cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
0
Helpful
1
Replies

Subnet/wildcard masks in ACS 5.1

Ronald Nutter
Level 1
Level 1

We are trying to migrating from ACS 4.2 to 5.1. Abandoned trying to use the migrate utility when we ran into errors trying to use it and TAC said it was an unsupported utility.  Amazing that no where in the manual did I see "Unsupported" mentioned.

One of the main things we are trying to do is to use a subnet or wildcard mask like we did in 4.2.  For example, I have a network group rule in 4.2 that would allow 10.*.255.* to be authenticated by Tacacs using a particular given secret.  I dont see a way that I can do this in ACS 5.1.  I have to go from one rule for all of my edge routers to almost 100 rules since there doesnt appear to be a way to do this.  I understand that the * is no longer supported but there doesnt seem to be a way to use a wildcard mask to minimize the number of rules it looks like I will have.  This is just for the routers.  I also have a host of switches, AP's and specialized network devices that I need to use a different shared secret for each type of device.   In some cases  I may have more than one type of network device int he same subnet range and need a different shared secret.

Would appreciate any suggestions.

1 Reply 1

ACS 5.x does not support wildcards in the address field. You will have to use subnet masks instead.

You can set up a default device, which may or may not be what you need in your case. This would be the equivalent of entering *.*.*.* on ACS 4.x

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: