Cisco ACS 4.2
Hello
Is ACS 4.2 a product multi-vendor can I authenticate (AAA) of no cisco Cisco ACS 4.2 devices.
Thank you
Hello
Yes, you can have AAA for multi vendor device if it supports RADIUS or GANYMEDE and we have VSA right for this.
Thank you
Waris Hussain.
Tags: Cisco Security
Similar Questions
-
Problem with certifcate on Cisco ACS
We want to authenticate our internal wireless users using our Cisco ACS running 5.3. GBA questions our Active Directory environment for the user name and password provided. I created a CSR on GBA and it provided to Entrust. They gave me a root certificate, string and server. I've linked the server certificate to the CSR under System Administration > Local Server Certificates > local certificates. I then added the chain and the root certificates to the users of the site and identity stores > autorités. When I try to connect to a laptop client he asks a user name and password, but after entering this information, I am presented with the warning on this certificate below. This certificate is to Entrust and I see the certificate root in the root store on the laptop. Any ideas what would cause this. TAC does not seem to have all the answers. They say it's a problem of the client machine.
In case you want to check your configuration settings.
http://www.Cisco.com/en/us/products/ps10315/products_configuration_example09186a0080bd1100.shtml
~ BR
Jatin kone* Does the rate of useful messages *.
-
Hello
I currently have a Cisco ACS 3.3 Server. I want to upgrade the server to the latest version and cluster with one another so that we can have a redundant infrastructure because if one fails it also includes...
Can provide you a solution for this?
Thank you
Hello
The latest version is 4.1 ACS. You can upgrade 3.3.3 build 11 directly to 4.1.
Then, you can install an another ACS 4.1 on a different machine and replication configuration between these two. In this way, you will need to make changes to only one that ACS and the secondary will be automatically updated.
Once these two are defined, you can set both of these servers as a server Radius/Ganymede on devices and there will be a redundancy.
Kind regards
Vivek
-
How can I use Cisco ACS to save Shell commands
Hi guys, pleeeease how can I configure Cisco ACS to do command authorization on my Cisco 3660 router. I get the accounting logs and authentication but no newspaper that show orders issued by users - shell and it's the most important paper that I need. I read materails and download articles on the site of Cisco... but the thing is still does not give me the papers.
I have these lines on my router:
...
AAA authorization config-commands
AAA authorization exec default group Ganymede +.
AAA authorization commands 15 default authenticated if
AAA authorization network default group Ganymede +.
...
It's funny, when I turn on debugging of the authorization of the AAA on the router, it shows me every command being sent by the user on the debug log. But nothing shows under Administration TACAC + on the Cisco Secure ACS. What is responsible for this?
*****************************************************
I installed the trial version of the Cisco ACS 90 days and made all necessary settings and I have to say I like what I see already. I'm opening moves to recommend the product to purchase. Thank you guys, I got about the features of this ACS software through this forum, keep up the good work. I recommend the software for those who need to have adapted to the management reports Security Audit logs.
If I understand what you're asking correctly, the answer is not in the authorization, that it is in accounting. I set up on my routers and send to ACS orders that level 15 privilege users enter on the router.
orders accounting AAA 15 by default start-stop Ganymede group.
-
Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1
The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.
And Yes you are right,
With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.
Kind regards
Prem
-
Problem with Cisco ACS and different areas
Hello
We are conducting currently a problem with Cisco ACS that we put in place, and I'll try to describe:
We have ACS related directory AD areas, where we have 2 domains and appropriate group mappings.
Then we have our Cisco switches with the following configuration,
AAA new-model
AAA-authentication failure message ^ CCCC
Failled to authenticate!
Please IT networks Contact Group for more information.
^ C
AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA authorization network default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
!
AAA - the id of the joint session
But the problem is that with the users in a domain, we can authenticate, but not the other. Basically, the question is that when we check on the past of authentication, two authentications are passage and the display of 'Authentic OK', but on the side of the switch, there is a power failure.
There may be something wrong with the ACS?
Thank you
Jorge
Try increasing the timeout on IOS device using radius-server timeout 10.
