Network Access Control

Example of Account Login on ISG in CoA mode

We are developing an ISG Radius CoA client.Our settings are: * Cisco IOS Software, 7200 Software (C7200-K91P-M), Version 12.2(31)SB6, RELEASE SOFTWARE (fc1) * Here is a snippet of our configuration for CoA: aaa server radius dynamic-author...

Resolved! WLC4402, SSC 4.0, EAP FAST with ACS 4.1.23 and Active Directory

Hi All,I have a problem where my SSC (Cisco Secure Services) wireless client software on the laptops will only authenticate the windows domain users if they enter the username and passwords manually. The single sign on feature will not work. I am usi...

802.1x authentication... why it doesnt reauthenticate after restart?

when a computer firstly connects to network it asks prompts for user pass for 802.1x authentication. but after restarting the computer or logging off and logging in again it doesnt prompt. when I check the cisco ACS for passed authentications I see t...

Resolved! change ACS ip address on vmware platform.

Hi netpro,does anyone who has experience or share with me will this work and any impaction will be caused ?Question : currently ACS 4.1 installed on vmware platform which ip address used 172.17.10.200. so, if i manage to change the ip address without...

Turning off Authentication for a-sync line

I have authentication set up on my 3745 router. Installed in my router is a 16 port a-sync card. The line numbers on the async card are 65 through 80. I do not want authentication turned on for those lines.I have tried "no login authentication" for e...

two SSIDs one ACS

Hello,how do I authenticate two SSIDs against one ACS. Users from SSID A should not be able to log onto SSID B and the other way around.The proble here seems to be that for the ACS both SSIDs are authenticated by the same NAC/WiSM/Source IP address. ...

applying service policy using radius and VPDN

anyone had any success doing this?I've been following the suggested config at http://www.cisco.com/en/US/customer/products/ps6566/products_feature_guide09186a0080610dad.html#wp1058626 but not having any success.sessions terminate on my 7301 via L2TP...

Resolved! ACS and download ACL to several AAA-clients

HI!I need to know if there is a possibility to download ACL to the DACL-enabled device that is not a part of the RADIUS conversation? In other words I have one user that needs an access to some resources and is attempting to log to the network throug...

Win XP - 802.1x Supplicant Behaviour with SmarCard/Certificate

I am trying to implement Cisco's AuthFail VLAN functionality on a Catalyst 3560. It works fine with PEAP but does not work with SmartCard/Certificate (EAP-TLS) as the 802.1x protocol.Please note that in my scenario I expect the authentication to fai...

ACS replication error

I have a primary ACS with IP address 10.250.97.29/24. it is working fine.Now I would like to add a secondaryACS with IP 10.250.97.50/24. BothACS 4.1 are identical with version 23 patch 5. both are running on Win2k3with Service Pack 2. Both Win2k3 ...

ACS Shell Command Authorization Sets on IOS and ASA/PIX Configuration

Hi,I need to activate a control privileges of users on various devices.I found this interesting document:http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtmland using a router with IOS 124-11.XV1 ...

Resolved! MAC Address Format Question

Does anyone know the proper format for the client MAC address in the ACS internal database such that it will authenticate 8021x queries from a cisco switch? Is it: 00-11-43-4A-B8-62 or: 0011.434A.B862 or maybe: 0011434AB862 or somet...

Firewall authentication from ACS

HiI have Pix firewall which configure AAA to ACS. I have Also ACS 2.3 in Sun based.I create two group in ACS. in group A has user like jon, sam bin and group B has user like shn , kell. now I permit autentication user group A to firewall. from group ...

Second ACS Server

We have one ACS server on the network and we need to add a second server. The secondary server will be replicating the primary.Is it advisable to point some devices to the primary and the other half to the secondary server to balance the load? JT

Resolved! Use same ACS for multiple forests

Is it posible to use one ACS appliance to authenticate users in different Windows forests ?It may be only possible when a trust relationship exists between the forests ?Gr.Remco

Network Access Control

Forum Posts

Example of Account Login on ISG in CoA mode

Resolved! WLC4402, SSC 4.0, EAP FAST with ACS 4.1.23 and Active Directory

802.1x authentication... why it doesnt reauthenticate after restart?

Resolved! change ACS ip address on vmware platform.

Turning off Authentication for a-sync line

two SSIDs one ACS

applying service policy using radius and VPDN

Resolved! ACS and download ACL to several AAA-clients

Win XP - 802.1x Supplicant Behaviour with SmarCard/Certificate

ACS replication error

ACS Shell Command Authorization Sets on IOS and ASA/PIX Configuration

Resolved! MAC Address Format Question

Firewall authentication from ACS

Second ACS Server

Resolved! Use same ACS for multiple forests

Bulk Update Fails for customAttributes - Is it supported?

UserPrincipalName not showing in ISE Log for certain user

CISCO NAM installation by iso generated by System Center

can i USE 2 CISCO ISE posture policy in same time with 2 Anti malware

High Response time for Entra ID TEAP with ISE

Invalid Request error on GUI login - suspecting MnT Restriction issue

ISE VM Smartnet

ISE 3.5 requests for SMB Version 2 from Active Directory

SSL VPN FOrtigate with Cisco ISE Posture

Certificate Services OCSP Responder nearly expired