Network Access Control

Radius Proxy for EAP-TLS

Can anyone explain how the proxy for EAP-TLS is supported in CSACS?I think the SAN feild is used for the proxy distribution table but even if this is correct what about the certificate authority. Who does what in terms of certificates etc?I have to i...

Need to restrict certain commands for TACACS+ users

I have a tacacs+ server and i need to create a group where a user can only work on the interface paramaters and deny other commands. For example i dont want the user to use "sh run" or "sh start" but can use the "sh interface" command.And also allow ...

CSAdmin service will not load

CSAdmin service does not load. Recieved unknown windows error and nothing is written to the event viewer. Running on a windows 2000 server SP4.

Getting 2 ACS servers to replicate

We have two Data Centres with the primary ACS server in one and I am trying to install a secondary ACS server in the second one.They communicate at a TCP level but I can’t get the second ACS to replicate the first one. They are both installed on win...

802.1x

What IOS version do I need to have to use 802.1x? We have version 12.0 on some of our switches and I can't seem to find the commands for it (aaa authenticaiton dot1x... )

Cisco ACS and Ciscoworks failed attempts issue

HiWe have been using Ciscoworks to collect switch/router configurations for a number of years. Since we implemented ACS V3.3 we have been getting problems with failed logins.After looking at the failed attempt logs we see spurious logins like "q" or ...

Remote Logging for ACS

I am testing remote logging in ACS. Is it by design that logging from all ACS appliances goes to the same files configured by the Configuration Provider? Whatever is specified in the other ACS appliances is ignored and all entries from all applianc...

WebVPN authentication

Hi,I am setting up WebVPN on a 3005 concentrator. I have it working with an internal user.Is it possible to make WebVPN authenticate through a NT-Domain? Best regards Morten WiingreenBøg Madsen a/sDenmark

Resolved! ACS scaling

Hi,I am struggling to find any figures on how ACS will scale in CCO documentation.The ACS solution would be expected to support the following:An 802.1x environment that will consist of up to 1000 users (80% MD5, 20% EAP). The intention would be to us...

ACS External Windows Authentication: Pre-Windows 2000 name only works

Hello. I have attempted to map ACS to Windows AD 2003 as an External Database. That works, but only if I authenticate using the Pre-Windows 2000 name (sometimes called the "down-level" name).If I use the Windows 2003 login name, I get a 529 error in ...

Accounting does not work for http

We have a wireless AP that we allowed a certain group to manage. The can authenticate just fine, but when they authenticate (via http only) I do not see that in the Tacacs+ logs on our ACS 3.3 server. If they authenticate through a command line then ...

Tacacs+ Setup on OpenBSD

Having some dificulties with creating the configuration file for the Tacacs4.0.4.I have my test switch authenticating and authorizing, but am not able to figure out how to get the admins group to login directly to the privileged exec mode. Also when ...

AAA Ipmobile command not available on IOS12.3 Access Point 1231

Anybody come across on an Aironet 1232 the inability to configure "aaa authorization ipmobile ........"Really strange, all our other access points (same model) have no problems at all.All help appreciated

per user VPN access lists using 1721 series router

I am trying to create per-user access lists for VPN clients connecting to 1721 router. I have set aaa authorization to access my radius server & I can see the AV-pairs being returned to the router. However, they dont seem to be getting applied. Is th...

ACS 3.3 and Active Directory migration from LDAP

We are migrating from an LDAP user database to Active Directory for authentication. Having an issue with the Remote agent that I'm hoping someone can clarify.The first Remote agent we installed on a test Active Directory server (2003Server) we were ...

Network Access Control

Forum Posts

Radius Proxy for EAP-TLS

Need to restrict certain commands for TACACS+ users

CSAdmin service will not load

Getting 2 ACS servers to replicate

802.1x

Cisco ACS and Ciscoworks failed attempts issue

Remote Logging for ACS

WebVPN authentication

Resolved! ACS scaling

ACS External Windows Authentication: Pre-Windows 2000 name only works

Accounting does not work for http

Tacacs+ Setup on OpenBSD

AAA Ipmobile command not available on IOS12.3 Access Point 1231

per user VPN access lists using 1721 series router

ACS 3.3 and Active Directory migration from LDAP

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

Cisco ISE cannot join Windows Server Core.

Cisco ISE 3.1 WLC Captive Portal - AUP Error Apple Devices

.

"Change Password" functionality

Cisco ISE - ANC leveraging integrated AMP - Isolation

CiscoISE policy applying on switch problem

15024 PAP is not allowed

Cisco ISE: Sponsor decide duration by Approval

ISE - Sponsor Approved Guest Access

ISE - Registered Guest Device Endpoint MAC Database