Network Access Control

ACS notice password is expiring

Hi,I used ACS4.1 and MS-AD 2003 for external database. I need windows dialog box to notify me about password is expiring such as "14 days password expired need to change". Can ACS do this task? if can, how can i configure?Remark: I used wireless PEAP...

Resolved! AAA Reports

Hi, need to provide a ACS reports that will include all commands entered on firewalls/switches/routers. Successfully setup acs for these network devices, basic AAA is working, can login failed/passed authentications, different level of authentication...

Does anybody authenticate VPN Cisco clients againts Freeradius

Hi friendsI have running AAA against IAS and I want to move to the FreeradiusWhat I was not able to solve is the freeradius part.I know that this is probably question to Freeradius maling list, but I was not able to find an answer thereI have running...

Windows Remote Agent Failover timeout (ACS 4.2)

Hey everybody,I'm using two Windows 2003 Servers with local users as External User Databases (so they're both usind the \LOCAL domain) for my ACS 4.2 appliance. I've added the machines as Windows Remote Agents and configured them as Primary and Secon...

ACS 5.0 clock skew

Hi,I have acs 5.0 and i am trying to get this with AD but when i do the test connection i have a log that say CLock skew.I have the acs with ntp and zonetime but AD does not have ntp but the clock its almost the same. People that manage AD does not w...

802.1x Dynamic VLAN Switching Question

Trying to set up 802.1x dynamic VLAN switching, and have a question. I think I've gotten it working except for one part. The VLAN on a protected interface is never getting switched. I can see an entry in the ACS stating that it applied the appropriat...

ACS Appliance HA in ACS1113 with other ACS1120

Hello,I have a question, I have an ACS 4.2 Appliance 1113, my question is: can i configure another ACS 4.2 Appliance in hardware 1120? and these work in High Availability replying the Data Base with External Database and CA, etc?Best RegardsAlvaro Pé...

Resolved! Encryption AAA

Hi,Just wisht to ask what is the default encryption used by ASA when exchanging username/password with a radius server (Windows server). And is there a way to change the encryption (3des to aes-128)?Thanks.

Weak performance on ACS5 Appliance

Hi all,have a ACS 5 appliance and run version 5.1.0.44 on it. The performance of the web GUI is really bad and when I try to access "Monitoring & Reporting" for the first time, I got completely logged out and have to login again. Happens with Firefox...

802.1x with Switch SRW2024-Web

Hi@all,i want to implement a port based NAC with Windows Server 2008 NPS acting as RADIUS and some Linksys/Cisco SRW2024 - WebView Switches, using EAPoL and MD5-Auth.(SRW2024: http://www.cisco.com/en/US/products/ps9989/index.html)I am able to authent...

ACS 4.2 For Windows DB Replication

Hi Folks.I have a pair of ACS for windows 4,2 and we also have a few mappings (ACS Group --> AD Group)The replication process was configured and it replicates all the seetings, but the Group Mappings.Is this the way it's supposed to be or it should r...

Restricting a user to a source IP address

Is it possible to restrict a user account in ACS to be only allowed from a specified source address?We use token cards for normal admin access but we have an automated script that backs up the configs and therefore uses a static account. We have imp...

Resolved! Implementing 802.1x in a per-switch-VLANs topology

We have multiple 6509E access switches which currently have a unique user VLAN per switch (e.g. access-switch1 users are on vlan 101, access-switch2 users are on vlan 102 etc).We would like to implement 802.1x so that users either end up on an author...

NDG Application in TACACS+

hi,i am trying to get around 900 cisco routers authenticated through Cisco TACACS+ ,while doing this i added two clients and two users corrosponding to them,i hav two issues1# if there is a user and a group each needed for each client if we add them ...

ACS 5.1 service selection rules

Good morning,I need to assign diferent authorization profiles to remote users based on their active directory group.I have read that cannot use identity-based condition in a service selection rule.Any idea how can achieve it if remote users auth requ...

Network Access Control

Forum Posts

ACS notice password is expiring

Resolved! AAA Reports

Does anybody authenticate VPN Cisco clients againts Freeradius

Windows Remote Agent Failover timeout (ACS 4.2)

ACS 5.0 clock skew

802.1x Dynamic VLAN Switching Question

ACS Appliance HA in ACS1113 with other ACS1120

Resolved! Encryption AAA

Weak performance on ACS5 Appliance

802.1x with Switch SRW2024-Web

ACS 4.2 For Windows DB Replication

Restricting a user to a source IP address

Resolved! Implementing 802.1x in a per-switch-VLANs topology

NDG Application in TACACS+

ACS 5.1 service selection rules

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

Profiling Wired Endpoints without 802.1x or MAB using IBNS2.0

"Change Password" functionality

ISE and DuoProxy failmode=safe issue

BYOD client provision failing with NDES role on Windows 2019

Cisco ISE - ANC leveraging integrated AMP - Isolation

Is this possible: Static MAC Entry skipping 802.1x authentication

ISE GUI showing cannot reach page and refused to connect

ISE 3.2 p3 - Cert based Machine auth does not work

ISE Cert Question

ThinkPad Universal USB-C Smart Dock with multiple MACs