Network Access Control

Hi All,We are looking into the possibility of implementing tacacs for enable access. Currently, we are using tacacs for login access and enable secret for enable access.I want to understand the advantages of using tacacs vs. enable secret.Also, is it...

i am a bit struggling with how to configure aaa local command authorization, i am not getting any material also for configuring it. Please tell me how to configure aaa local command authorization.. or possible give me some useful links for that..

I'm investigating implementing 802.1X for authenication on our network. Our primary access switch for users is the 3550. It appears straight forward however I have a question. How do you deal with software pushes to devices on the network where the u...

Hi,Is it possible to create a group that can give access to certain commands only ? Can these allowed commands be added, removed from that group. For example user ISDN_test will be made a member of a group ISDN and in ISDN we will specify all some c...

Hi guys,what command can i use to turn on command accounting in pix like it is possible in the IOS.i need every command typed to be logged on the ACS server.

Hello!I have CISCO 5200 with the following config:aaa accounting delay-startaaa accounting update periodic 5aaa accounting network default start-stop radiusAlso, I have radius server (freeradius) connected with SQL database.Alive-packets (from cisco)...

When TACACS server is not reachable router is not allowing the local password to login using ssh. Router's SSH debug says authentication is successful but ssh client gets % Authorization failed meassage and disconnects.kindly see below debug output a...

Hi,whenever i try to authenticate a user through peap, and after installed the certificate and activate peap support, i obtain the following failed attempt message:EAP-TLS or PEAP authentication failing during SSL handshacke.Anybody knows how to solv...

I am implementing a DOT1X with ACS using external database ( AD ).When I launch telnet to SW4503, I can authenticate with my AD user/password. No problem.But, when I try to authenticate with my AD user/password into DOT1X box, it fails. DOT1X only au...

I'm using two ACS 4 servers to authenticate and configure vpn remote users. Now I'm trying to use the RSA token server: install primary and replica server. All seem ok.So I can authenticate successfully on primary ACS, but when I try on secondary ACS...

There is a problem with the certificate I used for enabling the https option, Now I cannot access the web interface. I am not getting prompted with a certificate. If I use http it automatically goes to https. There are no options for reseting the ...

Hi forum,Is there a way to use Radius to authenticate users(based on windows user accounts) when they are connected to the switches before granting them access to the windows environment?

Hi,I would like to deploy 2 ACS servers. One would be used to authenticate staff members and the other would authenticate guest users. I am using Catalyst 2950 switches in the access layer and Catalyst 6500 switches in the distribution layer. I will ...

Hi,I would like to know if the following scenario is possible:Let users in VLAN A authenticate to ACS A and users in VLAN B authenticate to ACS B.Any comments welcome.RegardsDean

We currently have an active ACS (windows version) running version 3.3 and recently stood up a second server with version 3.4. I would like to replicate the users, groups and network devices from the 3.3 server to new 3.4 server. The plan is get the 3...