ACS - CSAUTH & CSRADIUS newspapers

Similar Questions

• Dynamic assignment of VLANS for MAB / ACS 5.5

  Hello

  Tried MAB works with ACS 5.5, and the looks part good ACS in the newspapers - the MAC address is sought, the authorization profile is correct. But on the switch, I get the following text:

  * 1 mar 00:12:53: AAA/AUTHENTIC/8021 X (00000004): choose method list "by default".

  * 1 mar 00:12:53: RADIUS/ENCODE (00000004): orig. component type = DOT1X

  * 1 mar 00:12:53: RADIUS: AAA Attr not supported: audit-session-id [607] 24

  * 1 mar 00:12:53: RADIUS: [0A8E0FDE00000002] 30 41 38 45 30 46 44 45 30 30 30 30 30 30 30 32

  * 1 mar 00:12:53: RADIUS: 30 30 30 38 30 [00080 41A]

  * 1 mar 00:12:53: RADIUS: AAA Attr not supported: interface [171] 20

  * 1 mar 00:12:53: RADIUS: 47 69 67 61 62 69 74 45 74 68 65 72 65 74 31 [GigabitEthernet1] 6F

  * 1 mar 00:12:53: RADIUS: 2F 30 [/ 0]

  * 1 mar 00:12:53: RADIUS (00000004): Config NAS IP: 0.0.0.0

  * 1 mar 00:12:53: RADIUS / ENCODE (00000004): acct_session_id: 4

  * 1 mar 00:12:53: RADIUS (00000004): send

  * 1 mar 00:12:53: RADIUS/ENCODE: best local IP 10.142.15.222 for Radius server address - 10.54.248.55

  * 1 mar 00:12:53: RADIUS (00000004): send request to access the id 10.54.248.55:1645 1645/5, len 162

  * 1 mar 00:12:53: RADIUS: 5th authenticator FE 17 88 64 41 1 D 09-86 EA 51 BE 78 42 B6 EB

  * 1 mar 00:12:53: RADIUS: username [1] 14 "28924ad5a199".

  * 1 mar 00:12:53: RADIUS: User-Password [2] 18 *.

  * 1 mar 00:12:53: RADIUS: 6 Service-Type call control [6] [10]

  * 1 mar 00:12:53: RADIUS: Framed-MTU [12] 6 1500

  * 1 mar 00:12:53: RADIUS: Called-Station-Id [30] 19 "00-1A-A1-99-9F-82".

  * 1 mar 00:12:53: RADIUS: Calling-Station-Id [31] 19 "28-92-4A-D5-A1-99".

  * 1 mar 00:12:53: RADIUS: Message-Authenticato [80] 18

  * 1 mar 00:12:53: RADIUS: EE F5 B8 E1 70 37 A6 3A AD 89 20 A5 A7 D0 E3 B4 [p7:]

  * 1 mar 00:12:53: RADIUS: EAP-Key-Name [102] 2 *.

  * 1 mar 00:12:53: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]

  * 1 mar 00:12:53: RADIUS: NAS-Port [5] 6 50102

  * 1 mar 00:12:53: RADIUS: NAS-Port-Id [87] 22 'GigabitEthernet1/0/2 '.

  * 1 mar 00:12:53: RADIUS: NAS-IP-Address [4] 6 10.142.15.222

  * 1 mar 00:12:53: RADIUS (00000004): started 5 sec timeout

  * 1 mar 00:12:53: RADIUS: receipt id 1645/5 10.54.248.55:1645, Access-Accept, len 106

  * 1 mar 00:12:53: RADIUS: authenticator 26 B4 B9 AB 3 04 68 DA - 38 AF F6 CD 36 95 73 2 b

  * 1 mar 00:12:53: RADIUS: username [1] 19 "28-92-4A-D5-A1-99".

