Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm using ACS 3.1 as a means of controlling access and authorization to my routers and switches. I'd like to create an authorization profile in CiscoSecure that applies to a service account for Cisco Works. I want this service account to only be us...
I am using a Cisco 2950 Catalyst for 802.1X EAP-TLS based port security. For the radius servers, I'm using the Internet Authentication Service (IAS) for Windows 2000 Server. My problem is, when I list a second radius server for redundancy purposes ...
I've modified the login module of Ciscoworks to leverage Tacacs+ authentication through my CiscoSecure server, but I haven't been able to map particular CiscoSecure user roles to Ciscoworks user roles. I can specifically create an account within Cis...
I'm trying to get rid of clear text passwords being sent between management workstations and Cisco routers/switches (on the internal LAN). The client will not upgrade their IOS versions presently and therefore cannot benefit from SSH. Are there any...
I have a Cisco Secure AAA implementation where Cisco devices have the command "aaa authentication login default tacacs+ enable". While this is in place, I know TACACS+ is being used to encrypt the packets between the NAS and the ACS. What I don't k...
I did find a solution that worked in our environment. It was to add the following commands on the client:radius-server retransmit 3radius-server deadtime 1This enhanced the failover to operate correctly. Hope that helps.
Thanks for trying to help. We ended up getting around the problem by adding the following two commands:radius-server retransmit 3radius-server deadtime 1
