With Cisco Secure ACS 4.2 User accounts gets locked at first instance of wrong credentials even if configured for 3 attempts

Hello Everybody,
I am working with Cisco Secure ACS 4.2 and it is integrated with Active Directory at a Windows 2008 R2 functional level, user accounts that are set with lockout parameters (3 incorrect attempts) are locked out prematurely after the user enters the wrong credentials just once, the integration is done via LDAP.
I wonder if anybody has any idea why this is happening, because when I connect to a Cisco device or VPN, and type my password wrongly, on the Active Directory I get extra bad password counts.
Thanks in advance and regards....

Hello Scott,
Thanks for your answer. However we checked the ACS logs and it shows that we entered bad credentials just once, but in the Active Directory our account sometimes is blocked because we get at least 2 and sometimes 3 failures. This problem is only presented when we authenticate Cisco devices or through VPN, in normal circumstances, when users enter bad credentials on their computers, it works fine.
Thanks and regards...

Similar Messages

  • With Cisco Secure ACS For Windows TACACS+, authentication fails with AD

      I am setting up a Cisco Secure ACS 4.2 server to act as a TACACS server for Switches and Routers  I am using Windows 2003 server for the ACS,
    and a Windows 2003 Active Directory server.  The AD server is fine, as it is used for many other things.
    I have set up ACS as defined nit he installation guide, including all the steps in the 'Member Server' section of the install guide
    when using AD as an external database (i.e. setting up the services to run with a domain admin account, setting up a machine called 'CISCO'
    on the domain etc).
    I've set the unknown user policy to use the Windows database if the internal database doesn;t contain the user details.
    If I add a user to the internal database, the authentication goes through fine, with an entry in the 'Passed Authentications' log,
    02/24/2010,05:07:03,Authen failed,eXXXX,Network Administrators(NDG) ,X.X.X.X,(Default),Internal error,,(geting error message as INternal Error)
    I've scoured google etc, and just cannot come up with any reason why this should be happening.
      I've followed all the install guides to the letter.  I need to get this up and running as soon as possible,
    so am looking forward to finding out if anyone can help me with this one!
    THanks and regards
    Sharan

    Hi  Jesse,
    Thasts a great answer and Soution.
    My previous version was 4.2 and it was installed on 64 bit machine hence getting internal Error.
    After this answer i have upgraded it to ACS4.2.1 and its started working fine
    Thanks very much for the help
    Dipu

  • User account getting lock.

    Hi All,
    OS:RHEL
    DB:10G
    I am facing a weird problem, one of my db user account got locked yesterday and then i unlocked the same.
    And today i faced the same problem and i did the same thing , the account was unlocked for sometime but it got locked agian.It seems that i is workinfg fine for sometime and due to some unknown activity the same is getting locked.
    I want to know how can i get to the root of this.
    Audit for the same DB is disabled.
    Kindly help...
    Regards,
    Sphinx!

    Have a look at your listener log.
    Perhaps someone is trying to login with a wrong password.
    Have a look at this link:
    http://docs.oracle.com/cd/B19306_01/network.102/b14266/policies.htm#i1007339
    and at
    FAILED_LOGIN_ATTEMPTS.

  • User Account getting locked frequently...

    An User account which the developers are using is getting locked very frequently when they run some applications. They say they are giving the right password and username within the application. What should one be looking for? I am fed up by unlocking the account using ALTER USER username ACCOUNT UNLOCK;

    I have also faced such kind of problems. Most of the developers forget how the application connects. they might have hard coded it or some time using a wrong parameter files.
    Need to check who are all the users and how they are connecting and how the application is connecting to the database.
    If there are more users then enable audit. Auditing will be the only solution.