  * 1 mar 00:12:53: RADIUS: [25] of class 31

  * 1 mar 00:12:53: RADIUS: 43 41 43 53 3 a 41 30 31 44 52 46 4 30 30 32 2F [CACS:A01DRFN002 /]

  * 1 mar 00:12:53: RADIUS: 32 33 31 35 38 38 36 30 31 31 37 38 2F [231588601/178]

  * 1 mar 00:12:53: RADIUS: Tunnel-Type [64] 01: VLAN 6 [13]

  * 1 mar 00:12:53: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802 [6]

  * 1 mar 00:12:53: RADIUS: Message-Authenticato [80] 18

  * 1 mar 00:12:53: RADIUS: 91 22 50 8 62 C2 F0 10 C6 OF 70 84 AF 31 6 CD [Pbp1l ""]

  * 1 mar 00:12:53: RADIUS: mount-Auth-Type [81] 6 20003120

  * 1 mar 00:12:53: RADIUS (00000004): receipt of id 1645/5

  * 1 mar 00:12:53: RADIUS: unsupported value 20003120 to the 81 attribute

  * 1 mar 00:12:53: RADIUS/DECODE: Ascend auth type; IN CASE OF FAILURE

  * 1 mar 00:12:53: RADIUS/DECODE: decoder; IN CASE OF FAILURE

  * 1 mar 00:12:53: RADIUS/DECODE: Ascend-Auth-Type attribute; IN CASE OF FAILURE

  * 1 mar 00:12:53: RADIUS/DECODE: analysis response op decode; IN CASE OF FAILURE

  * 1 mar 00:12:53: RADIUS/DECODE: analyze the answer; IN CASE OF FAILURE

  * 1 mar 00:12:53: % MAB-5-FAIL: failure of authentication for the client (2892.4ad5.a199) on the Interface item in gi1/0/2 AuditSessionID 0A8E0FDE0000000200080ABF

  * 1 mar 00:12:53: % AUTHMGR-7-RESULT: result of the "dead server" authentication "MAB" for the client (2892.4ad5.a199) on the Interface item in gi1/0/2 AuditSessionID 0A8E0FDE0000000200080ABF

  * 1 mar 00:12:53: % AUTHMGR-5-FAIL: failed authorization for customer (2892.4ad5.a199) on the Interface item in gi1/0/2 AuditSessionID 0A8E0FDE0000000200080ABF

  It recognizes the attributes 64 and 65, but the Tunnel-private-group-id, which contains the actual number of VLAN is not supported. How can I assign the vlan OK if this attribute is not taken in charge? Does not work with a string corresponding to the name VLAN on the switch either.

  The version is 12.2.55SE10 3750G.

  Hello

  Since him debugs if I see that you are missing an attribute to make the assignment of VLANs, in your test it just to send the following items:

  * 1 mar 00:12:53: RADIUS: Tunnel-Type [64] 01: VLAN 6 [13]

  * 1 mar 00:12:53: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802 [6]

  But it would be appropriate to send:

  • Tunnel-Type = 64 = VLAN

  • Tunnel-Medium-Type = 802

  • Tunnel-private-Group-ID = 253

  When the "Tunnel-private-Group-ID" is the number/name of vlan to be awarded, the bellows is an example on what it would look like on the profile of the ACS:

  http://www.Cisco.com/c/dam/en/us/support/docs/wireless/5500-series-wirel...

  Note: Please mark as answer as appropriate

• SSH after ACS server "locked up" and had to be reconfigured is no longer works.

  Hello

  I have a VPN tunnel between an ASA5520, and a Cisco 891.

  I had the 891 configured with the following text:

  AAA server Ganymede group + VTY
  Ganymede IP source-interface Loopback0
  !
  AAA server Ganymede group + GANYMEDE-ACS
  Server 10.8.x.x
  Server 10.16.y.x
  !
  AAA authentication login CONSOLE none
  Connection authentication AAA VTY Ganymede + local group
  VTY AAA authorization exec group Ganymede + local
  AAA authorization commands VTY 0 group Ganymede +.
  AAA authorization commands 15 VTY Ganymede group.
  orders accounting AAA 15 VTY arrhythmic group Ganymede +.
  orders accounting AAA 15 CONSOLE arrhythmic group Ganymede +.

  !

  Ganymede IP source-interface Loopback0

  !

  RADIUS-server host 10.8.x.x touches yadayadayadayada 7
  RADIUS-server host 10.16.y.x touches yadayadayadayada 7
  RADIUS-server application made

  !

  line vty 0 4
  access-class 1
  authorization of VTY 15 orders
  exec authorization VTY
  accounting orders 15 VTY
  VTY login authentication
  entry ssh transport
  line vty 5 15
  access-class 1
  authorization of VTY 15 orders
  exec authorization VTY
  accounting orders 15 VTY
  VTY login authentication
  entry ssh transport

  I can't access device remotely. I'm sure it has to do with the ACS server, but don't know where to look.

