Network Access Control

Hi,When using Cisco ACS as the RADIUS server, the authentication is being failed by the VPN Concentrator with the following message"Authentication Rejected: Group password is not configured"Even though the the ACS server send an Access-Accept back to...

Hi everybody, Can anybody help me out here please? I'm using the ACS appliance running software v3.3. I'm doing TACACS+ authentication from a router to the ACS box with backend authentication to a Novell NDS server. OK, I set it all up and got it a...

The problem is the cert is only valid for 1 year (which is what the Enterprise Admins set up), so when the year is up, I can find no way to automatically renew all the certs so the users do not have to intervene and request a new certificate again.

I am using the 1111 appliance to authorize ssh and https sessions to all of my AP's. It works great. Now I want to start doing MAC AUTHENTICATION for all clients to the 1111 appliance also. When adding the AP's into the appliance for ssh and https...

I am looking to secure the access to ACS 3.3.3 on a Windows 2003 SP1 server. I am running only radius and access to an external Windows database. Currently I am looking to allow: - tcp 2000 -> ACS replication - udp 1645 -> RADIUS authen & author ...

Hi all,We have two sites A and B. On site A we have PIX 515 and a T1 line. We need to establish connection to site B to allow the windows 2000 domain clients on site B to authenticate with the domain controller on site A and to acquire IP addresses f...

I have built two ACS for Windows servers on Windows 2003 SP1. The AD environment is Windows 2003 SP1 as well. I have configured the two ACS servers on each box. However, when I go to replicate from box A to box B, the following error appears:Inbou...

I want to make restrictions for those who authenticate through AAA, after the authentication passed it will check the user caller-ID, if it is found at her/his account succeed, otherwise failed reply. Is this feature supported at the ACS 3.3?

HiI need help concerning external database configuration.....actually I want to configure ACS to athenticate users based on domain databasewhen I check on ACS servises I cannot see CSAgent and it looks like I need the API and this CSAgent to can run ...

I have a switch setup to use radius. I have the aaa-new model list applied to my console and telnet ports, but they only work with pap. If I try chap in my remote access policy, login is not allowed, and the radius server's event viewer reads, incorr...

I have configured my pix to authentication using tacacs first; if tacacs is not available it must fall back to LOCAL authentication. The TACACS authentication works fine, when I take out the ACS from the network, the local authentication works as wel...

Hi All,I have configured dot1x authentication on 3750 switch and configured a Windows 2003 radius server as an authentication server. When running debugs aaa and dot1x, I do see the reject coming from the Windows Radius server. It says length of pack...

Is it possible to run EAP-FAST for WLAN clients only and EAP-PEAP for internal LAN clients only?I don't want wireless users authenticating in PEAP.

Within ACS when adding a user there are 5 fields called Supplementry User Info. Those field names are defined within Interface Configuration, User Data Configuration. The question is: Is it possible to populate those fields while doing a ADD import...