Network Access Control

Hi all. I hope this will be an easy one for you. I currently have AAA enabled on my switches and routers. The methods list is using the TACACS+ server first, then local as the failover. What I would like the switch to do is provide an alternate l...

Hello everyone,I have a Cisco 1112 SACS device configured as Radius server, the SIP servers are added to the ACS as Radius clients for server key: ?key? under authenticate using I choose ?Radius-IETF? for both Radius clients.I setup users on the SIP ...

When looking at TACACS+ session and command accounting from various IOS devices its hard make any sense of the values you see in the task_id attribute.I always thought it was analagous to the RADIUS session-id attribute.. but when you look it isnt.So...

Thanks to all, I appreciate your help!I have a 4006 CatOS switch running 6.3, I can telnet and authenticate via TACACS servers, how do I make sure I'm able to serial console to the switch in the event IP connectivity to the TACACS servers is lost or ...

Hi,Currently I have users authenticating against RSA Ace server, but going via ACS 4.0's external database policy. Also have dialup users authenticating against the ACS internal database with CLI restrictions. My intention is to move the users using ...

Hi,I have imaged 4.0.1.44 on an ACS solution engine and everything was going fine and I made it as a secondary ACS and managed to replicate the entire database from the primary. When I shifted the ACS from one place of the network to another (but on ...

Hi,We have multiple internal lans/networks sharing a common internet pipe/link terminated on a Cisco router.We have seperate NAT IPs ( Public IPs ) configured for each network to differentiate them from one another outside the firewall.My requirement...

We upgraded from ACS 3.3 to 4.0 and it broke our authentication which is pointed to our Windows DC. The failed attempts log only shows "Internal error" when trying to authenticate. Anyone experience this?

Hi.. Im trying to understan the way acs working with group maping to Active Directory.What i wan to achive is 1- to have AD group for Wireless userswho are permitet to authenticate and use WLAN 2-to have AD group for VPN users who are permitet to aut...

Has anyone have a config I could follow to set this up? Under External user Databases I don't see RSA SecurID. I have to install the RSA Authentication Agent? How would I get access to the Windows side of this ACS server if I have to do that? Any hel...

Hi,What is the procedure of replication between primary acs and secondary acs while primary acs is installed with self generated certificate for EAP-FAST and for SSL enabled interface to Primary ACSis it mandatory to generate certificate on secondary...

My org is switching from an appliance-based deployment to a Windows-based deployment (got tired of maintaining the Remote Agents separately and having no access to the system interface.) We're also installing a newer version of the software, obviousl...

I am using ACS 3.2 and on the NAR section,I have used a wildcard (*) to define all the network devices on my network.All my users are in one group. However,I have just realised there is the need for me to create another group and put some users in th...

Can somebody expalain to me the question that is found in attachment, appreciate your help in advanceRegards

I am implementing a Wireless Lan solution for guest users, they are authenticated via an external Radius server. The user is abe to login in and access the resources however their session does not get time out even though I have configured Session Ti...