With the help of Cisco ACS 5.2 (GANYMEDE +) with other than Cisco devices

Hi all

I was hoping that someone could help me with what might be a silly question. I'm trying to implement a solution whereby an operator can control all their nodes (other than Cisco) network via GANYMEDE + involved nodes are

Juniper M10i running Junos 9.2, M120

M320 running Junos 8.5 Juniper

Extremes of BD8810 and BD8806 running 12.4.1.17 XOS

3804 Alpine extreme Extremeware 7.8.3.5 running

My question is, can I use Cisco ACS 5.2 (or 4.2) to authenticate using GANYMEDE + to these other than Cisco devices. Has anyone else done this or I have to use RADIUS? If someone has done this are problems of interoperability with Cisco CS and Junos or XOS extreme. Thank you

/ John

John,

We have a very large deployment of Juniper (T-series, series MX, etc.). We use Cisco ACS and GANYMEDE to manage these devices. The configuration of the ACS is fairly simple. You'll want to create users to connect and match them to the classes on your JUNOS routers. Here is an example:

set system login user uid of engineering 2000
Set system login user engineering genius-class class
set the connection user uid to NOC 2001 System
Set system login user AC AC-class class

define the system connection Engineering-class idle-timeout 15
define a connection system class engineering-class permissions all
define the system connection AC-class idle-timeout 15
define the connection class AC system class view permissions
Set connection AC-class permissions see the system configuration

We use two classes of genius and NOC. One is defined as a read / write and the second read-only. This is in turn then mapped in ACS (in our case version 4.2) by user or group (preferred). First, you change the configuration of the interface and add a Ganymede junos-exec service and do not enter the Protocol field. Then, you change the attributes of the user group. I've attached screenshots for both on this subject.

Hope this helps.

Derek

Tags: Cisco Security

Similar Questions

  • I can't get my computer in safe mode. The custom of menu f8 "Let me pick something other than the normal mode. My keyboard works perfectly fine (obviously since I could press f8), but it won't let me choose Safe mode.

    I can't get my computer in safe mode.  The custom of menu f8 "Let me pick something other than the normal mode.  My keyboard works perfectly fine (obviously since I could press f8), but it won't let me choose Safe mode.  I have a Trojan horse on my computer so I'll try to get it in safe mode.

    Hello

    Start - type in the search-> MSCONFIG box find top - make a right click on - RUN AS ADMIN

    Control - Section Boot - Safe Boot Startup tab and check the boxes below if necessary - APPLY / OK - REBOOT.

    ===========================================================

    It can be made repeatedly in Mode safe - F8 tap that you start, however you must also run them
    the Windows when you can.

    Download malwarebytes and scan with it, run MRT and add Prevx to be sure that he is gone. (If Rootkits run UnHackMe)

    Download - SAVE - go to where you put it-right on - click RUN AS ADMIN

    Malwarebytes - free
    http://www.Malwarebytes.org/

    Run the malware removal tool from Microsoft

    Start - type in the search box-> find MRT top - right on - click RUN AS ADMIN.

    You should get this tool and its updates via Windows updates - if necessary, you can download it here.

    Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
    (Then run MRT as shown above.)

    Microsoft Malicious - 32-bit removal tool
    http://www.Microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

    Microsoft Malicious removal tool - 64 bit
    http://www.Microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495e-94E7-6349F4EFFC74&displaylang=en

    also install Prevx to be sure that it is all gone.

    Download - SAVE - go to where you put it-right on - click RUN AS ADMIN

    Prevx - Home - free - small, fast, exceptional CLOUD protection, working with other security programs. It comes
    a scan only, VERY EFFICIENT, if it finds something to come back here or use Google to see how to remove.
    http://www.prevx.com/   <-->
    http://info.prevx.com/downloadcsi.asp  <-->

    Choice of PCmag editor - Prevx-
    http://www.PCMag.com/Article2/0, 2817,2346862,00.asp

    --------------------------------------------------------

    If necessary here are some free online scanners to help the

    http://www.eset.com/onlinescan/

    http://www.Kaspersky.com/virusscanner

    Other tests free online
    http://www.Google.com/search?hl=en&source=HP&q=antivirus+free+online+scan&AQ=f&OQ=&AQI=G1

    --------------------------------------------------------

    Also do to the General corruption of cleaning and repair/replace damaged/missing system files.

