ACS Configuration

Dear All,
I'm trying to install an ACS Solution Engine in My network for access control (AAA). I succeed in setting up authentication using the internal database and that works. now My boss want users to be authenticated through an external database (windows AD). I tried achieving this but kept getting different errors.(like EAP-TLS or PEAP authentication failed during SSL handshake) or (Authen session timed out: Challenge not provided by client).
please I need someone who has done this before to give Me a step by step procedure on how I can setup ACS SE for windows authentication.
Thanks

Hello mate,
first you have to configure an external identity store pointing to your active directory
then you need an access policy for your wireless service with
an Identity Policy where you define the identity result as your Active Directory store
an Network access Authorization Policy where you define a rule with a compound condition, where you set the dictionary ( AD-AD1) to match any active directoy users.
regards
Alex

Similar Messages

SPLIT ACS CONFIGURATION

     Hi all. in cisco's documentation, I found somthing about split acs deployment where both acs boxes can act as primary in their zones and then secondary for the other zone respectively, but I don't seem to understand how this can be done on the two acs boxes. My concern is this:
Is there a place where you can configure on each machine that machine "A" is the primary for this zone and machine "B" the other zone and vice visa?
I also want to believe that on each aaa client, the first tacacs server configured would be default aaa server less its on available, the client checks the next server just like the behaviour of acl.
Are there any docs that explain the replication of this database, and configurations required?
Regards all.
Thanks.

Hi
Split ACS Configuration is the concept of dividing the AAA load.
As per Cisco : In split ACS deployment, you use primary and secondary servers as in a small ACS deployment, but the AAA load is split between the two servers to optimize AAA flow. Each server handles the full workload of both servers in the event of a AAA connectivity problem, but during normal operations neither server carries the full load of authentication requests. This property of the servers allows for less stress on each ACS system, provides better loading, and makes you aware of the functional status of the secondary server through normal operations
If you want to Split the Load then you have to change the way of AAA deployment.
For Example : You have 2000 Decives & 2 ACS Then you can divide the load.
You can configure the 1000 Devices with : ACS 1 - Primary IP address
                                                               ACS 2 - Secondary IP address
& Other 1000 Devices with : ACS 2 - Secondary IP address
                                         ACS 1 - Primary   IP Address
In this way the Load of 2000 devices will be split between 2 ACS Server.
Regards
Chetan Kumar
http://chetanress.blogspot.com

Redundant ACS Configuration - IP Address Allocation

I have remote users that connect to the corporate network via vpn terminating on a VPN3k at the primary site. These users are authenticated and given IP addresses by Cisco Secure ACS. There is a backup site where the backup ACS is deployed. I would like for the remote users to be authenticated by the backup ACS when the primary is unavailable. Each ACS is configured with subnets that are advertised at its location. In other words, the IP address that are given to the remote users are from different ranges. Is it possible to configure the ACS to give the remote users an IP address from the range deployed at the primary site when they are connecting to the vpn3k located at the primary site but are being authenticated by the ACS from the backup site?

Dylan,
I recognized that I didn't really answer your question. You may have both ACS servers server the same IP Address to the client regardless of which VPN Concentrator is active. The key element being the advertisement of the client's IP address back into the network. If you are running OSPF/RIP then you may have the VPN Concentrator advertise the client's IP address via OSPF (or RIP) back into the network.
The ramification is the number of 32-bit mask routes that you may be injecting into your network.
Cheers,
Troy

How to enable ACS configuration audit

Dear Expert,
Im a newbie and ACS and i would like to know how to enable the "Configuration Audit" for someone login to my network devices using their ACS login and i can monitor what they did on it.
Appreciate if you could give me a simple steps .. thank you
ACS Version : 5.2.0.26
regards

This is a known defect.
CSCtn25508    Administrative and Operational Audit logs becomes unable to be recorded.
Symptom:
   Administrative and Operational Audit logs suddenly becomes unable to be recorded.
   The log can be configured at ACS5 GUI -> System Administration -> Configuration -> Log Configuration
   -> Logging Categories -> Global.
Conditions:
unknown.
Workaround:
none
This defect has been addressed in ACS 5.2 patch 7 and above.
Jatin Katyal
- Do rate helpful posts -

