Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


acs 5.1 and rsa configuration


i'm trying to configure authentication rules, wherein the users would use their ACS 5.1 user accounts to login to devices, and have the enable password be authenticated via RSA.

i'm quite confused as to how to do this configuration in ACS 5.1.

i would like to know if anyone has experienced configuring RSA-based enable password authentication in in ACS 5.1?


Rising star

Re: acs 5.1 and rsa configuration

I have some ideas as to how to do this configuration. I have not tested this

Need to make an identity policy condition based on the service type and select either "Internal Users" for login requests and RSA for enable requests. Can do as follows:

1) Create a custom condition based on service type. Go to: "Policy Elements > Session Conditions > Custom. Crete a custom condition using the TACACS+ dictionary and the "Service" attribute

2) Modify your device administration identity policy to use this attribute. For example (if using policies as defined upon system installation) , go toAccess Policies > Access Services > Default Device Admin> Identity, select rule based table and "Customize" to chaneg the conditions in the table. Select the condition you created in step 1) for inclusion in the policy

3) can now create two rules in your identity policy. The first is if Service Type is "Login" to select "Identity Soure" of Internal Users. Second for Service Type of Enable to select RSA


Re: acs 5.1 and rsa configuration

hi jrabinow,

i tried your suggestion and it works fine up to telnet login only... when i get to the enable password authentication, it fails... i tried using both user password and rsa password, but still it won't get authenticated.