    Run DiskCleanup - start - all programs - Accessories - System Tools - Disk Cleanup

    Start - type this in the search box-> find COMMAND at the top and RIGHT CLICK – RUN AS ADMIN

    Enter this at the command prompt - sfc/scannow

    How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
    generates in Windows Vista cbs.log
    http://support.Microsoft.com/kb/928228

    Run checkdisk - schedule it to run at the next startup, then apply OK then restart your way.

    How to run the check disk at startup in Vista
    http://www.Vistax64.com/tutorials/67612-check-disk-Chkdsk.html

    -----------------------------------------------------------------------

    If we find Rootkits use this thread and other suggestions. (Run UnHackMe)

    http://social.answers.Microsoft.com/forums/en-us/InternetExplorer/thread/a8f665f0-C793-441A-a5b9-54b7e1e7a5a4/

    I hope this helps.

    Rob - bicycle - Mark Twain said it is good.

  • On adobe Illustrator, how could I sellect a selection of layers and move to the top of the tab layers everything always now on layers selcted, other than to scroll to the top?

    On adobe Illustrator, how could I sellect a selection of layers and move to the top of the tab layers everything always maintaining on the selcted layers in a sub-folder already done, other than to scroll upwards and gout? As it takes long time, if there are a few hundreds layers. Shortcut keys / setting?

    I'm afraid, is not a feature in artificial intelligence. [PS it would be Shift-Cmd / Ctrl +] or [.]

    Add as a feature here request: Illustrator feature request/Bug Report Form

  • Satellite A210 - how to use the muldimedia with other than Media Player buttons

    Hello

    is it really not possible to use media keys (Play, Pause, FF) on top of my laptop for an application other than Windows Media Player?
    Is there a reason for this? I would like to control Winamp with this button.

    It seems quite sensless to restrict access to a SINGLE application of HUNDREDS available, a then it is the multimedia player that is not used by most people.

    I have the Satellite A210 Notbook.

    Can you tell my how to control my winamp with these buttons?

    Greetings from Robert

    Hello, Robert

    Unfortunately, there is no solution at the moment. If you check this forum, you will find several very interesting discussions on the multimedia buttons and Winamp player. The fact is that some people have found the solution for older models of laptops running Windows XP Home edition. Winamp has offered the plugin must be installed.

    We now have the new situation. Your laptop is running latest Vista OS and I didn t find any plugin that can help. Problem is that your laptop is designed for Windows Vista preinstalled OS contains all the necessary plugins for Windows media player running under the operating system preinstalled.

    Is any kind of restriction. With preinstalled operating system you can do what you want and if you can find a way to change it for that. You know very well that there are hundreds of different players in the market. You can't wait for Toshiba take a time and create a plugins for each other and satisfy customers around the world.

  • Safari throws "Safari cannot open page because the server is not responding" error for most relationships other than Facebook, Google, Youtube and a few other sites on my Macbook Pro. Can anyone help?

    Safari throws "Safari cannot open page because the server is not responding" while Chrome throws an error "this site is not reachable, connection timed out" for most relationships other than Facebook, Google, Youtube and a few other sites on my Macbook Pro. Sometimes, however, I am able to get the site on Google and access one page other than the home page and everything on the site works fine afterwards. I use a Macbook Pro OS X El Capitan (10.11.5) running. Can anyone help?

    Test in safe mode, if it works back to the normal mode safe mode start-up to test again.

    Try safe mode if your Mac does not end commissioning - Apple Support

    Let us know if the problem occurs in mode without failure or even once after start in normal mode.

  • Compile the PLL with other than AMERICAN NLS_LANG

    Hello!

    I have can´t compile PLL if my NLS_LANG PORTUGUESE_BRAZIL BRAZILIAN. WE8ISO8859P1

    In my view, is because of the space between the BRAZILIAN and PORTUGUESE.

    Whenever I need compile I have to set NLS_LANG to AMERICAN.

