Network Access Control

I want to restrict some users to "show running-config" command. I have created a Shell Command Authorization Set with "show" command "permit running-config". Under the TACACS+ setting the Shell (exec) is selected and Privilege level with a value of ...

I'm trying to config a 12.0(5.1)XP 2900XL IOS switch to automatically go into enable mode once authenticated, without having to enter "enable." I'm running ACS3.1. Her is the AAA config:aaa new-modelaaa authentication login default group tacacs+ loca...

What I want to accomplish, is to use RADIUS to authenticate users to the Inernet. I don't want all users to access the Internet, only a portion of them. I'm using a Pix 515 with 6.2 software. I have RADIUS installed on our NT 4.0 PDC. What I ne...

I want so setup a hub and spoke ipsec tunnel topology with a redundant hub (hsrp based). I wonder how to implement certificate based authentication in this case as both router share the same ip address? Do they need to have the same keys and certific...

Hello Guy,i am running a Cisco secure ACS v3.0 and wannt all 7000 User on the group default Groupcann some one tell me how to do it ? the only possibilty i see ist manualy deleting usersThanks for any helpAlain

Is it possible to authenticate outgoing HTTP connections through a router with Cisco ACS as is done with the PIX?Thank you.

Here is what I want to do. Install 3.1 on a new separate 2000 server and copy all the configurations from 2.3 to 3.1. The 3.1 is the trail version.Also want to know after I do the above successfully will I be able to retain the 3.1 configs when I upg...

Hi, all it;s been a little while since i've had to write an access list, and would appreciate a little input. The goal is to filter address of non-cooperative resellers, and their spammers from leaving our network. I've created this list but; would l...

Hello people , Please I would like to know how can VPN3000 and Cisco Secure ACS can authenticate the usernames enter and manage the VPN 3000 without configuring usernames in the VPN3000 concentrator , but only looking for the database directil...

Is there any way to change the ports used by the Radis. I would like to make it listen to ports differente from 1812-13 and 1645-46Thank you in advance

I have CiscoSecure ACS v3.0, I have 3 groups setup on it...I want to give one of my groups ReadOnly Access to all the routers. What I want to do is stop them from using "Config T" command ONLY...If they can't use that command they cann't change any ...

HelloI have an ACS acting as a Radius Server for the remote users than want to connect to our AS5300. That ACS server is directly in Internet and I want to move it to a internal netwotk behind a PIX (performing NAT). I've done it but have problems wi...

Can Cisco router support dial-up authenticatoin with SecurID?

PIX 515 with VPN and des enabled running Ver. 6.1I hv configured the pix for the CA cert server authentication using W2K Domain Controller and was unable to authenticate the cert server thru pix. The config was done using the following command mentio...

Are there any specific requirements for Radius? my server was working fine on 12.2.11T but IOS says radius timeout on 12.2.13T. debug IP UDP shows packets recieved from the radius server but debug radius says no packet recieved.Anyone else hit this?