Cisco AAA/Identity/Nac :: Change End Customer Details On CSACS5-BASE

Aug 16, 2011

one of my customer has CSACS & has bought CSACS-5-BASE-LIC, at the time of registration i ,had put the end customer as my company, how to change the end customer details on the license.

Had sent a mail to, they changed the end user details at there end, but the same is not reflecting on the physical box at the customer site.

View 1 Replies


Cisco AAA/Identity/Nac :: ACS 5.2 Identity Base Authentication

Jul 3, 2011

I need a specify users to allow access to particular devices and give privilege only for show command or show run. Here is how I tried to configured.
1. Configured two seperate Shell Profile and Command set with privilege level 4-5 and allowing only show run command

2. create seperate service selection rule with adding the require NDG and protocol TACACS and maching service "RestrictAccess"

3. In the RestrictAccess Service I have following configured; Identity: internal users, Group Mapping to a particular group where the user exists, authorization: matching the above created identity group, NDG, shell profile, command sets
All the steps are attached in the .doc file. However when I tried with the particular user he is able to access everything and he is not hitting the correct access rule.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 And Role-base CLI Views?

May 3, 2011

Is there any way to link the Role-based CLI views created in the AAA  client to the user created in the ACS 5.2 server? I know that you could do  that in ACS 4.2 by using the “cli-view-name” attribute.What  I have in mind is to login with some user and that the ACS 5.2 server  links this user with a view previously created in the AAA client:This is what I would like to achieve:view configured in the AAA client:parser view DiData  secret 5 $1$jPNA$gr9o8gGNmWh9sk8Axbfx91  commands exec include copy running-config ftp  commands exec include copy running-config  commands exec include copy startup-config ftp  commands exec include copy startup-config  commands exec include copy  commands exec include all show Login to the device using a user created on ACS 5.2 and linked to the above DiData view:
telnet xx.xx.xx.xx
 username: cenetacspassword:
 Router#?Exec commands:  <1-99>  Session number to resume  copy    Copy from one file to another  enable  Turn on privileged commands  exit    Exit from the EXEC  show    Show running system information

Typing the command "enable view something" is not an option for us.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS5.1.0.44 Authentication Base AD Group Member

Nov 25, 2012

I had a problem about authentication use AD group member.  Below webiside is the way I config on ACS.


I'm using ACS and this version has a bug , ACS cannot read AD group.  I have to add it manually .    After I change the access policy from Internal user to AD1. I can use anyone AD ID to pass authenticaiton. I finished all config from the website had same result.

I checked the access polices -- default device admin -- authorization  , the new rules I created had no hit count.  How can I make sure that I make a right config ?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Will Shipment Of ISE-3315-K9 Includes 3000 End-points Base License

Oct 11, 2011

We want to buy a ISE-3315-K9 for 500 end-devices.In the price-list I found the ISE-3315-K9 but cannot find the base license: L-ISE-BSE-500=. (I think I need this license)Will the shipment of the ISE-3315-K9 includes a 3000 end-points base license (maximum support of the ISE-3315) or do I need to order the base 500 license seperately?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 2000 Base Concurrent Users Exceed License Allowable Count

Mar 25, 2013

Getting the following alarm from my ISE:Cause:Base License Enforcement Details: Base concurrent users exceed license allowable count.Currently only using 1656 out of 2000 base licenses so I'm not sure what the issue is. Running patch 3.

View 1 Replies View Related

Cisco Switching/Routing :: Feature Set LAN Base / Lite (2960) And LAN / IP Base (3650X)?

Mar 28, 2012

1)For 3650X I found some contradiction in the Q&A about feature set LAN Base vs IP Base:

LAN Base: Can I do static IP routing ?
LAN Base: SVI => is this for intervlan routing ?
2)For 2960, there are 2 flavors (LAN lite and LAN BASE) Q: Can I do static routing on one of these flavors ?

View 2 Replies View Related

Cisco Switching/Routing :: Downgrade 3750X With IP Base To LAN Base For Stacking

May 6, 2012

I have a WS-C3750X-12S-S (IP Services) that I THINK I'd like to downgrade to LAN Base so I can stack it with a WS-C3750X-48T-L that is already LAN Base..

View 4 Replies View Related

Cisco Switching/Routing :: 2960 Switch LAN Base To IP Base

Nov 14, 2011

can we upgrade 2960 switch  from Lanbase IOS to IPbase

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 - How To Change IP

Mar 19, 2011

My customer has to change the ip address of one of the ACS server that is in production. In my opinion change in ip address would cause AAA client information in ACS gui to update and point to new ip address automatically.
2nd I do not see any download image available on CCO for ACS4.2. There was only clean access utility and patches. where can I get the ACS4.2 complete software image

View 1 Replies View Related

Cisco AAA/Identity/Nac :: AD Password Change In ISE 1.1

May 11, 2012

We're running ISE 1.1 for guest services.  We use Active Directory for Sponsor Portal login, as well as for administration of the ISE itself.  Our corporate policy requires a password change for service accounts, and the service account password we use for ISE to connect into AD expires in a few days.  So I changed the password on the account, but how do I tell this to ISE?  I don't see anything in the documentation, only some references to only use non-expiring accounts to connect to AD.  This made me laugh.  If our corporate policy was that lax, we'd never have purchased ISE.
1) Is there a way to communicate this to ISE?  Or is leave and then join the only way?  Will that even work?

2) I see that after the password change, ISE continues to work fine.  Does it only synch with AD periodically?  On reboot, or every X hours?  Right now things are working, but I'm afraid as soon as I turn my back it will stop.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Change IP Address Of ACS 5.2 Itself Through The Web?

May 30, 2011

How can I change the IP Address of cisco ACS 5.2 itself through the web?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Change Management IP In ACS 5.2 GUI?

Jul 31, 2011

I'm trying to change the management IP for ACS 5.2 in GUI, but failed to find it.
Is there any way to change the IP address in ACS GUI?

View 3 Replies View Related

How To Assign Each Customer To A Vlan

Sep 3, 2012

How do you assign each customer to a vlan ? and what kit do you use at the core to roll out VLANS to each pop? We are thinking of using Juniper kit - putting customers on there own VLAN, and having a managed service like TR-069 on those VLANS.Is it do-able and what does everyone use for a TR-069 server - I've been looking on the net and havent had much joy in finding a server - or is it not as easy as I understand it to be.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Change Disk Size

Apr 8, 2013

I was asked to performe upgrade from acs 5.3 to 5.4 (vm), but i noticed that someone installed it on 80gb partition and there is 500gb as one of the requriments in upgrade and install procedure. What is strange to me is that "dir disk:" command shows such an output: 5165345067 bytes available.And under ESX i see 80gb partition. Anyway, is there any way to extend partition size to 500gb? Can I just change it under ESX? Is there any procedure to take under ACS console?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 3395 DNS Domain Name Change

Nov 13, 2012

I have just change the DNS domain name of my ISE from CLI and restarted the appliance (its a 3395 appliance)However,, when i log in via GUI it doesnt reflect the new dns name.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: User Change Password On ACS 5.3

Mar 7, 2012

On the ACS ver5, there is a "User Change Password" feature. When i click the UCP WSDL, it gives me a page with WSDL language. how is it supposed to be installed? does it copy or install to any web server

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Unable To Change Password

Mar 16, 2011

Since some months I'm running ACS 5.2 appliance without any problems.When I want to change the password from a local user there's a popup message:
"This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page." I tried different users but I am not able to change any password. Always the same message.

View 12 Replies View Related

Cisco VPN :: Need Two Vpn Tunnels From One ASA5510 To Two Customer Endpoints

Jan 15, 2013

I need two vpn tunnels from one ASA5510 to two customer endpoints but with the same host on the remote side, the two tunnels are for redundancy reasons. Can I just configure two tunnels with the same host on the remote side and assume the ASA will understand to just use one of the tunnels when both active or the one left when one is down? Or do I need extra configuration for that.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 VM - User Password Change Webpage

Sep 21, 2011

Is there a way to configure a webpage where end users would go to change their passwords? I would not like to use the network devices themselves with the "change password at next logon" option.
I believe ACS 4.2 has such solution. Does 5.2 have it too?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 And ASA SSL VPN Change Or Notify Password Expired

Dec 21, 2010

Now, My ACS and ASA connected with RADIUS(MSCHAPv2). I set up Password Lifetime on ACS and Password Management on ASA.But Cisco ASA doesn't has prompt change or notify anything when user try to login with Clientless SSL VPN. Could user change or notify password expired?

I check change password on th first login on ACS that ASA  propmt to change password dialog. But I want to change or notify when  password expired

View 5 Replies View Related

Cisco VPN :: 2800 Remote Site For Customer Which Only Have 3G Connection

Feb 11, 2012

We have a new remote site for customer which only have 3G connection and to add more pain to that they have dynamic IP address.the easist possible solution was EZY VPN.....client has 2800 router with 3G and at our end we have ASA.....the issue is that , that always server (clients nehind) asa initiate connection to the remote site ie to 3G.....the rule of thumb is that whenever client(ie EZY VPN) will initiate conection the tunnel will establish.

View 1 Replies View Related

Cisco Infrastructure :: 2960S Upgrading A Customer Network

Mar 9, 2013

We are upgrading a customer network and have found that users of a particular application [which is very bursty/bandwidth hungry] have experienced a marked performance drop. I see lots of output drops on the interfaces. This is only happening on 2960S-48 the rest of the users on 2960PSTL [all PoE] are not having nearly as bad a time.I have tried various QoS configs with little success. I have seen on some other blogs that the 2960S has less buffers than the rest of the family.
Removing QoS or upping the users to 1Gb cures the performance problem.

View 6 Replies View Related

AAA/Identity/Nac :: ACS 5.4 - Change Password On Next Login Does Not Work With SSH

Nov 25, 2012

As observed ACS 5.x " Change Password on Next Login" Feature does not work with SSH Clients ( tried with X-sheel, Secure CRT, Putty etc...) , however through telnet session to IOS devices, users can change their password on their next login.
1: on ACS 5.x i create a new user & Set " Change password on NExt Login" option.

