Network Access Control

Hello!Could someone explain me what happened when we use user certificate authentication via ACS and AD as an external database.For example i have configured 802.1x with EAP-TLS authentication type. I know enough (i hope :) about EAP conversations be...

Hello everybody,this the first time I write on this forum, so please excuse me if I do something wrong.My objective is to authenticate servers in my customer's server farm, so that none can put an unauthorised server in place.I am thinking about usin...

When clicking on External User Database, then on Database Group Mappings, I have the following error :"Could not edit the resource because the Group Mappings are being configured elsewhere."I need help please because I am stuck !Thank you,Patrice

Hi I am looking for a really basic AAA Radius login configuration for my Cat4507 to authenticate to MS IAS.I have reviewed all documentation on cisco website and am clearly having trouble understanding this!!(user error)Btw, I can ping my raduis serv...

I'm making a network using ACS in my lab and authentication fails when I telnet from a user(H1) to a router(c3845). Please look at below.What I did is, configured VPN between c3845 and c3640.I confirmed that VPN is working.Setup H1 as an user and c38...

Hello, I am trying to get a remote user to always have the same IP address when they connect to the VPN. Our group is simply pulling from an address pool 10.10.10.1-10.10.10.254. I could not find a way to get a static IP so I created another group...

Hi,I have been able to do a test migration with our ACS. I'm moving the service from an NT 4.0 server to a W2K server by doing a backup and restore then upgrade the W2K ACS from 3.0.4 to 3.3. I've got all the users and groups but how do I get all t...

Hi All,I'm having a severe case of brain fade here and would appreciate a litle help.I recently changed the architecture of a production network that uses TACACS servers. To the 3548 access switches, the AAA went in just fine. The process I followed ...

i upgraded my ACS 2.4 installed on Win NT4 to ACS 2.6 installation went fine but now when i search for users in groups not all users are listed although ACS reports the correct number of users in the group but doesn't display them all. is there away ...

Hi,My config is:...username user1 privilege 15 password 7 pwd...aaa authentication login vtymethod group tacacs+ local enable... password 7 pwd_vty login authentication vtymethodWhen the Tacacs server disappeared from the network(because of missing r...

Is it possible to apply a per-user ACL from ACS3.2 to a wired 802.1x port on a 3560?I have got dot1x authentication and vlan assignment working perfectly, when looking at the debug it says it sucessfully applied the per-user acl; however the user can...

Here is the case. We have to deny telnet to group of devices for particalar user. The IP addresses of the hosts are in range from 192.168.1.1 to 192.168.1.5 The following is the TACACS+ server config:user = test { default service = permit login...

I have MAC Addresses to our AP's in our ACS server and I also have the username and password for both Seperate CHAP and MSCHAP with the MAC Addresses. When a user tries to login into the network with a handheld device, it hits the ACS but it gives th...

Is there any documentation anywhere for configuring the ACS appliance for multiple Windows Domains. I have two different groups of AAA clients that should be accessing two different sets of Remote Agents. The Remote Agent groups are seperated by Wind...

When setting up a ACS server to work with a CA to authenticate wireless clients via machine authentication, does the CA need to be an Enterprise CA or can I do it with a standalone CA?Note that for machine authentication, I need to push down group po...