Network Access Control

The auditors want me to limit the Network Management userid to be able to login only from the Management Station IP. Can this be done, preferably without changing configs on the network devices.

Following error was prompt if when i tired to remove a host (e.g.troubled-host ) in device group. ----------------Edit Failed Failed to edit troubled-host. Reason: The Host no longer exists.

Hi Experts , I would like to know whether the following command is supported on 7304 router with NSE-100 having c7300-js-mz.122-25.S10.bin image.aaa session-id common.Thanks,Kumar

Hello,Via ODBC I would like to have ACS 4.0 authenticating against a simple Microsoft Access Database which contains Usernames and Passwords in the table "users".I cannot get it to work. It seems to me as if the AccessDB requires a special structure ...

HI,I have created a one line downloadble access-list in Cisco ACS to deny a host. deny tcp any host 192.168.115.1 eq 22 and assinged it to a user and group. when I try ssh it should be denied but it works. Thx for the help in advance

Hi all,I am/will be beginning a deployment of dot1x to our campus. We will be authenticating to a Windows 2003 IAS Domain Controller, but I have a few questions before we begin:1) I have found no documentation as to the setup of switchports in rega...

I have my ASA5510 configured to authenticate VPN clients against an internal Win2003 IAS server. This works fine - users authenticate and can reach inside network. I have the ASA configured to allow HTTPS/ASDM access from the same inside net the us...

I would like to use TACACS+ authorization for allowing some limited allowed commands for a particular group, on a TACACS+ authenticated user. When i allow the group enable, i can't seem to limit the command level. aaa-server TACACS_SVR protocol tacac...

Hello,We have a customer who has 3 types of authentication needs:1) Laptop with windows based on user credential2) Industrial computer without 802.1x supplicant3) computer with windows but which need to be always in the same vlan (even if the user wh...

Hello,Is there a way to send the ACS log messages to a separate loggin server via syslog?

Hi I have a ACS v2.6 I would like to upgrade to a newer version 3.x or better. My question is do I have to purchase this new version? Can I download it for free from cisco? Which steps do I have to follow in order to upgrade this version???thanks a l...

Hi,We're implementing a NAC (framework) pilot and are experiencing clients that fail re-authentication with the following in the failed-attempts ACS 4 logging:"Access denied: fast-reconnect was successful but user was not found in cache"From what I s...

I have enabled "aaa authentication exclude" commad statement on PIX (6.3).This excludes the Hosts for which the Firewall doesnot prompt for authentication.What is the best way to add more lines into it.Do i have to remove all the commands and then al...

Dear Friends.... i am facing a problem in my ACS System .... the thing is thati am giving access through VPN and users can access to local resource and they are been Authinticate through the WINDOWS ACTIVE DIRECTORY but suddenly they can not access w...

How do I configure our ACS 4.0 server (and 2950 switch) to assign an 802.1x authenticated user to a specific vlan based on the AD group that the user is a member of in the Windows Domain?Example, Joe.Schmoe is an AD member of the group 'Sales' which ...