ACS 4.2 Support

Hi All,
Does our Cisco ACS 4.2 supports Nortel switch for authentication..? Could anyone help

Please go through the link for the attributes.
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/user/guide/ACS4_2UG/A_RADAtr.html#wp147931

Similar Messages

  • How many external certificates server does ACS 5.2 support?

    Hi,
    Just wondering how many external certificates server does ACS 5.2 support?
    I failed to find the number in user guide.
    Thanks,
    -Alejin

    Hi,
    There is no known limit number of CAs.
    You go to
    Users and Identity Stores >
    ... >
    Certificate Authorities
    And you can create for sure more than 100 CAs.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • ACS v4.2 Support IPv6

    Does anyone know whether or not ACS v4.2 supports IPv6?  I have been trying to find documentation on it but have had no luck yet.                  

    Hi Ben,
    Unfortunatly ACS v4.2 does not support IPV6.
    Hope below link will help,
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_qanda_item09186a0080094bac.shtml
    Regards
    Najaf
    Please rate when applicable or helpful !!!

  • Does the ACS v5.4 support vmWare ESXi 4.0 or 4.1?

    Looked through the documents around the requirements for ACS V5.4 and whilst there was mention that it supports vmWare ESXi version 5.0, there is no indication as to whether it is backward compatible with ESXi version 4.0 or 4.1.
    The vmware infrastructure that I have to use has not yet been upgraded, hence my ESXi version limitation.
    Anybody know the answer.
    Thanks
    Russ.

    Yes it supports ESXI 4.0 and 4.1 both. For installation you can follow the below guide.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_vmware.html

  • ACS 4.1 support with Windows Server 2012 Domain controller

    I am upgrading my Domain Controller / Active Directory from Windows Server 2003 to Windows Server 2012.
    In my environment, I am using Cisco ACS 4.1 which is integrated with Windows Server 2003 Active Directory.
    Will ACS4.1 will work fine with my new domain controller (Windows server 2012) or I need to upgrade my ACS too?
    Regards,
    Junaid

    Junaid,
    ACS 4.x code doesn't even support Windows 2008 R2. Your best bet is to migrate the ACS from 4.x to ACS 5.4 Patch 2 or stay with windows 2003 or 2008 (Non-R2).
    ACS 5.4 patch 2 supports Windows 2012 AD.
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/release/notes/acs_54_rn.html
    Regards,
    Jatin
    **Do rate helpful posts**

  • Does the ACS 4.0 support for Simply Chinese Version of Windows 2003 Ent.

    dose anyone sucessfully install the ACS 4.0 on the chinese version of Win2003 Ent? does it need any additional packages or patches related to windows OS?

    thanks. but so many of guyes told me that you certainly encoutner problem when operated on chinese version 2003 OS. I will try it first, if failed, i have to change the os.

  • ACS 5.4 multiple network interfaces support

    In ACS 5.4 release note, it says:
    Multiple network interface connector support
    ACS  5.4 supports up to four network interfaces: Ethernet 0, Ethernet 1,  Ethernet 2, and Ethernet 3. ACS management functions use only the  Ethernet 0 interface, but AAA protocols use all configured network  interfaces. You must connect the ACS nodes in the distributed deployment  only to the Ethernet 0 interface. Therefore, the syslog messages are  sent and received at the log collector's Ethernet 0 interface. Data  forwarding from one interface to another interface is prohibited to  prevent potential security issues. The external identity stores are  supported only on the Ethernet 0 interface. In ACS 5.4, multiple network  interface connectors are also supported for proxies.
    But in the CSACS 1121 Series Appliance Rear View section, it still says on Ethernet 0 is usable. All other  interfaces are blocked.
    I am confused. Can anyone clarify for me if we can use multiple network interface in ACS 5.4? What about management interface?
    Thanks!

    We configured 2 interfaces in past within testing enviornment and it worked. ACS 5.4 supports multiple network interfaces on the UCS platform, on a virtual machine and on the legacy ACS 5.x IBM/CAM hardware. The ACS management functions use the interface eth0 only and the AAA protocols use all available network interfaces.
    Jatin Katyal
    - Do rate helpful posts -

  • Supported devices/users on Cisco ACS 4.2

    Hi,
    Does anyone know how many devices/users does Cisco ACS  4.2 support ?
    I need to know this information for a very large deployment.
    Regards,           

