Network Access Control

I have recently installed ACS v3.1. I can successfully authenticate users using chap, but when I add the aaa authenication ppp default group tacacs+ command to my router(authen'ing using my NT Database) and debug it says that authentication fails. ...

Is there someone who tell me what means :"User is mapped to a disabled ACS group"?The complete log is:AUTH 12/04/2003 11:52:14 I 4646 1012 Attempting authentication for Unknown User 'brsgnn'AUTH 12/04/2003 11:52:14 I 0276 1012 External DB [NTAuthenDL...

How can I change the password restriction to 3 only after which the account get disabled till admin is notified. I have 60 users they belong to a group.

Being Radius a client/server protocol, is there some standard way for the server to send commands to the client? For example, can a Radius server send a "standard" command to a Cisco RAS in order to disconnect some dial-up user?

I've been having trouble for some time now, trying to get IP Pools to work properly between my ACS server and VPN concentrator.One thing I noticed within ACS is that AAA authorization needs to be enabled on NAS's that utilize ACS based IP Pools. I'v...

I have a AP1200 with 12.0(2) T1 image. It is configured to authenticate using EAP. The client used is Cisco ACU version 6.2 on Windows 2000. The RADIUS server used is Cisco ACS 3.2, configured to use Active Directory as the external database. LEAP is...

Hi,what is the difference using server group instead of using multiple radius-server commands? And ý have one more question: In PIX, when primary ACS goes down secondary ACS take the job. and even primary one comes back secondary ACS is used. Is thi...

We have just installed a load of AP's in our warehouse. We use Cisco ACS (radius) for Leap and MAC address authentication on the WLAN clients. We now want to be able to telnet to the AP's and use TACACS+ usernames and passwords to log on but as we al...

Hello,I have been noticing that our old model (about a year old) 501's appear to have been shipped with an AC adapter that is either defective or poorly designed. The adapter plug apparently is not maintaining good contact with the 501's internal pow...

Hi,I have configure my router to authenticate via a RADIUS server (Windows 2000), following is the configurationaaa new-modelaaa authentication login default group radius localaaa authorization exec default group radius locallogin authentication defa...

Is it possible to write ACL-Loggings in differentfiles (for example sort by IP-Subnet from the sorces the report came ), similar to SYSlog usingLOCAL1-7 ?

Hi everybody,I have this problem.We have an access router CISCO 3640,IOS c3640-is56i-mz.121-6 for dial-up access andCSACS access-server V 2.4.Users are using a token card authentication (Crypto Card).It works quite good.Encryption is not used.Now we ...

Hi folks,I was running ACS2.6 & using TACACS+ to authenticate dial in users & access to routers. When dial up users tried to telnet to a router they received an authorisation failure (EXEC box not ticked) if they tried to log in. Since upgrading to A...

is it possible for the pix to monitor the citrix ica port for connections and then request a login to the authentication server before allowing the connection, as it does with say a vpn connection?thanks Daren