Cisco AAA/Identity/Nac :: ACS 5.2 Access Service Required
Oct 30, 2012We are using ACS 5.2 in our Network. As can be seen in the provided figure, nothing in the Access Services can be displayed properly.
View 4 Replies
ADVERTISEMENT
AAA/Identity/Nac :: ACS 5.3 Multiple Service Selection Required For RADIUS Wireless
Feb 26, 2013I use ACS 5.3.0.40.8 with TACACS+ servicing Device AAA and RADIUS servicing the Cisco Wireless environment for AD user access. How can I implement 802.1x with the current RADIUS implementation with hindering current wireless users or am I hindered due to the EAP-GTC in use with PEAP via RADIUS?
View 3 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 - 11033 Selected Service Type Is Not Network Access
Apr 15, 2013I have some older devices on the network that only support RADIUS (not TACACS) for authentication and would like to have them use SecureACS 5.3
I understand that by default, ACS only supports TACACS for device administration. So I'll get this error when trying RADIUS:
11033 Selected Service type is not Network Access
Description:
RADIUS requests can only be processed by Access Services that are of type Network Access
Resolution Text: Verify that the Service Selection Policy rules are correct
However, even after adjusting the Service Selection rules and seeing hits, I still see the same message in the logs, as if it has no affect.
Cisco Wireless :: 5508 Mobility Service Engineer / WCS Required Or Not?
Feb 4, 2013I have Cisco Wireless Lan Controller 5508 with 35 (3600 Series Access Points. Do i need to purchase Mobility Service Engine for this or no need? Do i need WCS server for this or no need?
View 1 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 Reports Required
Jul 2, 2012I have modified my radius accounting reports using "interactive viewer" and saved successfully but the exported report doesn't reflect these changes. I'm just wondering what's the point of being able to modify the reports if you can't export your changes or there is something I'm missing?
View 3 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.1 Why So Much Disk Space Required
Apr 7, 2010We are getting ready to bring up 2 new 5.1 ACS servers to replace our ACS 4.2 configuration.The documentation says that 512GB of disk space is required for each server. This means we will need to request1 TB of disk space. The VMware folks in our group are asking why we need so much space when the 4.2 servers are only using 20 gigs including the OS.
View 3 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.1 Default Settings Required
Oct 5, 2011Does the following setting is a shipping default in the ACS 5.1?,In the Access Policies ->Network Device Admin -> Identity -> Advanced Options, the If user not found was set to “Continue” .
View 6 Replies View RelatedCisco AAA/Identity/Nac :: Required Patch For ACS Appliance 1120 Version 4.2.15.3
May 4, 2011Need URL for patch 4.2.1.15.3 with comptaible for cisco acs appliance 1120 . Though its for appliance patch should be along with webserver . I have downloaded patch of SE its not comptaible to this hardware .
View 4 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.2 - Can't Delete Service Policy
Oct 23, 2011We are evaluating Cisco ACS 5.2 and I can not delete a service policy that was created. The message we receive is " the item that you are trying to delete is being referenced by other items". I am new to ACS, but I did go through each tab in the manager multiple times.
View 5 Replies View RelatedCisco AAA/Identity/Nac :: Stop Radius / Tacacs Service In ACS 5.2?
Jul 11, 2011IS there a way to stop the Radius/Tacacs service in ACS 5.2 from the GUI ?
View 6 Replies View RelatedCisco AAA/Identity/Nac :: ACS 4.2.1.15 Found CSLog Service Not Started
Mar 13, 2011I used ACS 4.2.1.15 on windows 2008 SP1, found CSLog service not started. I try to restarted but service was started for while and went to stopped.How should i do to start this service?
View 2 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 Cannot Work With Two Service Policy Rules
Feb 21, 2013I have an issue about ACS v5.3 Appliance.I have an ACS v 5.3 wo authenticate wireless users, together with a cisco wlc. One profile is to corporate users and the second profile is to guest.
The corporate users should authenticate with Active Directory and the guest with WLC. Guest users should authenticate with the ACS Local Database. I have configurate two service selection policy that match with protocol Radius. The first rule is to users of Active Directory and the second is to users in
the Local Database of ACS.When i try to authenticate users with active directory is OK, but when try to authenticate users with Local Database (Guest Portal) the ACS try to find the
the internal user in the Active Directory, because math the first rule, and the second profile can not authenticate.When I change the order, first the Rule of internal users and second the rule of users of Active Directory, the internal users can authenticate in to ACS, but
the users in the Active Directory can not authenticate.I think my ACS only authenticate the first rule of radius to Active Directory, no two rules of radius in the same time. Or maybe exists an issue in OS of the ACS.The authentication by separately is OK.