    It s clearly a bug in the forms. But does anyone know if there is one solution other than the NLS_LANG change every time?

    Thank you.

    Found:

    https://support.Oracle.com/epmos/faces/DocumentDisplay?_afrLoop=265234356180649&ID=953222.1&DisplayIndex=2&_afrWindowMode=0&_adf.CTRL-State=11r00zsyes_109#symptom

  • Insert the diacritic when entering of email in one language other than English.

    I send an email to a friend of the Mexico. How to add the necessary accents?

    You may need to use 'Character Map' to get the letter you want.  Consult the Help menu when you launch the program via typing the word character in the box start the SEARCH Menu.  I have copied below for you.  The links don't are not real links they copied just like that, but will work from the Help Menu.

    Using special characters (character map): frequently asked questions

    Here are answers to some of the most frequently asked questions on the use of special characters and characters.

    What is a special character?

    A special character is a character that cannot be found on your keyboard. You can insert special characters by using the character map, or by pressing a combination of keys on your keyboard.

    What is the character map?

    Character map allows you to view the characters that are available in a selected font. Using character map, you can copy individual characters or a group of characters to the Clipboard and paste them into any program that can display them.

    How can I open the character map?

    Click to open the character table.

    How can I insert a special character into a document?

    1. Click to open the character table.

    2. Click the font list, and then click the font you want to use.

    3. Click the special character you want to insert into the document.

    4. Click Select, and then click on copy.

    5. Open your document and click the location in the document where you want the special character to appear.

    6. Click the Edit menu and then click on paste.

      Tip

      • Many programs allow you to drag special characters into documents. To do this, click the character you want to copy. When the character appears enlarged, drag it to the open document.

    What is a private character?

    A private character is a single letter or character on logo created using private character Editor.

    How can I create a private character?

    To learn how to create private characters, see what is private character Editor?

    How can I insert a character in a document?

    1. Click to open the character table.

    2. Click the font list, and then click the font you have linked your private characters.

    3. Click the private character you want to insert into the document.

    4. Click Select, and then click on copy.

    5. Open the document and click the location in the document where you want only the character private to appear.

    6. Click the Edit menu and then click on paste.

      Notes

      • If you do delete characters previously copied in the characters to copy box, they are copied as well as any new characters you select.

      • If a private character not properly displayed in a document, select the characters in the document and change its font so that it matches the font you linked to in the table of characters.

      • If you know the value of typing the special character you want to insert, you can insert special characters directly into your document using your keyboard. To do this, open the document and position the cursor where you want the special character to appear. Then, with Num lock on, press on and hold down the ALT key and press the keys on the numeric keypad that represent the value of typing the character you want to enter. After you finish typing, release the ALT key.

    How to search for a character by name?

    1. Click to open the character table.

  • Click the font list, and then click the font you want to search in.

  • Select the Advanced view check box.

  • Click the character set list, and then click the character set you want to search in.

    If the desired character set is not available, choose a different font in the font list.

  • In the search box, type all or part of the name of the character you are looking for. For example, to search for a Greek letter, type Greek, or to find all types of the Cyrillic character Je, type Zhe.

  • Click on search.

    Character map displays the characters that match your search.

  • To start a new search, click Reset.

    Tip

    • To display the name of a particular character and its associated hexadecimal code, point to the character. When you click on the character, this information is also displayed in the status bar at the bottom of the character map window, and it can serve as an example of search terms, that you can use for further research.

    How to search for a character by Unicode category?

    1. The Unicode categories are used to group character types available in a similar font. For example, the currency Unicode category all currencies available for a font symbols.

    2. Click to open the character table.

    3. Click the font list, and then click the font you want to search in.

    4. Select the Advanced view check box.

    5. Click the group in the list, and then click Unicode row to open the Group By dialog box.

    6. In the Group By dialog box, in the row list Unicode, click the category of characters to display.

      When you click a category, character map displays the characters that belong to this category.

    7. When you find the character you want, click Select, and then click on copy.

    How to search for a character by Unicode value?

    1. Click to open the character table.

    2. Click the font list, and then click the font you want to search in.

    3. Select the Advanced view check box.

    4. Click the character set list, and then click Unicode.

    5. Click the group in the list, and then click all.

    6. To go to Unicode box, type the four characters the character Unicode value.

      The character is automatically highlighted in the grid of characters.

