Integration of Cisco ACS SE 4.2 and RSA SecurID Token Server

Hi,
I would be very appreciated if anyone can share their experience. Thanks in advance.
Issue:
I am trying to configure the ACE SE 4.2 to authenticate using RSA SecurID Token Server.
Problems encountered:
Authentication failed. In the failed logged attempt the error "External Database not operational" was next to the login name.
In the auth.log, there was "External DB [SecurID.dll]: aceclnt.dll callback returned error [23]".
Questions:
1. Please kindly advise how I should resolve this problem.
2. Also, is there any successful message once ACS get the sdconf.rec? Will the "Purge Node Secret" button be enabled?
Troubleshooting steps I have done:
Below is the steps I took to setup the external DB.
1. Verified sdconf.rec is not a garbage file using the Test authentication function in RSA client.
2. FTP sdconf.rec in the external database configuration. (Had used Wireshark and confirm file transfered successfully.)
2. Defined unknown user policy to check RSA SecurID Token Server to authenticate.
Thank you.

I have NO experience with ACS SE 4.2 and
RSA SecurID Token Server BUT I have
experiences with Cisco ACS 4.1 running on
Windows 2003 SP2 Enterprise Edition and
RSA SecurID Token Server.
All the troubleshoot you've done is correct.
In Windows 2003 running Cisco ACS, you can
install the test authentication RSA client
and that you can verify that the setup
is correct (by verifying that the sdconf.rec
is not corrupted).
One thing I can think of is that when you
setup the ACS SE box, under external
database, configure unknown user policy,
did you check it to tell how to define users
when they are not found in the ACS internal
database. Did you select RSA SecurID token
server?
Other than that, from what I understand,
you've done everything correctly.

Similar Messages

  • Since I upgraded to Lion, my RSA securid token and Cisco VPN client doesn't work any longer. Anyone have suggestions on how to fix that?

    Since upgrading to Lion, I can no longer use VPN because my RSA securid token and CIsco VPN Client won't load. Any suggestioins out there?

    .

  • Integration Of Cisco ACS and MS Active Directory !!!

    Hi all,
    We have and Cisco ACS v4.2 on a Cisco Appliance, and we need to integrate it with Active Directory. Can you help me??
    Thanks for your help
    Regards!!!
    Rafael Turriago

    Hi,
    If you have ACS SE and you want to integrate with MS AD, then you need to install Cisco ACS Remote Agent on a PC that belongs to the domain.
    The ACS SE does not "speak" directly to the DCs, but rather to the ACS Remote Agent.
    The Remote Agent is the application responsible to exchange data with the DCs.
    You can find detailed information in the config guide:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp353636.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • AAA Authorization with RADIUS and RSA SecurID Authentication Manager

    Hi there.
    I am in the process of implementing a new RSA SecurID deployment, and unfortunately the bulk of the IOS devices here do not support native SecurID (SDI) protocol. With the older RSA SecurID deployment version, it supported TACACS running on the system, now in 8.x it does not.  Myself, along with RSA Support, are having problems getting TACACS working correctly with the new RSA Deployment, so the idea turned to possibly just using RADIUS
    I have setup the RADIUS server-host, and configured the AAA authentication and authorization commands as follows:
    #aaa new-model
    #radius-server host 1.1.1.1 timeout 10 retransmit 3 key cisco123!
    #aaa authentication login default group radius enable
    #aaa authorization exec default group radius local
    I have also tried
    #aaa authorization exec default group radius if-authenticated local
    I can successfully authenticate via SSH to User Mode using my SecurID passcode -- however, when I go to enter Priv Exec mode, it wont take the SecurID passcode - I just get an "access denied"
    I've ran tcpdump on the RSA Primary Instance, looking for 1645/1646 traffic, and I dont get anything
    I've turned on RADIUS debugging on the IOS device, and I dont get anything either
    I did see this disclaimer in a Cisco doc: "The RADIUS method does not work on a per-username basis."  -- not sure if this is related to my issue?
    I'm beginning to wonder if IOS/AAA cant pass authorization-exec process to RSA SecurID

    I don't have a solution, but can confirm I have the same problem and am also trying to find a solution.
    I see no data sent to the RSA server when using the wireless AP. With other equipment on the same ACS, I do see the attempts going to the RSA server.
    The first reply doesn't seem to apply to me, since it's not sending a request from the ACS machine to the RSA machine.

