IronPort and Cisco ACS4.2 AAA integration

Hello,
could someone points me to some docs explaining how to integrate IronPort appliance with Cisco ACS server 4.2 for admin access and authentication logs (if possible).
Appreciated.
Thanks

So, first off, any currently shipping version of the WSA only allows Admins to be authenticated via RADIUS.
Role based access (aka authorization) is coming soon.
Also, I'm not an ACS user, so I'm guessing what needs to be done there based on using SteelBelted...
Go to ACS, create an entry for the WSA, set a shared secret. Then go to the WSA, System/Users, click on External Authentication and set the RADIUS server, port and shared secret.
Now in my testing with SteelBelted Radius, only users set up in the RADIUS server were authenticated, it wasn't passing the auth request on to my Active Directory, so it wasn't a big deal...
In the next version you'll set a class attribute for each user in RADIUS and assign that class attribute to a role in the WSA so that you can set some users to Admins, some to Operators, some to Read Only, etc...

Similar Messages

RSA SecurID and Cisco ACS integration for user(s) with enable mode

I thought I had this problem figured out but I guess not.
I have a Cisco 2621 router with IOS 12.2(15)T17. Behind the
router is a Gentoo linux, RSA SecurID 6.1 and Cisco ACS 3.2.
I use tacacs+ authentication for logging into the Cisco router
such as telnet and ssh. In the ACS I use "external user databases"
for authentication which proxy the request from the ACS over
to the RSA SecurID Server. I installed RSA Agents with
sdconf.rec file on the Cisco ACS server. I renamed "user group 1"
to be "RSA_SecurID" group. In the "External user databases" and
"database configurations" I assign SecurID to this "RSA_SecurID"
group.
Everything is working fine. In the "User Setup" I can see dynamic
user test1, test2,...testn listed in there as "dynamic users". In
other words, I can telnet into the router with my two-factor
SecurID.
The problem is that if test1 wants to go into "enable" mode with
SecurID login, I have to go into "test1" user setting and select
"TACACS+Enable Password" and choose "Use external database password".
After that, test1 can go into enable mode with his/her SecurID
credential.
Well, this works fine if I have a few users. The problem is that
I have about 100 users that I need to do this. The solution is
clearly not scalable. Is there a setting from group level that
I can do this?
Any ACS "experts" want to help me out here? Thanks.

That is not what I want. I want user "test1" to be able to do this:
C
Username: test1
Enter PASSCODE:
C2960>en
Enter PASSCODE:
C2960#
In other words, test1 user has to type in his/her RSA token password to get
into exec mode. After that, he/she has to use the RSA token password to
get into enable mode. Each user can get into "enable" mode with his/her
RSA token mode.
The way you descripbed, it seemed like anyone in this group can go directly
into enable mode without password. This is not what I have in mind.
Any other ideas? Thanks.

Anybody know the Roadmap for combining NAC Agent and Cisco AnyConnect?

Heard a rumor that Cisco is going to combine the functionality of the NAC Agent and Cisco AnyConnect as far as being an 802.1x supplicant, does anyone have any information about this? Like is it true and if so, any idea when it will happen?

Hi ,
There is no comitted plan for NAC and Anyconnect integration. But Anyconnect now comes with a module called NAM ( network access module) which can do dot1x as well.
Here is the link for that :
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac04namconfig.html
Thanks
Waris

Autheticating useing Cisco ACS 4.2 integrated with Active Directory 2003

How do i check that users are Autheticated useing Cisco ACS 4.2 integrated with Active Directory 2003, any one help me in this thanks

You can't actually see the user's membership from ACS. All you can do, create group-mapping under external database >> group mapping section. This would give you an option to map external (AD) group with an Internal group.The group memberrship need to be modified under Active Directory.
Once user is succussfully authenticated and learned as a dynamic user in ACS user setup database, it would be mapped with an ACS internal group based on group mapping we did.
Let me know if you have any doubts.
Regards,
Jatin

FreeRadius and Cisco 2600 Terminal Server [IOS 12.1(3)T]