      Tip

      • In the table of characters, all characters in a specific font are displayed in the order of their Unicode value. If you don't know the Unicode value of the character you are looking for, you can also scroll through the characters in the font to find it.

    How do I search for a character Chinese, Japanese or Korean by the way it sounds?

    You can search for a character by the way that it sounds in the following character sets: Japanese Kanji by Hiragana, Hanja by Hangul Korean, Chinese simplified by PinYin, and traditional Chinese by Bopomofo. To do this, the character sets must be installed on your computer. For more information, see Add or change an input language.

    1. Click to open the character table.

    2. Select the Advanced view check box.

    3. Click the group in the list, and then click one of the following character groupings to open the Group By box:

      • Japanese Kanji by Hiragana

      • Korean Hanja by Hangul

      • Chinese simplified by PinYin

      • Traditional Chinese by Bopomofo

    4. The area group by, click the character that corresponds to the sound you want to search.

      Character map displays the characters that begin with the sound you have selected.

  • ISE version 1.0 - cannot get access to the administration for cisco devices

    Hi all

    I want to manage cisco all devices to read and write privilege with ISE 1.0.

    This feature is available in this version?

    I configured the 2960 switch.  Redius test switch is successful. When I telnet to the switch, he asks user name and password. But the message is authorization in the event of failure. But to the LSE, shows the authentication is successful.

    Is - this configuration problem or this function is not available in this version?

    Kind regards

    Sylvie

    Sylvie,

    You will need to create a profile for authorization to return the level of privilege for the user:

    Here are the attribute (cisco-av-pair), you will need to return:

    shell:priv-lvl=xx

  • the desire of firefox kiosk mode when the mode full screen allows a URL one exit (other than ALT + F4) required for the enterprise timesheet entry. No opt. No navigation.

    using win 7 SP1, firefox 18 with kiosk software component snap-in r_kiosk - 0.9.0 - fx.xpi to x 86. Mode full-screen kiosk uses a URL to the entry of company time sheet. Firefox is not company standard and should only be provided for this purpose. We are apt to virtualized delivery via AppV and have a solution, BUT... Really like the absence of toolbars providing no other choice to the user. Do not click no right, no navigation. Perfect except there is no fence or exit option except STROKE keyboard such as ALT + F4. I'm not talented enough to modify the XPI file to provide a booth full screen BUT with an option to close simple enough for 3500 users. Advice appreciated.

    Hello

    You can see the kiosk for Firefox modules. A quick search on addons.mozilla.org gave me this result: https://addons.mozilla.org/en-us/firefox/addon/r-kiosk/. Have not tested it myself, but I hope that it is close to what you are in demand!

    See you soon,.
    David

  • Can I create a distribution group with other than microsoft email accounts?

    I want to be able to communicate with a set of independent consultants and match them with each other as a group. I tried to create a distribution group, but I am not able to add addresses of e-mail for the domain package. Anyway I can do this?

    I thank;

    Ivan.

    Hello

    This thread has been created in the Microsoft answers Site Feedback forum. the Microsoft moderation team has moved this thread on the Forum of Networking, Mail and get online other/unknown .

  • Help to understand how each member works on more than 1 device...

    Hello

    I have an individual membership plan with CC for the full range. Currently, I've only installed on 2 machines. Office and one at home. However now I am looking to buy a macbook so I can work on the road, or so to speak.

    I will never use these devices myself, one at a time. I'm assuming that I can install just CC on the new Macbook, and while I try to use all 3 at the same time, I should so something, just asked to put the login information for my CC back in and it will confirm the status?

    Is this correct? Or will I encounter invisible problems?

    Wesley

    You can install it on as many machines as you want, but only be activated on up to two. When you try to activate on a third computer, you will receive a dialog box asking you to turn it off on the other two.

  • connection with other than uid attribute

    Hello

    My implementation of OAM newspaper of users with their e-mail address. I do this to avoid collisions of names among several areas that have attributes the same uid. Authentication schemes are set up to do this, and it works great! I also put my class inetorgperson attribute to the email address attribute... once again, works fine!

