ACS & NAS Question

All,
I have my ACS loaded on a Win2K server and when I log into a router is it true that the router is the NAS device and that it (the router) sends the username and password information to the ACS server for verification? Also is the information being sent between the NAS and the ACS server encrypted or not?

Mario
In the terminology of ACS yes your router that you are logging into is the NAS. The authentication protocols were developed especially to facilitate the requirements of Access Servers and that terminology remains even though the protocol now serves a wider variety of devices.
The router does send the user name and password to the ACS server of verification. And the information is encrypted so it is safe while it passes through the network.
HTH
Rick

Similar Messages

  • ACS Backup question

    Two ACS questions
    1. I have been able to access a ACS 1121 by using a keyboard and screen, but I am not able to access the ACS using a console.
    The setup disk allows me to choose between using the Keyboard and screen and the console, but the console setup does not appear to work.
    Default settings for the console are 9066 8 n1 and I presume that the sys managment port is where I plug the console cable in?
    Any ideas
    2. With just a screen and console how do I backup the configuration to a file? There is a good chance that the equipment I am working will need to habe its configurations change when it travels?
    ideas?
    Thanks for your help

    Hi there,
    About your questions:
    1. Yes, this is possible. You can replicate information between the ACS appliance and the ACS Windows version. The requirement is to be running exactly the same version in both sides.
    2. That information is in the backup file. In ACS 4.x there is only one backup which contains all the server information. This behavior changes in version 5.x where there are multiple type of backup files now.
    Let me know if I answered your concerns.

  • Home Networking External Nas Questions with macbook

    i noticed when i access my external NAS drive over my network via macbook using the connect then > SMB://ip.address files transfer very quickly and i can drag a video from the NAS folder to vlc and it plays. unlike in windows xp wont even allow me to do this. My questions is what kind of program or application does mac osx using so i can find something similar to use or settings to change in windows. since in windows it downloads teh files to my hard drive and cant really stream like the mac.thanks

    well i guess i wanted to konw how apple/mac os x can access files way faster over the same network as the windows system. then again it is microsoft. ya i posted in a differnt forum. not much response.soo..ya

  • ACS Radius Question about Request Authenticator Field

    Hi, I did a little bit reading about Radius to understand more in deepth
    if I understand correctly the Request-Authenticator-Field in the Radius-Request Packet is just a random number and has nothing to do with the configured shared secret on AAA-Client.
    That would mean that ACS does not check the shared secret in an incoming request.
    So in case of CHAP Authentication the password in the request is not encrypted with the shared secret, ACS can successfully check the credentials from the request , though the shared secret between ACS and AAA-client does not match and will send a Radius Accept packet
    The Response-Authenticator-Field in the Radius-Accept Packet is a MD5 over (Code+ID+Length+RequestAuth+Attributes+SharedSecret)
    So if the the shared secret does not match the AAA-Client will recongize this and will not grant access.
    Is that true so far.
    I always thougth that shared secret must match, otherwise the ACS will not accept any radius-request?
    Thx
    hubert

    Hi Nicholas,
    pls see attached a packet-capture from 6 Radius-request of a AAA-Client (small Radius-Test-SW) and the answer from ACS
    1 PAP wrong key correct Password -> ACS logs failed auth
    2 PAP correct key correct Password -> ACS logs success auth
    3 CHAP wrong key correct Password -> ACS logs success auth
    4 CHAP correct key correct Password -> ACS logs success auth
    5 CHAP wrong key wrong Password -> ACS logs failed auth
    6 CHAP correct key wrong Password -> ACS logs failed auth

  • Cisco Secure ACS license question.

    On the Cisco ACS server under the internal identity stores… is “users” and “host” counted against the "base server license" or “network device license”?          

    Guess you are running ACS 5.x
    With  the Base license, Cisco Secure ACS 5.3 appliances or software virtual  machines can support deployments of up to 500 network devices  (authentication, authorization, and accounting [AAA] clients). The  number of network devices is based on how many unique IP addresses are  configured. This is not a limit for each individual appliance or  instance, but a deployment-wide limit that applies to a set of ACS  instances (primary and secondary) that are configured for replication.
    The  optional Large Deployment add-on license allows a deployment to support  more than 500 network devices. Only one Large Deployment license is  required per deployment as it is shared by all instances.
    For more info:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/product_bulletin_c25-689829.html
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Aperture to Lightroom NAS question

    Apple make a specific point of telling Aperture users that referenced files must NOT be held on networked drives.
    Does anyone know if referenced files in Lightroom are also a 'no no' with NAS drives?
    My ideal way of working would be Lightroom catalog held locally on my MacBook Pro with the actual picture files stored on a NAS drive.
    THANKS

    My ideal way of working would be Lightroom catalog held locally on my MacBook Pro with the actual picture files stored on a NAS drive.
    Many people use LR that way.