  • Cisco Secure ACS with UCP assistance and enable password

    I am running Cisco Secure ACS version 4.2 running on a
    Standalone Windows 2003 Enterprise 2003with the lastest
    windows service pack and update. Secure ACS is running
    fine and I can authenticate with Cisco routers and
    switches. The Windows 2003 server is also running Microsoft
    IIS Server. In other words, the IIS server and Cisco
    Secure ACS is running on the same windows 2003 server.
    I am trying to get Cisco User-Changeable password to work
    with Cisco Secure ACS. I followed the release notes lines
    by lines and the work around provided below:
    Also server require more privileges for the internal windows user that runs CSusercgi.exe.
    The name of the windows user that runs UCP is IUSR_<machine_name>.
    Workaround steps:
    1) Install UCP 4 on a machine that runs IIS server.
    2) Open IIS manager
    3) Locate Default Web Site
    4) Double click on the virtual name 'securecgi-bin'
    5) Right click on CSusercgi.exe and choose Properties
    6) Choose 'File Security' tab
    7) Choose 'Edit' in 'Authentication and access control' area
    8) Change username from IUSR_<machine_name> to 'Administrator' and enter his
    password (make sure that 'Integrated Windows authentication' is checked)
    I still can NOT get this to work. I got this error:
    It says:
    The page cannot be found
    The page you are looking for might have been removed,
    had its name changed, or is temporarily unavailable.
    HTTP Error 404 - File or directory not found.
    Internet Information Services (IIS)
    I modified everything in the Windows 2003 to be "ALLOWED" by
    EVERYONE. In other words, there are NO security on the windows 2003.
    It is still NOT working.
    The other question I have is that can Cisco UCP allow user
    to change his/her enable password?
    Can someone help? Thanks.

    Yes bastien,
    Thank you.
    But one thing more i want to know that in its Redundant AAA server, when i try to open IIS 6.0 window 2003; it prompts for Username and Password.
    I've given it several time; also going through Administrator account with administrative credentials but it always failed.
    Any suggestions/solution/?
    This time many thanks in advance.
    Regards
    Mehdi Raza

  • Cisco secure ACS - RDBMS Rename a Group-

    Hi,
    I'm currently working with Cisco secure ACS 3.1 and I'm trying to use RDBMS synchronisation with a csv file. I create a accountactions.csv file where I create a new user.
    1,0,TESTuser,,100,,,,,,0,,,0
    2,0,TESTuser,,102,,test,,,,0,,,0
    Until here, all is working fine. But now, I would like to put this user into a Group. This should be done with :
    3,0,TESTuser,Group 30,106,,,,,,0,,,0
    But I would like to know if it's possible to rename or create one Group (e.g rename Group 30 with Group TEST) directly in my csv file ?
    Thank you
    Regards
    Pascal TOURNIER

    Here is what i found works for renaming a default group, as you cannot create more groups beyond what is there.
    SequenceId,Priority,UserName,GroupName,Action,ValueName,Value1,Value2,Value3,DateTime,MessageNo,ComputerNames,AppId,Status
    1,1,,Group 100,210,,BPM,,,,0,,,0
    2,2,,Group 101,210,,CHANNEL SECURE OPS,,,,0,,,0
    3,3,,Group 102,210,,CISCO CNC,,,,0,,,0
    4,4,,Group 103,210,,CISCO NOS,,,,0,,,0
    5,5,,Group 104,210,,CTS,,,,0,,,0
    6,6,,Group 105,210,,DCI,,,,0,,,0
    line 1
    Rename "Group 100" to named group "BPM" using code 210 to perform the Action
    Gerald

  • How to find if an user account is locked in weblogic server or not?

    Hi,
    I am using jdev 11.1.2.2.
    SO i have set in web logic that if a user inputs login information wrongly his account will be locked.
    How can i identify if the user account is locked.
    Write now if the user account gets locked after say five invalid login attempts and user tries to enter correct login information its throwing exception . But i want to display to the user that his account is locked instead of the exception being thrown . How can i do it ? the following the login code i use
        public String doLogin() {
            LOGGER.log(ADFLogger.TRACE, "Clicked Login Button");
            LOGGER.log(ADFLogger.TRACE, "doLogin() Started.");
            String un = _username;
            byte[] pw = _password.getBytes();
            this.setPassword(null);
            FacesContext ctx = FacesContext.getCurrentInstance();
            HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
            try {
                Subject subject = Authentication.login(new URLCallbackHandler(un, pw));
                weblogic.servlet.security.ServletAuthentication.runAs(subject, request);
                String loginUrl;
                loginUrl = "/faces/home.jsf";
                HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();
                sendForward(request, response, loginUrl);
            } catch (FailedLoginException fle) {
                FacesMessage msg =
                    new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
                ctx.addMessage(null, msg);
            } catch (LoginException le) {
                reportUnexpectedLoginError("LoginException", le);
            return null;
        }Thanks & Regards,
    Rakesh