Cisco AAA/Identity/Nac :: ACS 5.3 Appliance - Service Rules Missing
Sep 25, 2012This does seem correct. I had 2 rules and now they are gone.
View 2 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 Service Selection Rules To Differentiate Web-vpn And Ipsec
Aug 25, 2012I'm working with an ACS 5.3 and ASA 8.2.5 and i've configured several access services for webvpn and ipsec remote access profiles but i haven't found which radius attribute can differentiate among them in the service selection rules.
View 5 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 - External Proxy Service User Logs?
Apr 11, 2012We are currently using Cisco ACS 5.3.0.40.2. One of the Services Selection Policy it hosts is:
Receive Authentication request from a wireless controller for a wireless userIf the wireless user's username contains a particular domain suffix, the request is proxied to an external proxy server using an External Proxy service (configured for both local/remote accounting)On receiving an Acccess-Accept from the external proxy, the user is given access and ACS 5 will start logging account packets for the username (nothing appears in the RADIUS authentication logs - ACS 5 it seems doesn't log proxied authentication requests) The above setup works fine in most instances. We start to have problems when an external proxy server strips the domain suffix off the username in the Access-Accept packet e.g.
ACS 5 proxies an Access-Request to an external proxy server (with Username = someuser@somwhere.com)The external proxy replies with an Access-Accept (with Username = someuser)The user 'someuser' is given access but subsequent accounting attempts fail because their username (without the domain suffix) doesn't match the Service Selection PolicyIs there any way to get ACS 5.3 to log proxied authentication requests? If not, can I configure ACS 5.3 to use the username in the Access-Request packet (rather than the username in the Access-Accept packet) for accounting?
Cisco AAA/Identity/Nac :: ACS 5.1 - Service Selection Rule And Machine Authentication
Nov 7, 2011- I have a cisco unified network (ACS 5.1, Cisco controller, LWAP) and have configured ACS to integrate with AD.
- I am using this network for Laptops and wireless IP phones access.
- I have only one Service Selection rule for both Laptops and wireless IP phones. All the conditions attributes are set to ANY except Protocol = Radius
- I select a simple Identity Policy and I use a sequence where IP phones users are authenticated using ACS local user and the Laptops users are authenticated using AD
- Laptop users are authenticated using PEAP and IP phones users using EAP-Fast
Everything is working fine BUT I need to make 2 changes and eventhough I spent many hours hours on forums and reading articles and trying things myself I can't get the changes to work.
The first change is to use 2 Service Selection Rules one for the IP phones and one for the Laptops. After adding another service selection rules that I put at the top, I tried many combinations to try and get the IP phones to use it but whatever I did (used different combinations of conditions), the IP phones always select the 2nd rule, which is the original one. The question is "what conditions to put in a service selection rule to make wireless IP phones use the rule).
The second change is that I want to add machine authentication so only Laptops that are in AD can access the network. AGain I tried various settings but can't get this to work.
Cisco AAA/Identity/Nac :: CSlog Service Not Starting On ACS 4.2 Running On Windows 2003?
Jul 5, 2010I just upgraded my ACS v4.0 to the latest available version v4.2(1) build 15 patch 2 and I've got some trouble with the CSLog service. I performed a successive upgrade first to v4.2 then to v4.2.1 and finally applied the two patches. Everything is working fine, I'm using both radius and tacacs services and they doing great like they were in v4.0. The only problem I have is with Cslog service which doesn't start. To be accurate, it starts but stops just after. I've uploaded some logs from cslog.log in cslog/logs directory.
View 6 Replies View RelatedCisco AAA/Identity/Nac :: 4.2 Find Service Selection For TACACS+ Protocol Coming From ASA
Mar 10, 2011I'm migrating ACS 4.2 to ACS 5.2 for a customer and I'd like to find a service selection for TACACS+ protocol coming from an ASA.I use TACACS+ for device administration but also for AAA of internal users internet access.I also use RADIUS for vpn remote-access, without problems.How to distinguish through the ACS service selection ?
View 24 Replies View RelatedCisco AAA/Identity/Nac :: Assign QoS Service Policy Via RADIUS To Catalyst 45k / 3750?