  • ACS appliance questions

    Is the OS on this appliance even accessible for management? Can services, such as snmp, be enabled? How does one back this thing up? Not having any luck looking through the documentation. Any help would be appreciated. Thanks

    The appliance is backed up using FTP. You can get to this by going to the following;
    System Configuration -> ACS Backup
    From here you setup the FTP Server, Login, Password, Directory and whether or not you want the backup encrypted.**If you encrypt the backup file it requires you to decrypt it by entering the password that you used to encrypt it. One way of telling if your files are encrypted is by looking for an "e" at the end of the file name..and just before the extension...(i.e. 10-aug-2006-04-00-00e.dmp) This file is encrypted.

  • NAS Questions

    For reasons I won't go into, my home/office network is no longer up and running.  And I'm getting tired of moving files around via thumb drive.  I want a way for three computers (and any future DLNA devices) which are not and for the time being cannot be connected to each other via any means, to access a common, RAID protected hard drive on the cheap.
    Any recommendations?

    to simplfy:
    NAS= Network attached storage. if your home network is not working then this cant work.
    if you have 3 systems the easiest it to turn one into the NAS. (oldest and add a raid card)
    Scott
    ADK

  • NAS Question and Suggestions

    Current Configuration:
    iMac 2.8 Intel Core Duo running Lion OSX (yes I regret that)
    2 iOmega 4TB HD's (iTunes Libraries) connected to a 1TB Time Machine BU Drive which is directly connected to my iMac via FIREWIRE 800.
    One of my 4TB drives is already full and the other is over half way. I have started looking at other storage options since the 4TB drives seem to be the biggest for direct connection drives out there.
    I have read all the horror stories about NAS' and Lion so obviously I will wait a bit before I make the trasition but in the meantime:
    I know next to nothing about NAS' so...
    I remember reading an old article that mentioned restrictions on file sizes and naming conventions on NAS' - Is this true or am I not remembering things correctly? I have 6+GB files so this would be an issue.
    Current plan is to connect this via my Airport Extreme Base Station via Ethernet is that the best way to go?
    When the manufacturer says it can support 3GB drives does that ever go up without getting a new unit (i.e. if 5GB drives become common place) would that be something a software or firmware update could fix or is that something really limited by physical limitations like cooling capacity?
    Also read a lot of horror stories about drive compatabilites with NAS' is that still a common problem or have things become more standardized?
    Is there such a thing as too big of an NAS? I have been leaning towards the Lacie 5big Network 2  but am wondering it having one single larger NAS is a bad idea and instead going with a couple of smaller units.
    I read this post: Best NAS for mac? The Synology mentioned is curious but I don't bitorrent or any of that stuff so it seemed like a lot of stuff I really don't need plus the max size at 12GB isn't great I am not concerned about backups as I do that onto blu-ray discs.
    Any suggestions or pointing me in the right direction would be greatly appreciated.

    I think the Lacies are fine. 10TB or the 15TB model is more than enough in my case.
    Speaking from experience, have you looked at the QNAP 5 bays models or Synology 5 bays models? I generally stick with those 2 brands when it comes to NAS.

  • Aperture - how to organize lots of Photos with MBA ?

    Hi,
    Apologies if this may be a repeated question (I know this has probably been asked for million times). 
    I am sincerely looking for some advise to structure and organize my photos, hopefully to get it right at the beginning rather than fixing afterwards.   Thanks in advance.
    - I have around 50k+ photos, taking about 1,000 per month
    - I just got a MBA, so obviously, I can't squeeze all these into the MBA
    - therefore, thinking to go for "Referenced Library" approach to store the masters in an external NAS
    Question 1 : can anyone recommend for how should I organize and where to store the Aperture library, the master, and the backup ?
    Question 2 : can anyone recommend for a flow and structure I should be following after taking some pictures ?
    For example, should I :
    1. first import all pictures into MBA, removing the unwanted, then relocate the master to NAS ? or,
    2. import all pictures into NAS, then perform the select and deletion .... etc.
    As reference, here is what I have :
    1. a 1TB timecapsule
    2. a MBA just bought, with ~170GB free
    3. a NAS (mirrored, connected to the timecapsule), with ~ 1.7TB space
    Background : I am not professional.  However, these pictures meant a lot to me so very keen to find a proper way to safekeep and organize them. Any experience / advise would be mostly welcome.  Much appreciated.

    Which version of iPhoto do you have?
    Is this the procedure you followed?
    http://docs.info.apple.com/article.html?path=iPhoto/9.0/en/pht75a3414a.html

  • Privileges for Cisco Devices

    I have ACS 3.2 and a bunch of TACACS configured Cisco devices.
    I want to give a limited set of access to techs the environment to modify VLAN assignments of ports.
    So they would need to be able to access privileged mode, but only execute things like:
    sh run
    config t
    config int y
    switchport access vlan x
    wr
    Will be sure to rate. Thanks!!!!
    Can someone help me understand how.

