Network Access Control

I configured a user with the "apply password change rule". I was hoping that when telnetting into an IOS Firewall AAA client, he would be able to change his password but I get a "Chapass is currently disabled" meesage. Did I miss something ?

Certain users aren't allowed to issue the 'conf t' command on routers. When they attempt to do so they get the message 'command authorization failed.' However, in the router's buffer log the following is stated:%SYS-5-CONFIG_I: Configured from conso...

Hi,I have created 3-4 groups but kept 0:Default Group untouched.I have also created users in the other groups.However, authentication can be done only with the usernames of the people in the Default Group and not otherwise.If there any additional con...

I would like to authorize groups and users against an acs server. I am having trouble understanding what needs to be set on the concentrator and acs server.On the concentrator I have configured the acs servers globally as authorization servers. The...

I had a PIX501 providing "visitor" network access configured for AAA accounting match ACL "accounting permit ip any any" and in my Radius logs, received the IP address of the website the users would go to.I have since moved this network (and our "con...

1. Is there “show version” equivalent command on ACS? Where does the command reside?2. Can I delete a Group? If not, is there any way that I can reset the Group back to default setting?3. How can I upgrade from 3.2 to 3.3?

Hi,The followings are from the Yusuf bible. I think some of you had read and configured all that labs, so I really hope it's just a simple question for you.So, In Chap. 1 / Section 7.1:-------------------------------------------------"Configure two u...

Can ACS use the OU information in Microsoft AD to assign users to ACS groups similar to the NT groups? If it can what version of ACS server has this capability?Can I set up ACS to use Microsoft AD as a generic LDAP type database?Please let me know y...

Hi, I need to provide users the ability to create/change their own passwords on an ACS Engine. I am currently running software 3.3. If this is in fact possible, how can it be achieved.

Hi,Can you help me? I can't find a good documentation about how to configure ACS and client to use certificate for authentication.Do you know such a link?Thanks

I started configuring aaa authentication without fully understanding what I was doing. Now whenever I try to telnet to the router I get a username/password prompt. I know I did not configure either and I'm not sure how to get around this with a defau...

My enternal user database is RSA SecureID token server. can map two ACS groups to the external data base ?Thank youKen.

Dear,The CS-ACS SE unit seems to enforce passive-FTP when sending backup sets or retrieving CSV files.The FTP server (Unix based) mandatorily uses IPFilter to protect us from unauthorised accesses,and the passive-FTP mode is quite awkward. (IPFilterd...

When a user attempts to log into a router or switch which they do not have login access instead of the router or switch failing their authentication and then prompting them to login again can the ACS be setup to send a message stating they are not au...

Hello!I read a lot about wireless but I am still not sure what 802.1x peap will mitigate.Here what I would answer let me know If I am wrong.-Rogue AP. Connected to wired internet. Does user will notice this is not the right AP? Yes the rogue AP will ...