    chk this
    http://vtkrishn.com/2011/09/27/implementing-userlockout-using-oam/

  • Authentication an admin user on AP1200 with Cisco Secure

    Hello,
    I am trying to configure a Radius authentication for an administrator logging on an AP1200 via HTTP. On the Cisco Secure ACS server I can see that the authentication was successful and with a trace I can see also the 'Radius Pass' answer coming back to the AP1200.
    Unfortunately the administrators gets no access to the AP1200 Web page, and the login windows still ask for username/password. The log of the AP1200 does not give any error message.
    The software versions are following:
    AP1200 version 12.02A (the last one non-IOS available)
    CiscoSecure ACS v2.6 for Windows 2000/NT
    Release 2.6(3) Build 2
    The return packet 'Radius Pass' answer coming back to the AP1200 is the following:
    0000: 00 0b 46 aa a0 e8 00 a0 8e 77 de 75 08 00 45 00 |..F......w.u..E.|
    0010: 00 36 0b 70 00 00 7b 11 8b 0e ac 13 58 fd ac 12 |.6.p..{.....X...|
    0020: f8 15 06 6d 06 fd 00 22 05 f3*02 2b 00 1a 95 ad |...m..."...+....|
    0030: c4 60 e7 21 54 67 2a 60 0e 79 da b1 8f a6 08 06 |.`.!g*`.y......|
    0040: ff ff ff ff |....|
    I suspect that the the last ff ff ff ff (255.255.255.255) shall be equal to the IP address of the AP1200 which was send within the initial Radius request packet.
    Thanks in advance for your answer

    I had a similar problem with the 350 series. I receieved the following information that resolved my issues.
    Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex
    aironet:admin-capability=write+ident+admin+firmware
    Here is the procedure for the admin user you to define the Cisco AV pair Attributes .
    a) On acs select the interface configuration and go to the advance option ,
    selct "per-user Tacacs/ radius attribute " click on submit .
    b)On ACS , Select network configuration ,
    1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS
    if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute
    2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )
    Enable [026/009/001] "cisco av-pair" option , again make sure that you enable
    at user and group level click on submit
    3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control
    1) enable and configure cisco 09\001 cisco av-pair using
    aironet:admin-capability=write+ident+admin+firmware
    http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm#1073082

  • Cisco Secure ACS 4.2 with Oracle

    hi there...
    Our campus using WisM (WS-SVC-WISM-1-K9) as wireless controller , Cisco  1130 access point and Cisco Secure ACS 4.2 Solution Engine 1113  Appliance as radius server. For username and password, ACS will export the data from Oracle database(production DB).
    The problem that we are facing right now is password that store in oracle database is in  encrypted format. Base feedback from our database administrator, the  encryption is done by oracle - application layer and cannot be decrypt  back. In Oracle they call it "Oracle Stored Procedures"
    My questions :
    1- Can Cisco Secure ACS 4.2 work with Oracle 10G or 11G?
    2- Is there any option to tackle the encrypted password? Can ACS handle the "Oracle Stored Procedures" function?
    Please advice.
    Thanks