ACS configuration/database consolidation

Hello,
I have two ACS servers.
One is version 2.4 and the other is version 3.0.2.
My wish is to install a third server with ACS 4.0 that will replace the other two.
I planned the following steps:
1- upgrade versions 2.4 (srv1) and 3.0.2 (srv2) for 3.0.4;
2- Export using CSUtil tool the configuration data from both servers;
3- Manually consolidate all the data;
4- Install new server with version 3.0.4;
5- Import using CSUtil the consolidated data to the new server;
6- Upgrade the new server to version 4.0 following recommended upgrade path.
Any comments on these steps?
Is there any specia mechanism/tool to consolidate configuration from two distinct ACS servers?
Thanks in advance.
Regards,
Ricardo

Ricardo,
We cannot export devices with csutil. What we can do is search for devices on GUI and download a csv file of the search result.
Dbsync does not sync database between ACS Servers. Dbsync uses a csv file to add devices/users in bulk. So if we can create a csv file of users and devices we can import them into ACS. More about dbsync at :-
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/sad.htm#wp756877
Regards,
Vivek

Off-line ACS Configuration

I need to apply a basic configuration to an ACS appliance (5.2) then ship it off to another location to be installed. The initial installation script calls for you to configure the IP address, DNS, etc ... then pings the gateway and DNS before rebooting. If these pings fail will the installation fail?
In other words do I either need to be in the correct network or dummy it up with pingable addresses for the installation to continue properly?
Thanks

Thanks, I do not have physical access to the ACS after it gets moved off-site. So perhaps the best solution is to configure it with valid addresses for the location where I am performing the intial configuration - then it can do the pings and complete the installation.
Once the ACS reboots I can go into the CLI over the serial connection and change the IP address and default gateway (and DNS if needed). When that is complete I can power off and ship out. Sounds reasonable?
Thanks ...

ACS configuration for NAC authentication

Hello,
I've been trying to configure my ACS server to allow user authentication via the cisco NAM, but it does not seem to work anytime i try to log in with my configured username/password on the ACS server.
I need someone to guide me through how to get this resolved.
Regards,

I am assuming you are having the NAM authenticate NAC Agent login requests against ACS.
This can be done via RADIUS or LDAP.
Check out the Cisco NAC Chalk Talks, particularly 'Configuring Authentication, Roles, and SSO'
Chalk Talk Series
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html

How we can do SWAP VIP with multiple ACS configuration?

Hi,
We are using Azure ACS in our application, Also we have used customized ACS page as login form. now whenever we are deploying it to staging, settings available in customized ACS page works fine. but when we switch it to production then web config and
login page settings are not changing. How we can change it or is there any other to implement ACS?
Thanks & Regards
Sachin Jain

