Network Access Control

HelloI'm running CSACS to authenticate users to a Colubris CN3500 Access Controller and Colubris provides a 'custom av pair' to specify traffic quotas for users. How would I create these pairs within csacs? Thanks

Hello, Does anyone have a working sample IOS router config for VPN 4.x client access using RSA SecurID ? During authentication, the 4.x client simply hangs when it is supposed to prompt for change user pin. In the RSA log it shows a successful initia...

Hello, In configuring VPN client 3.x RA configs on IOS routers, all of the sample configs show these authorization commands. 1) What exactly do they supposed to be doing and 2) If there is no authorization being done, only authentication via username...

I made a database to log TACACS+ Accounting into. It logs ok into db but I cannot view logs throuhg html interface, it still shows me only csv files. Is it even possible to view odbc logs trough html interface? If not, does Cisco have some client for...

Hi, In our ACS 2.6 there 's only one group (default group)! I want to add users with specific authorizations but don't know how to create a new group! In "group setup" the only group in the list is "default group"! When I add a new user, I have no ch...

Scenario - User logs into a host that uses ACS for authentication. ACS has a local database. I know it's possible to set ACS to look to AD to find a user if one is not defined in the local database. Is it possible for ACS to look to two Active Direct...

PIX-515E allowing PPTP connections.AAA RADIUS (IAS) Authentication.Initial PPTP call in gets RADIUS prompt.username/password works, get PPTP connection.Try to access a host (ie. telnet in) you get a secondRADIUS username/password prompt. Will not Aut...

AllAnyone could help me in this issue.I have an ACS 3.1, sometimes the users can't use their accounts, so when i look at their entries, i found the username only and with the description of "new-user" losing all the configured parameters, so i must a...

Is there a way to pass a IP address to the ACS when login on to a router or switch using the console port (line con 0)? The Caller-Id field on the ACS shows "ASYNC" when using the router/switch's console port. Thanks!

How would you configure the pix to to work with the rsa's radius server to authenticate vpn 3.x or 4.x users using keyfobs without the use of a vpn3000 or an acs/tacas server? Do you have to have a AAA server pointing to the RSA's server as an extern...

Can someone tell me all the options for authenticating VPN users on the PIX (515e v6.31)? I dont see any way to do local user authentication based on the VPN client.I know of the following options:AAA using TacacsAAA using RadiusVPN Group with local...

The failed log has the error 'External DB Account Restriction'. I have the Permit dial in permsion enabled which was the only thing i could find on that one. In the auth.log i get the following (see below) there is a line that states 'Windows Authent...

If I am using the Win2k Radius server to authenticate users via the Active Directory domain do I still need the Cisco ACS software to work between these or can the PIX talk and authenticate directly to the Radius server in Windows?Thanks,Greg

Hi all,I'm trying to access via http an aironet AIR-AP1230B-E-K9 with ios 12.2(11)JA1. these are the commands used:aaa new-model!!aaa authentication login default group tacacs+ localaaa authentication enable default group tacacs+ enableaaa authorizat...

One of the really beneficial features of the VPN 3000 series is the Individual User Authentication (IUA) feature on the 3002 HW client that can be exercised by a VPN 3000 series concentrator.Is the IUA feature supported by other EZVPN client platform...