|
These release notes pertain to Cisco Secure Access Control Server for Windows 2000/NT Servers (Cisco Secure ACS) version 3.0.3.
Cisco Secure ACS provides authentication, authorization, and accounting (AAA—pronounced "triple A") services to network devices that function as AAA clients, such as a network access server, PIX Firewall, or router. A AAA client is any such device that provides AAA client functionality and uses one of the AAA protocols supported by Cisco Secure ACS.
Cisco Secure ACS helps centralize access control and accounting, in addition to router and switch access management. With Cisco Secure ACS, network administrators can quickly administer accounts and globally change levels of service offerings for entire groups of users. Although using an external user database is optional, Cisco Secure ACS supports many popular user databases, enabling companies to use the knowledge gained from and the investment already made in building their corporate user databases.
Cisco Secure ACS supports Cisco AAA clients such as the Cisco 2509, 2511, 3620, 3640, AS5200 and AS5300, AS5800, the Cisco PIX Firewall, Cisco Aironet Access Point wireless networking devices, Cisco VPN 3000-series Concentrators, and Cisco VPN 5000-series Concentrators. It also supports third-party devices that can be configured with Terminal Access Controller Access Control System (TACACS+) or Remote Access Dial-In User Service (RADIUS) protocols. Cisco Secure ACS treats all such devices as AAA clients. Cisco Secure ACS uses the TACACS+ and RADIUS protocols to provide AAA services that ensure a secure environment. For more information about support for TACACS+ and RADIUS in Cisco Secure ACS, see the Cisco Secure ACS for Windows 2000/NT Servers User Guide.
Installing Cisco Secure ACS 3.0 for Windows 2000/NT Servers provides information about the following subjects:
Cisco Secure ACS for Windows 2000/NT Servers User Guide provides detailed information about configuring and using Cisco Secure ACS. This guide is available from Cisco.com or on the product CD.
We have added several major and minor features to Cisco Secure ACS 3.0.
The major features added to Cisco Secure ACS are as follows:
Note Cisco VPN 3000-series Concentrators and Cisco IOS will support MS CHAP password aging in upcoming releases. |
The minor features added to Cisco Secure ACS are as follows:
To supplement the documentation, white papers about using and deploying various protocols and AAA clients are posted at the following URL:
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/prodlit/index.shtml.
For information about installing Cisco Secure ACS, see Installing Cisco Secure ACS 3.0 for Windows 2000/NT Servers.
Before Cisco Secure ACS 3.0.1, support for CRYPTOCard token servers used the vendor-proprietary interface provided with the CRYPTOCard token server. Beginning with Cisco Secure ACS 3.0.1, we support CRYPTOCard token servers using a standard RADIUS interface.
If you upgrade to Cisco Secure ACS 3.0 and had configured CRYPTOCard authentication in the previous installation of Cisco Secure ACS, the installation program prompts you for information about the CRYPTOCard RADIUS server. With this information, the installation program replaces the older CRYPTOCard configuration with a new one that uses the RADIUS interface of the CRYTPOCard easyRADIUS server. To use the RADIUS interface of the CRYPTOCard server, be sure the CRYPTOCard easyRADIUS server is installed on a CRYPTOCard Windows server. For more information about CRYPTOCard easyRADIUS, see CRYPTOCard documentation.
We successfully tested running Cisco Secure ACS and the CRYPTOCard easyRADIUS server on the same Windows server. Testing occurred on Windows NT 4.0 with Service Pack 6 and Windows 2000 with Service Pack 2. We used CRYPTOCard easyRADIUS server versions 5.0 and 5.1. However, we recommend that you do not run the CRYPTOCard easyRADIUS server on the same Windows server that runs Cisco Secure ACS. If you choose to do so, be sure that Cisco Secure ACS and CRYPTOCard easyRADIUS use different ports to receive RADIUS requests.
You can change the UDP ports used by the CRYPTOCard RADIUS server by editing its services file, usually located in c:\WINNT\system32\drivers\etc. For more information about the UDP ports used by the CRYPTOCard RADIUS server and how to change them, see your CRYPTOCard documentation.