    Microsoft SQL Server and Case-Sensitive Passwords
    If you want your passwords to be case sensitive and are using Microsoft SQL Server as your ODBC-compliant relational database, configure your SQL Server to accommodate this feature. If your users are authenticating by using PPP via PAP or Telnet login, the password might not be case sensitive, depending on how you set the case-sensitivity option on the SQL Server. For example, an Oracle database will default to case sensitive, whereas Microsoft SQL Server defaults to case insensitive. However, in the case of CHAP/ARAP, the password is case sensitive if you configured the CHAP stored procedure.
    For example, with Telnet or PAP authentication, the passwords cisco or CISCO or CiScO will all work if you configure the SQL Server to be case insensitive.
    For CHAP/ARAP, the passwords cisco or CISCO or CiScO are not the same, regardless of whether the SQL Server is configured for case-sensitive passwords.
    Sample Routine for Generating a PAP Authentication SQL Procedure
    The following example routine creates a procedure named CSNTAuthUserPap in Microsoft SQL Server, the default procedure that ACS uses for PAP authentication. Table and column names that could vary for your database schema appear in variable text. For your convenience, the ACS product CD includes a stub routine for creating a procedure in SQL Server or Oracle. For more information about data type definitions, procedure parameters, and procedure results, see ODBC Database.
                             if exists (select * from sysobjects where id = object_id (`dbo.CSNTAuthUserPap') and
                             sysstat & 0xf = 4)drop procedure dbo.CSNTAuthUserPap
                             GO
                             CREATE PROCEDURE CSNTAuthUserPap
                             @username varchar(64), @pass varchar(255)
                             AS
                             SET NOCOUNT ON
                             IF EXISTS( SELECT  username
                             FROM  users
                             WHERE  username  = @username
                             AND  csntpassword  = @pass )
                             SELECT 0,csntgroup,csntacctinfo,"No Error"
                             FROM  users
                             WHERE  username  = @username
                             ELSE
                             SELECT 3,0,"odbc","ODBC Authen Error"
                             GO
                             GRANT EXECUTE ON dbo.CSNTAuthUserPap TO ciscosecure
                             GO
    Sample Routine for Generating an SQL CHAP Authentication Procedure
    The following example routine creates in Microsoft SQL Server a procedure named CSNTExtractUserClearTextPw, the default procedure that ACS uses for CHAP/MS-CHAP/ARAP authentication. Table and column names that could vary for your database schema appear in variable text. For more information about data type definitions, procedure parameters, and procedure results, see ODBC Database.
                             if exists (select * from sysobjects where id = object_id(`dbo.CSNTExtractUserClearTextPw') 
                             and sysstat & 0xf = 4) drop procedure dbo.CSNTExtractUserClearTextPw
                             GO
                             CREATE PROCEDURE CSNTExtractUserClearTextPw
                             @username varchar(64)
                             AS
                             SET NOCOUNT ON
                             IF EXISTS( SELECT  username
                             FROM  users
                             WHERE  username  = @username )
                             SELECT 0,csntgroup,csntacctinfo,"No Error",csntpassword
                             FROM  users
                             WHERE  username  = @username
                             ELSE
                             SELECT 3,0,"odbc","ODBC Authen Error"
                             GO
                             GRANT EXECUTE ON dbo.CSNTExtractUserClearTextPw TO ciscosecure
                             GO
    Sample Routine for Generating an EAP-TLS Authentication Procedure
    The following example routine creates in Microsoft SQL Server a procedure named CSNTFindUser, the default procedure that ACS uses for EAP-TLS authentication. Table and column names that could vary for your database schema appear in variable text. For more information about data type definitions, procedure parameters, and procedure results, see ODBC Database.
                             if exists (select * from sysobjects where id = object_id(`dbo.CSNTFindUser') and 
                             sysstat & 0xf = 4) drop procedure dbo.CSNTFindUser
                             GO
                             CREATE PROCEDURE CSNTFindUser
                             @username varchar(64)
                             AS
                             SET NOCOUNT ON
                             IF EXISTS( SELECT  username
                             FROM  users
                             WHERE  username  = @username )
                             SELECT 0,csntgroup,csntacctinfo,"No Error"
                             FROM  users
                             WHERE  username  = @username
                             ELSE
                             SELECT 3,0,"odbc","ODBC Authen Error"
                             GO
                             GRANT EXECUTE ON dbo.CSNTFindUser TO ciscosecure
                             GO
    Reference:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/d.html#wp355420

  • User $enable15$ in Cisco Secure ACS

    Hi all,
    I have a Cisco Secure ACS server, by default it has a username called "$enable15$"; I am using TACACS as the authentication protocol.
    The question is if I need the $enable15$ user configured in the ACS server even if I am using TACACS as the authentication protocol. I want to delete it but I am not sure if it is possible.
    regards
    Regards.

    Group Setup, select the group and click on edit settings and scroll down to "Cisco IOS/PIX 6.x RADIUS Attributes" and enable "cisco-av-pair" and enter shell:priv-lvl=15.

