Network Access Control

I set up a Shell Command Authorization Set. I want to give someone access to enter "configure terminal" and any "mac-address-table static *" commands. Unmatched commands: Denyconfigure -> permit terminalmac-address-table -> permit staticI built a gro...

Hi, I'm using ACS with a servers connected on a Catalyst 6509-EI want that the authentification use the Mac Address (Auth by Mac).But the catalyst does'nt allow this Command Line : dot1x mac-auth-bypassIs there any solution for this?The IOS is : s72...

We have ACS 4.1 in network. We have some user w0rk from home. they can access corporate network using Cisco VPN client. Issue is some users copy the van client software and profile on their Home PC/Laptop and access the network instead of using the...

Hello. I'm setting up auth-proxy to authenticate http outbound users. I'm reading that auth-proxy requires ACS, to pass user ACL/attributes. I could auth locally, but I would really like to use RADIUS or TACACS, ACS is way out of my budget, is th...

I have a certificate from verisign and it asks me for the private key file? Verisign didn't give me a private key file, where would I find this file?Thanksmike

Hello team, I have a server with IP "x.x.x.x" and hostname "HostX" with Windows 2003 Server Standard Edition withOUT any SP. Is is running an ACS 3.2.2.2 with using WindowsDatabase authentication against an AD Server. Is is working good.We have to mi...

We're using ACS 4.2 for AAA for all of our Cisco devices. The ACS server uses our RSA SecurID server and it works great. Except when the token goes into next tokencode mode. Instead of being prompted for the next tokencode after a successful auth,...

We are running PIX 7.2 on a PIX 525. Is is possible to somehow make sure users can only log into one vpn group based on their AD security group. We are currently using IAS to authenticate users but any user that has VPN rights in the AD can log into ...

How to configure AAA on a FWSM (firewall module) on a catalyst C6509.I need to protect the SSH accès on the firewall. This is the command line that I use right now but it is not ok think: aaa-server TEST protocol tacacs+exitaaa-server TEST host 192...

Hey everyone, got a question for you. I am running ACS 4.0 for windows. I have several NDGs configured including NETWORK 1 and NETWORK 2. I also have several user groups including GROUP A, GROUP B, and GROUP C. GROUP A should have access to all d...

Trying to replicate from Master TACACS server to TACACS3 and started gettin this error:07/14/2008 09:39:52 s0adcciscosec1 WARNING ACS 's0adcciscosec3' not replied to replication request - possibly short timeout or dead ....Time out is set for 10 mins...

HiI have some question. Please help me. Thanks.Question1. May I use that 802.1x port authentication using TACACS+Question2. Is it true? TACACS+ will not work with 802.1x because EAP is not supported in TACACS+, and there are no plans to get EAP ove...

Hi, I am using CAR running version 4.1.4 I am wondering whether the attributes added to a dictionary under one thread (in our case its response dictionary) is available across other threads.In our setup, we instruct CAR using TCL script to add som...