Cisco AAA/Identity/Nac :: ACS 5.2 Maximum User ID

Jan 5, 2013

what is the maximum user IDs that I can create to the ACS server? The client have an ACS appliance with version 5.2.

View 2 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: ACS 5.2 User Roles And Restricting User Access To Add Items?

Sep 22, 2011

We are running ACS 5.2 patch 6 and want to restrict access for users to be able to add devices to the system.For example, admin person in site A can only add devices into the site A group and cannot see/access other sites groups.

View 1 Replies View Related

Cisco Wireless :: OEAP 600 Series - Maximum User Count

Sep 12, 2011

Only fifteen users are allowed to connect on the WLAN Controller  WLANs provided on the 600 series at any one time. A sixteenth user  cannot authenticate until one of the first clients de-authenticates or a  timeout occurred on the controller. Note: This number is cumulative across the controller WLANs on the 600 series. For example, if two controller WLANs are configured and there are  fifteen users on one of the WLANs, no users will be able to join the  other WLAN on the 600 series at that time. This limit does not apply to  the local private WLANs that the end user configures on the 600 series  designed for personal use and clients connected on these private WLANs  or on the wired ports do not affect these limits. This is from the Configuration Guide for teh 600 series Office Extend AP. Is this count per AP or total per WLC? If I have 10 APs deployed to our remote users, can each AP support two simultaneous users? Would I need to use separate WLANs for each OEAP?

View 8 Replies View Related

Cisco AAA/Identity/Nac :: Maximum Internal Hosts Accounts On ACS 5.2?

Aug 27, 2011

Is there a maximum number of "Internal Hosts account" IDs that the local database in a ACS 5.2 can handle?

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5520 - TACAS++ Maximum Length Password

Dec 8, 2012

we have installed TACAS server for all kinds of authentation. What i came to face is that when i configured enable mode password on ASA 5520 or 5510....maximum length this password is of 8 character but i need to more character.

View 10 Replies View Related

Cisco AAA/Identity/Nac :: 750-1000 Devices / Maximum Accounting Session ACS 4.2 Can Handle

Aug 7, 2011

We have Cisco ACS 4.2 in our network and the accounting is done for 750-1000 devices and only for level priv-15.If i want to enable accounting for all levels from priv-1 to 15. All commands executed in devices are sent to ACS. Does the ACS can that much sessions from those many devices?Am also planning to configure acs remote agent to store all the accounting history.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 View Application Exceeded Its Maximum Allowed Disk Size

Apr 6, 2011

This is the error message I am getting on our ACS 5.1 appliance - is there anyway to purge the database or compact the file?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Maximum Number Of AAA Clients Supported By Single ACS5.3 Instance

Aug 7, 2012

what is the maximum number of AAA clients supported by a single ACS5.3 instance?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Add A User Into Several Groups?

Apr 5, 2011

We are running two ACS appliances but we cannot figure out how we can add a user into 2 differents groups.Here's the context :We have a company A which is having devices, this company uses Group A.then we have a company B which is having devices, this company uses Group B.But the admin has to manage the devices for both companies A & B.We don't want to mix devices from company A with company B.Is there a way to add the user into both groups A & B.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Restricting User Sessions In ACS 5.1?

Jul 26, 2011

We are using ACS 5.1 in our network. We have created users and grouped them as per the requirements. We want to restrict the user sessions in the network. A user should authenticate and able to access a network resource. But when he is active with that session, we need to block him from another successful authentication. We want to avoid multiple users using same user credentials for logging into the devices. whether this can be achieved by making configuration changes in ACS.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 How To Deny Access To User

Jun 12, 2011

I have ACS 5.1.I have created the Identity Group 'Admin' and added 2 users in that, say User1 and User2.How do I permit only User1 to get authenticated when he logins in to the device?There is option to select 'UserName' while creating Service Access Policy , but I have observed that though I have mentioned only User1 in the rule, User2 is also getting permitted

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Limited User Account?