Do we not have journaling enabled on the ACS server remotely?
-Philou
-
Cisco ACS 5.8 CLI admin account lockout
Hi all
We recently deployed device Cisco ACS 3495 and running on a version 5.8.
Everything seems well while our for the CLI admin account was locked out.
Found a bug in Cisco for the same problem with version 5.5, but no solution yet...
ACS 5.5 CLI Admin account locked and no Log MessageSomeone out there who might have encountered the same issue and can help advise?Thank you and best regards,NDAHello
Unfortunately, the only solution for this is the DVD of password recovery.
Once fixed, you can increase the car locked out amounted to something greater than the default value of Cisco.
-
5.4 double certificate option Cisco ACS
Hello Experts
I wonder if anyone knows if I can get two certificates on my Cisco ACS 5.4 server. The documentation says I can have it as long they have different 'from' and 'to' dates with a same name CN. However, this is a production server and wanted to if sure before I make changes. I currently have a certificate installed and everything works well but need to add a second for migration purposes.
Hovsep Armeni
LAN, UKA certificate can be linked to these two services (HTTP and EAP), however, each service can only be associated with a single certificate. Thus, for example, you cannot have two certificates that are related to the EAP process.
Thank you for evaluating useful messages!
-
How to restore the password on Cisco ACS 5.4
Hello!
Try to restore the Cisco ACS 5.4 password installed on vmware. Where can I get the password recovery DVDs? There is no software in the list on the site.
TAC may provide to you. You will need to open a folder and the application.
HTH
-
Cisco ACS SE GANYMEDE + accounting fails
Hello
I'm under Cisco ACS SE 4.1.23.5. My problem is that the ACS don't Jrnl of the remote switches. I have configured the following accounting commands:
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
When I enable aaa accounting debugging, I get the following logs on the switch.
001091: 12 sep 12:06:06.464 TSB: AAA/ACCT: user johndoe, acct type 3 (2684940942): method = Ganymede + (Ganymede +)
001092: 12 sep 12:06:06.665 TSB: TAC +: (2684940942): received the status of response acct = SUCCESS
001093: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
'show running-config '.
" 001094: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: find the "default" list
001095: 12 sep 12:06:11.346 TSB: AAA/ACCT: user johndoe, acct type 3 (1583033889): method = Ganymede + (Ganymede +)
001096: 12 sep 12:06:12.000 TSB: TAC +: (1583033889): received the status of response acct = SUCCESS
001097: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
' configure terminal '.
" 001098: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: find the "default" list
001099: 12 sep 12:08:16.303 TSB: AAA/ACCT: user johndoe, acct type 3 (1098049616): method = Ganymede + (Ganymede +)
001100: 12 sep 12:08:16.504 TSB: TAC +: (1098049616): received the status of response acct = SUCCESS
001101: 12 sep 12:08:29.884 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
It seems that the switch is well a response but the CSA record. I have updated the ACS for the latest patch (4.1.23.5), which is supposed to resolve this known bug.
Is there something that I am missing?
Thank you.
ESD
And what you get in the newspapers of Ganymede Administration?
Kind regards
Prem
-
RADIUS does not not on Cisco ACS SE v4.1 (1)
Hello
I have a CiscoSecure ACS version 4.1 (1) build 23.
I can't configure the Cisco ACS for granular control of access router. I have a Netopia Router that is configured to use RADIUS to authenticate remotely for a telnet connection. The router sends the request to access the Cisco ACS SE RADIUS and a sniff on the side of the ACS shows the application of GBA, but I see no response from the ACS. RADIUS authentication to work with a Windows 2003 server.
I configured an AAA client and a user of the ACS and use the default group. I use IETF RADIUS. Should what attributes I configure. In Windows, I use Service Type framed and Framed-Protocol PPP. This does not work with the Cisco ACS SE. Nothing shows up in the newspapers. It shouldn't be so difficult, but for some reason I can't make it work.
Thanks for any help.
Jutta Kullmann
Jutta,
Good to know it works very well. Please mark this thread as solved so other can benefit from.
