine that is 802.1x authenticated by user(wired), port is down

Resolved! ACS 5 ip local pool alternative

Resolved! How many devices (MAB) can be authenticated via the internal identity stores ACS 5.3? ACS 1120 (802.1x))

Use of locally configured accounts alongside ACS

Juniper SSG and Cisco ACS v5.x Configuration

MDA for IP-Phone Authentication (voice and data domain)

Procedure to migrate from ACS SE 4.0.1 (1112) to ACS SE 5.2 (1121)

Resolved! How to change guest password in NGS?

ACS 5.3 Accounting

Resolved! Using CHAP with RADIUS authentication

More "command authorization failed" issues

ACS 4.2 sybase issue

TACACS Failover Problem in N7K

CoA Session Query and invalid signature (err=2)!

The sessions are always in attempting state!

ISE BYOD woth Entra ID failing

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Default Route SGT

PX Grid Connector and Service NOW

ISE Posture: secure client stops posture synchronization

TEAP (EAP-TLS) issue with user authentication

CISCO ISE nodes restart unexpectedly

CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerability

Cisco ISE-PIC: How to Disable TLS 1.0 (and possibly TLS 1.1)?

isco ISE Posture – Cortex Compliance Check Always Showing as Compliant