Mar 29, 2013

i have cisco ACS 5.2 and want to create user account for technician, with only certain commands.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: User Change Password On ACS 5.3

Mar 7, 2012

On the ACS ver5, there is a "User Change Password" feature. When i click the UCP WSDL, it gives me a page with WSDL language. how is it supposed to be installed? does it copy or install to any web server

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Can Add / Modify ACS 5.2 CLI User Roles

Apr 28, 2011

My company's security group uses Tripwire to monitor for changes in start-config and running-config on network devices in PCI scope.  We are migrating from ACS v4.2 to v5.2.  I need to create the account for Tripwire on the ACS Appliance but did not want to assign the admin role which would give access to configure terminal.  The user role does not have privileges for show start-config or show running-config.  Am I missing something or are these the only 2 roles available at the CLI?  Can another rolle be added?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Local User Authentication

Nov 12, 2012

I want to have a local user in ACS that is permitted to login to routers. I have TACACS with AD already working but cannot get a local user to work. I used to do this in ACS 4.x.I created a user in the internal identity store.I tried configuring a policy to allow this users TACACS authentication multiple ways to no avail. I cannot find a config example doc and cannot figure it out from the user guide as the documention is sorely lacking.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 - Delete Specific Log For User X

Jun 25, 2012

on the acs 5.2 , how to delete specific log for user X, ?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Connected To AD Locking Out User?

Feb 18, 2013

  So we have this problem that just started, I can replicate the issue as well, if a user makes a mistake on typing there password after 1 attempt ACS sends 3 to AD locking out the user.
 
  In a putty or secureCRT session after 1 password failed attempt, I am unable to retry with that same session.

  The issue seems to be that after 1 bad password attempt, from the client side I am unable to get another try.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 User Group Mapping?

Sep 12, 2012

We are using ACS 4.2.1.15 with patch 8 on ACS 1113 SE box.
 
Our requirement is to assign ACS loal group to user on basis of windows Nt group. Which means I dont wants to create individual users in ACS rather when user will login, the auth request will be forwarded to AD(remote database). Depeneding on the remote database group the user should be mapped to local database.
 
For this I have configured "database group mapping" according to following cisco guide. [URL] 
 
However when ever my AD users are authenticating they are getting the membership of default group as configured in "Default" profile. I am using TACACS+ protocol in my routers and switches for authentication.
 
whether "Group mapping by External user database"  works with TACACS+ or only with RADIUS protocol. If it works with TACACS+ what else configuration need to be done so that my ACS can map users to proper groups instead of default group.

View 4 Replies View Related

AAA/Identity/Nac :: ACS 5.2 Machine Authentication And AD User?

Sep 1, 2011

I am trying to setup up a rule to allow wireless access only to users in my AD when they use computers from my AD.I have Machine authentication working on it's own (computer boots up and connects to wireless - confrimed by ACS logs) I have User authentication working But when I try to creat the floowing rule:it does not work.
 
Access Policy
Access Service:
Default Network Access Identity Store:
AD1
Authorization Profiles:
DenyAccess
Exception Authorization Profiles:
Active Directory Domain:

[code]....
 
Everything seem to fine until it gets to the last rule.

View 1 Replies View Related

AAA/Identity/Nac :: AD User Password Changing With ACS 5.0?

Oct 11, 2011

I use ACS appliance 1120 for cisco devices administration. The identity store is  external. I use Active directory. Actually, Authentication, authorization and accounting work well but users can not change theirs Active directory password when they have expired. Do you now how to configure ACS to permit password changing?

View 5 Replies View Related

AAA/Identity/Nac :: ACS 5.4 And User Admin Roles

May 8, 2012

we have created some administration accounts which should only have the possibility to work on the user database.  the useradmin role is to limited to create a user and set a fixed password only, but not able to enable the users authentication against a predefined external identity store. Other roles which makes this possible are far  to powerful for a second level adminstrator.The adminstrator should have the possibility the create an user and set the password check against an external database. This is not possible with the predefine role "UserAdmin". Other roles do have to many rights for these users.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Expiration Date Per Internal User?

May 2, 2011

Migrating from 4.2 to 5.2 acs and have noticed there is no expiration date per internal user added. We expire users at different times due to their time on site. Is there something that has to be added to get back this basic feature we had before?

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Authorization Of User Based On MAC Address

Aug 23, 2012

A short background. Our corporate SSID is being migrated from using PEAPv0 to EAP-TLS. This restricts access only to company notebooks. Additionally we have barcode scanners which are used to inventory assets. Those devices are not able to use EAP-TLS as they cannot be integrated in the domain and being unable to do certificate based authentication.
 
As a workaround we planned to use another SSID with access to the same network but using PEAPv0 as authentication method, basically the same SSID but with a different name. As this naturally allows anyone to access the corporate network with a valid username/password I now wanted to add another step into the authentication process - the MAC of the device. I know I can do the filtering at the WLAN controller, but as it has a limited database as well as the fact that it is cumbersome to maintain the MAC list on all the controllers I thought I can do it over our ACS system.
 