  Any help would be greatly appreciated.

  Hello

  When you say you cannot remote access device you are not able to ssh to the device or there is no rechablity itself?

  Is ssh is the problem while you get a login prompt? Error message? Also have you checked ACS has no newspapers for all messages?

  Concerning

  Najaf

• ACS 5 - question about monitoring and report

  Hello world.

  I have one primary-secondary drawing using DCC 5, and everything works smootlhy. I have some doubts and did some research, but nothing was clear enough on this subject:

  -Why am I not able to access the visualizer reports & surveillance of my secondary box? When I do that, I get redirected to connect to the main box. Is this expected behavior?

  -If Yes, what should I do if my main box breaks down?  Should I manually promote my primary secondary box? Or y at - it a way to allow the two ACS for these newspapers?

  -Another situation: my box main breaks down in the middle of the night and I only notice the morning.  What happens in the newspapers at the moment? Are they lost?

  That's close enough for now.

  Thanks a bunch

  -Victor Alves

  Hi Victor,

  If you are unable to access the visualizer reports & surveillance in your secondary zone and are rerouted to connect with the main box. This is expected behavior if your backend is defined as collector of newspaper.
  A primary server or one of the secondary servers can function as a logging server. The logging server receives logs of the primary and all secondary servers of the ACS in the deployment.
  You can also configure another server as a Syslog server (ex Syslog target remote server) in addition to the logcollector.

  The newspaper collector failover process is not automated and manual. If your collector journal defined as main server goes down, you can then promote the secondary server in the primary and then manually set as a collector: ACS GUI > System Administration > Configuration > Configuration of logs > Log Collector
  A possible workaround for this problem solution is to assign one of the ACS secondary servers under the supervision and report server according to the Cisco documentation links included below.

  For a situation with main server configured as collector of newspaper is down, registration will be unavailable as a result of this proceeding.

  For db/corruption issues, if you have valid backups before the failure, you would be able to use the rollback feature to have information before the acs services down.

  For reference links:
  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/csacs_deploy.html#wp1104098
  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/logging.html
  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1888749

  HTH,

  Please let us know if it concerns pending.

  Thank you

  Alex

• ACS 3.3 followed by an asynchronous connection attempt.

  For a month I got something with a user name "Cisco" to try to log in 2 of my routers about 5 to 15 seconds (this varies).  It does not give an address by calling it shows just async.  It is unable to log on as user unknown as it should, but it keeps trying over and over again.  It must be something internal because the devices are inside the firewall, but I have no idea on how to find what device tries to connect to these routers with the information I have from the ACS failed attempt newspapers.  Any help?

  There might be something connected to the console port / to router to cause this. That's why you have seen "async" in the address of the caller.

• Integration appliance ACS 1113 with RSA-Urgent

  Hi Experts,

  I got the following steps to install the fix on ACS 1113 V 4.0 Box.

  Instructions on how to install the patch

  ========================================

  1 extract the ACS CSAuth.exe - 4.0.1 - RSA - SW -CSCsc12614- CSCsd41866.zip

  2 stop the CSAuth service

  3. locate \bin and save a copy of the current CSAuth.exe

  4. copy the extracted the zip to \bin CSAuth.exe new

  5 start the CSAuth service

  In step 3, it was mentioned that locate \bin and save a copy of the current CSAuth.exe (i.e. on device ACS 1113). Could someone help me with the steps to locate the ACS ACS 1113 unit dir.

  Thank you

  Smail

  Satish,

  These steps are for windows-based acs. For the steps of the device are different. You need patch for the device.

  Steps to download for device attached is patch

  You can download the patch from the unit of

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES

  Please note if assistance

  Kind regards

  ~ JG

• issue of order approval

  Have been able to restrict the access to certain interfaces by permission of command, but when I try to allow access to the closing or no arguments "unknown command" stop ACS report in newspapers and the auth command fails. If it's just a mistake with the syntax of the reports 'order' newspaper denied so I don't think that's the problem. I am adding some argument to the correct command, for example:

  Ethernet-> allowed stop

  Any suggestions?

  Hello

  That's what you set under the shell command authorization

  Unmatched command > permit unmatched arg

  Allowed non - stop

  stop - allowed

  NOTE: Do not check permit unmatched args for above args.

