ACS for device authentication
Hello
I'm looking to install a NAC appliance in our office and currently have an ACS server that handles wireless authentication.
I would like to know if the CSA is able to authenticate users on a local network with 802.1 x and detection device (such as MAC address and ID)?
If I can do it how you define on a CBS?
Thanks in advance
Paul
As mentioned, the ACS authenticate what you ask. But you must enter all a mac address then.
The ISE profiling engine did this in real time depending on the behavior of devices.
Tags: Cisco Security
Similar Questions
-
Not use 5.4 ACS for TLS authentication with a certificate not in the string
Hi all
I have installed ACS 5.4 and several wireless environments.
EAP - TLS is used to authenticate users of our area (of self-signed cetificates)
Then use PEAP and need for a real external cert... (Signed by Terena)
The problem is that I can use a single certificate for authentication EAP on ACS, and I need them both to work.
I see only 2 options:
1 configure the TLS network to authenticate without going through the ACS cert in the string (use the real one)
2. set up somehow to use two certificates, one for each service.
Please help, im desperate.
Thank you!
Naor
You can't have several certificates of server/identity on ACS for EAP flavours. As a best practice, get the third-party certificate and check to associate the certificate with the EAP protocols that use SSL/TLS tunneling: EAP - TLS, PEAP and EAP-FAST.
~ BR
Jatin kone* Does the rate of useful messages *.
-
Renew the certificate in Cisco ACS for PEAP authentication
Hi, we installed in laptops wireless customer a certificate created by Cisco ACS to authenticate, but its about to expire.
How can I do to renew the certificate whithout affecting users.
(1) Yes, we can generate a new cert but install the latter.
(2) install generated new cert on the client.
(3) install the new cert in ACS.
Good plan and will probably work.
Kind regards
~ JG
Note the useful messages
-
WLAN 4402 for Radius Authentication
Hi guys,.
Please help me on how I can install my WLAN 4402 controller for Radius Authentication, if you have links or procedures that you can share, which will be very appreciated. :-)
Thanks in advance.
It depends on if you are using Cisco ACS or Windows IAS. Controller configuration is the same but the side RADIUS is different.
Also what you are trying to configure, systems users, PEAP etc. through RADIUS
PEAP via ACS is here
PEAP via IAS is here
Hope that helps
-
Migration of ACS for Windows 4.1 to ACS SE 4.2?
Hello
We currently have GANYMEDE + running on ACS 4.1 for Windows. We want to replace this unit by ACS SE 4.2 (device). Is it possible to backup/restore the database of the ACS for Windows 4.1 directly to the ACS SE 4.2? Or requrie level of ACS software version? Please notify.
Thank you.
Yes, it's quite valid; This new feature has been integrated in 4.2 ACS. You can not, however, restore 4.1 ACS in the last ACS 4.2.1.
Once you have updated 4.2 ACS, ACS 4.2.1 can restore from ACS 4.2...
For ACS 4.2:
For ACS 4.2.1:
4.2.1 CSCsz96936 to remove the option restore 4.1 db. To support the restoration of 4.2 db
HTH,
Please note the useful messages!
-
HP 15-r007tx = pci device sm bus controller drivers for devices and missing
Well Hello hp. I bought a 15-r007tx hp Tower a week back. My os is windows 8.1. It's a duplicate operating system.
in fact, I was downloading my drivers of hp's official website and I noticed that the sm bus controller and drivers pci for my knees disappeared. I searched on the Web site by changing the region, but it didn't help out me.
can you please give me the link to download my sm bus controller and the drivers for pci devices... Please...
Hello:
You need these drivers for devices.
SMBus:
PCI:
-
Where you turn for specific information, programming interface for devices such as webcams, etc.
All MFG seems to keep the details of the Protocol between W7 and a private aircraft.
It must exist somewhere. Need to write an application for a specific camera: HP KQ246AA.Hello
You must contact the HP Support, see their books online and there may be
more help in the HP Forums. You can also see the sales of HP.Contact HP
http://welcome.HP.com/country/us/en/contact_us.htmlHP forums
http://h30434.www3.HP.com/PSG/HP support/troubleshooting & drivers
http://welcome.HP.com/country/us/en/support.htmlI hope this helps.
Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">->
-
A web service for windows authentication
HelloI have a number of web services on a windows server.These web services are for a program client (in vb.net), access and retrieve data.This client program are launching for the PC of the individual user.The above configuration is in a windows domain.Currently, web services allow anonymous access. This means that anyone in the Organization, with the correct URL is able to trigger the web service.We are asked to remove anonymous access and all forms authentication configuration.Questions1. What is the best practice for configuration for a web service for windows authentication.
2. We also have a couple of unix servers. They are required to access the web services (with the correct authentication). How can I get a cross-environment configuration?Thanks in advance.Hey Wee Hoe Chiang,
The question you have posted is related to Windows Server and would be better suited to the TechNet community.
Please visit the link below to find a community that will provide the support you want.
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServerI hope this helps.
-
NetBIOS and Windows Legacy Machines
Can someone link me to some documents that NetBIOS is required for devices inherited from Windows to function properly?
Maybe even a link to a Microsoft web page that States this as well.
I understand the security risks inherent with opening ports 135 and 139, but they are needed within the network for some devices to function correctly, just need a documentation that indicates that.
Hello
See the links below and check if that helps.
http://TechNet.Microsoft.com/en-us/library/bb727013.aspx
http://TechNet.Microsoft.com/en-us/library/cc940063.aspx
http://TechNet.Microsoft.com/en-us/library/cc738412 (WS.10) .aspx
Thank you
-
What is a tool to withdraw safely for devices
Thank you
Lucienne
Hi XsMonique,
The bit 'remove hardware safely' is used because removable drives such as USB keys and memory of the camera have a file system on them as the hard drive. Most of these readers are low)<= 32="" gb)="" so="" they="" use="" fat16="" as="" the="" file="" system="" type.="" fat16="" is="" an="" older="" file="" system="" and="" writes="" to="" the="" disk="" are="" simply="" done="" on="" demand.="" if="" the="" power="" to="" the="" machine="" is="" cut="" or="" the="" drive="" is="" simply="" yanked="" out="" during="" a="" write,="" this="" will="" result="" in="" incomplete="" data="" and="" possibly="" a="" corrupted="" file="" system="" on="" the="" drive.="" the="" "safely="" remove="" hardware"="" bit="" calls="" for="" all="" programs="" accessing="" the="" drive="" to="" complete="" whatever="" reads/writes="" they="" need="" to="" as="" the="" drive="" will="" be="" removed.="" when="" all="" i/o="" is="" complete,="" the="" os="" removes="" the="" drive="" from="" its="" list="" of="" usable="" drives="" and="" then="" pops="" up="" the="" bubble="" telling="" you="" it's="" safe="" to="" remove="">=>
USB remove you save more of these problems and proposes a menu stop original and multifunctional, that displays the names of real device with icons. Using this menu, you can find and stop a device in a snap!
USB remove has a powerful and convenient command line: usr.exe. It allows you to automate work with devices. For example, you can automatically stop devices according to schedule or in the case of any other event. In addition, the "USB remove' command line tool allows"return the unit back.
http://support.Microsoft.com/kb/933824
Hope this has been helpful.
Bindu S - Microsoft Support
Visit our Microsoft answers feedback Forum and let us know what you think -
HP bt500 - your Bluetooth device could not start the search for devices
Hi, I want to use my HP bt500 to connect my PC to my helmet, but I get the following error message:
"Your Bluetooth device cannot DΘmarrer him search for devices"
I downloaded and installed the Windows XP of HP bt500 software version of:
http://h10025.www1.HP.com/ewfrf/wc/softwareList?OS=228&LC=en&DLC=en&cc=us&product=3350927I tried on two different computers, but they both get the same error. I took out the bt500 my HP photo printer. I wonder now if this bt500 is simply limited to only work with printers and not the PC as the other versions of detail.
Help, please. Thank you.
Problem solved. I had to download the broadcom bluetooth software was last updated.
www. Broadcom.com/support/bluetoothupdate.php
-
I tried to uninstall all parts of SQL Server Compact Edition 3.5 v (there were 3 parts); the third part, which is
Microsoft SQL Server Compact 3.5 for Devices - ENU
will not uninstall and I get an error message, which has in its title "Microsoft SQL Server Compact 3.5 for Devices", (which seems to me indicate that he might be from the application itself?)
READING: "error 1325.Documents is not a valid short file name."
Is there a valid way to uninstall this, given the problem - or an another workaround?
I hope that it is not bad form to reply to my post (!), but I am pleased to announce that this Microsoft utility fixed my problem. I ran it, it looked for my system, then asked me if I wanted to uninstall or install a program, I chose to uninstall, it sought then yet once showed me a list of installed programs. I have selected SQL Server Compact 3.5 for Devices in the list. They asked me if I want to uninstall it (I think that - already done and I do not remember)-anyway, I welcomed the utility for uninstall and there was no problem. It is very useful. I don't know if the source of the error and this solution is specific to windows 7 64 bit, which is what my DELL Latitude E6530 is running, or if it is a general problem and fix. I'll never know the root cause, but at least I can go forward.
http://support.Microsoft.com/mats/Program_Install_and_Uninstall
-
Recommendations for VPN authentication
So, now that Cisco has helped me get the vpn works on my ASA 5525-X I need to use an active administrator for the authentication/grouping of customers for several profiles in anyconnect.
My question is what is the simpler and more effective way of setting this up. I have a R2 2012 NAP server that is used to authenticate the AD users for access to the switches. But should I use that for ASA as well or can I use AD directly to the ASA?
A reminder to those who have not seen my posts, I'm very new to the ASA and the need to get this up and running quickly... Any help/suggestions would be greatly appreciated.
Thank you
Stacey
Hi Stacey,
You can use the Windows Server direct to the ASA, it uses the LDAP protocol. You will need to implement the ASA like this:
AAA-Server LDAP-SRV protocol ldap
AAA-Server LDAP-SRV (inside) host XXXXXXXXX--> IP address of the server
LDAP-base-dn DC = vpn, DC = also, DC = com--> where users are stored
LDAP-connection-dn CN = ASA-LDAP-user, CN = Users, DC = vpn, DC = also, DC = com--> the entire AD tree.
LDAP-login-password *--> the administrator password
LDAP-naming-attribute sAMAccountName
LDAP-scope subtree
microsoft server typeNow, you need to get the login DN: and the base dn. Now on the ad, you need to create several user groups and divide the users for different levels of authorization as: salespeople, employees...
You can test the authentication by using this command:
test the aaa server for authentication LDAP_SRV host XXXXXX username: password XXXXX: XXXX
and then see if it fails, then you can solve the problem
You can then configure the mapping of LDAP attributes to MAP a group of users on the server of advertising to a group policy on the SAA.
http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...
I would like to know how it works!
Please don't forget to rate and score as correct the helpful post!
David Castro,
Kind regards
-
Are there special requirements when you need to change the IP address of the Cisco ACS for Windows Server?
Florrie,
Please mark this resolved thread for others to take advantage.
Kind regards
~ JG
-
Identify the Version of the hotfix in ACS for Windows 4.2
Hi guys,.
I need to identify the good patch Version in a customer ACS for Windows 4.2
How can I do this task?
In the page, I can't find any reference to patch
My best regards,
André Lomonaco
It will show also from my experience you PATCH version, here's another thread that said click on the Cisco logo, let me know if it works for you or not.
https://supportforums.Cisco.com/thread/1003509
Thank you
Tarik Admani
* Please note the useful messages *.
Maybe you are looking for
-
Re: Satellite Pro A100 PSAA3E: after XP installation does not work
Hello I recently bought a psaa3e Satellite Pro A100.I formatted and installed Win XP. Everything works except the sound.In Device Manager its shows a PCI device problem. I think I need the pci to install before my sound card is recognized.I could be
-
Current market value of the Satellite 2430 402
HelloDoes anyone know what is the current market value of this laptop? It is wifi certified and has no DVD burner.
-
Siri does'nt hear me. Is there any solution for this?
Since installing ios on iPhone 9.2 6 siri does not hear what I'm saying. Is there any solution for this?
-
Nothing more to add, otherwise there is nothing about the emails sent to indicate a problem. This was only discovered by getting only a page of auto-cc had in my Inbox yesterday.
-
New Inspiron 11 3000 Wireless does not connect
I bought a new Dell Inspiron 3000 11 for my wife... but the wireless is not connecting to my router to uverse AT & T. I tried all possible security options including zero with open system to see if I could force it to work. Basically, it says "cannot