After implementing approach defined in
http://www.cloudidentity.com/blog/2011/05/31/EDIT-AND-APPLY-NEW-WIF-S-CONFIG-SETTINGS-IN-YOUR-WINDOWS-AZURE-WEBROLE-WITHOUT-REDEPLOYING/, I was unable to modify the web config. May be I missed some part or Azure is not allowing it. So
I modified it little bit and it worked with following steps:
Step1) Here I am assuming that you have created staging environment in Azure portal and also you have configured it in Azure ACS. I have used Azure ACS customized Login page and asp.net MVC form authentication. First we will modify our code
to read the settings from service configuration file and we will add the Staging GUID url and actual production URL into web config, under Audience URI section. Finally it will be uploaded to Azure portal into staging environment. In the Azure management
portal, we will change the login url settings from configuration tab then save it. Finally we will SWAP both the environments. while browsing application during VIP swap you might get Cryptographic exception which you also need to handle.
Step2) Whenever you download the customized login page from ACS portal then you will find script tag as shown below:
<script src="https://xxxxxxx.accesscontrol.windows.net:443/v2/metadata/IdentityProviders.js?protocol=wsfederation&realm=http%3a%2f%2f127.0.0.1%3a81%2f&reply_to=http%3a%2f%2f127.0.0.1%3a81%2f&context=&request_id=&version=1.0&callback=ShowSigninPage"type="text/javascript"></script>
Step3) Now replace the above code with the following code snippet and here we are trying to pick the login url from service configuration file:
<script src="@ViewBag.LoginURL" type="text/javascript"></script>
Step4) Now go to your controller and try to read the login url settings from service configuration file as shown below:
ViewBag.LoginURL = RoleEnvironment.GetConfigurationSettingValue("LoginURL");
Step5) Now open the service definition file and add setting for LoginUrl under configurationSettings tag as shown below:
<ConfigurationSettings>
<Setting name="LoginUrl" />
</ConfigurationSettings>
Step6) Open the Service configuration file and add the value for login url as shown below:
<ConfigurationSettings>
<Setting name="LoginUrl" value="https://xxxxxx.accesscontrol.windows.net:443/v2/metadata/IdentityProviders.js?protocol=wsfederation&realm=http%3a%2f%2fStaginGUID.cloudapp.net%3a81%2f&reply_to=http%3a%2f%2fStaginGUID.cloudapp.net%3a81%2f&context=&request_id=&version=1.0&callback=ShowSigninPage" />
</ConfigurationSettings>
Step7) you can get Login Url value from Azure ACS Integration tab which provides the above url. While copying the URL replace & with "&" otherwise you will get build error.
Step8) Now add the staging Guid Url and actual production url in web config file under <AudienceURI> section as shown below:
<audienceUris>
<add value="http://Production.cloudapp.net/" />
<add value="http://StagingGUID.cloudapp.net/" />
</audienceUris>
Step9) Publish the application to staging environment and test it. After testing go to configuration tab in azure portal and change the login url with the production URL. (Do not modify the URL or do not change & with &)
<script src="https://xxxxxxx.accesscontrol.windows.net:443/v2/metadata/IdentityProviders.js?protocol=wsfederation&realm=http%3a%2f%2fProduction.cloudapp.net%2f&reply_to=http%3a%2f%2fProduction.cloudapp.net%2f&context=&request_id=&version=1.0&callback=ShowSigninPage"type="text/javascript"></script>
Step10) Save the changes and Swap the environment. Now if you get cryptographic exception then you should handle it.
• Either change the machine key and explicitly define it into web config.
• Catch the exception and logout the user from application and not from windows live id, so that user can be forced to work on new version of application by using following code in Global.asax file:
protected void Application_Error(object sender, EventArgs e)
var error = Server.GetLastError();
var cryptoEx = error as CryptographicException;
if (cryptoEx != null)
FederatedAuthentication.WSFederationAuthenticationModule.SignOut();
Server.ClearError();

ACS Configuration Web Services: query problem

I don't know if this is the correct place to ask, I couldn't find a specific ACS category.
I am trying to do a query, according to chapter 4 in the ACS 5.3 Secure Access Control System 5.3
My URL is:
https://myurl/Rest/Identity/IdentityGroup/op/query
doing a PUT request
have a header of Content-Type: application/xml
and my payload is:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:query xmlns:ns2="query.rest.mgmt.acs.nm.cisco.com">
    <criteria xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:SimpleFilter">
        <simpleFilter>
            <propertyName>identityGroup</propertyName>
            <operation>EQUALS</operation>
            <value>AllGroups:Migrated_Group:NetworkEngineer</value>
        </simpleFilter>
    </criteria>
    <numberofItemsInPage>100</numberofItemsInPage>
    <startPageNumber>1</startPageNumber>
</ns2:query>
I get back:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:restResult xmlns:ns2="common.rest.mgmt.acs.nm.cisco.com"><errorCode>61000</errorCode><httpCode>400</httpCode><moreErrInfo>XML Parsing Error: Unable to create an instance of com.cisco.nm.acs.mgmt.rest.query.AbstractFilter. </moreErrInfo><operationType>NOT_AVAILABLE</operationType><resourceType>NOT_AVAILABLE</resourceType><status>BAD_REQUEST</status></ns2:restResult>
and a 400 Bad Request.
Can you tell me what I am doing wrong?
All I want to do is get a list of users who belong to that group?
Jerry

I learned that a simple filter does not need the ... bracketiing, so this would work:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:SimpleFilter">
            identityGroup
            EQUALS
            AllGroups:Migrated_Group:NetworkEngineer
    100
    1
- See more at: https://supportforums.cisco.com/message/3863518#sthash.PpJTEbyv.dpuf