    Hello,
    The following items are general answers to common system-performance questions. The performance of ACS in your network depends on your specific environment and AAA requirements.
    •Maximum users supported by the ACS internal database—There is no theoretical limit to the number of users the ACS internal database can support. We have successfully tested ACS with databases in excess of 100,000 users. The practical limit for a single ACS authenticating against all its databases, internal and external, is 300,000 to 500,000 users. This number increases significantly if the authentication load is spread across a number of replicated ACS instances.
    •Transactions per second—Authentication and authorization transactions per second depend on many factors, most of which are external to ACS. For example, high network latency in communication with an external user database lowers the number of transactions per second that ACS can achieve.
    •Maximum number of AAA clients supported— ACS has been tested to support AAA services for approximately 50,000 AAA client configurations. This limitation is primarily a limitation of the ACS memory.
    System Performance Specification.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Overvw.html#wp827669
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Does ACS 1120 5.0 version support RSA?

    Hi all,
      We are using Cisco ACS 1120 with 5.0 base licenced for TACACS , does ACS 5.0 support RSA server as external database for authenticating the users as we do in the previous versions of 4.2,4.0.
    If so kindly let me know how we can do it ? or do we have any document?
    Regards
    Sreekanth

    This is supported in ACS 5.1. ACS 5.1 can be downloaded from CCO and can upgrade ACS 5.0 to ACS 5.1
    The RSA SecurID Agent is built in to ACS 5.1. Through the ACS GUI you can perform all the required configuration items to activate and configure the agent. This includes setting the:
    agent record (sdconf.rec)
    load balancing data (sdopts.rec)
    node secret (securid)
    agent status file (sdstatus.12)
    For more details, see http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1134728

  • Problem when try to use ACSE+ Windows AD to authenticate two kind of WLAN c

    I met a problem when try to use ACSE+ Windows AD to authenticate two kind of WLAN clients:
    1. Background:
    We have two WLAN: staff and student, both of them will use PEAP-MSCHAPv2, ACSE will be the Radius server, it will use Windows AD's user database. In AD, they create two groups: staff and student. The testing account for staff is staff1, the testing account for student is student1.
    2. Problem:
    If student1 try to associate to staff WLAN, since both staff and student WLAN using the same authentication method, the auth request will be send to AD user database, since student1 is a valid user account in AD, then it will pass the authentication, then it will join the staff WLAN. How to prevent this happen?
    3. Potential solution and its limitation:
    1) Use group mapping in ACSE(Dynamic VLAN Assignment with WLCs based on ACS to Active Directory Group Mapping), but ACS can only support group mapping for those groups that have no more than 500 users. But the student group will definitely exceed 500 users, how to solve it?
    2) Use methods like “Restrict WLAN Access based on SSID with WLC and Cisco Secure ACS”: Configure DNIS with ssid name in NAR of ACSE, but since DNIS/NAR is only configurable in ACSE, don't know if AD support it or not, is there any options in AD like DNIS/NAR in ACSE?
    Thanks for any suggestions!

    I think the documentation for ACS states:
    ACS can only support group mapping for users who belong to 500 or fewer Windows groups
    I read that as, If a user belongs to >500 Windows Group, ACS can't map it. The group can have over 500 users, its just those users can't belong to more than 500 groups.

  • More than one Windows ACS Remote Agent

    We recently added a second Windows Remote Agent to have Windows authentication service available for our two ACS.
    Agent definition (CSAgent.ini) is correct but in Network Configration - Remote Agent (on each ACS web console) we see that the second Remote Agent is "available" but "not in use" (while the first one is, of course).
    If we stop the CSAgent Service on the first Remote Agent server, we do not see any activity on the second one (auth not working) and service still remains "avilable" but "not in use".
    Then, debugging with csagent.exe -z -p all we can see is something like:
    Debug printing on..
    Logging mode: LOW
    ACSRemoteAgent server starting ==============================
    Running as console application.
    Will listen on port 2004
    Configuration will be fetched from 10.1.1.101:2003
    Agents: CSWinAgent
    CSWinAgent File: ..\bin\CSWinAgent.exe
    CSWinAgent Port: 2005
    1 agents configured
    Permitted CSAgent Clients: 10.1.9.10-11
    Hit Return/Enter to stop...
    Listener activated
    Watchdog activated
    CSWinAgent launched
    Client connecting from 10.1.9.10:4346
    RPC: Info request received
    RPC: Info reply sent
    Client disconnected, thread 944 terminating
    Client connecting from 10.1.9.10:4347
    RPC: Info request received
    RPC: Info reply sent
    Client disconnected, thread 2108 terminating
    Client connecting from 10.1.9.10:4348
    and, in the CSWinAgent log windows we see NO logs at all....
    Where are we wrong???

