Cisco 1121 acs 5.1

It's impossible to use acs 5.2 recovery DVD to cisco 1121 acs 5.1?

You mean that you can't donwload ACS 5.x DVD from cisco.com. I have added a link for you. This link will take you directly on the section from where you can download the recovery image. http://tools.cisco.com/squish/FCd77
File need to be downloaded:
ACS 5.1.0.44 FCS Official version
ACS_v5.1.0.44.iso
If you can't access the above link or you're getting some privilege related issues ( please post that in your next response) then you have 2 options:
1.] If you have a valid contract for ACS 5.x with cisco, open a TAC case so that they can publish the recovery DVD (.ISO image) on your registered id. Would not take much time.
2.] If you don't have a contract or its expired or TAC couldn't entitled you for this download then I would encourage you to contact your cisco accounts team as they may be able to help you.
Jatin Katyal
- Do rate helpful posts -

Similar Messages

  • Cisco Secure ACS 5.4/Monitoring and Report Viewer - SNMP Settings

    Hello Everyone.
    I hope this is the right forum for my question.
    We just purchased 8 1121 ACS 5.4 appliances. I have some familiarity with the older 1113 and 1120 appliances running ACS 4.2. So I have a lot to learn.
    Right now I'm trying to understand the Monitoring and Report Viewer System Configuration. I set the SNMP V2 read comm. string to the same string I configured from the CLI.
    etc-labacsb1-1/admin# show runn | inc snmp
    snmp-server contact "ACS1121;XXXXX"
    snmp-server location "B1 Lab"
    snmp-server community XXXXXX ro
    1) It was not the same string as configured on CLI. Does setting this give me access to query more than system type or server type MIB objects.
    2) Can you provide an example? (for example to query a switch -  snmpwalk -v 1 -c XXXXXX hostname 1.3.6.1.4.1.9.9.43)
    3) What is the MIB object tree OID (1.3.6.1.4.1.9.???) for these ACS appliances?
    Thanks in advance.
    Ray Westphal
    EHI

    that's correct. here is what we have in ACS 5.4 for snmp.
    ACS 5.4 supports Simple Network Management Protocol (SNMP) to provide logging services. The SNMP agent provides read-only SNMPv1 and SNMPv2c support. The supported MIBs include:
    •SNMPv2-MIB
    •RFC1213-MIB (MIB II)
    •IF-MIB
    •IP-MIB
    •TCP-MIB
    •UDP-MIB
    •CISCO-CDP-MIB
    •ENTITY-MIB
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/device_support/sdt54.html#wp71020
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Upgrade path for Cisco Secure ACS 4.X Solution Engine 1113 Appliance.

    Hello,
    I am having Cisco Secure ACS 4.X Solution Engine 1113 Appliance, and is running on version Cisco Secure ACS Release 4.1(1) Build 23 and now want to upgarde it to the latest version. Need to know the upgrade path for the same. As per my information ACS 4.1(1) runs on windows server and releases post to 5.X uses Linux. Please guide how can i upgrade Appliance 1113 from 4.1 to 5.x

    Hi,
    Cisco ACS 1113 appliance doesn't support ACS 5.x version. 1113 appliance supports till ACS 4.2.1 version.
    Cisco ACS SE 1120/1121 appliance models are required for ACS 5.x
    The upgrade path for ACS 4.1 to 4.2.1 version can be found in the following link :
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1237189
    Regards,
    Karthik Chandran
    *kindly rate helpful post*

  • Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory

    Hello,
    Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory?  I'm not having success in setting this up and would like to see what a successful authentication debug looks.  Below is my current situation:
    Oct  6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:23: TPLUS: processing authentication start request id 444
    Oct  6 13:52:23: TPLUS: Authentication start packet created for 444()
    Oct  6 13:52:23: TPLUS: Using server 110.34.5.143
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
    Oct  6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Oct  6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
    Oct  6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
    Oct  6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
    Oct  6 13:52:23: T+: user: 
    Oct  6 13:52:23: T+: port:  tty515
    Oct  6 13:52:23: T+: rem_addr:  10.10.10.10
    Oct  6 13:52:23: T+: data: 
    Oct  6 13:52:23: T+: End Packet
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
    Oct  6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Oct  6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
    Oct  6 13:52:23: T+: msg:  Username:
    Oct  6 13:52:23: T+: data: 
    Oct  6 13:52:23: T+: End Packet
    Oct  6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:23: TPLUS: Received authen response status GET_USER (7)
    Oct  6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:30: TPLUS: processing authentication continue request id 444
    Oct  6 13:52:30: TPLUS: Authentication continue packet generated for 444
    Oct  6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
    Oct  6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
    Oct  6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
    Oct  6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
    Oct  6 13:52:30: T+: User msg: <elided>
    Oct  6 13:52:30: T+: User data: 
    Oct  6 13:52:30: T+: End Packet
    Oct  6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
    Oct  6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
    Oct  6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
    Oct  6 13:52:30: T+: msg:  Password:
    Oct  6 13:52:30: T+: data: 
    Oct  6 13:52:30: T+: End Packet
    Oct  6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
    Oct  6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:37: TPLUS: processing authentication continue request id 444
    Oct  6 13:52:37: TPLUS: Authentication continue packet generated for 444
    Oct  6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
    Oct  6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
    Oct  6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
    Oct  6 13:52:37: T+: User msg: <elided>
    Oct  6 13:52:37: T+: User data: 
    Oct  6 13:52:37: T+: End Packet
    Oct  6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
    Oct  6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
    Oct  6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
    Oct  6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
    Oct  6 13:52:37: T+: msg:  Error during authentication
    Oct  6 13:52:37: T+: data: 
    Oct  6 13:52:37: T+: End Packet
    Oct  6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:37: TPLUS: Received Authen status error
    Oct  6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
    Oct  6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
    Oct  6 13:52:37: TPLUS: Choosing next server 101.34.5.143
    Oct  6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
    Oct  6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
    Oct  6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:49: TPLUS: processing authentication start request id 444
    Oct  6 13:52:49: TPLUS: Authentication start packet created for 444()
    Oct  6 13:52:49: TPLUS: Using server 172.24.5.143
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
    Oct  6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Oct  6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
    Oct  6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
    Oct  6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
    Oct  6 13:52:49: T+: user: 
    Oct  6 13:52:49: T+: port:  tty515
    Oct  6 13:52:49: T+: rem_addr:  10.10.10.10
    Oct  6 13:52:49: T+: data: 
    Oct  6 13:52:49: T+: End Packet
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
    Oct  6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Oct  6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
    Oct  6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
    Oct  6 13:52:49: T+: msg:   0x0A User Access Verification 0x0A  0x0A Username:
    Oct  6 13:52:49: T+: data: 
    Oct  6 13:52:49: T+: End Packet
    Oct  6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:49: TPLUS: Received authen response status GET_USER (7)
    The 1113 acs failed reports shows:
    External DB is not operational
    thanks,
    james

    Hi James,
    We get External DB is not operational. Could you confirm if under External Databases > Unknown User           Policy, and verify you have the AD/ Windows database at the top?
    this error means the external server might not correctly configured on ACS external database section.
    Another point is to make sure we have remote agent installed on supported windows server.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
    Also provide the Auth logs from the server running remote agent, e.g.:-
    AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
    Attempting Windows authentication for user v-michal
    AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
    authentication FAILED (error 1783L)
    thanks,
    Vinay

  • With Cisco Secure ACS For Windows TACACS+, authentication fails with AD

      I am setting up a Cisco Secure ACS 4.2 server to act as a TACACS server for Switches and Routers  I am using Windows 2003 server for the ACS,
    and a Windows 2003 Active Directory server.  The AD server is fine, as it is used for many other things.
    I have set up ACS as defined nit he installation guide, including all the steps in the 'Member Server' section of the install guide
    when using AD as an external database (i.e. setting up the services to run with a domain admin account, setting up a machine called 'CISCO'
    on the domain etc).
    I've set the unknown user policy to use the Windows database if the internal database doesn;t contain the user details.
    If I add a user to the internal database, the authentication goes through fine, with an entry in the 'Passed Authentications' log,
    02/24/2010,05:07:03,Authen failed,eXXXX,Network Administrators(NDG) ,X.X.X.X,(Default),Internal error,,(geting error message as INternal Error)
    I've scoured google etc, and just cannot come up with any reason why this should be happening.
      I've followed all the install guides to the letter.  I need to get this up and running as soon as possible,
    so am looking forward to finding out if anyone can help me with this one!
    THanks and regards
    Sharan

