Network Access Control

I am implementing a DOT1X with ACS using external database ( AD ).When I launch telnet to SW4503, I can authenticate with my AD user/password. No problem.But, when I try to authenticate with my AD user/password into DOT1X box, it fails. DOT1X only au...

I'm using two ACS 4 servers to authenticate and configure vpn remote users. Now I'm trying to use the RSA token server: install primary and replica server. All seem ok.So I can authenticate successfully on primary ACS, but when I try on secondary ACS...

There is a problem with the certificate I used for enabling the https option, Now I cannot access the web interface. I am not getting prompted with a certificate. If I use http it automatically goes to https. There are no options for reseting the ...

Hi forum,Is there a way to use Radius to authenticate users(based on windows user accounts) when they are connected to the switches before granting them access to the windows environment?

Hi,I would like to deploy 2 ACS servers. One would be used to authenticate staff members and the other would authenticate guest users. I am using Catalyst 2950 switches in the access layer and Catalyst 6500 switches in the distribution layer. I will ...

Hi,I would like to know if the following scenario is possible:Let users in VLAN A authenticate to ACS A and users in VLAN B authenticate to ACS B.Any comments welcome.RegardsDean

We currently have an active ACS (windows version) running version 3.3 and recently stood up a second server with version 3.4. I would like to replicate the users, groups and network devices from the 3.3 server to new 3.4 server. The plan is get the 3...

Hey guys...first post here. I have recently taken over our Cisco network (I am extrememly new to Cisco by the way) due to issues witht he outgoing manager. Anyway, we have a need for a single authentication process on our network. We are in a Windo...

Hi. We have developped a Posture Plugin Dll and an ACS server. The server part works well, but I can't have the CTA to load our DLL. Thus, our ACS server doesn't receive our VAF and the device is quarantined. I ran the ctastat.exe utility which tells...

Hi All,One of our NAS server, is using a default string for User-Password attribute value in the event that no password is set by the user in PAP authentication mode.How can we ignore that value or set it to Null under CAR in order to use the AllowNu...

Dear Sir,1. If ACS local database not found, ACS will attempted to authenticated with external database ( if configured ), and then created that user in ACS local database if authenticated succcess. Can we disable the auto create user function? 2. If...

Hi I have a pair of PIX 535's running 7.04 with ASDM 5.0(1) I have used the ASDM wizard which has setup three roles 1) ASDM_Admin (priv 15),2) ASDM_Readonly (priv 5)3) ASDM_Monitor (priv 3)The PIX now has these user accounts in the local database and...

Hello,I am currently deploying 802.1x using following devices:XP - HP Procurve - Cisco ACS - Active DirectoryI am able to forward dynamic vlan id to employe and consultant after authentication.Bit how to deal with big site having a large number of pe...

Win2003 active directory.I am planning to create a Windows security group (global) "WirelessUsers" and a group named "VPNUsers". Then I would need to go to ACS 3.3 and need to configure mapping to allow such groups to access wireless and VPN respecti...

Hi,I've just discovered an issue when trying to use MSFT supplicant and Cisco 802.1x accounting. This makes 802.1x accounting completely unusable.Facts:1. MSFT supplicant does not send EAPOL-Logoff messages and there's no way to enable this (btw. Aeg...