Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Subnet/wildcard masks in ACS 5.1

We are trying to migrating from ACS 4.2 to 5.1. Abandoned trying to use the migrate utility when we ran into errors trying to use it and TAC said it was an unsupported utility.  Amazing that no where in the manual did I see "Unsupported" mentioned.

One of the main things we are trying to do is to use a subnet or wildcard mask like we did in 4.2.  For example, I have a network group rule in 4.2 that would allow 10.*.255.* to be authenticated by Tacacs using a particular given secret.  I dont see a way that I can do this in ACS 5.1.  I have to go from one rule for all of my edge routers to almost 100 rules since there doesnt appear to be a way to do this.  I understand that the * is no longer supported but there doesnt seem to be a way to use a wildcard mask to minimize the number of rules it looks like I will have.  This is just for the routers.  I also have a host of switches, AP's and specialized network devices that I need to use a different shared secret for each type of device.   In some cases  I may have more than one type of network device int he same subnet range and need a different shared secret.

Would appreciate any suggestions.

Cisco Employee

Re: Subnet/wildcard masks in ACS 5.1

ACS 5.x does not support wildcards in the address field. You will have to use subnet masks instead.

You can set up a default device, which may or may not be what you need in your case. This would be the equivalent of entering *.*.*.* on ACS 4.x