Network Access Control

HiI'm trying to setup my first crack at the NAC framework, using NAC-L2-802.1x. For this, the equipment I'm using is;Cisco 2950 switch (IOS /c2950-i6q4l2-mz.121-22.EA11.bin)Cisco 1811 router (inter-vlan routing)Cisco Secure ACS (90 day trial) 4.2CTA...

Hi all,Using tacacs, can you restrict a users rights to certain equipment while giving them full access to others?What I mean to say is: Can "User A" have view access to Switch 1, Global config access to Switch 2, and no access to Router 1?All using ...

Hi all,we have a seriuos security issue with an ACS 3.3 server on windows running in front of an RSA ACE/Token Server 6.0. We use this setup to authenticate VPN users coming in over ASAs and VPN-3000 concentrators.After running some time the ACS stop...

Hi,Is the ACS has a function for me to configure in ACS Server to set the users' password will be expired in a period of time(e.g. 90 days)?Thanks and regardsErnest

Currently we have a CSM and an ACS on the same subnet, Same switch. The ACS is the HW appliance and the CSM is on a windows operating system.When authentication occures to the CSM it is extreemly slow for All users. We are using NDG's for 20 IPS, 1...

Hi,I have 3 acs v3.3 appl. 1 is functioning primary and other 2 as secondary. The replication logs are saying " Outbound database replication failed - refer to CSAuth log file". As per the cisco it's Bug CSCeh84997 and we require to upgrade the appli...

we have hundreds of cisco devices on our network. we are currently deploying TACACS authentication/authorization on the network.The devices need to be grouped, and NARs need to be assigned to different groups of people.The network is very dynamic so ...

Need help in configuration so that the following requirements should be met:A set of target IP Addresses to be excluded in the traffic defined for a service (access to those IPs should be allowed, only that the traffic should not be qualified under s...

Sorry but any one know how to export the ACS local user database into a file? I only know it is only able to be displayed on the Window itself.

Is it possible for the VPN 3000 series Concentrator to generate the X.509 digital certificates or do you need to obtain the X.509 certificates from an outside vendor like Verisign? This is for an IPsec environment. Can the VPN Concentrator be used as...

i have acs 3.2 on windows 2000 server,in external database mapping i map one domain (group with ras users/dialin permissions) to dialup group.when the user is dialing he is not getting ras connection and whan i see his log in failed attempt it shows ...

I am attempting to authentication wireless clients via WLC6 via ACS SE 4.2 and this forum has provided me more information than Cisco Documentation. In trying to obtains a 30day free trial cert from RapidSSL.com, When I submit my CSR, Rapidfire tell...

Hello.I have a Cisco 2610XM with firmware version c2600-ipvoicek9-mz.124-15.T5.bin. Could someone tell me how to suppress the ALIVE accounting packets coming to my Radius server?.I have been trying using the command "no aaa accounting update" but it ...

Hello,I am trying to get http authentication proxy to work together with vpn client.I think I might have misunderstood how it is supposed to work, because in with my configuration, once the vpn tunnel is established, the user already has full access ...