Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

[Cisco ISE] What is CACS?

Dear Sir,
 
Here is the operation>Authentication detail on my Cisco ISE:
 
Result
State ReauthSession:0a01010100077000545c5b8a
Class OU=VPN-USER2
Class CACS:0a01010100077000545c5b8a:psn/203756592/237 
 
 
I searched many documents, but none of them could tell me what is  the meaning of CACS. 
 
In my authorization profile result, I only configured following:
Access Type = ACCESS_ACCEPT
Class = OU=VPN-USER2;
 
It seemed that the CACS was some kind of session code, auto-generated for machine processing. 
 
(1)Hope somebody could help clarify “What is CACS”
(2) My colleague in network team concern CACS in auth response would lead to some unwanted result in ASA VPN authentication and assigning Gp policy to VPN user. To relive his concern, could we clear out the CACS from auth response?
 
 
 
Million thanks for your kind help.
  • AAA Identity and NAC
Everyone's tags (1)
2 REPLIES
New Member

Anyone could help?

Anyone could help?

Cisco Employee

Hi David. I did some research

Hi David. I did some research but could not find much outside of this being a Cisco specific Radius attribute that is also used by ACS. With that being said, I don't think that this is something that you need to worry about. I don't think an ACS/ISE attribute can trigger a GP policy update on your endpoints. I have done many VPN deployments where the endpoints are authenticating against ISE or ACS and I have never had any problems nor I had the need to filter any attributes. 

Feel free to reach out to Cisco TAC for more details as that is all I have :) Also, feel free to have your network team chime and provide more details with regards to their concerns. You can also test this with some test workstations and confirm weather or not you will see any undesirable results :)

I hope this helps!

 

Thank you for rating helpful posts! 

107
Views
0
Helpful
2
Replies