  • Cisco ACS 5.5 username and password

    Hi All
    I have defined username and password for one of the users to login to the routers.
    I have set the password.
    Can please advise how do I make him change the password after his first login with the given username and password.
    Thanks

    While creating a user under Users and Identity Stores > Internal Identity Store > Users > createe. Check this box to start the process to change the user’s password at the next user login, after authentication with the old password.
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/users_id_stores.html#49082
    Regards,
    Jatin Katyal
    *Do rate helpful posts*

  • ACS appliance -- AD -- RSA Securid Server

    I have Cisco ACS appliance running version 3.3.2.2 and Windows Active Directory on Win2000 Advanced Server and RSA v5.2. I already installed successfully the remote agent in Active directory.
    Authentication using EAP-FAST from my wireless client going to ACS to AD is successful.
    But when authenticating going to RSA failed. I can't find logs that my ACS is communicating successfully with RSA.
    Here's more info:
    In Active Directory, remote agent for ACS installed succesfully. Agent for RSA is also installed succesfully.
    In ACS appliance, remote agent was already pointed to AD.
    No RSA SecurID Token Server found in my External User Database Configuration list. I think this is the problem.
    How can I manage to configure RSA SecurID Token Server in my ACS appliance?

    Hello,
    The configuration guideline for the ACS is described in "Configuring CiscoSecure ACS for Windows NT with ACE Server Authentication" at
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080094650.shtml
    I had this up and running with a customer. There was no AD involved though, so it is not entirely your case and there might be other obstacles on the way.
    ACS with ACE however works, though there were some nasty problems to be solved on the way to success.
    One thing to point out straight away also mentioned in the document mabove:
    Challenge Handshake Authentication Protocol (CHAP) cannot be used with the ACE tokens alone because of the requirement CHAP RFC (1994) that states:
    CHAP requires that the secret be available in plaintext form. Irreversibly encrypted password databases commonly available cannot be used.
    This precludes use of the ACE tokens for straight CHAP unless there is a separate CHAP password. For instance:
    username: xxxx
    password: xxxx
    Password Authentication Protocol (PAP) is a better choice here.
    This means the user has to enter "username*token" - the customer finally wrote a Java applet to construct the propper combination out of different clearly named input fields to simplify the input for unexperienced users.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • Cisco ACS 4.2 and Radius authentication?

    Hi,
    I have a Cisco ACS 4.2 installed and using it to authenticate users that log on to switches using TACACS+, when I use local password database, everything is working. But if i try to use external database authentication using a windows 2008 radius server, I have problem that I can only use PAP, not CHAP. Anyone who know if it's possible to use CHAP with external radius authentication?

    To access network devices for administrative purpose, we have only three methods available :
    [1] Telnet : Which uses PAP authentication protocol between client and the NAS device. So the communication between Client and NAS is unencrypted,  and when this information flows from NAS to IAS server gets encrypted using the shared secret key configured on device/IAS server.
    [2] SSH : Which uses  public-key cryptography for encrypting information between client and the NAS device, i.e, information sent between client 
    and NAS is fully secure. And the communication between NAS and IAS is encrypted using shared secret same as above. Good point on SSH side is that commincation channel is secure all the time.Again the authentication type would remain same that is PAP.
    [3] Console:Which is also the same it will not allow to use MSCHAP as there is no need to secure it as you laptop is connected directly to the NAS and then if you are using TACACS it will encrypt the payload .
    Summarizing, we cannot use CHAP, MS-CHAP, MS-CHAP V2 for communication between client and NAS device or administrative access.
    And the most secure way to administer a  device is to use SSH.
    Rgds, Jatin
    Do rate helpful post~

  • Ask the Expert: C-Series Integration with Cisco Unified Computing System Manager

