Network Access Control

Is there any way to prevent users from being dynamically added to the ACS database when they are "discovered".Or, can the discovered users be automatically removed on a regular basis (as in, deleted every day or every other day)?Someone mentioned the...

Hi, Could someone help me out on the following scenario,Equipments,Routers: Cisco (TACACS)Switches: Nortel (RADIUS)ACS Server: Cisco ACS 3.2I am trying to do the following,2 Network Devices groupsGroupA: Contains 10 routers and 10 SwitchesGroupB: 50...

Hi, Is there a way to set the (RADIUS)Service-Type by the device you are logginginto?For Example, If User1 telnets to 10.10.10.1 he gets Service-Type=AdministrativeIf User2 telnets to 10.10.10.1 he gets Service-Type=NAS PromptNote: I understand that...

I am remotely administrating perimeter devices at my other locations. I would prefer the routers to use TACACS for admin authentication, but the firewall people need to use RADIUS for firewall admin authentication (non Cisco, does not support TACACS...

We were using ACS 3.0 and we upgraded to 3.2. We use RSA secure ID. Everything was working perfect before the upgrade but after we are unable to authenicate users who are using secure ID trying to go to secure data behind a firewall. Users who vpn...

Hi, I am trying to find a solution, for the following design,We have over 250 Nortel Switches(Baystack 460).Authetication works fine with ACS 3.2 Using Radius.Now I want to do the following,* I have 2 ADMIN groupsADMINGP1: To manage 100 Switches wit...

hi,we are using Cisco Secure ACS v3.2 installed on a Win2k US-Server,using a MS-ODBC Driver and want to import userprofiles via RDBMS.We imported a user like in the example of UserGuide1;remark SequenceID,Priority,UserName,GroupName,Action,ValueName,...

I want to create groups on a VPN concentrator that are really configured on the ACS server and that is where all of the settings would be pulled from. I try to setup a externally configured group on the concentrator, but on the ACS I see a failed att...

When I do a sh run, the tacacs key does not get encrypted, even tho I have the service paswd encryption command on (the radius key does!) .. I looked up (and checked with TAC) and found that this is an "Additional" feature that cisco is working on an...

Hello all, My situation is the following. I have a Windows VPN client 4.0.1 trying to authenticate with digital certificates to a 3005 concentrator. I have installed the CA on both, identity certificate on the 3005 as well. I enrolled a certificate w...

HI,We have a Cisco ACS 3.0 configured for tacacs which is integrated with windows 2000 domain for user authentication.There are few users who are able to authenticate but few users are not able to connect.The configuration on both ACS and Windows is ...

I have printers connected to a Cisco 2500 and we use reverse telnet for printing to the lines. How do I configure AAA so that it doesn't go to the TACACS server for authentication? I just want the TACACS on the vty, console and aux lines.Thx

Hi all,our domain suffix is pippo.pluto.com (so pluto is the root and pippo is the child).There aren't any security permission setted.My ACS is on domain acs.pippo.pluto.com.I'm trying to configure on ACS the Database Group Mappings using as external...

Hi,We are usin ACS3.2 on W2000 server.Until there, we only had AAA client usin Radius protocol , and all was workin properly.Yesterday, we added PIX525 as aaa client usin TACACS+ (for command authorization).And now we have a bug with group setup:when...