Cisco 2509 - Router - EN

Questions and Answers

D
Danny DavisSep 4, 2025
What causes external user database unavailability in Group Mapping section of Cisco Secure ACS Software?
- A
  Annette ReyesSep 4, 2025
  If the external user database is not available in the Group Mapping section of Cisco Secure ACS Software, the external database might not be configured in External User Databases, or the username and password may have been entered incorrectly. To resolve this, click the applicable external database to configure. Make sure the username and password are correct.
C
Christopher SellersSep 18, 2025
How to fix 'DelsL1.isu' error when upgrading/uninstalling Cisco Secure ACS Software?
- T
  Terry EricksonSep 18, 2025
  If you encounter the error message 'The following file is invalid or the data is corrupted “DelsL1.isu”' when upgrading or uninstalling Cisco Secure ACS Software, delete the following Registry key from the Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CiscoSecure
E
Erika McgrathSep 16, 2025
Why Cisco Secure ACS returns FAIL for authorization after PASS for authentication?
- K
  kvargasSep 16, 2025
  If Cisco Secure ACS returns a PASS for authentication but a FAIL for authorization when running debug aaa authentication and debug aaa authorization on the AAA client, this indicates that authorization rights are not correctly assigned.
O
obrownSep 14, 2025
What to do if dial-in user cannot connect to AAA client and Telnet connection cannot be authenticated across LAN in Cisco Secure ACS Software?
- W
  williamfloresSep 14, 2025
  If a dial-in user is unable to connect to the AAA client, and a Telnet connection cannot be authenticated across the LAN with Cisco Secure ACS Software, determine if the Cisco Secure ACS is receiving the request by viewing the Cisco Secure ACS reports.
J
Joan EdwardsSep 12, 2025
Why dial-in user cannot connect to AAA client when Telnet connection is authenticated across LAN in Cisco Secure ACS Software?
- J
  James GreenSep 12, 2025
  If a dial-in user is unable to connect to the AAA client, but a Telnet connection can be authenticated across the LAN using Cisco Secure ACS Software, the issue likely lies in one of these areas: * Line/modem configuration problem. Review the documentation that came with your modem and verify that the modem is properly configured.
J
John TapiaSep 12, 2025
What to check if dial-in user cannot connect to AAA client using CiscoSecure database in Cisco Secure ACS Software?
- C
  Cory FreySep 12, 2025
  If a dial-in user cannot connect to the AAA client, the CiscoSecure user database is used for authentication, and a record of a failed attempt is in the Failed Attempts Report in Cisco Secure ACS Software, confirm that the username has been entered into Cisco Secure ACS.
D
Deborah JacksonSep 9, 2025
What to check if dial-in user cannot connect to AAA client using Windows NT/2000 database in Cisco Secure ACS Software?
- N
  Natasha ReedSep 9, 2025
  If a dial-in user is unable to connect to the AAA client, the Windows NT/2000 user database is being used for authentication, and a record of a failed attempt appears in the Failed Attempts Report in Cisco Secure ACS Software, confirm the following from the Windows NT User Manager or Windows 2000 Active Directory Users and Computers: * The username and password are configured in the Windows NT User Manager or Windows 2000 Active Directory Users and Computers.
M
Matthew HouseSep 7, 2025
What to do if administrator is locked out of AAA client in Cisco Secure ACS Software?
- P
  Patricia CostaSep 7, 2025
  If an administrator has been locked out of the AAA client due to an incorrect configuration in Cisco Secure ACS Software, try connecting directly to the AAA client at the console port. If that is unsuccessful, consult your AAA client documentation or go to Cisco.com for password recovery procedures on your AAA client.
A
Alexander NorrisSep 5, 2025
Why user authorizations are different from expected in Cisco Secure ACS Software?
- J
  joseph09Sep 5, 2025
  If a user can authenticate but authorizations are different than expected in Cisco Secure ACS Software, ensure the user settings reflect the correct vendor protocol; for example, Cisco RADIUS.
J
Jillian PerezAug 20, 2025
Why administrator is not receiving e-mail from Cisco Secure ACS Software?
- K
  Katherine JonesAug 21, 2025
  If the administrator configured for event notification isn't receiving emails from Cisco Secure ACS Software, verify that the SMTP server name is correct. If the name is correct, ensure that the Cisco Secure ACS server can ping the SMTP server or send emails via a third-party email software. Also, confirm that you have not used underscores in the email address.