    You must use ACS Remote Agent for Windows, version 4.0, with ACS Solution Engine, version 4.0. Other releases of Cisco Secure ACS are not supported.
    The following URL may help you:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawi.html#wp300510

  • ACS Se 4.2.1.15 patch 4 and Windows 2008 R2

    Hi, Can anyone advise whether ACS Se and Remote Agent 4.2.1.15.4 supports Windows 2008 R2 please. Thank you.

    Hi,
    ACS 4.2.1.15 does not support windows 2008 R2.
    ACS 5.2 supports the same.
    It is a bug CSCtg12399 which is resolved on ACS 5.2.
    The release notes of ACS 5.2 describing the same.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html
    The following link gives details of the ACS 4.2 and Windows 2008 compatibility.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html#wp100949
    Hope this helps.
    Regards,
    Anisha
    P.S.: please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

  • Cisco Secure ACS 5.4/Monitoring and Report Viewer - SNMP Settings

    Hello Everyone.
    I hope this is the right forum for my question.
    We just purchased 8 1121 ACS 5.4 appliances. I have some familiarity with the older 1113 and 1120 appliances running ACS 4.2. So I have a lot to learn.
    Right now I'm trying to understand the Monitoring and Report Viewer System Configuration. I set the SNMP V2 read comm. string to the same string I configured from the CLI.
    etc-labacsb1-1/admin# show runn | inc snmp
    snmp-server contact "ACS1121;XXXXX"
    snmp-server location "B1 Lab"
    snmp-server community XXXXXX ro
    1) It was not the same string as configured on CLI. Does setting this give me access to query more than system type or server type MIB objects.
    2) Can you provide an example? (for example to query a switch -  snmpwalk -v 1 -c XXXXXX hostname 1.3.6.1.4.1.9.9.43)
    3) What is the MIB object tree OID (1.3.6.1.4.1.9.???) for these ACS appliances?
    Thanks in advance.
    Ray Westphal
    EHI

    that's correct. here is what we have in ACS 5.4 for snmp.
    ACS 5.4 supports Simple Network Management Protocol (SNMP) to provide logging services. The SNMP agent provides read-only SNMPv1 and SNMPv2c support. The supported MIBs include:
    •SNMPv2-MIB
    •RFC1213-MIB (MIB II)
    •IF-MIB
    •IP-MIB
    •TCP-MIB
    •UDP-MIB
    •CISCO-CDP-MIB
    •ENTITY-MIB
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/device_support/sdt54.html#wp71020
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • ACS - LDAP TCP Keepalive (v5.2)