    Welcome to the Cisco Support Community Ask the Expert conversation. This conversation is an opportunity to learn and ask questions about Cisco C-Series Integration with Cisco Unified Computing System® Manager (Cisco UCS® Manager) with Cisco experts Vishal Mehta and Manuel Velasco.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (Cisco IMC). When a C-Series rack-mount server is integrated with Cisco UCS Manager, the IMC no longer manages the server. Instead you will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager command-line interface (CLI).
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management. The following are the connectivity modes:
    Dual-wire management (shared LAN On Motherboard [LOM]): Shared LOM ports on the rack server are used exclusively for carrying management traffic.A separate cable connected to one of the ports on the Payment Card Industry Express (PCIe) card carries the data traffic.
    SingleConnect (Sideband): Using Network Controller Sideband Interface (NC-SI), the Cisco UCS Virtual Interface Card 1225 (VIC1225) connects one cable that can carry both data and management traffic.
    Direct Connect Mode: Cisco UCS Manager Version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    Vishal Mehta is a customer support engineer for Cisco’s Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching and service provider.
    Manuel Velasco is a customer support engineer for Cisco’s Data Center Server Virtualization TAC team based in San Jose, California.  He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco UCS, Cisco Nexus 1000V, and virtualization.  Manuel holds a master’s degree in electrical engineering from California Polytechnic State University (Cal Poly) and CCNA® and VMware VCP certifications. Remember to use the rating system to let Vishal and Manuel know if you have received an adequate response. 
    Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation in the Data Center, under subcommunity, Unified Computing, shortly after the event. This event lasts through May 23, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

    Hello Sebastian,
    The different modes of connecting C-Series with UCSM come into play depending on the type of infrastructure you already have along with C-Series and NIC model.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (CIMC) .
    Powerful features provided by Cisco UCS Manager can be leveraged to manage C-Series server by integrating  C-Series Rack-Mount Server with UCSM.
    This not only gives you rich-feature set but also one management plane to operate UCS-B Series Chassis and UCS-C Series Rack Server.
    You will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager CLI.
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management.
    The following are the connectivity modes:
    •  Dual-wire Management (Shared LOM):
    Shared LAN on Motherboard (LOM) ports on the rack server are used exclusively for carrying management traffic. A separate cable connected to one of the ports on the PCIe card carries the data traffic. Using two separate cables for managing data traffic and management traffic is also referred to as dual-wire management.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0100.html
    This mode is recommended when you have C-Server which does not  have or cannot support VIC 1225 card (such C-200 server)
    •  SingleConnect (Sideband):
    Using Network Controller Sideband Interface (NC-SI), Cisco UCS VIC1225 Virtual Interface Card (VIC) connects one cable that can carry both data traffic and management traffic.
    This feature is referred to as SingleConnect.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_011.html
    This most recommended Integration model when using FEX and VIC 1225 card
    •  Direct Connect Mode:
    Cisco UCS Manager release version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    This mode will eliminate the need for FEX module as Servers are directly plugged into the base ports of Fabric Interconnect
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0110.html
    Please let us know if you need more information. Thank you!
    Thanks,
    Vishal

  • [Cisco ACS] Memory Utilization limit

    Hello,
    We have 2 CSACS 1121 with Cisco ACS 5.2.0.26.10
    The primary server manages 20000+ authentications per day.
    Its memory utilization increases everyday.
    It is now at 83%
    Is there a limit?
    What will happen when memory utilization reach this limit?
    What can we do to purge memory utilization? (reboot, service restart...)
    Thanks for your help
    Patrick

    admin# sh memory
    total memory:    1031200 kB
    free memory:       16288 kB
    cached:           298568 kB
    swap-cached:           0 kB
    Do you know the minimum free memory amount for safe operations? 
    ·         is this  ACS  running any risks being this abpve?
    ·         Are there any general clean-up commands that  can be executed to free up memory without jeopardizing operations on the ACS?

  • RSA SecurID and Cisco ACS integration for user(s) with enable mode

    I thought I had this problem figured out but I guess not.
    I have a Cisco 2621 router with IOS 12.2(15)T17. Behind the
    router is a Gentoo linux, RSA SecurID 6.1 and Cisco ACS 3.2.
    I use tacacs+ authentication for logging into the Cisco router
    such as telnet and ssh. In the ACS I use "external user databases"
    for authentication which proxy the request from the ACS over
    to the RSA SecurID Server. I installed RSA Agents with
    sdconf.rec file on the Cisco ACS server. I renamed "user group 1"
    to be "RSA_SecurID" group. In the "External user databases" and
    "database configurations" I assign SecurID to this "RSA_SecurID"
    group.
    Everything is working fine. In the "User Setup" I can see dynamic
    user test1, test2,...testn listed in there as "dynamic users". In
    other words, I can telnet into the router with my two-factor
    SecurID.
    The problem is that if test1 wants to go into "enable" mode with
    SecurID login, I have to go into "test1" user setting and select
    "TACACS+Enable Password" and choose "Use external database password".
    After that, test1 can go into enable mode with his/her SecurID
    credential.
    Well, this works fine if I have a few users. The problem is that
    I have about 100 users that I need to do this. The solution is
    clearly not scalable. Is there a setting from group level that
    I can do this?
    Any ACS "experts" want to help me out here? Thanks.