    However, there are two things that I noticed that don't seem to work in this way:
    1. When you log into the WebPass or Policy Manager (which I've protected by policy, I use the built-in login form), users can connect only with uid. How I change the attribute that these applications use for username?
    2. the function of lost password (lost_pwd_mgmt.cgi) of the WebPass insists that the login = attribute is uid.

    Anyone know how I can change the behavior of these applications?

    Thank you!!
    -Jim

    Hi Jim,.

    The WebPass and Policy Manager uses the attribute set with the semantic type "Login" in the Console of the system identity (set the attributes objectclass person) - just change it to the mail attribute and you should be OK (not sure if you need a restart of the server identity). If you decide to protect WebPass with WebGate, then you will need change the attribute that is passed into the actions of the authorization.

    Kind regards
    Colin

  • Why do the a: visited style CSS will not change anything other than the color or the background color in Firefox 6? Text-decoration and text-transform setting do not work.

    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" > ""

    < content meta = text/html"; charset = iso-8859-1 "http-equiv ="Content-Type">"
    < title > visit problem < /title >

    < style type = "text/css" >

    #footer a: link {}
    color: white;
    background-color: orange;
    text-transform: uppercase;
    }

    #footer a: visited {}
    color: Red;
    background-color: black;
    text-transform: lowercase;
    text-decoration: none;
    }

    < / style >

  • How does ALBPMEngine record can be read other than using the log viewer

    Dear friends,

    Can anyone help on how ALBPMEngine newspapers can be read other than using the log viewer?

    Look forward to rsponse.

    see you soon

    Did you know that the display of the newspaper is a separate client application that can be installed and used separately? It is in the BPM_HOME/bin directory. That should allow you to ungroup it so you can use it for other applications. It can also be downloaded via the Task Manager.

    If you try to integrate some other system of surveillance of the newspaper, let us know. Can someone have built something already to do what you want.

    Mark

  • With the help of CiscoSecureACS with CiscoWorks RME

    I need help in configuration of CiscoWorks for use CiscoSecureACS for authentication of the connection. I've specified GANYMEDE + as the module connection. I am able to connect with an account of the ACS server. However, the permissions are not set correctly. When I connect with on behalf of ACS server, the options are not displayed (for example, under Administration, inventory, RME, add devices... the Add Device option is not present). Please notify.

    To be concise, ACS is not all the fields required by Ciscoworks. This is why you should always define user profiles in ACS.

    ACS is simply an authenticator. CiscoWorks always manages permissions. Look at the available in Ciscoworks fields and you will see there are a number of roles that each user can take. I guess that Cisco may include one day extensions in ACS to manage specific areas of the CiscoWorks profile, but this is not the case today.

    I think that the advantage of using ACS is centralized authentication. Users do not have to change their passwords in several places. Logon violations are stored in one place.

    You will find that when you set profiles in CiscoWorks they will remain fairly static.

Maybe you are looking for

  • How to restore laptop computer lenovo provided the factory

    I want to restore my laptop Lenovo N100 (2006 Vintage) for his performance of the plant.  Is there a way to do it without reformatting the C drive?  I have 1 or 1 CD FRO Lenovo recovery and rescue, as well as all 5 of the product recovery CD.  The co

  • Help on Factory Reset

    Hello! IM new to this forum and I need help! I have a HP Pavilion dv7 1135nr and decided to restore it to the factory setting using the F11! I watched everything, but after that it says that your system has been restored to the factory and restarted

  • missing or corrupted ntfs.sys file

    I get a message that my ntfs.sys file is missing or damaged.  It tells me to insert the original installation cd, however, I don't have the original installation cd.  What can I do to restore this file and my computer?

  • Accidentally deleted a folder. What now?

    I deleted my file downloads on the accident and it is not in the Recycle Bin. Is there a way I can find these files?

  • How to add additional toolbars in Windows 7

    original title: on the Extra toolbars In windows XP, I used to have 3 extra toolbars, one on each side of the screen, except the bottom (default start bar). To do these extra toolbars, I used to drag a do of random file at the edge of the screen and