May 4, 2011is there a way to assigen a QoS service policy via Radius to an Caltalyst 4500/3750 Switchport?
in detail, we would like to assign this policy
policy-map SET_EF class class-default set dscp ef
to an interface. All traffic should be marked with a defined DSCP value.
This works find when doing it statically with
interface FastEthernet2/1 service-policy input SET_EF
but we would need to assign such a policy via Radius during the 802.1x Authentication. different users should get differnt policies. We use Cisco ACS 5.2 as Radius Server and there actually is a field for that in the Authorization Profile Common Tasks Configuration. in detail, this uses the cisco-av-pair "sub-policy-In=<policy name>" attribute to assign a service policy to an NAS.
we found also two other attributes "sub-qos-policy-in" and "ip:sub-qos-polcy-in" for that. CCO says that "ip:sub-qos-polcy-in" works with Catalyst 65k [URL]
unfortunately this seems to not work on Catalyst 45k and 37k.
In the ACS Logs we can see that these attributes are attached to the Radius Reply, but unfortunately they are ignored by the switch.
it is interesing that when entering "show aaa attributes" on the Catalyst 45k, these attributes are displayd - so for my understanding the switch should understand these attibutes (?)
4503-E#sh aaa attributes AAA ATTRIBUTE LIST: Type=1 Name=disc-cause-ext Format=Enum Type=2 Name=Acct-Status-Type Format=Enum
[Code]......
Cisco AAA/Identity/Nac :: Service-Type Not Present Error When Attempting To Authenticate WLC 5508
Sep 13, 2011I an currently running Cisco (ACS 5.2.0.26.3) and attempting to get my Cisco 5508 WLC's (7.0.98.0) loaded into ACS for TACACS+ authentication for managment users.
However I keep getting the following error:
*emWeb: Sep 14 14:44:45.931: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed for the user:test_tac. Service-Type is not present or it doesn't allow READ/WRITE permission.
Now I've attempted the step-by-step using the following URL but to no avail.( there are some slight differences in ACS 5.2)
[URL]
Latest WLC configuration guide I could find (Software Release 7.0 June 2010) isn't much useful either.
AAA/Identity/Nac :: 7206VXR - Apply Specific Service Policies Per PPPOE - User
Jun 3, 2011We are trying to apply specific service policies per PPPOE-User.
Our BRAS is a Cisco 7206VXR , running c7200-spservicesk9-mz.122-33.SRE3.bin
When we try an very easy service policy as following the policy is well applied:
Code...
How To Access Belkin Set-up Screen If Required
Mar 8, 2013I have the Clear Hub Express (Router/Modem combined) and I am trying to connect a separate Belkin Wireless Router (Model F5D8233-4v1) to allow additional "hard wire" connections. Correct settings required for the Clear Hub Express and any additional information that can instruct me on how to access the Belkin set-up screen if required. The standard 192.168.2.1 is not allowoing access to the Belkin Router.
View 1 Replies View RelatedTP-Link 3G/3.75G Router :: MR3020 - Internet Access Required To Set This Up?
Feb 6, 2013Region : U.SA
Model : TL-MR3220
Hardware Version : V2
I'm a court reporter trying to set up a connection between my laptop and my court reporting machine, which has built in wifi capabilities. My court house has public wifi but there is always some interference which causes transmission between my laptop and machine to freeze. I was told I could create my "own wifi" between my machine and laptop if i bought a router. is this possible with this hardware?
Cisco Wireless :: 1200 Connecting Access Point With Configuration Required
Apr 30, 2007I have a cable broadband installed in my home i just bought cisco 1200 series access point...now how to configure my access point. I believe I have to plugged fastethernet cable coming out of my cable modem to access point after that? What I have to do ....do I have to configure the cable modem as wlel or not???
View 2 Replies View RelatedCisco Routers :: RVS4000 Losing Internet And Network Access / Restart Required
Nov 27, 2012I have recently purchased a RVS4000 router and am experiencing major downtime.Almost everyday the RVS4000 router losing internet connectivity. I noticed that when this happens I cannot login into the router from my pc which is connected to the RVS4000 network.The only way to restore connectivity is to restart the RVS4000 by disconnecting power and powering back up.The router's WAN is connected to my Cable modem.The RVS400 has two PC connected to it. (port 3 & 4) I have a Cisco 8-port switch connect to the RVS4000 with 3 additional PCs/devices on it.