  HTH

  Concerning

  JK

• Cisco Secure ACS 3.3 (1)-> 4.0 upgrade problems (1)

  Hi all!

  I have problems updating my primary ACS since version 3.3-> 4.0

  I always get the following error message, then it does the upgrade:

  "The record of the CiscoSecure ACS seems to be blocked by another application: C:\Program Files\CiscoSecure ACS v3.3.

  Please close all applications... blabla... »

  The thing is, I have improved my ACS backup first, and this upgrade worked like a charm.

  In both cases, both for the primary and backup I do a takeover with Dameware remote, copied the ACS 4 folder on the hard disk of the server and make the upgrade of this folder.

  As I said, the upgrade of backup server worked without a hitch.

  That's what I tried:

  1. I checked that NO application use the 3.3 ACS file and no Explorer window is open on this folder or subfolders.

  I checked using a small program called Filemon.exe from Sysinternals. According to this program, anything accessed said folder.

  I also checked it again by renaming actually ACS 3.3 file once I stop all services of the ACS. I could not rename the folder if the services have been started.

  2. I tried to stop the ACS services first and then make the configuration, got the same error.

  3. I have disabled the antivirus software, got the same error.

  Basically I am at my wits end now...

  However, I have two options:

  1. uninstall ACS 3.3, do a clean install of ACS 4.0 and import the data of all the GBA backup.

  Who would not raise by the primary association with the ACS configuration backup? So I think I will need to go on it later and make changes, if necessary?

  2 make a backup of the ACS 3.3 with csutil b

  Uninstall ACS 3.3, do a clean install of ACS 4.0 and import all the data with csutil - r

  Would this work? I've seen conflicting information here in this forum, some say that it works, the other say it's not.

  I'm a little confused why it worked so well the GBA backup but fails on the primary ACS.

  Any help would be greatly appreciated!

  Thank you!

  Ivar Thorolfsson

  Hello

  Folder lock message often appears if newspapers located in the directory of the ACS are too big.

  Move the logs of the following directories: -.

  CSAdmin\Logs

  CSAuth\Logs

  CSDBSync\Logs

  CSLog\Logs

  CSMon\Logs

  CSRadius\Logs

  CSTacacs\Logs

  Newspapers

  Then try to upgrade.

  Kind regards

  Vivek

• 4.2.0 Build update (124) Patch17 4.2.1 - ACS locked file

  I'm trying to upgrade ACS 4.2.0 to 4.2.1. When the Setup program tries to uninstall the current version of the ACS, it fails with the message "the CiscoSecure ACS file appears to be locked by another application"

  

  -ACS is installed on Win server 2003R2.

  -There is no anti-virus installed on the server

  -All application windows (Explorer,...) are closed

  -I'm the only user on this server

  Log - ACS files are reduced to 3 days History.

  ACS is integrated with RSA SecurID. Could be the cause? Should I uninstall RSA SecurID?

  Petr

  In my experience, we usually have this error due to the huge accumulation of logs in the ACS installation folder / installation directory.

  Please Remove or move all the files from the next ACS installation and then directory location try to upgrade again

  Once removed, we can recover these newspapers again.

  \CSAuth\Logs

  \CSRadius\Logs

  \CSTacacs\Logs

  \CSLog\Logs

  \CSMon\Logs

  \CSAdmin\Logs

  \CSDbsync\Logs

  Also, have we not ACS full logging in the value spent?

  Jatin kone
  -Does the rate of useful messages-

• CiscoSecure ACS 4.2 could not start due to failure of the services start bit

  There are few services that wasn't able to restart, they are as follows:-

  (1) CSAuth

  Error:-"Windows could not start the csauth on local computer. For more information, see the system event log. If it is

  a non-Microsoft service, contact the service vendor and refer to service 1060 "specific error code

  (2) CSTacacs

  Error:-"Windows failed to start the cstacacs on the local computer. For more information, see the system event log. If it is

  a non-Microsoft service, contact the service vendor and refer to service 1066 "specific error code

  (3) CSRadius = start

  the rest of services like CSAdmin, CSDbSync, case were lit.

  Also I am not able to take the acs system backup of the System Configuration-> ACS Backup and pressing backup now. It shows the msg of error as

  : - CSAuth service must be running to start the backup

  I was referring to the snapshots of the OS itself, but I guess you checked now.