Hi Cisco People
I'm using FreeRadius 2 and Cisco 2600 Terminal server to coordinate access to cisco routers based on time‏ ranges.
Basically we are an education/training environment where we have some students accessing the routers and switches for practise, terminal server are used to consolidate the console access, and these terminal servers authenticate the users through a Radius server (as shown in the following figure). Additionally, the students are categorized into few groups. We want to implement policy on the radius server so that only a certain group can access the resources in a given duration of time (the user should be dropped from the terminal when the subscribed time is reached and cannot access thereafter .)
+++++++++++++++ +++++++++++++++++ +++++++++++++
+ User +++++++++++++++++++++++ Cisco 2600 +++++++++++++++++++++ Network +
+ + + Terminal Serv + + Devices +
+++++++++++++++ +++++++++++++++++ +++++++++++++
(NAS)
+
+
+++++++++++++++
+ FreeRadius +
+++++++++++++++
Right now I'm able to do the "hello-world" setup with the following users and clients.conf. On the terminal server side, aaa new-model is enabled on the cisco terminal server to communicate with this radius server.
users
=============
cisco Auth-Type := System
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
clients.conf
==============
client 192.168.1.1 {
secret = SECRET_KEY
shortname = termserver
nastype = cisco
A typical transaction would be :
Access-Request
=======
NAS-IP-Address = 192.168.1.1
NAS-Port = 35
NAS-Port-Type = Async
User-Name = "cisco"
Calling-Station-Id = "1.1.1.1"
  User-Password = "cisco"
Access-Accept
=======
Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
This works fine but doesn't provide any timing limitations. So I have modified the FreeRadius config to be :
users
=============
cisco Auth-Type := System
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15",
Session-Timeout = 20
Cisco Terminal Server
==============
aaa new-model
aaa authentication login default group radius local none
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
After this, I am able to see that the terminal server actually receives an Access-Accept including the Session-Timeout attributes like the following :
Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Session-Timeout = 20
But the problem is that it doesn't really terminate the session after the 20 seconds are reached . My questions is that :
1. Is the terminal server really able to enforce such time limit after receiving the attribute ?
2. Is the 2600 terminal server  with [IOS 12.1(3)T] compliant with RFC 2865?
3. What can I do so that the terminal server forces the user to be logged out after the session time limit is reached ?
Thanks
Frank

Frank,
I think you should use the login time s well:
Login-Time
Login-Time is a very powerful internal check AVP. It allows flexible authorization and its value is used by the logintime (rlm_logintime) module to determine if a person is allowed to authenticate to the FreeRADIUS server or not. This value is also used to calculate the Session-Timeout reply value. Session-Timeout is subsequently used by the NAS to limit access time.
The following line will grant Alice access only between 08:00 and 18:00 each day.
"alice" Cleartext-Password := "passme", Login-Time := 'Al0800-1800'
The logintime module will calculate the reply value of Session-Timeout if Alice has logged in within the permitted timeslots to inform the NAS how long she is allowed to stay connected. If Alice tries to access the network when she is not permitted, the request will be rejected.
http://www.packtpub.com/article/getting-started-with-freeradius
http://wiki.freeradius.org/config/Users
yes, the terminal server is RFC 2865 compliant.
Rate if Useful :)
Sharing knowledge makes you Immortal.
Regards,
Ed

Meraki MDM and Cisco ISE

Has anyone done an integration of Meraki Systems Manager enterprise MDM and Cisco ISE? there is absolutely no documentation on the subject except for the Meraki announcement that lists:
Cisco Identity Services Engine (ISE) integration – allows Systems Manager to directly communicate with ISE for device enrollment and posture assessment

Hidden in the Meraki blog is this configuration guide for Meraki SM and ISE.
https://www.dropbox.com/s/4pd2acrni9w9rjr/Meraki%20Wirelessv5.pdf
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton

IPSec ikev2 between ASA and Cisco Router

Hi,
i try to do IPSec with ikev2 (SHA2) between ASA and Cisco Router, without success. Any one can help me ?
- Remote site (Router) with dynamic public IP -> Dynamic crypto map on the ASA
- Authentication with Certificats
- integrity sha2
I try a lot of configurations without success.
Thanks for your help.
Mic

The more secure ike policy should have the higher priority which is a smaller number. So I would configure there the following way (policy 30 only if really needed):
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28800
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
crypto ikev1 policy 30
authentication pre-share
encryption aes
hash sha
group 2
lifetime 43200
The Cisco VPN Client is EOL and not supported any longer. And yes, by default DH group 2 is used. But that can be configured by a parameter in the PCF-file.
There are two (three) better options:
Best option with very little needed configuration:
Move to AnyConnect with TLS. AnyConnect is the actual Cisco client that is also supported with Windows 8.x. The legacy IPsec client isn't.
Best option with a little stronger crypto but more configuration:
Move to AnyConnect with IPsec/IKEv2.
Move to a third-party client like shrew.net. I didn't use that client since a couple of years any more, but it's quite flexible and also has a config for a better DH-group.
For option 1) and 2) there is an extra license needed, but thats not very expensive.