View 6 Replies View RelatedCisco Firewall :: ASA 5510 / Ip Service Object And Service Group
May 16, 2011When I create a service object or group and add the object to a new rule it never works.I mean the traffic match not the rule. I see not hits.I placed the rule on top of my access list to check if I do somethink wrong but it is not working. When I place only a service for example tcp/23 it is working.
my ip service object
object-group service g-as400 description access client 2 as400 machine service-object tcp-udp destination eq 397 service-object tcp destination eq 137 service-object tcp destination eq 2001 service-object tcp destination eq 3000 service-object tcp destination eq 445 service-object tcp destination range 446 447 service-object tcp destination eq 449 service-object tcp destination eq 5010 service-object tcp destination eq 5544 service-object tcp destination eq 5555 service-object tcp destination range 8470 8476 service-object tcp destination eq 8480 service-object tcp destination eq
[code]...
Wireless :: Username / Password Required For External Hard Drive Access
Aug 26, 2012I am looking to get access to an external hard drive that I have set up on my wireless network.When I try to do an automated Windows backup (off my Vista based laptop files) on to an external hard drive which is connected to my wireless network (through a Belkin router) I am being asked for a user name and password to access the connected hard drive on the network. The thing is that I don't remember setting up a username and password for the hard drive at all. I can paste single files mannually onto the external hard drive without being asked for a username and password. I did perform an automated Windows backup off my other Windows 7 laptop and was not ask for a username and password. where to find the username and password information ?
View 3 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.2 Identity Groups - Restrict Device Access
Apr 14, 2011I have ACS 5.2 running as a VM. I'm AD, then local authentication successfully for device access, but I want to define ACS user groups to restrict login. I don;t see any way to do this. If I use AD groups, they don;t show up as selection options on the policy screens, just the ACS locallyy defined groups.
View 1 Replies View RelatedCisco Application :: ACE 20 Service-policy Out Of Service / Still Able To Connect To VIP
Feb 28, 2012We have a situation where services are stopped on the real servers. The probes fail and we confirm the services are not running on the server. We cannot access the ports from the ACE directly. We can still however acces the VIP on the TCP port (L4 VIP class-map). So we can still telnet to the VIP on the port from thr Client side of the network.This is on ACE 20 Modules deployed in Routed mode. The version of software is A2(3.3).
Tried removing multi-match and loadbalance policies as well as class-map and re-applying then re-appyling the service policy to interface. Same behavior,This is a problem at another level as some services are being monitored by GSS via TCP keep-Alive and this obviuosly causes a problem as the service then never goes off-line.
Cisco :: 4402 Unable To Access Service-port
Dec 9, 2012I have a 4402 and recently I have not been able to access the device via the service-port interface. The service-port has an IP Address and it is connected to an access port in the Vlan which I am coming from, however it cannot even ping it's gateway, which as mentioned is within the same network. When I am at the console of the controller I can ping the service-port interface IP that I have assigned, just nothing else.
View 4 Replies View RelatedD-Link DIR-655 :: Deny All Access Except Specific IP's To Service
Apr 1, 2013Is it possible to deny all access except specific IP's to a service on a Dlink DIR-655 ?Say a web server on port 1234.The allowed IP's are not in a range.
View 1 Replies View RelatedCisco :: Topology Service In LMS 4.0 / ANIServer Service May Be Down
Mar 25, 2013I have a fresh installation of LMS 4.0 on windows server 2003, when i click to open topology i get error message : ANIServer service may be down or Host name isn't DNS resolvable
i tried pdshow -brief ANIServer ===> service UP
DNS is working using host file in driversetc i restarted the server
restared the crmdmgtd
unistall / install java plugin
pdterm ANIServer
pdexec ANIServer
NO change ..
Cisco Wireless :: WLC 5500 7.4 HTTPS Access On Service Ports Using HA AP SSO
Mar 5, 2013I use the Service port connected to the managementVLAN to manage the WLCs. When configuring HA with AP SSO, I lost HTTPS connectivity to the WLC, telnet still works fine.I researched the deployment guide and it states:
- When AP SSO is enabled, there is no SNMP/GUI access on the service port for both the WLCs in the HA setup.Why is remote access disabled using GUI when using HA, and how can I keep management of my WLC using HTTPS and an address in the ManagementVLAN.