I am now trying to accomplish the following: The user gets authenticated via the internal user store, which is succesful. Now I want to authorize the user via the MAC address, which is stored in the internal host store of the ACS, if access is granted or not.
 
For this I created the following policy:
 
Service Selection Policy -- (Rule based result selection)

-- (NDG:Device Type in All Device Types:Wireless And RADIUS-IETF:Called-Station-ID contains <SSID>) | Result: PEAP access

-- Default | Result: DenyAccess
 
Service PEAP access Identity: Internal Users -- (Single result selection) Authorization -- (Rule based result selection) -- Internal Hosts:HostIdentityGroup in All Groups:Valid_MACs
 
When I then try to access the wireless network I won't get authenticated. The error I get, when I look into the logs is: 15039 Selected Authorization Profile is DenyAccess
 
Is it not possible to use one identity store as "attribute database" for the other identity store?

View 5 Replies View Related

Cisco AAA/Identity/Nac :: User Restriction With Access-list In ACS 5.2

Jun 11, 2011

I am trying to create a user restriction to allow one user to access only two networks (10.192.3.0 and 10.192.5.0) I have range of networks but I want to permit only two networks for limited user and full access for the admins. I know this was possible with ACS 3.3 but I am not too sure if this is also applicable with ACS 5.2.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Can Use ACS 5.2 As Guest User Authentication Server?

Jun 5, 2012

Can use ACS 5.2 as Guest user authentication server?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1.3.124 / Machine And User Authentication / MAR / Timeout?

Apr 12, 2013

I am using ISE 1.1.3.124.My first question:I want to know the relation between the attribute "WasMachineAuthenticated" and the MAR (MAchine access restriction in advanced setting for AD).Is-it the same  or not ?Once you time out, you need to do machine auth again. What is the timer ?Using the attribute "WasMachineAuthenticated", is-it the same timer that you configure in MAR ? In a distributed environnement, is the information about machine previously authenticated  replicated to all policy node ?Because, if a swicth has 2 radius-server, we are not sure that it will point everytime to the same server.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Static IP Assignment For Local User

Jun 7, 2011

how I can assign a static IP to a user in ACS 5.2. I am able to do it in ACS 4.2, but I don't see the same options under 5.2. General idea is that users authenticate from our VPN appliance via RADIUS, and upon authentication, their static IP is passed back to the VPN device. I can attach an arbitrary field to my local users by going to System Administration -> Configuration -> Dictionaries -> Identity -> Internal Users, but how do I get that IP address passed back when the user is authenticated via Radius?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Creating Internal User Account In ACS 5.2

Dec 12, 2011

I have an ACS 5.2 server integrated with Active directory . Now i need to create an internal user account to login to some radisu devices using internal user database  .I have near about 600 users all are authenticating through AD .

View 3 Replies View Related

Cisco AAA/Identity/Nac :: How Does Acs Export User Records Via ACS5.3

Nov 29, 2011

I want to export the ACS local user's records.Then import to other ACS5.3 server.But the export file not the user's password record.I cannot import it well....

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 - How To Bind User Authentication And Machine

Jul 18, 2011

For our wireless, we enabled the machine authentication, but we want to bind the machine authentication and user authentication together which means they need to meet both requirements to access the wireless, how can we do this? Right now looks like as soon as the machine is authenticated, it can access the network, no user authentication needed.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 User Password Expired Not Working

Aug 25, 2011

I have configured under Administration password policies about password lenght, items to be putted as number, letters and so on.on the second tab is the password expire for users and I configured to expire after 90 days.
 
I even tried creating a new user and changing a password from an existing user using Apache TOMCAT WAR,I have checked CLOCK of ACS appliance and setted up NTP on our internal NTP servers
 
even I create a new user or I change the password via Admin GUI or I change the user password via Apache TOMCAT WAR, I have the user being disabled in a few of minutes, half an hour.,As last, with CISCO AnyConnect is possible to warn the user about the password being expireing and if so, the change could be driven via AnyConnect or is absolutely needed a User Hand Task on the Apache TOMCAT portal I setted up with the ACS WAR application?

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 VM - User Password Change Webpage

Sep 21, 2011

Is there a way to configure a webpage where end users would go to change their passwords? I would not like to use the network devices themselves with the "change password at next logon" option.
 
I believe ACS 4.2 has such solution. Does 5.2 have it too?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Updating Internal User Database?

Jul 4, 2011

Using  a CSV file, I can not add user in the internal database of the ACS I have a permanent "error File Format Validation Failed" However the file I want to import is a really CSV file.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved