Subnet/wildcard masks in ACS 5.1

Unanswered Question
Apr 29th, 2010

We are trying to migrating from ACS 4.2 to 5.1. Abandoned trying to use the migrate utility when we ran into errors trying to use it and TAC said it was an unsupported utility.  Amazing that no where in the manual did I see "Unsupported" mentioned.

One of the main things we are trying to do is to use a subnet or wildcard mask like we did in 4.2.  For example, I have a network group rule in 4.2 that would allow 10.*.255.* to be authenticated by Tacacs using a particular given secret.  I dont see a way that I can do this in ACS 5.1.  I have to go from one rule for all of my edge routers to almost 100 rules since there doesnt appear to be a way to do this.  I understand that the * is no longer supported but there doesnt seem to be a way to use a wildcard mask to minimize the number of rules it looks like I will have.  This is just for the routers.  I also have a host of switches, AP's and specialized network devices that I need to use a different shared secret for each type of device.   In some cases  I may have more than one type of network device int he same subnet range and need a different shared secret.

Would appreciate any suggestions.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Javier Henderson Fri, 04/30/2010 - 09:28

ACS 5.x does not support wildcards in the address field. You will have to use subnet masks instead.

You can set up a default device, which may or may not be what you need in your case. This would be the equivalent of entering *.*.*.* on ACS 4.x

Actions

This Discussion