Network Access Control

Here is the case. We have to deny telnet to group of devices for particalar user. The IP addresses of the hosts are in range from 192.168.1.1 to 192.168.1.5 The following is the TACACS+ server config:user = test { default service = permit login = cle...

I have MAC Addresses to our AP's in our ACS server and I also have the username and password for both Seperate CHAP and MSCHAP with the MAC Addresses. When a user tries to login into the network with a handheld device, it hits the ACS but it gives th...

Is there any documentation anywhere for configuring the ACS appliance for multiple Windows Domains. I have two different groups of AAA clients that should be accessing two different sets of Remote Agents. The Remote Agent groups are seperated by Wind...

When setting up a ACS server to work with a CA to authenticate wireless clients via machine authentication, does the CA need to be an Enterprise CA or can I do it with a standalone CA?Note that for machine authentication, I need to push down group po...

"Is PDM authentication using ACS a onetime thing? Being that https sessions are connectionless, when I click another item in PDM will I have to re-authenticate again? If not does it use a cookie to set this and if so what is the cookies timeout param...

Hi,My components: ACS 3.3 running on a Server with Windows 2000 Server SP4 , 2950 Catalyst (AAA-Client) , Laptop with Windows XP SP2 (802.1x Client)I have everything configured according to Cisco documentation, but I am getting one error in the ACS's...

Hello,We are in a project of deploying 10.000 clients into the field. We want to assign a B class IP Pool(178.17.X.X) for this group of users. But as far as I know, CS ACS Win can support an IP Pool of whole C Class at most. Is there a configuration ...

All,I recently inherited the duties of an ACS 2.6 Server. I have built 2 other ACS boxes in the past (more recent versions), but I am perplexed by the configuration and the way ACS was configured. I looked at some logs, and realized that none of the ...

I'm using Radius (ACS 3.2) to authenticate users on VPN 3000 Concentrator.Radius Log file reports a message "Received unknown vsa attribute 22". This is a vsa in the authentication request message from VPN Concentrator, but it's not present into dict...

I need to configure limited access right for a specific user and the following config defines a local usernane BACKUP that can only ping. However, how can the user BACKUP telnet to vty 5.-----------------------------------------------enable secret le...

Product:C7401 IOS:12.3(9c)Feature:IP setFunction:BAS,LAC ROUTERPlease teach a meaning of this message.<messages>------------------------------------------------Apr 7 07:26:55 JST: %SSSMGR-3-NULL_INFO_STRING: Received a NULL infostring value.-Tracebac...

Guys and Gals,I need to allow a level 9 user in my switches the ability to manage interfaces f0/1 to f0/44 but NOT interfaces f0/45 thru interface f0/48 (these are trunks). Any Idea why this does not work...privilege interface level 8 switchport port...

Set up ACS 3.3 to authenticate users agains an AD database.(EAP-TLS)I want to allow access by users who are authenticated by a Windows domain user database only when they have dial-in permission in their Windows account.I select the Yes, refer to "Gr...

Set up ACS to authenticate users agains an AD database.When using an invalid account name to log on to a device (switch), I see "External DB user invalid or bad password" in the ACS Failed attempts log but there is nothing in the Security logs of the...