ACS Server: External Authentication configuration error

Hi ALL
I have installed the ACS server and configure properly and it works fine.
But whenever i restart the machine, following error message appears on the external database configuration wizard.
External Authentication Configuration Error
ACS has encountered a problem while attempting to process your request. This could be due to one of the following:
An incorrect installation or configuration of the third-party DLLs required to support this External Database
A corrupt ACS configuration
So after i found this error, i just restart all the seven services and every things works fine.
I always encountered the same error message after restarting the machine each time.
Can any body recomend the solution or can help me to resolve the issue.
Thanks

Hi,
Please try the following workaround.
1. Go to Start > Programs > Administrative Tools > Services.
2. Stop the following services in the following order.
CSAuth
CSDbSync
CSLog
CSMon
CSRadius
CSTacacs
CSAdmin
3. After stopping the following services, start them all again in the following order.
CSAdmin
CSAuth
CSDbSync
CSLog
CSMon
CSRadius
CSTacacs
Please let me know if this was able to help.
If the above doesn't help, please reinstall the ACS as the dll files that are being used
by the ACS have been corrupted, before uninstalling and reinstalling, do take a
backup of ACS server database from System Configuration > ACS backup > Backup Now.
Also make sure that the ACS is installed on the default drive.
tnx
somishra

Problem when try to use ACSE+ Windows AD to authenticate two kind of WLAN c

I met a problem when try to use ACSE+ Windows AD to authenticate two kind of WLAN clients:
1. Background:
We have two WLAN: staff and student, both of them will use PEAP-MSCHAPv2, ACSE will be the Radius server, it will use Windows AD's user database. In AD, they create two groups: staff and student. The testing account for staff is staff1, the testing account for student is student1.
2. Problem:
If student1 try to associate to staff WLAN, since both staff and student WLAN using the same authentication method, the auth request will be send to AD user database, since student1 is a valid user account in AD, then it will pass the authentication, then it will join the staff WLAN. How to prevent this happen?
3. Potential solution and its limitation:
1) Use group mapping in ACSE(Dynamic VLAN Assignment with WLCs based on ACS to Active Directory Group Mapping), but ACS can only support group mapping for those groups that have no more than 500 users. But the student group will definitely exceed 500 users, how to solve it?
2) Use methods like âRestrict WLAN Access based on SSID with WLC and Cisco Secure ACSâ: Configure DNIS with ssid name in NAR of ACSE, but since DNIS/NAR is only configurable in ACSE, don't know if AD support it or not, is there any options in AD like DNIS/NAR in ACSE?
Thanks for any suggestions!

I think the documentation for ACS states:
ACS can only support group mapping for users who belong to 500 or fewer Windows groups
I read that as, If a user belongs to >500 Windows Group, ACS can't map it. The group can have over 500 users, its just those users can't belong to more than 500 groups.

ACS 5.3 - comman sets not working

We installed ACS 5.3 on Vmware -cent os , and a cisco router is configured to authenticate to this TACACS+ server ,
i am able to login to router using the specified TACACS username ./ password and able to see the hits also as below in the policy ,
But the Command sets are not working as definded, pls help me to find the problem..
Filter:
StatusNameIdentity GroupNDG:LocationNDG:Device TypeTime And DateCommand SetsShell ProfileHit Counts
Match if:
EqualsNot Equals
EnabledDisabledMonitor Only
Status
Name
Conditions
Results
Hit Count
Identity Group
NDG:Location
NDG:Device Type
Time And Date
Command Sets
Shell Profile
1
RO ACCESS
in All Groups:READ ONLY ACCESS
in All Locations
in All Device Types
-ANY-
READ ONLY POLICY
RO SHELL
10
2
RESTRICTED ACCESS
in All Groups:RESTRICTED ACCESS
in All Locations
in All Device Types
-ANY-
RESTRICTED USER POLICY
Permit Access
1
3
SUPER ADMIN ACCESS
in All Groups:FULL ACCESS
in All Locations
in All Device Types
-ANY-
PERMIT ALL POLICY
Permit Access
0