    Hi  Jesse,
    Thasts a great answer and Soution.
    My previous version was 4.2 and it was installed on 64 bit machine hence getting internal Error.
    After this answer i have upgraded it to ACS4.2.1 and its started working fine
    Thanks very much for the help
    Dipu

  • Setting privileges in Cisco Secure ACS Version 5.1.0.44

    I am setting privileges in Cisco Secure ACS Version 5.1.0.44.
    In the command sets from the ACS server, I denied few commands as can be seen in the attached screenshot and selected 'Permit any command that is not in the table below'.
    I am unable to see some commands like "Show running-configuration" from the router I was testing. What changes should I do to see all the commands other than the denied commands. Your help will be rated. Thank you.

    Hi,
    The ACS is able to handle permit or deny commands.
    I created a configuration example that will help you to understand command shell.(see attach doc)
    Instead of using show running-config please use show config.
    also make sure that all the users are using privilege 15.
    Regards,

  • Cisco Secure ACS

    Hi all,
    With the Base license, a Cisco Secure ACS 5.6 appliance or software virtual machine can support the deployment of up to 500 network access devices (NADs) such as routers and switches. These are not authentication, authorization, and accounting (AAA) clients. The number of network devices is based on the number of unique IP addresses that are configured.
    So, when i have 1 firewall for vpn gateway, and using acs as an aaa server, how much network access device which is counted ? 1 or as many as vpn client connected to the firewall ?
    500 network access device means concurrent connection or not ?

    ACS is based on the number of NADs (Network Access Devices) like switches, routers, ASAs, etc. So in your example, your Firewall will consume 1 license regardless of the total number of VPN sessions. 
    With ISE, the licenses are based on the total number of endpoints. So in your example, each VPN session will take a license. 
    I hope this helps!
    Thank you for rating helpful posts!

  • EAP-TLS witch Cisco Secure ACS

    Hi everyone,
    we have implemented wpa/leap in our WLAN. We would use certificates for machine authentication. There is a Cisco Secure ACS Server 3.3 installed.
    Is it possible to use the ACS self generated certificate without a CA ?
    The examples I found on the web describes only the configuration with CSACS with Microsoft CA.
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a6b.html
    We use Cisco AP1231/AP1232 with 12.3.4JA.
    I think for machine authentication we have to install a CA. Let me know, how you think about that issue.
    Armin

    There are no much options on Client side: MS PEAP, EAP-TLS, EAP-MD5. ACS version 3.3 can generate self-signed certificate (for itself) without the need to install separate CA server. So I'd recommend you to use MS PEAP (PEAP MS-CHAPv2) with self-signed certificate on ACS.

  • Reporting & Audit Compliance Solutions for Cisco Secure ACS

    The Cisco Secure ACS Access Control Server is probably the worlds best selling remote access security solutions and its quite likely that you're already using it! Wouldn't it be great to know exactly what it was doing? Further still, when you have to provide audit documentation regarding your policies and how effective they are, how long does this take and what valuable data remains locked inside the ACS database and logs?
    extraxi offer a range of products that deliver a complete solution for harvesting, managing and analyzing your ACS/SBR log data to meet the increasing demands for regulatory compliance (SOX, COBIT) and overall enterprise monitoring and security.
    We are proud to supply customers including Intel, Ford, Lego, T-Mobile, US Dept of State, US Army, British Telecom, First Energy, TNT Express, Kodak and JP Morgan and many more so why not take a look at our industry leading solutions and evaluate the benefits for your organization...
    Featured Products:
    * aaa-reports! enterprise edition - Automated Reporting
    The best reporting system for Cisco Secure ACS and Funk SBR just got a whole lot better! Improved reports, enhanced filtering and query builder and now with up to 48GB internal storage based on SQL Server technology makes this the ideal solution for large or complex AAA deployments and those that need the additional functionality from the standard aaa-reports! tool.
    With aaa-reports! enterprise you have a complete application for reporting including many canned reports (each with flexible filtering options) and a point-n-click query builder for designing custom reports.
    For historic trending, forensics and audit compliance there simply is no better reporting application for Cisco Secure ACS or Funk/Juniper SBR.
    * csvsync - Automated ACS Database & Log File Collection
    csvsync allows you to download CSV log data (RADIUS, TACACS+, Passed/Failed Attempts etc) directly from any number of Cisco Secure ACS servers (Windows & Appliance) via http(s). Version 3.0 now supports the collection of ACS database itself for import into aaa-reports and detailed reporting based on the ACS security policies. Simple, secure and efficient, csvsync is the best solution for harvesting log data from your Cisco Secure ACS servers.
    Download fully working 60 day trial versions at http://www.extraxi.com/rq.asp?utm_source=technet&utm_medium=forum
    Fore more information please visit http://www.extraxi.com/?utm_source=technet&utm_medium=forum

    bump

  • Patch rollup for Cisco Secure ACS 4.2 fails.