    That is not what I want. I want user "test1" to be able to do this:
    C
    Username: test1
    Enter PASSCODE:
    C2960>en
    Enter PASSCODE:
    C2960#
    In other words, test1 user has to type in his/her RSA token password to get
    into exec mode. After that, he/she has to use the RSA token password to
    get into enable mode. Each user can get into "enable" mode with his/her
    RSA token mode.
    The way you descripbed, it seemed like anyone in this group can go directly
    into enable mode without password. This is not what I have in mind.
    Any other ideas? Thanks.

  • Integrating Cisco ACS and Cisco NAC Manager - Downloadable ACL

    Hi There
    I have Cisco NAC setup in my environment. These are all working fine. The users will get themselves authenticated via Cisco NAC Manager. The Cisco NAC Manager talks to the Cisco ACS for the user database portion. These are all working fine. I would like to enable Downloadable ACL. I have tried using the CISCO-AV-PAIR method and creating a downloadable ACL entry in Shared Components, but nothing works. It's either I'm doing it wrongly or this setup of mine doesn't support downloadable ACL? Please kindly advice.
    Regards,
    Ram
    +6-012-2918870

    Hi,
    That is not possible.
    You cannot push ACLs into the NAC manager.
    If you are doing Radius authentication from NAC manager, what you can do is to create Roles on the NAC manager, and on those roles you define traffic policies.
    Using Radius attributes you can then map users to Roles.
    Please take a look into this:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_auth.html#wp1158789.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Cisco Secure ACS with UCP assistance and enable password

    I am running Cisco Secure ACS version 4.2 running on a
    Standalone Windows 2003 Enterprise 2003with the lastest
    windows service pack and update. Secure ACS is running
    fine and I can authenticate with Cisco routers and
    switches. The Windows 2003 server is also running Microsoft
    IIS Server. In other words, the IIS server and Cisco
    Secure ACS is running on the same windows 2003 server.
    I am trying to get Cisco User-Changeable password to work
    with Cisco Secure ACS. I followed the release notes lines
    by lines and the work around provided below:
    Also server require more privileges for the internal windows user that runs CSusercgi.exe.
    The name of the windows user that runs UCP is IUSR_<machine_name>.
    Workaround steps:
    1) Install UCP 4 on a machine that runs IIS server.
    2) Open IIS manager
    3) Locate Default Web Site
    4) Double click on the virtual name 'securecgi-bin'
    5) Right click on CSusercgi.exe and choose Properties
    6) Choose 'File Security' tab
    7) Choose 'Edit' in 'Authentication and access control' area
    8) Change username from IUSR_<machine_name> to 'Administrator' and enter his
    password (make sure that 'Integrated Windows authentication' is checked)
    I still can NOT get this to work. I got this error:
    It says:
    The page cannot be found
    The page you are looking for might have been removed,
    had its name changed, or is temporarily unavailable.
    HTTP Error 404 - File or directory not found.
    Internet Information Services (IIS)
    I modified everything in the Windows 2003 to be "ALLOWED" by
    EVERYONE. In other words, there are NO security on the windows 2003.
    It is still NOT working.
    The other question I have is that can Cisco UCP allow user
    to change his/her enable password?
    Can someone help? Thanks.

    Yes bastien,
    Thank you.
    But one thing more i want to know that in its Redundant AAA server, when i try to open IIS 6.0 window 2003; it prompts for Username and Password.
    I've given it several time; also going through Administrator account with administrative credentials but it always failed.
    Any suggestions/solution/?
    This time many thanks in advance.
    Regards
    Mehdi Raza

  • Autheticating useing Cisco ACS 4.2 integrated with Active Directory 2003

    How do i check that users are Autheticated useing Cisco ACS 4.2 integrated with Active Directory 2003, any one help me in this thanks

    You can't actually see the user's membership from ACS. All you can do, create group-mapping under external database >> group mapping section. This would give you an option to map external (AD) group with an Internal group.The group memberrship need to be modified under Active Directory.
    Once user is succussfully authenticated and learned as a dynamic user in ACS user setup database, it would be mapped with an ACS internal group based on group mapping we did.
    Let me know if you have any doubts.
    Regards,
    Jatin