  Do not forget that the case works so you should see logs for services that do not work. Learn about the \CSAuth\logs folder for logs CSAuth and other records for other services that do not work.

  There is a located here very detailed troubleshooting guide:

  http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...

  This guide should help you solve the question if there is no other software on the server to cause trouble. One thing it says who can apply to you is to ensure that the Windows Firewall as connection sharing Internet is not ongoing.

  Because I am familiar with your server, I think you should do the quick test below for if sure there are not taken, which may be crashing the authentication services that you mentioned. In the command line, type "netstat - ano | Findstr Listening-i"and see if or not he has taken open your ports Ganymede + and radius. He will probably return false, but it's worth a check.

  Worst case scenario, you may be able to use CSUtil to back up the database (I'm fairly certain you can back up services that work), install the ACS on a new Windows 2003 server, and then restore. You can use CSUtil to many types of exports and operations as well.

  If you manage to deal with the problem or not, you should speak with the person who is responsible for making backups of your servers and make sure that something like this was coming once again that you can have a quick fix during a maintenance window.

• ACS ping problem

  Hey guys!

  Need your help!

  I'm setting up an ACS 1113 and I had a weird problem, I turned off the CSA to enable pings ok, it works on my PC for ACS but GBA cannot ping my PC!

  I also have another problem, I can access the ACS and all configured but when I put it on the network I can't access it, then I put it directly connected to my PC I can access the web interface normally.

  I don't know what happened... I saw a post that says that I should set up directly connected to the network... but I did not I have connected my laptop and composes the tests before putting on the network...

  Someone knows why? and what is the job for her arround?

  I have attached the ping information and my Ipconfig for my laptop and one following the 'show' connected to the console

  Quote

  Cisco Secure ACS: 4.2.0.124
  The application management software: 4.2.0.124
  Ask tiBase Image: 4.2.0.107
  The session timeout: 10
  Last reset to zero hour: Fri 27 Aug 13:06:44 2010

  NTP servers: 10.21.4.1

  Free CPU on the free physical memory disk load
  Memory of MBhysical 749 109 GB 0.00%

  IP of the server configuration
  DHCP active...: No.
  ... The IP address: 10.21.4.61
  ... Subnet mask: 255.255.255.0
  ... Default gateway. : 10.21.4.155.0.
  DNS servers...: 10.21.4.11
  10.21.4.21

  CSAuth race
  CSDbSync race
  Case running
  CSMon race
  CSRadius race
  CSTacacs race

  CSAgent stopped
  End of quote

  Console ping tests

  gavprdrjlacs01 > ping 10.21.4.62

  Ping 10.21.4.62 with 32 bytes of data:

  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.

  Ping statistics for 10.21.4.62:
  Packets: Sent = 4, received = 0, lost = 4 (100% loss)

  gavprdrjlacs01 >

  gavprdrjlacs01 > ping 10.21.4.61

  Ping 10.21.4.61 with 32 bytes of data:

  Reply from 10.21.4.61: bytes = 32 time<1ms ttl="">
  Reply from 10.21.4.61: bytes = 32 time<1ms ttl="">
  Reply from 10.21.4.61: bytes = 32 time<1ms ttl="">
  Reply from 10.21.4.61: bytes = 32 time<1ms ttl="">

  Ping statistics for 10.21.4.61:
  Packets: Sent = 4, received = 4, lost = 0 (0% loss),
  Time approximate round trip in milli-seconds:
  Minimum = 0ms, Maximum = 0ms, average = 0ms

  Thanks mates!

  Your default gateway is listed as 10.21.4.155.0, which means that the 1113 will not be able to reach something outside the local network.

  You can fix this by issuing a "set ip" on the CLI and guests.

• CSAuth Service automatically restart - 2.6 NT

  We have a problem with the CSAuth service, it keeps restarting on a daily basis at about 01:00 and 13:00. This is what appears in the event log:

  Source: CIscoAAA

  Event ID: 5

  CSMon Message: CSAuth Service was stopped or paused by the system. Follow-up suspends until the service is restarted. Monitoring of CSRadius stopped at service load CSAuth who has been arrested or suspended by the system... Monitoring of CSTacacs stopped at service load CSAuth who has been arrested or suspended by the system...

