Network Access Control

Easy Q: IOS devices allow you to specify a key for each tacacs server instance, but CatOS devices can support two tacacs servers (1 pri and 1 sec) and only a single tacacs key. Is this correct? Thanks - Rich

Hi,My problem is that the usage of cisco-pix attribute ip:route=dest mask gwthe static route specified in the above command is not applied to VPN clients, connectied to the VPN server. The same av-pair works fine with access-lists which are assigned ...

Can anybody confirm whether the accounting for VPN client sessions has been implemented on the PIX or not.gfullage stated on Jan '03 it was on the roadmap, but I haven't heard anything on it since then.VPN client accounting on the PIX is a very sough...

I am using a PIX515E (6.3(3)) and ACS3.1 to authenticate access to a private network using RADIUS and downloadable ACL's. I would like to log when a user was authenticated and how long the user was accessing the private network. In ACS Reports I can ...

I've just upgraded to v3.2 from 2.6.2 on my ACS. Since then failed, passed, accounting and administration logging will sometimes appear and sometimes not. All logging has been enabled. If I look at previous days sometimes the information will appe...

Hello,I have to import from ACS 3.0 to ACS 3.2 Appliance only a group of users. I see that in the ACS 3.0 there is a CSUtil.exe to export the users, but it'isnt possible to use this utility in the appliance. Can some one know as can I replicate only ...

Hi,I am trying to configure authentication for users on IDS version 4.0 or later using TACACS. I can find the command Method TACACS under service authentiaction but can not use it . Did any one succeded on doing that before ? Is this feature supporte...

Can someone point me to a sample configuration for setting up custom security levels for CatOS switches? I want to make logins for our 6500/4000 switches that only allow the user to view the config and port status etc. without allowing them config op...

Which authentication method is stronger...EAP-TLS, EAP-TTLS, or PEAP?

Can ACS 3.1 software be configured to be both a Tacacs server and radius server at the same time? Or do I need two different physical server running tacacs and radius independantly?

I ma part of a corportate network managed by a network management group. I have a number of VLANS that I use for a nubmer of machines, all of which are currently connected to two 6509 switches.I will often need to be able to have a port that a machi...

I had read at one time that 802.1x would have issues with BPDU Guard. Is that the case... Are the EAPOL Frames simliar to frames identifed by BPDU Guard as an alert?

I was told that the version of PIX OS (6.6.2) did not support a backup or secondary method for authentication when TACACS is used. Meaning that if the TACACS server was unavailable logging in was nearly impossible.Is this true and if so does v6.3 su...

Hi,I am using my PIX 535 (6.3) to authenticate users accessing the Internet. I have set the timeouts.Unfortunately they are acting somehow funny. Sometimes when a user is authenticated and changes the web page he is currently on, althought the timeou...

Hi,I have a pix firewall and I trying to use "downloadable ACL", I configured PIX and ACS conforms document:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008010a206.shtml#howto2I verify that when a VPN Client connects,...