    This is more of ACS side question, and hence you should try to post it to CSC's AAA community here:
    https://supportforums.cisco.com/community/5936/aaa-identity-and-nac
    ACS does has this feature to provide restricted access to users by creating such a restricted profile.
    You can create Command Authorization Sets to perform this. Command authorization sets provide a central mechanism to control the authorization of each command issued on any given network device. This greatly enhances the scalability and manageability of setting authorization restrictions.
    You can check Command Authorization Set here for ACS 3.2:
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a4a.html#wp737563
    -Thanks
    Vinod
    **Encourage Contributors for free. Rate them :) **

  • WEP security

    hi,
    we are using 1130 AP with WEP encryption and MAC filtering iknow this is weak but i don't have extra budget to implement ACS, my questions:
    is there is any better security method to secure the wireless traffic without implemnting ACS?! can I use WPA without buying extra ...?!
    thanks

    If you want to implement something fast, then go with WPA2-PSK... WPA-PSK has already been compromised. Local EAP along with ACS or IAS or any other radius server will require you to import some sort of certificate. So it really depends on how much time you have:)

  • Does ACS include the NAS address in the payload?

    When ACS communicates with another authentication server (eg: ACE), does it include the NAS or the user's address in the ip packet payload?
    The reason for this question is that we want to use NAT between ACS and ACE. Obviously the NAT won't work if the real address is put in the payload.
    Thanks in advance

    If on ACS, ACE configured as an External Database, then ACS wont send NAS ip to ACE.
    The communication between ACS and ACE will be based on Radius protocol, and ACS will be added as a Radius client on ACE.
    If ACS is acting as a pure proxy radius server, and forwarding request to ACE, then payload will have NAS.
    How to configure Radius Token Server as an External Database on ACS:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/UsrDb.html#wp356090
    Regards,
    Prem

  • ACS 5.3 Database backup questions

                 I do an incermental backup every day at 02:00
    IncrementalBackup-Job
    Mon Sep 17 02:00:00 EST 2012
    Mon Sep 17 02:00:02 EST 2012
    Completed
    But  I get the  
    System Alarm [Database Purging]
    Mon Sep 17 04:00:00
    Incremental Backup not configured
    why?
    see contents of repository below so it is there
    CHIACS71/chacs01# sh repository DataBase
    acsviewdbfull_CHIACS71_20120912_095516.tar.gpg
    acsviewdbfull_CHIACS71_20120913_020000.tar.gpg
    acsviewdbincr_1_CHIACS71_20120914_020000.tar.gpg
    acsviewdbincr_2_CHIACS71_20120915_020000.tar.gpg
    acsviewdbincr_3_CHIACS71_20120916_020000.tar.gpg
    acsviewdbincr_4_CHIACS71_20120917_020000.tar.gpg
    catalog.xml
    repolock.cfg
    CHIACS71/chacs01#
    second question can I use my secondary ACS for the DataBase repository?

    Hi,
    You should use an nfs server, sftp or ftp repository for backups only, something that is dedicated for storage. I would not recommending using anything that is used for production which needs internal storage to take on the task of managing another applications data.
    As far as the the first question, i am not talking about the purging, i am talking about the scheduled application backups:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/admin_operations.html#wp1076238
    Tarik Admani
    *Please rate helpful posts*

  • I have forgotten my appleID password and the email it is linked to is deactivated, security questions aren't working. This is on my iPhone and iTunes acs so I can't sync with my new computer. How do I merge AppleID accounts and shut down the old one?

    I have forgotten my appleID password and the email it is linked to is deactivated, security questions aren't working. This is on my iPhone and iTunes acs so I can't sync with my new computer. How do I merge AppleID accounts and shut down the old one (when I have no password and the security questions aren't working?)

    You cannot merge Apple ID accounts, that has never been supported.
    You can contact the Apple ID Security folks per the listing in http://support.apple.com/kb/HT5699 and they can help reset security questions and get the account working.

Maybe you are looking for

  • Would like to change page size

    Hi, I'm trying to convert a Word Document with a page size of 7.5 by 10.5. When I input these settings into Word, the actual picture of the page shrinks. I have the virtual Adobe printer and have it set up for that page size because originally my tex

  • Loading updated classes dynamically

    Hi, I have some classes in the classpath which I am modifying and using them in the weblogic. I have to restart the weblogic if those updated classes are to be loaded. Is there any way by which weblogic can automatically take those classes whenever t

  • How to connect iphone to Yamaha U1 + older style disklavier floppy system?

    Hi all. After some searching, I found a late 1990s Yamaha U1 piano with Disklavier that uses floppies. It is in a U1 body (acoustic) and in mint condition with hammers in like new. Plays medium (not too mellow, not too bright).  I would *like* to be

  • Autodelete podcast in 11.1

    Was the autodelete option for podcasts removed in the iTunes upgrade (to 11.1), or was it just moved and I can't find it?

  • Anybody know how to use jave work with mapping file? help!

    mapping file are somehow those... <db-insert root-element> .....<map-info> something like that, and I dont know how java code can use with them..my database is mysql... or any reference site is good.? Thank you very much