Cisco ACS 4.2 providing display orders only

Similar Questions

• Cisco ACS: page not displayed not!

  I installed Cisco ACS v 4.1.While through the different tabs, suddenly, I got the page written common IE "this page cannot be displayed".

  It is all of a sudden in the meantime & there is no expiry/delay period while working on it.

  Server: HP DL380G5

  OS: Win2k3 Enterprise Edition SP1

  Kindly guide me!

  Rajeev,

  Add the DCC address in Internet Explorer trusted sites. Also check if the acs services are up n running, especially csadmin.

  Kind regards

  ~ JG

  Note the useful messages

• [Cisco ACS 5.2] Disk partitions used by display of the CSA?

  Salvation (and happy new year)

  In Cisco ACS 5.2, there are several disk partitions:

  

  Which partition is used by the view of the CSA?

  A document that explains all the features of partitions exist?

  Kind regards

  Patrick

  Patrick,

  I'm not aware of a document that explains all the ACS 5.x Disk Partitions. However, I can assure that the display of the ACS are stored on the/opt partition.

  If you have an ACS 5.x on a Production network, one of the requirements is to install using the 500 GB HARD disk. The / opt folder on a 500 GB ACS reserves 347 Go to this folder (/ opt) because it stores the information in view of the CSA (reports and newspapers). It is the large partition as ACS View data includes all the ACS reports.

  I hope this helps.

  Kind regards.

• Cisco ACS server

  Hello

  I currently have a Cisco ACS 3.3 Server. I want to upgrade the server to the latest version and cluster with one another so that we can have a redundant infrastructure because if one fails it also includes...

  Can provide you a solution for this?

  Thank you

  Hello

  The latest version is 4.1 ACS. You can upgrade 3.3.3 build 11 directly to 4.1.

  Then, you can install an another ACS 4.1 on a different machine and replication configuration between these two. In this way, you will need to make changes to only one that ACS and the secondary will be automatically updated.

  Once these two are defined, you can set both of these servers as a server Radius/Ganymede on devices and there will be a redundancy.

  Kind regards

  Vivek

• Problem with Cisco ACS and different areas

  Hello

  We are conducting currently a problem with Cisco ACS that we put in place, and I'll try to describe:

  We have ACS related directory AD areas, where we have 2 domains and appropriate group mappings.

  Then we have our Cisco switches with the following configuration,

  AAA new-model

  AAA-authentication failure message ^ CCCC

  Failled to authenticate!

  Please IT networks Contact Group for more information.

  ^ C

  AAA authentication login default group Ganymede + local

  AAA authorization exec default group Ganymede + local

  AAA authorization network default group Ganymede + local

  AAA accounting exec default start-stop Ganymede group.

  orders accounting AAA 15 by default start-stop Ganymede group.

  !

  AAA - the id of the joint session

  But the problem is that with the users in a domain, we can authenticate, but not the other. Basically, the question is that when we check on the past of authentication, two authentications are passage and the display of 'Authentic OK', but on the side of the switch, there is a power failure.

  There may be something wrong with the ACS?

  Thank you

  Jorge

  Try increasing the timeout on IOS device using radius-server timeout 10.

  Do we not have journaling enabled on the ACS server remotely?

  -Philou

• Connection Error 1120 ACS cisco acs 5.0 web gui

  Hi all

  I installed the unit acs 1120 as follows

  entered in the installation in console mode command

  aiinstalle licensevia gui mode

  But when I access the gui mode it disconnect regularly

  When I ping ping is successful and shows life 128

  but after some time, the connection is estabalished and when I ping the TTL shows 64

  can someone help with this problem

  Thank you very much

  Hello

  I couldn't quite follow the description of your problem. Can clarify you the problem more in detail.

  You then mention access to the ACS GUI mode it to disconnect regularly. You lose any IP to GBA connectivity, or is the problem only through the user interface?

  Please can you include ACS cli:

  view the status of the acs application
  See the version

  Show tech

  Would also be relevant to see the output of 'display the acs application state"when the problem occurs.

  Additional troubleshooting, the support beam will also relevant information during problem occurrence timestamp. You need to enable the debug logs, for ex:

  GBA cli:
  admin #conf t
  exploitation forest admin (config) # loglevel 7
  exit admin (config) #.
  # acs admin - config
  After a few seconds,.
  You can then log in with the credentials of user/password for GUI of the CSA name.

  acsadmin(config-ACS) # debug level mgmt-acsview of-journal of debugging

  acsadmin(config-ACS) # debug level to debug-log duration
  output acsadmin(config-ACS) #.