    I've got 2 freshly installed ACS 4.2 for Windows servers and I need to apply the latest patch rollup before I build the configurations.  I stopped the ACS services and ran Acs-4.2.0.124.15-SW.exe to install the patches.  The application begins running fine but fails on upgrading the database and then none of the ACS services would start.  I was able to restore the files from the backup that runs with the patch utility and get ACS functioning again.  What am I missing - does the patch rollup require any specific Microsoft Patches to be installed or something like that?
    Thanks

    Thanks for the feedback.  I attempted the patch rollup install again and it failed in the same place - on the database upgrade.  I did think of one thing.  Do I need to have my antivirus/protection services disabled prior to installing the rollup?
    Also my versions are as follows:
    Server OS - Windows Server 2003 R2
    Cisco Secure ACS - 4.2.(0) Build 124
    Thanks,
    Richard Jaehne

  • Cisco Secure ACS with UCP assistance and enable password

    I am running Cisco Secure ACS version 4.2 running on a
    Standalone Windows 2003 Enterprise 2003with the lastest
    windows service pack and update. Secure ACS is running
    fine and I can authenticate with Cisco routers and
    switches. The Windows 2003 server is also running Microsoft
    IIS Server. In other words, the IIS server and Cisco
    Secure ACS is running on the same windows 2003 server.
    I am trying to get Cisco User-Changeable password to work
    with Cisco Secure ACS. I followed the release notes lines
    by lines and the work around provided below:
    Also server require more privileges for the internal windows user that runs CSusercgi.exe.
    The name of the windows user that runs UCP is IUSR_<machine_name>.
    Workaround steps:
    1) Install UCP 4 on a machine that runs IIS server.
    2) Open IIS manager
    3) Locate Default Web Site
    4) Double click on the virtual name 'securecgi-bin'
    5) Right click on CSusercgi.exe and choose Properties
    6) Choose 'File Security' tab
    7) Choose 'Edit' in 'Authentication and access control' area
    8) Change username from IUSR_<machine_name> to 'Administrator' and enter his
    password (make sure that 'Integrated Windows authentication' is checked)
    I still can NOT get this to work. I got this error:
    It says:
    The page cannot be found
    The page you are looking for might have been removed,
    had its name changed, or is temporarily unavailable.
    HTTP Error 404 - File or directory not found.
    Internet Information Services (IIS)
    I modified everything in the Windows 2003 to be "ALLOWED" by
    EVERYONE. In other words, there are NO security on the windows 2003.
    It is still NOT working.
    The other question I have is that can Cisco UCP allow user
    to change his/her enable password?
    Can someone help? Thanks.

    Yes bastien,
    Thank you.
    But one thing more i want to know that in its Redundant AAA server, when i try to open IIS 6.0 window 2003; it prompts for Username and Password.
    I've given it several time; also going through Administrator account with administrative credentials but it always failed.
    Any suggestions/solution/?
    This time many thanks in advance.
    Regards
    Mehdi Raza

  • With Cisco Secure ACS 4.2 User accounts gets locked at first instance of wrong credentials even if configured for 3 attempts

    Hello Everybody,
    I am working with Cisco Secure ACS 4.2 and it is integrated with Active Directory at a Windows 2008 R2 functional level, user accounts that are set with lockout parameters (3 incorrect attempts) are locked out prematurely after the user enters the wrong credentials just once, the integration is done via LDAP.
    I wonder if anybody has any idea why this is happening, because when I connect to a Cisco device or VPN, and type my password wrongly, on the Active Directory I get extra bad password counts.
    Thanks in advance and regards....