Kind regards
~ JG
-
Hello
I'm trying to use CIsco ACS 5.4 for RADIUS authentication for VPN by using VPN concentrator 3000 users.
I added the VPN 3000 on ACS and added GBA on VPN group with a shared secret authentication server. When I do a test on the authentication server using the local account that I created on ACS it happens as no response was received from the server so that I can see the RAIDUS AAuth in green.
Any help would be much appreciated.
Concerning
AR
Hey,.
What is the report on GBA?
"RAIDUS AAuth in green"
If so, a pcap help between the two.
Concerning
Ed
-
Cisco ACS and the domain controller
Hello
We are currently using the Cisco ACS 3.2.3.11 solution engine and using a Windows domain as a remote agent controller.
We now have the ACS to 4.1
1. do I need to upgrade the remote agent on the domain controller as well?
2. any computer on the network can be used as a Distribution Server?
3. after an initial backup and upgrade then to 3.3.3.3 I make another backup before the upgrade to 4.1?
You can use any PC in the network as a Distribution Server.
-
Cisco ACS 4.1 for external advertising for authentication
Hello
We have just configured Cisco ACS 4.1 solution engine and using a Windows 2003 domain controller as a remote agent.we use as Protocol Ganymede.
Users that are created in ACS himself are able to connect to various network devices. but users in domain (active directory) can not connect. We get the access denied message. same time we get external DB is not operational message in ACS.
Active directory server where agent that runs in CSWINAgentlog, we get the following error 'NDLIB'... FOUND 0 TRUSTED DOMAIN.
Could you please help us to isolate the problem.
Thank you & best regards
Make sure that the worm of acs and remote agent software is the same. And also execution of remote agent account must have special domain administrator rights, like the act as part of operating system and log in as a service.
Kind regards
~ JG
-
Cisco ACS: page not displayed not!
I installed Cisco ACS v 4.1.While through the different tabs, suddenly, I got the page written common IE "this page cannot be displayed".
It is all of a sudden in the meantime & there is no expiry/delay period while working on it.
Server: HP DL380G5
OS: Win2k3 Enterprise Edition SP1
Kindly guide me!
Rajeev,
Add the DCC address in Internet Explorer trusted sites. Also check if the acs services are up n running, especially csadmin.
Kind regards
~ JG
Note the useful messages
-
Cisco ACS 4.2 1113 Recovery DVD
Nice day!
We have CSACSE-1113-k9 Cisco ACS 4.2 device 1113. And we need to reimage (restore the device to its original state). Can enyone help me with the correct link software.cisco.com image recovery DVDs?
I'm trying to find it, but I can't see recovery dvd:
Hello
As far as I know, you don't have the possibility to download cisco.com ACS recovery DVDs. You can contact Cisco TAC and they can publish the software for you.
Note If useful...
Kind regards
Kush
Maybe you are looking for
-
Audio controls from the control center was lost in iOS10?
Updated reluctantly iOS 10 and so far, the biggest annoyance is that my playback controls for some audio I play (audiobook of iBooks, podcasts with downcast, stream radio KPCC app) disappeared from the center of control... any way to recover? Quick s
-
Copy and paste the image in apple mail
When I try to copy an image from the web and paste it into the body of an email from apple that I'm composing, everything seems OK. But when it is sent, the recipient gets a little blue square with a question mark embedded in it. Apple support can
-
Satellite A100-784: fact partition system restore DVD formats
Hi guys,. I would ask you for help :) I have a Toshiba Satellite A100-784 with Windows Vista Home Basic OEM.I have this Toshiba system recovery DVD. If I press F8 during start up I get to the screen where are some options (repair at startup etc.) but
-
Skype Sync problem, get the Notifications but not full messages! [cellular data only]
Hey guys, I had problems with Skype on my iPhone for a long time. And this happens only when I'm NOT on WIFI. Whenver someone present me a message, the message will be displayed on my phone as a notification. I always get these any problem. But when
-
Compaq 4000 pro: password work hp compaq 4000
I have a problem with the Power-on password for HP Compaq 4000 Pro small form factor I forgot it can u help me please