  • Cisco Secure ACS license question.

    On the Cisco ACS server under the internal identity stores… is “users” and “host” counted against the "base server license" or “network device license”?          

    Guess you are running ACS 5.x
    With  the Base license, Cisco Secure ACS 5.3 appliances or software virtual  machines can support deployments of up to 500 network devices  (authentication, authorization, and accounting [AAA] clients). The  number of network devices is based on how many unique IP addresses are  configured. This is not a limit for each individual appliance or  instance, but a deployment-wide limit that applies to a set of ACS  instances (primary and secondary) that are configured for replication.
    The  optional Large Deployment add-on license allows a deployment to support  more than 500 network devices. Only one Large Deployment license is  required per deployment as it is shared by all instances.
    For more info:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/product_bulletin_c25-689829.html
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Cisco Secure ACS 4.2 for Windows web-based Admin Console log in problems

    To Whomever Can Assist,
          I am running two deployments of Cisco Secure ACS for Windows 4.2 and I can login into the admin web-console just fine.  However, when I create a new or test user that mirror my configuration that user cannot login to the admin web-console.  The user can login it to devices with the appropriate privileges, but can't administer his/her account within ACS.  This has proven very problematic and needs a remedy.  Thanks for the assistance.

    Bradbryant.dhs,
    Where are you creating the new admin user who should have access to ACS web gui under internal users or administration.
    Internal user and ACS administrator accounts are completely different. 
    Adding administrator account
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/user/guide/ACS4_2UG/Admin.html
    Regards,
    Jatin Katyal
    ** Do rate helpful posts **

  • Cisco Secure ACS

    Hi all,
    With the Base license, a Cisco Secure ACS 5.6 appliance or software virtual machine can support the deployment of up to 500 network access devices (NADs) such as routers and switches. These are not authentication, authorization, and accounting (AAA) clients. The number of network devices is based on the number of unique IP addresses that are configured.
    So, when i have 1 firewall for vpn gateway, and using acs as an aaa server, how much network access device which is counted ? 1 or as many as vpn client connected to the firewall ?
    500 network access device means concurrent connection or not ?

    ACS is based on the number of NADs (Network Access Devices) like switches, routers, ASAs, etc. So in your example, your Firewall will consume 1 license regardless of the total number of VPN sessions. 
    With ISE, the licenses are based on the total number of endpoints. So in your example, each VPN session will take a license. 
    I hope this helps!
    Thank you for rating helpful posts!

  • Features of Cisco Secure ACS Appliance

    Hi,
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Normale Tabelle";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    I’m working on an evaluation of NAC systems. Therefore, I’ve chosen the Cisco Secure ACS as representative of a 802.1X based solution.
    There are a few questions I wasn’t able to answer by reading the product information available on Cisco.com. I hope that someone here might be able to help me. Any information is highly appreciated.
    The questions I wasn’t able to answer are:
    •     Can the ACS work in a heterogeneous environment (i.e. Cisco and Alcatel Switches)?
    •     What happens if the server(s) fail?
                o     Can already authorized users still work?
                o     Can known users still be authorized?
                o     Are unknown users still blocked?
    •     Is the ACS capable of authorizing users through routed networks or VPN tunnels?
    •     Does a change of the assigned VLAN work without relogin (or even reboot) of the client?
    •     Is there (besides of the reports) some kind of status overview with the ACS?
    •     Which kinds of Attacks can the ACS (alone) prevent?
                o     Can it prevent MAC Spoofing?
                o     Can it prevent MAC Flooding?
                o     Can it prevent ARP Attacks?
                o     Can it prevent IP Spoofing?
                o     Can it eliminate rouge DHCP servers?
                o     Can it prevent STP Attacks
    •     And the last one: What happens if I plug in an unknown device into an IP-Phone? Is the switchport to       which the IP-Phone is connected blocked or only the unknown device?
    Thanks for all answers.
    Regards,
    taouri