    reposting as with subject including v5.2:
    Hello
    I have an ACS 4.2.1.15 patch 3 and Novell Netware LDAP Server separated by a Firewall. The Firewall's default tcp session timeout is 3600 seconds.
    When no LDAP-Request is made for over one hour, the Firewall drops the connection from its table. The Problem is, that the ACS-Server thinks the connection is still open. When it tries to send an LDAP-Query this results in retransmissions and finally a RST... On the User side the Authentication attempt fails (timeout).
    I tried to enable TCP Keepalives on the Windows-Server side, but this has no effect on the LDAP-Connections used by ACS.
    Is there any possibility to enable Keepalives in ACS?
    Thanks in advance for any help!
    Average Rating: 0 (0 Votes)
    Reply
    Outline View
    Javier Henderson
    159 posts sinceMar 12, 2010
    1. Dec 28, 2010 5:54 PM in response to: Zentraler Informatikdienst
    Re: ACS 4.2 - LDAP TCP Keepalive
    You are seeing the effects of bug CSCti03338 which I filed a few months ago, though it is supposed to be fixed on 4.2.1(15) patch 3. Please open a TAC case so we can look into this in detail.
    ACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP Keepalive
    Average Rating: 0 (0 Votes)
    Report Abuse
    Reply
    Juergen Meier
    2 posts sinceSep 28, 2010
    2. Jan 17, 2011 5:46 AM in response to: Javier Henderson
    Also ACS 5.2 (was: ACS 4.2 - LDAP TCP Keepalive)
    Apparently this bug has re-appeared in ACS 5.2 (5.2.0.26). ACS re-uses stale TCP connections many hours after the last TCP packet was sent.
    It also uses different TCP connections for LDAP search queries and the subsequent authentication bind requests, so sometimes the search query and sometimes the bind request fails due to the TCP connection been timed-out long ago on all network devices (stateful firewalls, IDS/IPS, load balancers) between the ACS and the LDAP servers.
    Further ACS fails to detect stale TCP connections and reports bogus authentication failures back to the NAS.
    A new ticket will be filed with TAC today.
    ACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP Keepalive
    Average Rating: 0 (0 Votes)
    Report Abuse
    Reply
    ROB SCHIERON
    5 posts sinceOct 20, 2010
    3. Feb 14, 2011 10:29 PM in response to: Juergen Meier
    Re: Also ACS 5.2 (was: ACS 4.2 - LDAP TCP Keepalive)
    I'm seeing this issue too on 5.2.0.26.1, running LDAP auth through a F5 Load Balancer to a pair of Sun directory servers.
    Did you make any progress with your TAC case?
    Without using the root patch, this command is useful for finding out what is going on (it's just netstat):
    # show tech-support | i ldap | i tcp
    ldap            389/tcp
    ldaps           636/tcp                         # LDAP over SSL
    tcp        0      0 exc2-acscor-1401:53892      acs.ldapunix.co:ldap ESTABLISHED
    tcp        0      0 exc2-acscor-1401:53893      acs.ldapunix.co:ldap ESTABLISHED
    tcp        0      0 exc2-acscor-1401:53890      acs.ldapunix.co:ldap ESTABLISHED
    tcp        0      0 exc2-acscor-1401:53891      acs.ldapunix.co:ldap ESTABLISHED
    tcp        0      0 exc2-acscor-1401:53889      acs.ldapunix..co:ldap ESTABLISHED
    Also try adjusting "Max. Admin Connections" for LDAP.
    From the admin guide:
    LDAP Connection Management
    ACS 5.1 supports multiple concurrent LDAP connections. Connections are opened on demand at the time of the first LDAP authentication. The maximum number of connections is configured for each LDAP server. Opening connections in advance shortens the authentication time. You can set the maximum number of connections to use for concurrent binding connections. The number of opened connections can be different for each LDAP server (primary or secondary) and is determined according to the maximum number of administration connections configured for each server.
    ACS retains a list of open LDAP connections (including the bind information) for each LDAP server that is configured in ACS. During the authentication process, the connection manager attempts to find an open connection from the pool. If an open connection does not exist, a new one is opened.
    If the LDAP server closed the connection, the connection manager reports an error during the first call to search the directory, and tries to renew the connection.
    After the authentication process is complete, the connection manager releases the connection to the connection manager.
    I'd be interested to hear if you have fixed your issue, or if anyone else is facing similar problems load balancing LDAP servers for the ACS.
    Cheers
    R.

