Network Access Control

We have implemented AAA on all our internal switches, and all is working well.. primary login is sent to ACS server, and if unavailable local credentials are used.  The one exception is out 6509 VSS switch.  If you SSH the switch all is correct, howe...

Hello,We just migrated to ACS 5.1.With the old ACS I was able to set Account expiration dates, so Accounts automatically were set to disabled if the configured date was passed.I just can't find that option with the new ACS 5.1? We use Local Database ...

When I log into the 4500 switch with my domain account, I get priv 1 only and have to “enable” with the local enable password to get to priv 15.  How do I set this up to get directly to enable? The ACS 5.1 is setup with a authorization/shell profile ...

Hi,I wish to export a list of all our users, to include their group and more importantly, their password authentication method. We have a combination users that authenticate using both ACS internal database and also external RSA Secure ID database. B...

Hello again.I'm now trying to match on Directory Attributes returned by one of my Radius Identity Servers in my 'Authorization Policy'.The log comes back with this:Evaluating Service Selection Policy15004  Matched rule15012  Selected Access Service -...

New deployment of ACS 5-1-0-44-3, first time I launch the Monitoring and Reporting Viewer per session, it logs me out of ACS completely. Is this a known bug.

Hello,I have an ASA 5520 with 4 interfaces. At the moment is connected to an ISP-A via its outside interface; and to an inside private network A via inside interface.I would like to connect another ISP-B and create a DMZ. I want to route to the new ...

Hi all,I configured LDAP on acs 1120 appliance,but i don't know how to fill parameter on ldap configuration:Subject ObjectClassSubject Name AttributeCertificate AttributeGroup ObjectClassGroup map attributeSubject search baseGroup search baseMy domai...

For many organisations the Cisco Secure ACS server is the guardian of the network - controlling administrative access to routers and switches plus overseeing end network users over VPN, wireless and firewall.Its no surprise therefore that it should c...

Hi Pros,              I run into some when trying to use guess vlan in dot1x authentication. The client is able to grab an IP in the guess vlan;however, it can't go to the Internet. Client in the guess vlan is able to ping other vlan(different subnet...

Hi,I'm just evaluating ACS 5.1 for the first time. I'm trying to use EAP-TLS for machine authentication, and use AD to look up group membership for Computer Accounts to determine authorization.The problem I'm having is that ACS is authenticating the ...

Hello,I'm working on a test rollout of 802.1x. I have a few (hopefully quick) questions that I can't seem to find in the docs...1) Is there a way to configure a switch to use two separate RADIUS servers, one for auth/authen and one for accounting?2) ...