    See inline answers:
    The questions I wasn’t able to answer are:
    •     Can the ACS work in a heterogeneous environment (i.e. Cisco and Alcatel Switches)?
    Yes, as long as those devices support RADIUS and TACACS+ IETF standards.  Some devices require the configuration of vendor-specific AV-pairs to work properly, which the ACS in general can do.  You'll need to get details from the specific vendor on their requirements to insure it'll work.
    •     What happens if the server(s) fail?
                o     Can already authorized users still work?
    This is driven by the AAA client, not the ACS.  In general, if it isn't reauthenticating the users, then yes, they'll still work
                o     Can known users still be authorized?
    In general, no, not by the ACS, but for some cases such as dot1x, it may be possible to configure fallback to local authentication or define a critical VLAN.
                o     Are unknown users still blocked?
    Without contact to the server, the AAA client has no way of knowing what user is known / not known barring the above items.
    •     Is the ACS capable of authorizing users through routed networks or VPN tunnels?
    Yes, as long as the VPN device is capable of sending Radius or TACACS+ requests to the ACS
    •     Does a change of the assigned VLAN work without relogin (or even reboot) of the client?
    Yes, if using a supplicant that detects the EAP success message and knows to refresh the IP.
    •     Is there (besides of the reports) some kind of status overview with the ACS?
    Yes, this is covered in the documentation for the appropriate ACS solution.  Incidentally, the word ACS could mean ACS 4.x, or ACS 5.x, both of which are substantially different.
    •     Which kinds of Attacks can the ACS (alone) prevent?
    ACS authenticates and authorizes users.  It isn't in and of itself a device for prevention of the L2 attacks you list.
                o     Can it prevent MAC Spoofing?
                o     Can it prevent MAC Flooding?
                o     Can it prevent ARP Attacks?
                o     Can it prevent IP Spoofing?
                o     Can it eliminate rouge DHCP servers?
                o     Can it prevent STP Attacks
    •     And the last one: What happens if I plug in an unknown device into an IP-Phone? Is the switchport to       which the IP-Phone is connected blocked or only the unknown device?
    This depends on how you configure the dot1x parameters on the port.  In general, this is often configured in single-host mode with a voice vlan for the phone.  The phone passes through the EAPoL traffic the client passes, and in single host mode we rely on CDP bypass for the phone itself to bypass authentication.  There are excellent documents for the various dot1x configuration options in our IBNS (identity-Based Network Solutions) section here:
    http://www.cisco.com/en/US/customer/products/ps6638/products_ios_protocol_group_home.html

  • Setting privileges in Cisco Secure ACS Version 5.1.0.44

    I am setting privileges in Cisco Secure ACS Version 5.1.0.44.
    In the command sets from the ACS server, I denied few commands as can be seen in the attached screenshot and selected 'Permit any command that is not in the table below'.
    I am unable to see some commands like "Show running-configuration" from the router I was testing. What changes should I do to see all the commands other than the denied commands. Your help will be rated. Thank you.

    Hi,
    The ACS is able to handle permit or deny commands.
    I created a configuration example that will help you to understand command shell.(see attach doc)
    Instead of using show running-config please use show config.
    also make sure that all the users are using privilege 15.
    Regards,

Maybe you are looking for

  • Trying to play movie thru mini DVI port -  display keeps switching back to desktop(?)

    I'm not able to play a movie continously to my TV through the dvi port (via hdmi cable) using display mirroring. Picture shows up OK, but after the movie runs a very short time attention shifts back to the iTunes control screen. I've successfully mir

  • Can I group several questions into one post?  I guess I will find out...

    Hello! I am new to this area of apple.com, but it looks like I should have been here a long time ago. Maybe I posted one post before I made the big purchase but all the problems I have had, this should be number 1 on my list. so far this might have b

  • Image on screen while charging for the first time

    We received 2 phones today and one has black screen while charging and the other has a bright green image that says downloading and Do not  turn off Target!!!  Is something wrong??

  • Use different language and Spell check

    Hello, just got an iPad to supplement my two Android phones, and like it so far... Except for one thing that drives me nuts... The spell check. I live in Scandinavia, but like to use English as my interface language. This causes major problems, when

  • Safari not caching on iPad?

    When I open a new page then come back to the previous one, rather than just displaying the previous page just as it was when I minimized it by opening a new page Safari tends to redownload the page. This wastes time and bandwidth. I don't think Safar