Ericsson MD110 and Cisco routers ISDN PRI Q-Sig

Anybody has experience with MD110 and Cisco integration using ISDN PRI Q-Sig... Have problems with "idle-busy" channels on MD110. It looks like PBX does not recognize disconnect signal coming from the router.
Tks
Brani

MC,
Ericsson MD110, BC12 SP7
ROUTE CATEGORY DATA
ROU SEL TRM SERV NODG DIST DISL TRAF SIG BCAP
175 0110017500000010 5 3110000000 0 30 128 00080812 511110120031 111111
157 0110017500000010 5 3110000000 0 30 128 00080812 511110120031 111111
END
ROUTE DATA
ROU TYPE VARC VARI VARO FILTER
175 SL60 H'00000310 H'15420000 H'46300000 NO
157 SL60 H'00000310 H'15420000 H'46300000 NO
END
EXTERNAL DESTINATION ROUTE DATA
DEST DRN ROU CHO CUST ADC TRC SRT NUMACK PRE
175 175 1606100000000250006000000 0 1 0
157 1 2606100000000250006000000 0 1 0
END
Cisco IOS 12.3-3 (c2600-jsx-mz.123-3.bin)
Cisco config attached.....
Our serial links are satellite based so min delay is about 500ms
Tks
Brani

Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

Hi,
So you have N7k acting as L3 with servers connected to 4510?.
Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
This will help narrow down if issue is between server to 4510 or 4510 to N7k.
Thanks,
Nagendra

Mavericks VPN dropouts with native VPN client and Cisco IPSec

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Communication problem between Cisco 3560 and Cisco SG300.

Dear Support,
I have a Cisco SG300 and Cisco 3560 switches.
3560 is my Core Switch and SG300 is access switch.
From 3560 VLAN information is not passed to SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Please suggest how this issue is resolve.
Regards,
JItesh Mahajan.

Dear Aleksandra,
Below Configuration is right or wrong for 3560 and SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan remove VLAN 1
switchport native vlan 1
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Regards,
JItesh Mahajan.

Site-to-Site VPN between Cisco ASA 5505 (8.4) and Cisco Router (IOS 15.2)

Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
Please help me to find where is the issue.
I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
Here is my current configuration.
Thanks for your help.
IOS Configuration
version 15.2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 198.0.183.225
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
mode transport
crypto map static-map 1 ipsec-isakmp
set peer S2.S2.S2.S2
set transform-set AES-SET
set pfs group2
match address 100
interface GigabitEthernet0/0
ip address S1.S1.S1.S1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map static-map
interface GigabitEthernet0/1
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
ASA Configuration
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.83.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address S2.S2.S2.S2 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network inside-network
subnet 192.168.83.0 255.255.255.0
object network datacenter
host S1.S1.S1.S1
object network datacenter-network
subnet 192.168.17.0 255.255.255.0
object network NETWORK_OBJ_192.168.83.0_24
subnet 192.168.83.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic inside-network interface
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-transform-set mode transport
crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set L2L_SET mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
crypto map vpn 1 match address outside_cryptomap
crypto map vpn 1 set pfs
crypto map vpn 1 set peer S1.S1.S1.S1
crypto map vpn 1 set ikev1 transform-set L2L_SET
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy GroupPolicy_S1.S1.S1.S1 internal
group-policy GroupPolicy_S1.S1.S1.S1 attributes
vpn-tunnel-protocol ikev1
group-policy remote_vpn_policy internal
group-policy remote_vpn_policy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
username admin password rqiFSVJFung3fvFZ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool vpn_pool
default-group-policy remote_vpn_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group S1.S1.S1.S1 type ipsec-l2l
tunnel-group S1.S1.S1.S1 general-attributes
default-group-policy GroupPolicy_S1.S1.S1.S1
tunnel-group S1.S1.S1.S1 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f55f10c19a0848edd2466d08744556eb
: end

Thanks for helping me again. I really appreciate.
I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
Because on Cisco ASA I guess I have everything.
Here is show crypto session detail
router(config)#do show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
      Desc: (none)
      Phase1_id: (none)
IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
        Active SAs: 0, origin: crypto map
        Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
        Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Should I see something in crypto isakmp sa?
pp-border#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
IPv6 Crypto ISAKMP SA
Thanks again for your help.