  It restarts then 10 seconds later. In the ACS service management page, to test the connection there every 1 minute, in case of failure to restart all the parameters. I guess it's fine as it appears to do a job, but I would like to know why this is happenning.

  Suggestions?

  Thank you.

  You do the replication to another ACS server? During replication, the CSAuth service is stopped, so if it happens on a regular basis 12 hours is perhaps the cause.

• ACS SE backup private key

  How to back up the private key of the ACS SE. I have the public key certified by a commercial CA already and you don't want to waste money spent in the purchase of the certificate. Reason I want because I'm getting following error on the console and backup services have stopped.

  "Before called API initialized to H:\ismg_israel_acs\Acs\EndPoint\Core\endpoint.c.

  pp:394 ".

  ===============

  Cisco Secure ACS: 4.1.4.13

  The application management software: 4.1.4.13

  Base Unit image: 4.1.1.4

  CSA build 4.0.1.543.2: (Patch: 4_0_1_543)

  ==========

  CSAdmin - arrested

  CSAuth - arrested

  CSDbSync - arrested

  Case - stop

  CSMon - from

  CSRadius - from

  CSTacacs - shut down

  ===================

  Can I use the backup feature? It also backs up the private key?

  Maury,

  Unfortunately, there is no way to export just the private key and the certificate.

  which can be re-imported in the ACS. There was a request in this regard

  feature to allow the export of private keys and certificates for the purposes of backup. Is the bug ID: CSCed14965.

  http://www.Cisco.com/cgi-bin/support/Bugtool/onebug.pl?BugID=CSCed14965

  However, what you can do, is make a backup of the database. This will save the registry

  that includes the certificate and the private key. Then, you can restore this backup file

  on a new machine and choose to restore the part of the System Configuration. This will restore

  the certificate and the private key in the certificate of the CSA page.

  Hope that helps

  Kind regards

  ~ JG

  Note the useful messages

• Impossible to install ACS 3.3.3

  I put my 3.3.2 to 3.3.3 ACS ACS to level. I get the following error during the installation process. No idea what how to solve this problem. Thank you

  The old installation folder seems to be blocked by another application:

  c:\Program files\CiscoSecure ACS v3.3

  Please close all applications that use files or directories in this folder and run the Setup again.

  Hello

  The error we receive is usually caused by a huge accumulation of logs in the ACS installation folder:

  Remove all files from the following location and try again (these files are debug files, thus we donot require):

  \CSAuth\Logs

  \CSRadius\Logs

  \CSTacacs\Logs

  \CSLog\Logs

  \CSMon\Logs

  \CSAdmin\Logs

  \CSDbsync\Logs

  Please take a backup of the following folder, if the audit is required in our Organization:

  \Log

  After taking backup of this folder, please remove logs from the following location:

  \Logs\AdminAudit

  \Logs\Backup and restoration

  \Logs\DBReplicate

  Attempts to \Logs\Failed

  \Logs\RADIUS accounting

  \Logs\ServiceMonitoring

  \Logs\TACACS+ accounting

  \Logs\TACACS+ administration

  -Stop all anitvirus software that may be running.

  -At the end of the day, make sure that if you use CSMARS, and you use pnlogagent, while the service is stopped, which can be done in services.msc.

  Kind regards

  Prem

• ACS 5.4 ASA 8.2.5 disable AAA for the particular user

  Hello!

  I want to disable journaling Ganymede + for the particular user. This user is used only for automated (python script) pooling of vpn tunnel ASA (limited command set - permission on ACS) group to verify the number of users authenticated via VPN. The problem is that this user generate a bunch of logs according to authentication authorization and accounting on ACS. Is there a solution, disable Ganymede + newspapers on ACS for this particular user? Maybe it is possible to modify the AAA on ASA to not connect this particular user?

  Thanks in advance.

  Hi Pawel,

  You can create filters collection for that specific user. When you configure monitoring filters & Report Viewer does not record these events in the database.

  Navigate to: Configuration of the analysis > System Configuration > filters Collection > add a filter

  What follows is the attributes that can be used. You must use the user.

  -Access service

  -User

  -Mac-add

  -Nas - IP

  Example: We get several hits of ASA by 'user' and we want ACS to ignore it. Create a filter by using the user. ACS must now ignore any attempt from the IP Address of the NAS.

  Jatin kone
  -Does the rate of useful messages-