Logs for such a RO-read only user login
AAA Protocol > TACACS+ Authentication Details
Date :
August 27, 2012
Generated on August 28, 2012 7:13:37 AM UTC
Authentication Details
Status:
Passed
Failure Reason:
Logged At:
Aug 27, 2012 12:18 PM
ACS Time:
Aug 27, 2012 12:18 PM
ACS Instance:
acsserver
Authentication Method:
PAP_ASCII
Authentication Type:
ASCII
Privilege Level:
15
User
Username:
muthu
Remote Address:
172.20.1.25
Network Device
Network Device:
Default Network Device
Network Device IP Address:
192.168.251.26
Network Device Groups:
Device Type:All Device Types, Location:All Locations
Access Policy
Access Service:
TAFE POLICY1
Identity Store:
Internal Users
Selected Shell Profile:
RO SHELL
Active Directory Domain:
Identity Group:
All Groups:READ ONLY ACCESS
Access Service Selection Matched Rule :
Rule-2
Identity Policy Matched Rule:
Default
Selected Identity Stores:
Internal Users, Internal Users
Query Identity Stores:
Selected Query Identity Stores:
Group Mapping Policy Matched Rule:
Default
Authorization Policy Matched Rule:
RO ACCESS
Authorization Exception Policy Matched Rule:
Other
ACS Session ID:
acsserver/132692348/212
Service:
Login
AV Pairs:
Response Time:
4
Other Attributes:
ACSVersion=acs-5.3.0.40-B.839
ConfigVersionId=97
Protocol=Tacacs
Type=Authentication
Action=Login
Port=tty194
Action=Login
Port=tty194
UserIdentityGroup=IdentityGroup:All Groups:READ ONLY ACCESS
Authentication Result
Type=Authentication
Authen-Reply-Status=Pass
Steps
Get TACACS+ default network device setting.
Received TACACS+ Authentication START Request
Evaluating Service Selection Policy
Matched rule
Selected Access Service - TAFE POLICY1
Returned TACACS+ Authentication Reply
Get TACACS+ default network device setting.
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
Evaluating Identity Policy
Matched Default Rule
Selected Identity Store - Internal Users
Looking up User in Internal Users IDStore - muthu
Found User in Internal Users IDStore
TACACS+ will use the password prompt from global TACACS+ configuration.
Returned TACACS+ Authentication Reply
Get TACACS+ default network device setting.
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
Evaluating Identity Policy
Matched Default Rule
Selected Identity Store - Internal Users
Looking up User in Internal Users IDStore - muthu
Found User in Internal Users IDStore
Authentication Passed
Evaluating Group Mapping Policy
Matched Default Rule
Evaluating Exception Authorization Policy
No rule was matched
Evaluating Authorization Policy
Matched rule
Returned TACACS+ Authentication Reply
Additional Details
Diagnostics ACS Configuration Changes

802.1x with ACS does not correctly work

Hello
I have here a WLan setup with a WDS, some 40 Accesspoints, an ACS 4.1 server and a Windows Domain Controller which has the users configured.
I have a group mapping in ACS configured which points to a small group in the ADS.
The groupmapping in ACS points to a specific group in ACS.
There I've configured the following:
[009\001] cisco-av-pair
- ssid=xx-200 (the name of the SSID the clients connect)
[006] Service-Type
- Login
[007] Framed-Protocol
- PPP
[025] Class
- OU=pers; (this is not the special group where those users are in, but they are also in this one)
[064] Tunnel-Type
- Tag 1 Value Vlan
[065] Tunnel-Medium-Type
- Tag 1 Value 802
[081] Tunnel-Private-Group-ID
- Tag 1 Value 200 (the Vlan in which they should go)
The good thing is, authentication with username password works.
The bad thing is, every user can authenticate and get into this SSID instead of only the users in the special group which points to this groupmapping.
The other ADS groups also point to other ACS groups, but they don't have the above values ([009\001] cisco-av-pair, [064] Tunnel-Type, [065] Tunnel-Medium-Type, [081] Tunnel-Private-Group-ID) configured.
The logfile from the ACS also shows that the wrong users are mapped into the correct group like they should, but they still get access.
Here the WDS configuration:
aaa group server radius RADIUS_GROUP_WDS_RADIOMANAGEMENT
server 10.1.1.30 auth-port 1645 acct-port 1646
server 10.1.2.30 auth-port 1645 acct-port 1646
aaa authentication login METHOD_WDS_RADIOMANAGEMENT group RADIUS_GROUP_WDS_RADIOMANAGEMENT
aaa authentication enable default enable
aaa session-id common
radius-server host 10.1.1.30 auth-port 1645 acct-port 1646 key 7 xxxx
radius-server host 10.1.2.30 auth-port 1645 acct-port 1646 key 7 xxxx
radius-server retransmit 2
radius-server timeout 18
radius-server deadtime 1
radius-server vsa send accounting
wlccp authentication-server infrastructure METHOD_WDS_RADIOMANAGEMENT
wlccp authentication-server client any METHOD_WDS_RADIOMANAGEMENT
ssid xx-200
The accesspoint config:
aaa authentication login METHOD_RAD_WDS_CLIENT group radius
aaa authentication enable default enable
aaa session-id common
dot11 ssid xx-200
vlan 200
authentication open eap METHOD_RAD_WDS_CLIENT
authentication network-eap METHOD_RAD_WDS_CLIENT
authentication key-management wpa
interface Dot11Radio0
encryption vlan 200 mode ciphers aes-ccm
broadcast-key vlan 200 change 60
ssid xx-200
interface Dot11Radio0.200
description
encapsulation dot1Q 200
no ip route-cache
no cdp enable
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
interface FastEthernet0.200
description
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled
I hope you can find why any user can authenticate and not just the ones in the groupmapping which has the radius attributes configured.
Thanks,
pato