    Hello Scott,
    Thanks for your answer. However we checked the ACS logs and it shows that we entered bad credentials just once, but in the Active Directory our account sometimes is blocked because we get at least 2 and sometimes 3 failures. This problem is only presented when we authenticate Cisco devices or through VPN, in normal circumstances, when users enter bad credentials on their computers, it works fine.
    Thanks and regards...

  • Advice for Buying Cisco Secure ACS 3.3 for Windows

    Just need advice on what other things I NEED to order apart from the Windows server when I want to iplement ACS and I want to use CISCO SECURE ACS 3.3 FOR WINDOWS
    Hope someone will help

    Hi,
    This is all what you require:
    Supported Operating System
    Cisco Secure ACS for Windows Servers 3.3 supports the Windows operating systems listed below. Both the operating system and the service pack must be English-language versions.
    •Windows 2000 Server, with Service Pack 4 installed
    •Windows 2000 Advanced Server, with the following conditions:
    –with Service Pack 4 installed
    –without features specific to Windows 2000 Advanced Server enabled
    •Windows Server 2003, Enterprise Edition
    •Windows Server 2003, Standard Edition
    Note The following restrictions apply to support for Microsoft Windows operating systems:
    •We have not tested and cannot support the multi-processor feature of any supported operating system.
    •We cannot support Microsoft clustering service on any supported operating system.
    •Windows 2000 Datacenter Server is not a supported operating system.
    Please refer to the following link for more information:
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/win33sdt.htm
    Thanx & Regards

  • Integration problem between Cisco Seure ACS 4.2 with LDAP

    Hi expert,
    I have a problem with the integration between Cisco Secure ACS 4.2 with SUN Java System Directory (LDAP). During the integration, I noticed that user failed to authenticate against LDAP via Cisco Secure ACS. The error message is "Authentication Type is not supported by external DB". In this case the "external DB" refer to LDAP. Anyone of you having an experience on integration on both product before? Can any of you give me some pointers about this. Attached are both screen capture on my ACS server.
    Thanks very much,
    Daniel

    Hi,
    Thanks for the compatibility chart. Oh dear ..., it seems that the LDAP does not supports PEAP (EAP-MS CHAPv2) at all. Am not sure if the latest LDAP (particularly for SUN Java System Directory) able to support this authentication protocol.
    Just to clarify with you all just in case if you wonder what I'm trying to do; our company wants to implement 802.1x over the network. So, every staff on the network must authenticated before able to access the network resources. Our Linksys switches supports this standard including Cisco switches of course. Our RADIUS server is Cisco Secure ACS 4.2 but all those users information including username and passwords are stored in our directory server (LDAP) which is SUN Java System Directory.
    Since most of our staff machines are running on XP and Vista, the only available authentication method (beside certificate based) is PEAP (EAP-MSCHAPv2). Based on the compatibility chart, the generic LDAP does not supports this authentication protocol as what we noted the "authentication type not supported by external database" error message in the ACS logs.
    From what I learned that the latest LDAP (version 3.0?) able to support this authentication protocol, but yet to be confirmed on my further research.
    So... Anyone can advice me on this matter? Thanks very much !

  • How to configure Cisco Airespace in Cisco Secure ACS v5.3

    Need some help regarding Cisco Airespace configuration in Cisco Secure ACS v5.3. We're migrating to ACS v5.3 but we're encountering an issue with
    Cisco Airespace. It is only working on ACS4.1 but when we tried to move it to Cisco Secure ACS v5.3, it is not working.

    Ok, we have a legacy Cisco wireless devices called Cisco Airespace and this device is the result of Cisco acquisition of Airespace Wireless Network in 2005. Cisco improve this technology and make it a perfect device for WLAN. Going back to my issue, as I mention we have this device and it is working in our older version of ACS (4.x). Since we have now a latest version of ACS which is 5.3. We wanted to migrate all the device into our latest version of ACS including older version (Airespace). Since this is an older device, I'm thinking that the VSA attributes needs to manually added and create Policy and Access Service specific to Cisco Airespace. I've attached the Dictionaries attributed that I've added and needs some advise if I got the correct value for below item
    Airespace-WLAN-Id
    Airespace-QoS-Level
    Airespace-DSCP
    Airespace-802.1p-Tag
    Airespace-Interface-Name
    Airespace-ACL-Name
    Below link is the configuration guide for Cisco Airespace under ACS 4.x
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080891919.shtml

Maybe you are looking for