Network Access Control

How does the command set differ for configuring TACACS+ on an IOS device verses configuring on a Cat OS device?

I need to set up access on VPN/Security Management Solution with Taccas+. After I install this component of CW2000 i syncronyze him (and register application) with tacacs(vpn/SecurityManagementSolution/Administration/Configuration/AAA-Server-syncrony...

Can the PIX firewall be used to tunnel IP traffic like a router?I am interested in a standard PIX firewall configuration capable of native GRE tunneling encapsulation without encrypting the payload.If so, what is the expected performance; that is how...

Hi all,On my ACS server, I have a group which can only issue 'show' commands. I would like this group to be able to change interface descriptions aswell. For CatOS this was easy: authorize the 'set' command and only 'port name' as permitted attribute...

Im having a problem getting the ACS server to respond to my switch for a PEAP request (it seems like thats the problem). I have the debug log from the switch below to see if anyone can make sense of it. I have machine authenitcation turned off in win...

Hi. I'm using an IAS Server. There I've defined two policies: One to authorizate a users with Shell:Priv-lvl=7 and other with Shell:Priv-lvl=15. I have this configuration at the router: aaa new-modelaaa authentication login CONTROL group radius local...

3550 running ios 12.1.22.ea1.abasic dot1x configdot1x system-auth-controlinterface FastEthernet0/1 switchport mode access dot1x port-control auto spanning-tree portfast!and:radius-server host radius_server auth-port 1812 acct-port 1813 key yeah_right...

Hellomy configurtion with 802.1x works fine on the Cat2950 with the enhanced image. When I move the same configuration to a cat2950 with Standard image, the ACS generate the failure message: "invalid message authenticator in EAP request"I tried diffe...

Hello,I am having problems getting authenicating for users with 802.1x on W2K SP4. Different errors for md5 / peap and tls. Radius packets are sent to IAS, 802.1x packets are sent to 2950 switch from PC.I think that it is because of attributes / op...

Has anyone notices that when using the ACS appliance with the remote agent, that the CSV files the agent produces are missing the CSV column titles? With the ACS software or exporting from the Appliance, the CSV files are complete and include the col...

Hi All,My customer has requested that we configure his Cisco 3725 based MCM to processes all calls via RADIUS, in order to authenticate inbound calls against a list of approved endpoints. The customer wants to use MS IAS for the radius server, and e...

Hi all,I use my Cisco VPN dialer and login with no problems, but I can't access anything in my company's network. I thought it was my internal network or my ISP, but I used my dialer and got into another company's VPN and I have access to internal r...

I've recently heard different opinions about which Microsoft patches can be applied to the server running ACS 3.2.3 (soon to be 3.3). I'd like some clarification as to whether it is safe to apply patches as they are released from Microsoft, or shoul...