Cisco 2509 - Router - EN Specifications

General

Brand	Cisco
Model	2509 - Router - EN
Category	Software
Language	English

Summary

CHAPTER 1 Overview of Cisco Secure ACS

The Cisco Secure ACS Paradigm

Cisco Secure ACS provides authentication, authorization, and accounting (AAA) services to network devices.

Cisco Secure ACS Specifications

AAA Server Functions and Concepts

AAA Protocols-TACACS+ and RADIUS

Compares TACACS+ and RADIUS protocols, including transmission protocol, ports, architecture, and intended purpose.

Authentication

Cisco Secure ACS HTML Interface

This section discusses the Cisco Secure ACS HTML interface and provides procedures for using it.

CHAPTER 2 Deploying Cisco Secure ACS

Basic Deployment Requirements for Cisco Secure ACS

Details the minimum hardware, operating system, third-party software, and network requirements for deploying Cisco Secure ACS.

Basic Deployment Factors for Cisco Secure ACS

Presents basic factors to consider before implementing Cisco Secure ACS, including network topology and security policy.

Network Topology

Remote Access using VPN

Remote Access Policy

CHAPTER 3 Setting Up the Cisco Secure ACS HTML Interface

User Data Configuration Options

Enables adding or editing up to five fields for recording information on each user.

Advanced Options

Determines which advanced features Cisco Secure ACS displays, allowing simplification of pages by hiding unused features.

Protocol Configuration Options for TACACS+

Details the configuration of the Cisco Secure ACS HTML interface for TACACS+ settings, enabling display or hiding of options.

Protocol Configuration Options for RADIUS

Allows customization of displayed RADIUS attributes to simplify setup for users or groups.

CHAPTER 4 Setting Up and Managing Network Configuration

About Distributed Systems

Proxy in Distributed Systems

A powerful feature enabling authentication in networks with multiple AAA servers by forwarding requests.

AAA Client Configuration

Enables Cisco Secure ACS to interact with network devices, ensuring correct configuration for AAA services.

AAA Server Configuration

Presents procedures for configuring AAA servers in the Cisco Secure ACS HTML interface.

Network Device Group Configuration

An advanced feature to view and administer a collection of network devices as a single logical group.

Proxy Distribution Table Configuration

Allows configuration of proxy capabilities, including domain stripping, for distributed systems.

CHAPTER 5 Setting Up and Managing Shared Profile Components

Downloadable PIX ACLs

Describes downloadable PIX ACLs and provides detailed instructions for configuring and managing them.

Network Access Restrictions

Describes network access restrictions (NARs) and provides detailed instructions for configuring and managing shared NARs.

Command Authorization Sets

Provides a central mechanism to control authorization of each command on each network device.

CHAPTER 6 Setting Up and Managing User Groups

Common User Group Settings

Details procedures typically performed regardless of specific network security configuration.

Configuration-specific User Group Settings

CHAPTER 7 Setting Up and Managing User Accounts

Basic User Setup Options

Information and procedures for basic settings and options when configuring a user account.

Adding a Basic User Account

Details the minimum steps necessary to add a new user account to the CiscoSecure user database.

Advanced User Authentication Settings

Details steps for configuring user-level TACACS+ and RADIUS enable parameters.

CHAPTER 8 Establishing Cisco Secure ACS System Configuration

Service Control

Provides basic status information about services and enables configuration of service log files.

Local Password Management

Configures settings for managing passwords stored in the CiscoSecure user database, including validation options.

CiscoSecure Database Replication

Provides information about database replication, including procedures for implementation and configuration.

RDBMS Synchronization

Information about the RDBMS Synchronization feature, including procedures for implementation.

Cisco Secure ACS Backup

Information about the Cisco Secure ACS Backup feature, including procedures for implementation.

Cisco Secure ACS System Restore

Information about restoring Cisco Secure ACS from a backup file.

Cisco Secure ACS Active Service Management

An application-specific service monitoring tool tightly integrated with ACS.

IP Pools Server

Information about the IP Pools feature, including procedures for creating and maintaining IP pools.

IP Pools Address Recovery

Enables recovery of assigned IP addresses not used for a specified period.

VoIP Accounting Configuration

Cisco Secure ACS Certificate Setup

Provides information on installing server certificates, CA certificates, and managing the certificate trust list.