SAP BI 7.0 and BO XI 3.1 Integration Problems

Hi everyone,
After following through every step of:
Re: Checklist for SAP BI 7.0 and BO XI 3.1 integration - Challenges
I still get the following problems:
1. Unable to find SAP in CMC Authentication
2. At the login page of InfoView, I can select SAP as authentication method. However, after inputting the login information, I get the "The plugin secSAPR3 does not exist in the CMS (FWM 02017)"
3. I was able to create a new connection in Designer to connect to SAP BW, and select one of the existing cubes. After uploading the Universe, I created a new Web Intelligence document and dragged couple of objects into Result Objects. After clicking Run Query, I get the following:
A database error occured. The database error text is: The MDX query SELECT { [Measures].[0BBP_BILITM] } ON COLUMNS FROM [$0BBP_C01] failed to execute with the error See RFC trace file or SAP system log for more details. (WIS 10901)
Even tried:
Webi Stucks while trying to create report with BW7.0 (WIS 10901)
and still no luck.
Here's the environment information:
Installed (In Order):
1. BOE XI 3.1
2. Xcelsius 2008
3. LIVEOFFICE
4. SAP GUI 7.0
5. Crystal Report 2008 with SP1
6. BO JCo
7. BO Integration Kit for SAP
Any help will be appreciated, thanks in advance!!
David

Hi Ingo,
I've noticed that in your step by step manual, you are using BO XI 3.0. So I created a Virtual PC with Windows Server 2003, and installed BO XI 3.0, SAP GUI 7.0, Java Connector, BO Integration Kit for SAP.
Without any errors nor issues, now I see "SAP' in CMC's Authendication (not the login). So now I can assume it's because BO Integration Kit only supports BO XI 3.0 and consider it solved?
However, I still get the same error as my 1st post:
3. I was able to create a new connection in Designer to connect to SAP BW, and select one of the existing cubes. After uploading the Universe, I created a new Web Intelligence document and dragged couple of objects into Result Objects. After clicking Run Query, I get the following:
A database error occured. The database error text is: The MDX query SELECT { Measures.0BBP_BILITM } ON COLUMNS FROM $0BBP_C01 failed to execute with the error See RFC trace file or SAP system log for more details. (WIS 10901)
or
A database error occured. The database error text is: The supplied XML is not valid. [0COMP_CODE].[LEVEL00]. (WIS 10901)
Any ideas?
David

Transfer VOIP Calls Between Cisco Desk Phone and Cisco Jabber For IPhone 9.5

Does anyone know how to transfer an active voip call from a Cisco IP Desk Phone to Cisco Jabber for IPhone? I can transfer a call from Cisco Jabber for IPhone to my Cisco IP Desk Phone no problem. I put the call on hold and then click "Resume" on my Cisco IP Desk Phone. However I cannot do the same but the other way around. If I put the call on hold on my Cisco IP Desk Phone, I see "no active call" on my Jabber client. The only information I could find slighlty relevant was using the Mobility Key/Remote Destination Profile feature however this defeats the object as this will forward to an external number, e.g. mobile and I just want to transfer the call within the VOIP environment between the two devices that are using the same directory number.
I am using Cisco Call Manager 9.1(2), Cisco Presence 9.1 and Cisco Jabber for IPhone 9.5.
Any help would be greatly appreciated.
Kind Regards,
Paul Parker.

Did you ever find an answer to this ?
I am seeing the same behavior and trying so see if I can put calls on hold and pick them up both ways also.
The only answer I seem to have found is to use park instead
That would/should work but I would just prefer to hold/unhold
Just not sure why we would not be able to hold/unhold on what is essentially a "shared" line
Does anyone have this working for them ?

Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
ciscoISE/admin(config)# snmp-server ?
community Set community string
contact    Text for mib object sysContact
host       Specify hosts to receive SNMP notifications
location   Text for mib object sysLocation
ciscoISE/admin(config)# snmp-server
Ciscoacs/admin(config)# snmp-server ?
community Set community string
contact    Text for mib object sysContact
host       Specify hosts to receive SNMP notifications
location   Text for mib object sysLocation
Ciscoacs/admin(config)# snmp-server

No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

IronPort and Cisco ACS4.2 AAA integration

Similar Messages

Maybe you are looking for