Network Access Control

We are using AAA with CiscoSecure ACS 3.2. All the 'defaults' are configured to use the ACS server -i.e. aaa authentication login default group ACS local, aaa authorisation exec default group ACS local. We also dynamically map users from Windows AD...

Hello to everybody,I have a simple question concerning CiscoSecure ACS 3.2 (software Solution or Solution Engine).Browsing the documentation in the Cisco WEB Site I found indicated that the application should support High Availability configuration.U...

Hi Experts.I have the following scenario:NT Server | |(in)[PIX](dmz)---(in)[VPN3000](out)(out) _|______________________|__ Internet(Both the Pix and the VPN3000 have the outside interface connected to the Internet).Well, I need to allow the VPN30...

PIX by default allow all the user behind the firewall to access Internet, Is they any way to configure PIX to force user to authenticate against PIX local username database ( Instead of TACACS+ and Radius), before accessing the Internet.Thanks

Hi,I've been experiencing problems with ACS 3.2.1 Eval software using Aironet Radius as authentication for Aironet Clients using PEAP Authentication. PEAP settings dissappear after Certificate has been installed and the Authority has been setup. Afte...

Hi,Is there a way to bypass authentication proxy in pix software 6.3 when connection is going to an intranet server at the other side of a vpn? The idea is to only allow some users at remote offices to browse the web, but to allow everyone to browse ...

I am trying to configure TACACS+ on my Cisco Devices. I have my ACS server up and running and I want my devices when someone tries to login to the devices I want them to authenticate with the ACS server but I can not get it work let alone the author...

Hi,Is there a way to identify what addresses is a spammer attacking? Very much like NBAR that reports protocols accounting by interface, we need to be able to tell a list of ip addresses (or networks) an interface is reaching.Thanks,- Adrian

I recently configured 802.1x authentication on aCat4006/CatOS, including port vlan setting. Thisis working in a test environment. I am no tryingto get accounting working for 802.1x session,but with no success. I came to the conclusion that the featur...

HelloI administer a CSACS server which is responsible for authentication of users for multiple networks and different NAS. I was wondering if there is any way in which I could limit which NAS a group of users is allowed to access (Log on to). Thank...

Hi,I've a VPN Site-to-Site between two branch offices.What I want to know is, seen that is Site-to-Site, if it's possible, with a PIX, to add User Authentication before the traffic is sent to the destination network.If Yes, as I suppose will be based...

hi...does anyone know if 802.1x is a protocol (or frame interpretation rather) that is supported on win2000 for any nic?is there a minimum OS and NIC requirement to able to dynamically assign VLANs based on user by using 802.1x?regards,c.

Hello...I'm trying to configure IAS Radius server to login users into a CISCO 3640 router. The idea is that different users login with different privileges... Some users with privilege 15. I've been checking the logs of the IAS server and it's work...

How I can monitor in real time the users logged using the ACS server ? Is it possible to develop a HTML page with autorefresh ? if yes how ? If not which tool I can use to do the monitoring ?