Network Access Control

Hello,We have CiscoSecure v3.2(2) Build 5 on w2k.We sent the log file to a sql server via odbc to make logs analysis.But when we stop or reboot the sql server, the authentication radius or tacacs doesn't match anymore until the server is again availa...

Hi all,Have recently installed the ACS Solution Engine. Customer needed to use AD as an external d/b for aaa authentication for engineers accessing their cisco boxes.I have setup according to the documentation from cisco. Installed a remote agent to ...

Hi everybody:I have a PIX 525 with 6.3(3) and two cisco secure appliance as aaa-servers.The problem is that the PIX in sometimes the authentications is trough the CS1 and sometimes is through the CS2, in both cases both cisco secure is up and running...

Hello!Could someone explain me what happened when we use user certificate authentication via ACS and AD as an external database.For example i have configured 802.1x with EAP-TLS authentication type. I know enough (i hope :) about EAP conversations be...

Hello everybody,this the first time I write on this forum, so please excuse me if I do something wrong.My objective is to authenticate servers in my customer's server farm, so that none can put an unauthorised server in place.I am thinking about usin...

When clicking on External User Database, then on Database Group Mappings, I have the following error :"Could not edit the resource because the Group Mappings are being configured elsewhere."I need help please because I am stuck !Thank you,Patrice

Hi I am looking for a really basic AAA Radius login configuration for my Cat4507 to authenticate to MS IAS.I have reviewed all documentation on cisco website and am clearly having trouble understanding this!!(user error)Btw, I can ping my raduis serv...

I'm making a network using ACS in my lab and authentication fails when I telnet from a user(H1) to a router(c3845). Please look at below.What I did is, configured VPN between c3845 and c3640.I confirmed that VPN is working.Setup H1 as an user and c38...

Hello, I am trying to get a remote user to always have the same IP address when they connect to the VPN. Our group is simply pulling from an address pool 10.10.10.1-10.10.10.254. I could not find a way to get a static IP so I created another group...

Hi,I have been able to do a test migration with our ACS. I'm moving the service from an NT 4.0 server to a W2K server by doing a backup and restore then upgrade the W2K ACS from 3.0.4 to 3.3. I've got all the users and groups but how do I get all t...

Hi All,I'm having a severe case of brain fade here and would appreciate a litle help.I recently changed the architecture of a production network that uses TACACS servers. To the 3548 access switches, the AAA went in just fine. The process I followed ...

i upgraded my ACS 2.4 installed on Win NT4 to ACS 2.6 installation went fine but now when i search for users in groups not all users are listed although ACS reports the correct number of users in the group but doesn't display them all. is there away ...

Hi,My config is:...username user1 privilege 15 password 7 pwd...aaa authentication login vtymethod group tacacs+ local enable... password 7 pwd_vty login authentication vtymethodWhen the Tacacs server disappeared from the network(because of missing r...

Is it possible to apply a per-user ACL from ACS3.2 to a wired 802.1x port on a 3560?I have got dot1x authentication and vlan assignment working perfectly, when looking at the debug it says it sucessfully applied the per-user acl; however the user can...

Here is the case. We have to deny telnet to group of devices for particalar user. The IP addresses of the hosts are in range from 192.168.1.1 to 192.168.1.5 The following is the TACACS+ server config:user = test { default service = permit login...