2: Logged into the device through Telnet & Password can be changed after i authenticate successfully. however the same is not happening when i login to the devices through SSH.
is it because of the fact that SSH is encrypted session ?
Because changing password through a telnet session is not accepted in many fanancial organizations as per PCI Standard.

View 2 Replies View Related

Setting Up Customer Wifi In A Secure And Cheap Way

Dec 7, 2012

I run a small coffee shop and want to offer free wifi to my customers while also having a secure network for my point of sale/internal network. What is the best way to do this on a limited budget? And what is the best way to protect the secure network?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Change Username In Active Directory Configure In ACS 5.3?

Mar 15, 2012

I need to change the username and password ACS uses to connect to AD.   I do a "clear configuration" and reboot and am unable to join the ACS appliance back into my AD with a different username and password.  I am able to rejoin the ACS machine to the domain using the original username and pass. how to clear all of the AD config off of the appliance and start fresh and use a new account to join AD?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1 Change Password On Next Log On Fails On IPhone / IPad

Apr 29, 2012

We're in the process of implementing an ISE 1.1 server for Guest Wireless Access / BYOD at our company and ran into an issue with authenticating from iPhones / iPads when the account is set with 'change password on next logon' (it's a local account created on the ISE server - not AD). It fails and displays 'unable to join network' on the iPhone. The ISE log shows a '5411: No response received in 120 seconds'. We're able to authenticate from Windows devices and are prompted to change the password during the authentication process. If we unchecked the 'change password' box we can authenticate from iPhones & iPads without any issue but we need to have a way for users to set their own password.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: MDS9148 Didn't Change Local Account

Apr 21, 2011

I was in the process of creating a AAA setup on my NX-0S (MDS9148), logged out/attempted to login to test AAA login and now I can no longer login as admin either! I didn't change the local account. I have the Cisco Device Manager open still (in the fabric switch) and how I remedy this (AAA is not up and running as of yet with this switch).

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Secondary ACS 5.1 Fails To Deregister After IP Change On Primary

Aug 9, 2011

IP address of Primary had to be changed, to respond to a hardware failure of TACACS server with IP in many device configs.
Now the Secondary fails to respond to repeated "Deregister from Primary" requests, even after reload  - apparently because it cannot reach the Primary at its old IP address. 
Requesting Deregister in GUI generates pop-up that says,  "This operation will deregister this ACS Instance from the Primary Instance. Management applications on this ACS instance will be restarted and you will be required to login again.  After performing this operation


View 1 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1.2 Change Of Authorization With Avaya Switches (5520)?

Jan 27, 2013

I am configuring ise to do the posture assessment. I am having avaya as my LAN and Core switches. The idea is once the user is authenticated using 802.1x then it will be moved to qurantine vlan and after it is compliant with the company's policy then it will be moved to the actual vlan. I have configured the avaya switch to accept the radius assigned vlan and also configured the 802.1x dynamic-authorization. Currently, radius assigned qurantine vlan is working but once the nac agent scan and mark the PC status as Compliant then the CoA is not happening and User is not moved to the actual vlan.
I tested the same ise authorization policy of dynamically assigning VLANs on cisco switches and it worked perfectly, but the same is not happening on avaya switch.

View 1 Replies View Related

Cisco WAN :: Catalyst 4510 To Remove Customer Disclaimer Text

Oct 23, 2012

I'm part way through trying to set a Catalyst 4510R to factory defaults,  One thing I'm stumped on is how do i remove the Customer Disclaimer eg what commands do i need to remove this and any other customer text within the switch, below is copy of text from the switch with customers details omitted.

View 5 Replies View Related

Cisco WAN :: 3750 Performing QOS Against Number Of SVI VLans On Per Customer Basis

Apr 29, 2012

I have a Cisco 3750 switch stack and am performing QOS against a number of SVI vlans on per customer basis.  I have 8 customers, each with a /29 public subnet and each with an SVI as a gateway within that /29 range.  I then have a "routable" SVI vlan for routing upstream to the internet. [code]

The service policy attached to the interfaces above is supposed to perform policing on download and upload traffic.  The service policy is attached to the Routable VLAN for download policing and the Customer VLAN for upload policing.  For example, traffic entering the routable VLAN will be policed based on traffic matching an access list to the customers IP range (download).  Traffic entering the customer VLAN will be policed based on traffic matching an access list from the customers IP range (upload).The command I am using to police is as follows - police 10485500 966080 exceed-action drop.The problem I am experiencing is traffic into the routable VLAN is being successfully policed down to the 10Mbps i have specified on a per customer basis (download).Traffic entering the customer VLAN is NOT being policed at all (upload).I am limited as to the use of the parent policy map I have specified on the interface, as I can only assign it in one direction (input).

View 10 Replies View Related

Capture Customer Data In Return For Free Wifi?

Jan 19, 2013

I am looking for a simple First name, surname and email in exchange to unlimited free access to our wifi. Would want the data to load on to Infusionsoft?

View 1 Replies View Related

Copyrights 2005-15, All rights reserved