  Following the appearance of the problem, the support beam then downloadable GUI Monitoring & Report Viewer > troubleshooting > ACS support Bundle.We will need to check on the timestamp of the problem newspapers.

  But for now, more details about the problem seem necessary as well as the output display orders of cli ACS mentioned above.

  Thank you

  Alex

• Cisco ACS 5.3 Newbie

  Hi guys,.

  I'm looking to implement a Cisco ACS 5.3 for MAC address based VLAN on a 2960 switch.

  like all the world done this before? Basiacally I want is

  1. do you have a list of the devices specified in the ACS with their MAC address

  2. connect the swicth for GBA

  3. where a device is plugged in, the swicth should check with the ACS on what VLAN, the host must be on.

  Thank you.

  In ACS, you must configure to authenticate by using the 'internal hosts' (which is the database of the mac address) and authorize using 'profiles of authentication' (this is where you configure what VLAN to use)

  If you are a beginner I recommend you test authentication only. If all goes well, you can add the permission.

  ON the side of the switch, you need to configure something like this

  AAA new-model key PASSWORD on the RADIUS server host x.x.x.x RADIUS vsa server send authentication RADIUS AAA server group ACS Server x.x.x.x ! ! AAA dot1x of default authentication group ACS AAA authorization network default group ACS AAA accounting dot1x default start-stop group ACS Interface GigabitEthernetX / X MAB authentication order mab Auto control of the port of authentication dot1x EAP authenticator

  Please rate if this can help

• Problem with certifcate on Cisco ACS

  We want to authenticate our internal wireless users using our Cisco ACS running 5.3.  GBA questions our Active Directory environment for the user name and password provided.  I created a CSR on GBA and it provided to Entrust.  They gave me a root certificate, string and server.  I've linked the server certificate to the CSR under System Administration > Local Server Certificates > local certificates.  I then added the chain and the root certificates to the users of the site and identity stores > autorit├⌐s.  When I try to connect to a laptop client he asks a user name and password, but after entering this information, I am presented with the warning on this certificate below.  This certificate is to Entrust and I see the certificate root in the root store on the laptop.  Any ideas what would cause this.  TAC does not seem to have all the answers.  They say it's a problem of the client machine.

  

  In case you want to check your configuration settings.

  http://www.Cisco.com/en/us/products/ps10315/products_configuration_example09186a0080bd1100.shtml

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• How can I use Cisco ACS to save Shell commands

  Hi guys, pleeeease how can I configure Cisco ACS to do command authorization on my Cisco 3660 router. I get the accounting logs and authentication but no newspaper that show orders issued by users - shell and it's the most important paper that I need. I read materails and download articles on the site of Cisco... but the thing is still does not give me the papers.

  I have these lines on my router:

  ...

  AAA authorization config-commands

  AAA authorization exec default group Ganymede +.

  AAA authorization commands 15 default authenticated if

  AAA authorization network default group Ganymede +.

  ...

  It's funny, when I turn on debugging of the authorization of the AAA on the router, it shows me every command being sent by the user on the debug log. But nothing shows under Administration TACAC + on the Cisco Secure ACS. What is responsible for this?

  *****************************************************

  I installed the trial version of the Cisco ACS 90 days and made all necessary settings and I have to say I like what I see already. I'm opening moves to recommend the product to purchase. Thank you guys, I got about the features of this ACS software through this forum, keep up the good work. I recommend the software for those who need to have adapted to the management reports Security Audit logs.

  If I understand what you're asking correctly, the answer is not in the authorization, that it is in accounting. I set up on my routers and send to ACS orders that level 15 privilege users enter on the router.

  orders accounting AAA 15 by default start-stop Ganymede group.

• Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1

  The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.

  And Yes you are right,

  With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.

  Kind regards

  Prem

• Cisco ACS 5.8 CLI admin account lockout

  Hi all

  We recently deployed device Cisco ACS 3495 and running on a version 5.8.

  Everything seems well while our for the CLI admin account was locked out.

  Found a bug in Cisco for the same problem with version 5.5, but no solution yet...

