Network Access Control

ACS 5.2 VM - User Password Change Webpage

Hi All,Is there a way to configure a webpage where end users would go to change their passwords? I would not like to use the network devices themselves with the "change password at next logon" option.I believe ACS 4.2 has such solution. Does 5.2 have...

ACS 5.1 Import Template gives File Format Validation Failed

Hi folks,Network Resources - Network Devices and AAA Clients- File Operations - Add - gives me File Format Validation Faliled. I am carefull to leave the header as it is. The header in the Import Template looks faulty, see attached. When exporting de...

802.1x machine auth w/ certificate authority

Two quick questions ...I am building a lab for 802.1x, I want to use peap w/ mschap v2 and I want to do machine authentication only. I have AD and CA services running on a test windows 2003 server. I have ACS setup, my AD is connected, my switch is ...

Password lifetime

Hi,i am looking for a solution for the following problem: we want to enable password lifetime for device administration (tacacs+) and to disable password lifetime for 802.1x radius authentication with local user database. with the old acs 3.3 system...

Resolved! Possible bug in Cisco ACS 5.1 when importing devices?

Hi, there seems to be a problem when I try to import a .csv file to ACS 5.1. After following the procedures for file exports and clicking finish I am left with the screenshot of the ImportAction window attached. According to documentation this window...

Resolved! ACS 5.2 allow only specified client cert

Hi thereI would like to implement a policy, where I specify which client cert (CN name) is allowed. Let's say we have 2 SSID's and 2 different client certs:- client1.domain.com should only be allowed to connect to SSID1- client2.domain.com should onl...

Resolved! ACS 5.1 User password expire not working

hi, I have configured under Administration password policies about password lenght, items to be putted as number, letters and so on.on the second tab is the password expire for users and I configured to expire after 90 days.I even tried creating a ne...

Resolved! ACS 5.0 RADIUS timeout with WLC 7.0

Hi Guys,I am configuring a Cisco Secure ACS 1120 appliance running ACS 5.0.0.21 to handle RADIUS request from a Cisco WLC 5508 appliance running version 7.0.116.0.these devices have open communication on all ports - no firewalls or ACL'sthey have suc...

Resolved! Can't run service perfigo config command on NAC

I have a new NAC Manager server for a fresh deployment. I logged in using root password with a serial connection to the server.I can't seem to be able to run the "service perfigo config" command to perform the initial CAM configuration.[root@nacmanag...

Resolved! prevent SSL VPN user from accessing ASA cli

Hi ,I've configured several users on my ASA in it's local database. Those users are used for ssl vpn login, but the problem that I have is that those users also have SSH access. Is it possible to prevent this ? Thanks

ACS log Configuration

we have ACS 4.2. THings are working fine. I want to have the ACS logs to the external serveras well as want to keep the log on the ACS for more than six months. Currently logs showingonly for the one month but not more than that. I am not able to fin...

Resolved! Network devices access restriction configuration with user level in ACS 5.0

Hi Experts,I have task of configuring TACAC with different user level for all routers and switches,To elaborate more, I have engineer , analyst and site engineers so I want to configure centralized tacac authentication with different privilage levels...

Cannot launch Monitoring & Report Viewer

Hi everybody,i just installed ACS 5.1.0.44 with the latest Patch on a VMWare virtual machine and installed the evaluation license.Everything works fine except for the "Monitoring & Report Viewer"-Tab:When i try to launch the Viewer, it opens a new br...

Resolved! ACS for Device authentication

HelloI am looking to deploy a NAC device in our office and currently have an ACS server that handles wireless authentication.I would like to know if the ACS is capable of authenticating users on a LAN with both 802.1x and device detection (such as MA...

ACS 4.2 failure to authenticate windows users

Hi all , we have a bit of a problem which we cannot seem to resolve.The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after ...

Network Access Control

Forum Posts

ACS 5.2 VM - User Password Change Webpage

ACS 5.1 Import Template gives File Format Validation Failed

802.1x machine auth w/ certificate authority

Password lifetime

Resolved! Possible bug in Cisco ACS 5.1 when importing devices?

Resolved! ACS 5.2 allow only specified client cert

Resolved! ACS 5.1 User password expire not working

Resolved! ACS 5.0 RADIUS timeout with WLC 7.0

Resolved! Can't run service perfigo config command on NAC

Resolved! prevent SSL VPN user from accessing ASA cli

ACS log Configuration

Resolved! Network devices access restriction configuration with user level in ACS 5.0

Cannot launch Monitoring & Report Viewer

Resolved! ACS for Device authentication

ACS 4.2 failure to authenticate windows users

ISE Accept certificates without validating purpose will break 802.1AR

Cisco ISE JSON SMS

CSCwn25013 - ISE 3.2 P7: Patch install breaks db-reset

Cisco ISE, no SXP-bindings from session

Occasional delay in assigning ISE SGTs to client traffic on NAD

Downgrade Cisco ISE from ver 3.3 to 3.1p10

ISE Topology

Cisco ISE Policy Set Identity

Unable to add Crypto host_key add host - Host not found in /root/.ssh

ISE EAP-TLS with Hybrid-Joined devices