Network Access Control

Is it possible to have a backway into the PIX should the AAA server fail ie Console port access?Currrntly we use AAA authentication, authorization and accounting with out Tacacs server. Pix configured as follows:aaa-server TACACS+ protocol tacacs+aa...

I'm trying to configure my devices to use shell command authorization sets located on my ACS box. I want users that are members of a specific group to only be allowed to certain commands (ex. show). I'm pretty sure my ACS box is setup correctly, but...

Hi,I'm currently testing with Cisco's SDM interface combined with Cisco ACS authentication using rsa secureid. Tests without the rsa securid, just a username/pass combination all works well, however combining the securid, sdm keeps popping back up. C...

Hello. We know about the ipsec:inacl attribute for configuring split-tunneling for a VPN group, but AFAWK you must define the ACL in the local configuration of the router. Is it possible to define the ACL in the RADIUS server instead? How? By the way...

I have 802.1x configured with PEAP and vlan assignment using the MS supplicant. I have hardcoded Machine Auth because Remote Desktop does not work with User Auth. (see my other posts) I have figured out how to change the Microsoft supplicant to PEAP...

We have a 3015 VPN Concentrator and would like to begin using token authentication. Specifically CryptoCard tokens. I know some organizations are using the PIX with CryptoCards, but we already have the 3015. Is it possible to enable token access on i...

Hello,Can i use authentication 802.1x for assigning vlan to the end user without using Cisco URTThanks

Anyone care to mention what works well and what doesn't for alternatives to the default enable/exec password scheme in IOS? I've got RADIUS authentication working on an AP1200, and am thinking of using it elsewhere, but I'm concerned about what happ...

We want to be able to make a log of system admin config commands as and when they are made. We plan to use RSA SecureID for Authentication. Do we need ACS for this or can it be done without ACS?Thanks

Hi, I installed ACS3.3 on windows 2003 standard server and it joins Windows 2000 Active Directory. It works normally when it is using Cisco Secure Database. However, it can't authenticate users located in windows 2000 AD. Is my combination supported ...

Hi guys,could you tell me, how to configure my EZVPN Server to work with rsa-sig authentication. It work perfect with pre-share. Is it possible to tork with RSA authentication. I'm using Cisco VPN Client at EZVPN Remote appliance.See attachments for ...

I use the CISCO Secure ACS 3.3 for windows and 2511 as a Network Access Server with sixteen host map for reverse-telnet. All people use the reverse-telnet connect to my routers. i just want some people can login a part of the routers. I look for som...

I have set up ACS to control access to my local LAN users who connect to the network via c2950 switches.I have configured the default Time-of-day setting to stop local LAN users logging in before 7am, I have followed the instructions in Cisco documen...

Hi everyone, I'm doing some testing with 802.1x authentication on a Catalyst 3550 switch, using an eval version 3.3 of ACS (windows version). I do have it working, however, it appears that I'm forced to essentially, login to the network twice. Once w...