  ACS 5.5 CLI Admin account locked and no Log Message
  CSCur37203
  Someone out there who might have encountered the same issue and can help advise?
  Thank you and best regards,
  NDA

  Hello

  Unfortunately, the only solution for this is the DVD of password recovery.

  Once fixed, you can increase the car locked out amounted to something greater than the default value of Cisco.

• 5.4 double certificate option Cisco ACS

  Hello Experts

  I wonder if anyone knows if I can get two certificates on my Cisco ACS 5.4 server. The documentation says I can have it as long they have different 'from' and 'to' dates with a same name CN. However, this is a production server and wanted to if sure before I make changes. I currently have a certificate installed and everything works well but need to add a second for migration purposes.

  Hovsep Armeni
  LAN, UK

  A certificate can be linked to these two services (HTTP and EAP), however, each service can only be associated with a single certificate. Thus, for example, you cannot have two certificates that are related to the EAP process.

  Thank you for evaluating useful messages!

• How to restore the password on Cisco ACS 5.4

  Hello!

  Try to restore the Cisco ACS 5.4 password installed on vmware. Where can I get the password recovery DVDs? There is no software in the list on the site.

  TAC may provide to you. You will need to open a folder and the application.

  HTH

• Cisco ACS SE GANYMEDE + accounting fails

  Hello

  I'm under Cisco ACS SE 4.1.23.5. My problem is that the ACS don't Jrnl of the remote switches. I have configured the following accounting commands:

  AAA accounting exec default start-stop Ganymede group.

  orders accounting AAA 0 arrhythmic default group Ganymede +.

  orders accounting AAA 15 by default start-stop Ganymede group.

  Default connection accounting AAA power Ganymede group.

  When I enable aaa accounting debugging, I get the following logs on the switch.

  001091: 12 sep 12:06:06.464 TSB: AAA/ACCT: user johndoe, acct type 3 (2684940942): method = Ganymede + (Ganymede +)

  001092: 12 sep 12:06:06.665 TSB: TAC +: (2684940942): received the status of response acct = SUCCESS

  001093: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:

  'show running-config '."

  001094: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: find the "default" list

  001095: 12 sep 12:06:11.346 TSB: AAA/ACCT: user johndoe, acct type 3 (1583033889): method = Ganymede + (Ganymede +)

  001096: 12 sep 12:06:12.000 TSB: TAC +: (1583033889): received the status of response acct = SUCCESS

  001097: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:

  ' configure terminal '."

  001098: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: find the "default" list

  001099: 12 sep 12:08:16.303 TSB: AAA/ACCT: user johndoe, acct type 3 (1098049616): method = Ganymede + (Ganymede +)

  001100: 12 sep 12:08:16.504 TSB: TAC +: (1098049616): received the status of response acct = SUCCESS

  001101: 12 sep 12:08:29.884 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:

  It seems that the switch is well a response but the CSA record. I have updated the ACS for the latest patch (4.1.23.5), which is supposed to resolve this known bug.

  Is there something that I am missing?

  Thank you.

  ESD

  And what you get in the newspapers of Ganymede Administration?

  Kind regards

  Prem

• Cisco ACS 5.2 with NX - OS (Nexus) devices user - questions

  Hey, I have a really strange problem with Cisco ACS 5.2 and Nexus NX - OS devices.

  I create an account on ACS, let's call him User1 and give privilege 15. With User1, I am able to access on all our IOS, IOS - XE, ASA and PIX devices with privilege 15.

  When I use the User1 account in our NEXUS devices, I do NOT receive the access privilege 15. As you probably know, the NEXUS devices have roles: predefined or custom roles. So I assumed I would get the role of "network-admin" (15 private read/write) User1 when you connect, but instead I got the role of 'vdc-operator' (private 1 read-only).

  Then I tried to twist User1 and give network-admin under profile Shell > Custom Attributes. I logged in the NEXUS and of course I was able to get a network-admin access. However, my access to ALL other devices (IOS, ASA, PIX, etc.) does NOT work! I am not even able to connect with my login and my password for these devices.

  Has anyone ever experience this problem? Help, please!

  Thank you

  neocec

  This is a common problem when you mix with RBAC and IOS devices authorization policies, the pair av that you created must be set 'optional' instead of 'compulsory', please make this change and you will be able to access all your devices.

  Thank you

  Tarik