Network Access Control

Doubt adding NAC Server to Manager

Hi all.I have a pair of managers in HA mode and a pair of servers in HA mode. The solution is working in OOB Virtual Gateway.When i add the server in the manager, which IP address must i use, the service IP address or the physical Ip address.I'm runn...

invalid switch configuration-oob error

Hi all,We are using NAC in OOB Virtual Gateway mode only for wireless users.But we are facing an error on user PC stating that, invalid switch configuration-OOB error:OOB client MAC ADD/IP ADD not found. Please contact your net...

IPv6 Client support in ACS 5.2?

Hi everybody!Does anyone know if Cisco has or is planning to have support for IPv6 Network Devices and AAA Clients? The user guide sems to only refer to IPv4 addresses... Has anyone heard of roadmap for such support? If not, is there alternative that...

CSACSE-1113-K9 Password Recovery

I just just purchassed a CSACSE-1113-K9 and I need to wipe the Administrator password. I am also not sure what the default login credentials even are. There doesn't seem to be much out there for this device or maybe I'm just looking in the wrong plac...

ACS5.1 and OTP

Does anyone have a quick overview of how to setup how to communicate with ACS5.1 using an OTP server?I want the user to be authenicated in AD then send out the OTP if credentials are correct.ThanksSi

acs 5.2 shell authorization sets

Can someone point me to a guide on how to configure shell auth sets in 5.2I have done it in 4.2 but can't seem to get it working in new versionRequirement is to just allow shut / no shut command but as soon as I give access to config terminal the use...

Resolved! Enable Secret Password Missing in Config.

Recently I came across a router (Cisco 3845, IOS 12.4) configured for TACACS, one local username and an enable password. Going through the configuration I noticed the router didn't have an enable secret password which I thought was strange. The TA...

802.1x multidomain not working

Hello team:I configured multidomain on a Cisco 3650 port (12.2(53)SE1), and connected a 7941 Phone and laptop behind it. The phone gets successfully authenticated but the PC does not get fully connected. The PC adapter´s icon shows a "authentication ...

Resolved! ACS5.1 Updating Internal User Database

Hi,Using a CSV file, I can not add user in the internal database of the ACSI have a permanent "error File Format Validation Failed"However the file I want to import is a really CSV file. Do anyone had the same problem or does anyone know how to ge...

Resolved! ACS5.1 - AD and RADIUS attributes mapping

hi,I'm trying to dynamically assign IP address for VPN users from AD (without IAS service). Is it possible???I know that there is a restriction that "Dial-in users are not supported by AD in ACS (note in "acsuserguide51") but Im not exacly sure what...

Windows Server 2003 IAS RADIUS with Cisco AP541n

Hi,I'm trying to use my Cisco AP541n as a RADIUS client connected to a Windows Server 2003 IAS using PEAP-MSCHAPv2.The communication between the AP and IAS seems to be OK, according to Wireshark (Access-Requests and Access-Accepts), but my AP doesn't...

Resolved! How do you set up VPN on ACS 5.2?

Hi all,I am working on getting ACS to authenticate VPN users. I have a wireless/TACACS policy in place and working.Can someone help me with the set up of the Authorization profile as well as the policy?Thanks,Randy

ACS 5.2 Identity Base Authentication

Hi,I need a specify users to allow access to particular devices and give privilege only for show command or show run. Here is how I tried to configured.1. Configured two seperate Shell Profile and Command set with privilege level 4-5 and allowing onl...

Use AAA to lock out source IP?

Hello,Is there any aaa command(s) to lock-out source IPs after a given number of attempts? I'd like to make it so specific users do not get locked out universally. (2811 v12.3 (8) T5)Or would I need an IPS for this?Thanks for any info,Sean

Resolved! ACS 5.2 Password change problem

HiSince some months I'm running ACS 5.2 appliance without any problems. Today I found a very strange problem:When I want to change the password from a local user there's a popup message:"This System Failure occurred: {0}. Your changes have not been s...

Network Access Control

Forum Posts

Doubt adding NAC Server to Manager

invalid switch configuration-oob error

IPv6 Client support in ACS 5.2?

CSACSE-1113-K9 Password Recovery

ACS5.1 and OTP

acs 5.2 shell authorization sets

Resolved! Enable Secret Password Missing in Config.

802.1x multidomain not working

Resolved! ACS5.1 Updating Internal User Database

Resolved! ACS5.1 - AD and RADIUS attributes mapping

Windows Server 2003 IAS RADIUS with Cisco AP541n

Resolved! How do you set up VPN on ACS 5.2?

ACS 5.2 Identity Base Authentication

Use AAA to lock out source IP?

Resolved! ACS 5.2 Password change problem

Bulk Update Fails for customAttributes - Is it supported?

UserPrincipalName not showing in ISE Log for certain user

CISCO NAM installation by iso generated by System Center

can i USE 2 CISCO ISE posture policy in same time with 2 Anti malware

High Response time for Entra ID TEAP with ISE

ISE VM Smartnet

ISE 3.5 requests for SMB Version 2 from Active Directory

SSL VPN FOrtigate with Cisco ISE Posture

Certificate Services OCSP Responder nearly expired

ISE databases - which one has the endpoints?