  • VPN client and Cisco ACS

    hi,
    I'm trying to setup a VPN solution, connecting to a 800 series router and authenticating off a Cisco ACS tacacs server.
    I've basically followed the suggested config at http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a00800a393b.shtml and the setup works fine if I use local authentication, but as soon as I switch to using TACACS the client authentication fails.
    Debugging tacacs on the router i can see the requests being sent to the server, and the replies coming back - the login detail are definitely correct so I'm guessing that TACACS isn't authorising me to use VPN or IPSEC or something. But there is nothing in the ACS logs to suggest why I'm not getting through - no failed attempts are shown.
    Any ideas?

    here is some debug from the router:
    Feb 24 12:28:58.973 UTC: TPLUS: processing authentication start request id 129
    Feb 24 12:28:58.973 UTC: TPLUS: Authentication start packet created for 129(vpngroup)
    Feb 24 12:28:58.973 UTC: TPLUS: Using server 10.10.10.10
    Feb 24 12:28:58.973 UTC: TPLUS(00000081)/0/NB_WAIT/823A9F04: Started 5 sec timeout
    Feb 24 12:28:58.989 UTC: TPLUS(00000081)/0/NB_WAIT: socket event 2
    Feb 24 12:28:58.989 UTC: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Feb 24 12:28:58.989 UTC: T+: session_id 1729330768 (0x67137E50), dlen 16 (0x10)
    Feb 24 12:28:58.989 UTC: T+: type:AUTHEN/START, priv_lvl:1 action:LOGIN ascii
    Feb 24 12:28:58.989 UTC: T+: svc:LOGIN user_len:8 port_len:0 (0x0) raddr_len:0 (0x0) data_len:0
    Feb 24 12:28:58.989 UTC: T+: user: vpntest
    Feb 24 12:28:58.989 UTC: T+: port:
    Feb 24 12:28:58.989 UTC: T+: rem_addr:
    Feb 24 12:28:58.989 UTC: T+: data:
    Feb 24 12:28:58.989 UTC: T+: End Packet
    Feb 24 12:28:58.989 UTC: TPLUS(00000081)/0/NB_WAIT: wrote entire 28 bytes request
    Feb 24 12:28:58.993 UTC: TPLUS(00000081)/0/READ: socket event 1
    Feb 24 12:28:58.993 UTC: TPLUS(00000081)/0/READ: Would block while reading
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/READ: socket event 1
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/READ: read entire 12 header bytes (expect 16 bytes data)
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/READ: socket event 1
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/READ: read entire 28 bytes response
    Feb 24 12:28:59.009 UTC: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Feb 24 12:28:59.009 UTC: T+: session_id 1729330768 (0x67137E50), dlen 16 (0x10)
    Feb 24 12:28:59.009 UTC: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
    Feb 24 12:28:59.009 UTC: T+: msg: Password:
    Feb 24 12:28:59.009 UTC: T+: data:
    Feb 24 12:28:59.009 UTC: T+: End Packet
    s9990-cr#
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/823A9F04: Processing the reply packet
    Feb 24 12:28:59.009 UTC: TPLUS: Received authen response status GET_PASSWORD (8)
    "AUTHEN/REPLY status:5" is a permanent fail according to the TACACS RFC
    In the VPN Client log it say "User does not provide any authentication data"
    So to summarise:
    -Same ACS server\router\username combination works fine for telnet access.
    -VPN works fine with local authentication.
    -No login failures showing in the ACS logs.

