Network Access Control

Hi.I'm trying to make a profile with privilege 2 to permit a user to do some modification to configuration file.I would like to permit user to issue command "write terminal" to show the conf, but when i create profile level 2 privilege with command"p...

I use Cisco Secure ACS with Tacas+ to authenticate dialin users on a Cisco2610.While doing authentication locally on the router everything works fine: Windows users dial in, are validated, get a callback and even multilink with compression.When ACS i...

Hello,we use ACS 3.2 to validate users logging into routers and switches against a windows AD database. This works perfect.But when validating Dial-IN Users we see a record in the "Failed Attempts" Log stating: "Auth type not supported by External DB...

I set up tacacs+ authorization on the WDS and it works great. When I tried to set it up on the infrastructure ap1200 I am unable to login unless it is as a locally defined user. I have attached some config info from the infrastructure AP Version 12.2...

Does anyone have a quick answer to ACS licencing without me going through Cisco Sales ? Can we install ACS on a different machine at different location but not use it and keep it for DR purposes ? Does it void licence agreement ?Serhat

Hi.. My name is Fabio, I work on brazil like network manager. I placed Tac_plus to work on Linux, because it is needed to restrict some users accesses to routers. In the first case where users are able to give show and config commands referring "RTR"...

Hello I'm haveing problems logging exec commands with Cisco ACS server when we use our own groups instead of the default command.currently were trying to use the following commands for aaa.aaa authentication login vtyport group tacacs+ enableaaa auth...

We have Cisco ACS 3.3 is there a way to do authentication based on mac address, instead of username and password? We are looking to stop things such as user purchased access points and what not. Any info would be great.

Hello,our company uses NT Domain authentication over a radius server (Cisco ACS) for vpn authentication. There is little problem with users who belong to more than one group in the NT Domain. A user who is a member in more groups the authetication is...

I'm using a member W2K server to run ACS 3.2.I'm using ACS and Windows group mapping but my users always go into default group.Why?Thanks.Andrea.

I configured a user with the "apply password change rule". I was hoping that when telnetting into an IOS Firewall AAA client, he would be able to change his password but I get a "Chapass is currently disabled" meesage. Did I miss something ?

Certain users aren't allowed to issue the 'conf t' command on routers. When they attempt to do so they get the message 'command authorization failed.' However, in the router's buffer log the following is stated:%SYS-5-CONFIG_I: Configured from conso...

Hi,I have created 3-4 groups but kept 0:Default Group untouched.I have also created users in the other groups.However, authentication can be done only with the usernames of the people in the Default Group and not otherwise.If there any additional con...

I would like to authorize groups and users against an acs server. I am having trouble understanding what needs to be set on the concentrator and acs server.On the concentrator I have configured the acs servers globally as authorization servers. The...

I had a PIX501 providing "visitor" network access configured for AAA accounting match ACL "accounting permit ip any any" and in my Radius logs, received the IP address of the website the users would go to.I have since moved this network (and our "con...