    reposting as with subject including v5.2:
    Hello
    I have an ACS 4.2.1.15 patch 3 and Novell Netware LDAP Server separated by a Firewall. The Firewall's default tcp session timeout is 3600 seconds.
    When no LDAP-Request is made for over one hour, the Firewall drops the connection from its table. The Problem is, that the ACS-Server thinks the connection is still open. When it tries to send an LDAP-Query this results in retransmissions and finally a RST... On the User side the Authentication attempt fails (timeout).
    I tried to enable TCP Keepalives on the Windows-Server side, but this has no effect on the LDAP-Connections used by ACS.
    Is there any possibility to enable Keepalives in ACS?
    Thanks in advance for any help!
    Average Rating: 0 (0 Votes)
    Reply
    Outline View
    Javier Henderson
    159 posts sinceMar 12, 2010
    1. Dec 28, 2010 5:54 PM in response to: Zentraler Informatikdienst
    Re: ACS 4.2 - LDAP TCP Keepalive
    You are seeing the effects of bug CSCti03338 which I filed a few months ago, though it is supposed to be fixed on 4.2.1(15) patch 3. Please open a TAC case so we can look into this in detail.
    ACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP Keepalive
    Average Rating: 0 (0 Votes)
    Report Abuse
    Reply
    Juergen Meier
    2 posts sinceSep 28, 2010
    2. Jan 17, 2011 5:46 AM in response to: Javier Henderson
    Also ACS 5.2 (was: ACS 4.2 - LDAP TCP Keepalive)
    Apparently this bug has re-appeared in ACS 5.2 (5.2.0.26). ACS re-uses stale TCP connections many hours after the last TCP packet was sent.
    It also uses different TCP connections for LDAP search queries and the subsequent authentication bind requests, so sometimes the search query and sometimes the bind request fails due to the TCP connection been timed-out long ago on all network devices (stateful firewalls, IDS/IPS, load balancers) between the ACS and the LDAP servers.
    Further ACS fails to detect stale TCP connections and reports bogus authentication failures back to the NAS.
    A new ticket will be filed with TAC today.
    ACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP KeepaliveACS 4.2 - LDAP TCP Keepalive
    Average Rating: 0 (0 Votes)
    Report Abuse
    Reply
    ROB SCHIERON
    5 posts sinceOct 20, 2010
    3. Feb 14, 2011 10:29 PM in response to: Juergen Meier
    Re: Also ACS 5.2 (was: ACS 4.2 - LDAP TCP Keepalive)
    I'm seeing this issue too on 5.2.0.26.1, running LDAP auth through a F5 Load Balancer to a pair of Sun directory servers.
    Did you make any progress with your TAC case?
    Without using the root patch, this command is useful for finding out what is going on (it's just netstat):
    # show tech-support | i ldap | i tcp
    ldap            389/tcp
    ldaps           636/tcp                         # LDAP over SSL
    tcp        0      0 exc2-acscor-1401:53892      acs.ldapunix.co:ldap ESTABLISHED
    tcp        0      0 exc2-acscor-1401:53893      acs.ldapunix.co:ldap ESTABLISHED
    tcp        0      0 exc2-acscor-1401:53890      acs.ldapunix.co:ldap ESTABLISHED
    tcp        0      0 exc2-acscor-1401:53891      acs.ldapunix.co:ldap ESTABLISHED
    tcp        0      0 exc2-acscor-1401:53889      acs.ldapunix..co:ldap ESTABLISHED
    Also try adjusting "Max. Admin Connections" for LDAP.
    From the admin guide:
    LDAP Connection Management
    ACS 5.1 supports multiple concurrent LDAP connections. Connections are opened on demand at the time of the first LDAP authentication. The maximum number of connections is configured for each LDAP server. Opening connections in advance shortens the authentication time. You can set the maximum number of connections to use for concurrent binding connections. The number of opened connections can be different for each LDAP server (primary or secondary) and is determined according to the maximum number of administration connections configured for each server.
    ACS retains a list of open LDAP connections (including the bind information) for each LDAP server that is configured in ACS. During the authentication process, the connection manager attempts to find an open connection from the pool. If an open connection does not exist, a new one is opened.
    If the LDAP server closed the connection, the connection manager reports an error during the first call to search the directory, and tries to renew the connection.
    After the authentication process is complete, the connection manager releases the connection to the connection manager.
    I'd be interested to hear if you have fixed your issue, or if anyone else is facing similar problems load balancing LDAP servers for the ACS.
    Cheers
    R.

  • ACS Solutions 4.2.1 15-2

    I am having authorization issues with ACS Release 4.2(1) Build 15 Patch 2 for Windows.  I have certain devices that I can authentication and pass authorization.  However, on the 4900m routers (vrf enabled) and 3750 I can authenticated but fail authorization.   I have a custom attribute: shell:Admin*Admin default-domain, enabled under the  User Setting Tacacs+ setting.  Are there other parameter  in ACS 4.2.1  that need to be turned on?
    Thanks

    Hi,
    ACS 4.2.1.15 does not support windows 2008 R2.
    ACS 5.2 supports the same.
    It is a bug CSCtg12399 which is resolved on ACS 5.2.
    The release notes of ACS 5.2 describing the same.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html
    The following link gives details of the ACS 4.2 and Windows 2008 compatibility.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html#wp100949
    Hope this helps.
    Regards,
    Anisha
    P.S.: please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

Maybe you are looking for

  • Running virtual PC on iMac G3

    Hello forum. I'm new at this, so please forgive me if I do something stupid! I have taken over running an annual seminar which has a database that runs in ACT (a PC program). I've been successfully running the database under Virtual PC/OSX on my Powe

  • GETTING ERROR WHILE CREATING STOCK RELATED TO FI

    ERROR: Period 001/2012 is not open for account type S and G/L 799999. please give me the solution for this error Moderator: Please, avoid asking basic questions in CAPITAL letters

  • Touch screen not responding as it should

    Touch screen not responding properly and keeps locking up.

  • TM doesn't work with iphoto

    I have iphoto 6 and when i have it open and i click on TM in the dock it gets rid of iphoto and brings up the desktop folder instead. How can i get TM to work with iphoto visually?

  • Oracle Text Web Search

    Can someone point me to some tutorials for a simple web search app using oracle text? Thanks in advance, New-B