Global Authentication Setup

Specifies settings for all EAP and MS-CHAP authentication requests.

CHAPTER 9 Working with Logging and Reports

Accounting Logs

Dynamic Administration Reports

Working with CSV Logs

Provides procedures for enabling, disabling, viewing, and configuring CSV logs.

Working with ODBC Logs

Details procedures for preparing for and configuring ODBC logging.

Remote Logging

Discusses remote logging capabilities, including centralizing accounting logs from multiple Cisco Secure ACSes.

CHAPTER 10 Setting Up and Managing Administrators and Policy

Administrator Accounts

Provides details about Cisco Secure ACS administrators and their unique accounts.

Administrator Privileges

Adding an Administrator Account

Details the steps to add a Cisco Secure ACS administrator account.

Access Policy

Affects access to the Cisco Secure ACS HTML interface, allowing limits by IP address, TCP port, and SSL.

Session Policy

Controls various aspects of Cisco Secure ACS administrative sessions, including idle timeout and auto login.

Audit Policy

CHAPTER 11 Working with User Databases

CiscoSecure User Database

About External User Databases

Windows NT;2000 User Database

Details how to configure Cisco Secure ACS to use a Windows NT/2000 user database for authentication.

Generic LDAP

Explains Cisco Secure ACS support for authentication via generic Lightweight Directory Access Protocol (LDAP) databases.

Novell NDS Database

ODBC Database

Details support for ODBC-compliant relational databases for user records.

LEAP Proxy RADIUS Server Database

Token Server User Databases

RSA SecurID Token Servers

CHAPTER 12 Administering External User Databases

Unknown User Processing

Defines how Cisco Secure ACS handles users not listed in its database by forwarding requests to external databases.

Database Search Order

Database Group Mappings

Enables association of unknown users with Cisco Secure ACS groups for assigning authorization profiles.

Group Mapping by External User Database

Group Mapping by Group Set Membership

Default Group Mapping for Windows NT;2000

Creating a Cisco Secure ACS Group Mapping for Windows NT;2000, Novell NDS, or Generic LDAP Groups

Maps Windows NT/2000, Novell NDS, or generic LDAP groups to Cisco Secure ACS groups.

Deleting a Windows NT;2000, Novell NDS, or Generic LDAP Group Set Mapping

APPENDIX A Troubleshooting Information for Cisco Secure ACS

Administration Issues

Database Issues

Dial-in Connection Issues

User Authentication Issues

APPENDIX B TACACS+ Attribute-Value Pairs

TACACS+ AV Pairs

APPENDIX C RADIUS Attributes

Cisco IOS;PIX Dictionary of RADIUS VSAs

IETF Dictionary of RADIUS AV Pairs

APPENDIX D Cisco Secure ACS Command-Line Database Utility

CSUtil.exe Options

Backing Up Cisco Secure ACS with CSUtil.exe

Explains how to create a system backup of all Cisco Secure ACS internal data using the -b option.

Restoring Cisco Secure ACS with CSUtil.exe

Describes how to restore all Cisco Secure ACS internal data using the -r option.

Creating a CiscoSecure User Database

Details the steps to create a CiscoSecure user database using the -n option.

Creating a Cisco Secure ACS Database Dump File

Loading the Cisco Secure ACS Database from a Dump File

User and AAA Client Import Option

User-Defined RADIUS Vendors and VSA Sets

Adding a Custom RADIUS Vendor and VSA Set

Deleting a Custom RADIUS Vendor and VSA Set

APPENDIX E Cisco Secure ACS and Virtual Private Dial-up Networks

VPDN Process

APPENDIX F RDBMS Synchronization Import Definitions

accountActions Specification

Action Codes

Action Codes for Creating and Modifying User Accounts

Action Codes for Modifying TACACS+ and RADIUS Group and User Settings

Action Codes for Modifying Network Configuration

APPENDIX G Cisco Secure ACS Internal Architecture

CSAuth

CSMon

Monitoring

CSTacacs and CSRadius

Related product manuals

Cisco Router Cisco IOS XR

Cisco MCS 7825 Series

20 pages

Cisco TMS SQL DATABASE

35 pages

Cisco Network Assistant

32 pages

Cisco CCNA NETWORK SIMULATOR

88 pages

III - Supervisor Engine III

368 pages

Unified Contact Center Express

148 pages

Cisco 2509 - Router - EN - User Manual

Table of Contents