I have finally found something to look into :/
000619: Jan 18 16:50:11 A: RADIUS: AAA Unsupported Attr: ssid [263] 6
000620: Jan 18 16:50:11 A: RADIUS: 48 53 52 2D [xxx-]
000621: Jan 18 16:50:11 A: RADIUS: AAA Unsupported Attr: interface [156] 4
000622: Jan 18 16:50:11 A: RADIUS: 32 35 [25]
This is with various debugging active on the WDS. And this might be the reason why it doesn't work.

Adding a Custom VSA to a Group - ACS Appliance

Hi,
Using a secure ACS Appliance 4.0
I want to add a new RADIUS Vendor and its associated VSA to the ACS configuration. This will then be returned during Authorization.
I have already added the new Vendor and the required VSA through RDBMS. I can now see the new vendor as RADIUS (vendor) in NAP Profile etc
However I cannot seem to find a way that how would i set the Value of the Added VSA ? And assign it to a particular group ? I cannot seem to find that VSA anywhere.

Add a AAA client with "Authenticate using" Radius(vendor)
then go to Interface Configuration and enable VSA for Group/User
~Rohit

Cisco sns-3415 configuration

Hi Team
we brought new Cisco sns-3415 ACS configuration somebody please help to configure this on first time. I am simply first time on this device so I look forward first level configuration guide. find below the configuration details.
SNS-3415-K9
Small Secure Network Server for ISE NAC & ACS Applications
CON-SNT-SNS3415
SMARTNET 8X5XNBD Small Secure Network
CSACS-3415-K9
ACS application & BASE license for SNS-3415-K9 appliance
CSACS-5-BASE-LIC
Cisco Secure ACS 5 Base License
CSACS-ACCYKIT
Accessory Kit for Access Control System SW on 3415-appliance
SFS-250V-10A-ID
SFS Power Cord - 250V 10A India
SNS-4GBSR-1X041RY
4GB 1600 Mhz Memory Module
SNS-600GB-HDD
600 GB Hard Disk Drive
SNS-650W-PSU
650W power supply for C-series rack servers + cord (configur
SNS-CPU-2609-E5
2.4 GHz E5-2609/80W 4C/10MB Cache/DDR3 1600MHz
SNS-N2XX-ABPCI01
Broadcom 5709 Dual Port 10/100/1Gb NIC w/TOE iSCSI
SNS-RAID-ROM5
Embedded SW RAID 0/1/10 8 ports SAS/SATA
SNS-UCS-TPM
Trusted Platform Module for UCS servers
Thanks
Sreejesh S

check Cisco how to guides for step by step configuration just follow the instruction and you can easily configure the setup also when you first open the ISE there is an option for express setup (Auto config) but i would suggest for the guide (link given below)
https://www.cisco.com/en/go/trustsec.
**********Do rate Helpful posts************************

ACS Configuration

Similar Messages

Maybe you are looking for