  • Ask the Expert: Cisco BYOD Wireless Solution: ISE and WLC Integration

    With Jacob Ideji, Richard Hamby  and Raphael Ohaemenyi   
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about  the new Identity Solutions Engine (ISE) and Wireless LAN Controller (WLC) hardware/software, integration, features, specifications, client details, or just questions about  Cisco's Bring-your-own device (BYOD) solution with cisco Experts Richard Hamby, Jacob Ideji, and Raphael Ohaemenyi. The interest in BYOD (Bring You Own Device) solutions in the enterprise has grown exponentially as guests and company users increasingly desire to use personal devices to access .  Cisco BYOD enhances user experience and productivity while providing security, ease-of-administration, and performance. The heart of the Cisco wireless BYOD solution is Identity Solutions Engine (ISE) utilizing the Cisco Unified Wireless portfolio.  Starting with ISE v1.1.1MR and WLC (Wireless LAN Controller) code v7.2.110.0 and higher, end-to-end wireless BYOD integration is reality. 
    Jacob Ideji is the technical team lead in the Cisco authentication, authorization and accounting (AAA) security team in Richardson, Texas. During his four years of experience at Cisco he has worked with Cisco VPN products, Cisco Network Admission Control (NAC) Appliance, Cisco Secure Access Control Server, and Dot1x technology as well as the current Cisco Identity Services Engine. He has a total of more than 12 years experience in the networking industry. Ideji holds CCNA, CCNP, CCSP, CCDA, CCDP, and CISM certifications from Cisco plus other industry certifications.
    Richard Hamby  works on the Cisco BYOD Plan, Design, Implement (PDI) Help Desk for Borderless Networks, where he is the subject matter expert on wireless, supporting partners in the deployment of Cisco Unified Wireless and Identity Services Engine solutions. Prior to his current position, Hamby was a customer support engineer with the Cisco Technical Assistance Center for 3 years on the authentication, authorization, accounting (AAA) and wireless technology teams. 
    Raphael Ohaemenyi  Raphael Ohaemenyi is a customer support engineer with the authentication, authorization and accounting (AAA) team in the Technical Assistance Center in Richardson, Texas, where he supports Cisco customers in identity management technologies. His areas of expertise include Cisco Access Control Server, Cisco Network Admission Control (NAC) Appliance, Cisco Identity Services Engine, and IEEE 802.1X technologies. He has been at Cisco for more than 2 years and has worked in the networking industry for 8 years. He holds CCNP, CCDP, and CCSP certification.
    Remember to use the rating system to let Jacob, Richard and Raphael know if you have received an adequate response.  
    Jacob, Richard and Raphael might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the wireless mobility sub community forum shortly after the event. This event lasts through Oct 5th, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

    OOPS !!
    I will repost the whole messaqge with the correct external URL's:
    In  general, the Trustsec design and deployment guides address the specific  support for the various features of the 'whole' Cisco TS (and other  security) solution frameworks.  And then a drill-down (usually the  proper links are embedded) to the specifc feature, and then that feature  on a given device.  TS 2.1 defines the use of ISE or ACS5 as the policy  server, and confiugration examples for the platforms will include and  refer to them.
    TrustSec Home Page
    http://www.cisco.com/en/US/netsol/ns1051/index.html
    http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/at_a_glance_c45-654884.pdf
    I find this page very helpful as a top-level start to what features and capabilities exist per device:
    http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
    The TS 2.1 Design Guides
    http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
    DesignZone has some updated docs as well
    http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#~bng
    As  the SGT functionality (at this point) is really more of a  router/LAN/client solution, the most detailed information will be in the  IOS TS guides like :
    http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x.html
    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/sec-usr-cts-xe-3s-asr1000-book.html
    http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html

Maybe you are looking for

  • Replication of a new BP field form CRM to R/3

    Hi Experts, We use CRM 4.0. I have created a new field with EEWB in CRM and I would like to replicate this field to R/3. This is a standard field on R/3 side. Could you please help me what are the steps to do for the replication? We use R/3 adapter a

  • Can't play music or see artwork after iTunes redirect

    I've just finished moving my iTunes folder from one external drive to another.  I then deleted the library on the first drive, but I was not able to delete the Library.itl, Extras.itdb or Genius.itdb.  I recovered them from the trash and saved them. 

  • Missing editing components from my effects panel

    I just started using my Premiere Elements software on a Mac after having first used it on a PC.  I am trying to edit something and noticed that many of my keying effects are missing from the effects panel.  How do I find or restore them?  I need the

  • Secondary ID in Seeburger Monitoring

    Hi Guys, For an incoming EDI message, when clicked we have the message id which is a unique number Followed by that we have anothe tab called secondary id It has IN_ORDHDR........000192160200908111010080001 The first part IN_ORDHDR is the message typ

  • VS 2013 Pro + Windows 8.1 Pro + SSDT-BI

    Hello Everyone, I've been searching for a few days now and keep running into dead ends trying to figure out what the heck is going on with my installation.  I have Windows 8.1 Professional and Visual Studio 2013 Professional Update 4.  On a separate