Network Access Control

Dear all   I   deploy ACS 5.2  for my network devices. everything is work,but some devices had a log ，could you explain this log? <%AAA-3-BADSERVERTYPEERROR: Cannot process accounting server type *invalid_group_handle*>

Hello,i have a question regarding EAP TLS authentication in a wireless environment. We use Cisco AnyConnect NAM client and an ACS 5.1 to do EAP-TLS authentification. The Laptop and the user can be successfully authenticated using a certificate from o...

I have Cisco 2511 with octal cable for terminal access, I want everyone can access it, but then seperately authenticate & authorize each attempt to reverse telnet. Currently I have:aaa new-modelaaa authentication login default group tacacs+ localaaa...

Hello guys and girls!We have an AccessServer ((Terminal Server) ( Cisco 2800 router)) , there is 10 more devices in our lab. We can reach all these devices via AccessServer, with reverse telnet configuration. (I'm talking about this connection).We ar...

We have a Cisco NAC solution for our wireless solution. For mobile devices, although directed through the NAC, they do not have an agent and are not checked at all. This is fine and they can connect to the network ok.After a while, the sessions timeo...

Hi everyone,I've configured SSH via TACACS+ successfully, but Web(SSL) via RADIUS seems to be impossible. The ACS reports that my authentication was successful but the Switch asks merciless again and again for the credentials.Do I have to send any sp...

Hello, I have a cisco ACS 4.2 having intermittent issue. user are getting access denied message whenever they wants to login to network devices. From the acs below arfe the common error messages we have recieved.1. EAP-TLS or PEAP authentication fail...

I have ACS 4.0 authenticating my wired 802.1x hosts. I'm using MS-PEAP.If i authenticate my users with external windoes database I often get an error:  "Access denied: fast-reconnect was successful but user was not found in cache"I don't use EAP-FAST...

HelloI am setting up a test lab with router as eazyvpn client with asa as a vpn server and ACS for radius authentication. If anyone can provide a bit of a feedback explaining why is ASA not able to perform test aaa authentication with ACS? Not sure i...

I am trying to configure a 3750 switch for AAA?  Telnet and SSH work fine but CNA and HTTP is not working.  Both SSH and Telnet need to authenticate using RADIUS but CNA/HTTP needs to authenticate using a local account because the local administrator...

I must be stupid.I have an external LDAP server, (like openldap, but it is an old netscape one).I can't authenticate against it.  I can anonymous bind against it. but that is it.I don't want groups or any attributes.  I simply want to say User X pass...

I'm trying to configure a timeout for network connection, but when it suppose to disconnect client, it's not working.  Is it possible to do this??Only works when the client is connecting and is denied if the time is not valid.  But how could I do thi...

I am wondering is it possible to accomplish following scenario.I want to authenticate users connecting to my network using 802.1x based on Active Directory, but to be able to put users from external database (AD) to different Vlans based on some spec...

Looking to fine tune Cisco IPSec client RA-VPN authentication on our ASA-5510. Currently using NT Domain authentication. It's been working fine for quite a while but is too broad a brush. It authenticates anyone who is in the domain. We need to o...