The evaluation version of Cisco Secure ACS 3.0 provides full functionality for 90 days after the date of installation. This allows you to use all features of Cisco Secure ACS 3.0 while determining if it meets your needs. The evaluation version of Cisco Secure ACS 3.0 will be available 30 days after the release of the commercial version of Cisco Secure ACS 3.0.
You can distinguish the evaluation version of Cisco Secure ACS 3.0 from the commercial version in the following ways:
When the evaluation period has elapsed, the CSRadius and CSTacacs services fail to start. You will receive a message upon accessing the administrative interface notifying you that your evaluation period has elapsed.
Please contact your Cisco Sales Representative(s) to inquire about purchasing the commercial version of Cisco Secure ACS. To purchase the commercial version of Cisco Secure ACS 3.0 online, use Part Number CSACS-3.0 at the following URL:
http://www.cisco.com/pcgi-bin/cm/welcome.pl
After purchasing a commercial version of Cisco Secure ACS 3.0, you can upgrade your Cisco Secure ACS server from the evaluation version to the commercial version by installing the commercial version over the evaluation version. For information on installing Cisco Secure ACS 3.0, follow the instructions in Installing Cisco Secure ACS 3.0 for Windows 2000/NT Servers.
The following topics are limitations and restrictions that apply to Cisco Secure ACS 3.0.3.
Cisco Secure ACS has not been interoperability tested with other Cisco software. Other than for the software and operating system versions listed in this document, we performed no interoperability testing. Using untested software with Cisco Secure ACS may cause undesired results. For the best performance of Cisco Secure ACS, we recommend that you use the versions of software and operating systems listed in this document.
We tested upgrading to Cisco Secure ACS 3.0.3 from Cisco Secure ACS 3.0.2.5.
We used Microsoft CA certificate servers to test EAP-TLS certificate requests.
To administer all features included in Cisco Secure ACS 3.0, we recommend that you use one of the following tested web browsers:
We did not test other versions of these browsers, nor did we test web browsers by other manufacturers.
Note To use a web browser to access the Cisco Secure ACS HTML interface, you must enable both Java and JavaScript in the browser. Also, the web browser must not be configured to use a proxy server. |
Because we made no changes to token support, we did not conduct token server testing with Cisco Secure ACS version 3.0.3. We tested Cisco Secure ACS version 3.0.2 with the following token server software:
Note Cisco Secure ACS 3.0.2 supports CRYPTOCard, ActivCard, and Vasco token servers using RADIUS. |
For information about CRYPTOCard support, see "Changes to CRYPTOCard Support," .
We used Netscape iPlanet Directory Server version 5.1 and Windows 2000 Active Directory with Windows Service Pack 3 to test standard LDAP database support.
Because we made no changes to Novell support, we did not conduct Novell testing with Cisco Secure ACS version 3.0.3. We tested Cisco Secure ACS version 3.0.2 with the following Novell software:
We used Windows 2000 with Service Pack 3 and Windows NT 4.0 with Service Pack 6 to test Cisco Secure ACS version 3.0.3 for Windows authentication.
Note Cisco Secure ACS only supports English language versions of Windows and its Service Packs. |
Because we made no changes to CiscoSecure Authentication Agent support, we did not conduct CiscoSecure Authentication Agent testing with Cisco Secure ACS version 3.0.3. With Cisco Secure ACS 3.0.2, we tested CiscoSecure Authentication Agent on the following client platform operating systems:
We did not test the CiscoSecure Authentication Agent on the following client platform operating systems:
This section identifies caveats and issues for Cisco Secure ACS.
Refer to the appropriate release notes for information about hardware caveats that might affect Cisco Secure ACS. You can access these release notes online at the following URLs.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/
http://www.cisco.com/univercd/cc/td/doc/product/software/
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3002/
http://www.cisco.com/univercd/cc/td/doc/product/aggr/vpn5000/
http://www.cisco.com/univercd/cc/td/doc/product/wireless/
http://www.cisco.com/univercd/cc/td/doc/product/lan/
Note Caveats are printed word-for-word as they appear in our caveat tracking system. |
Note Caveats are printed word-for-word as they appear in our bug tracking system. |
This section identifies known caveats and issues with Cisco Secure ACS 3.0.3.
If the active Primary Domain Controller (PDC) for a Windows NT domain is unavailable, you cannot use the Cisco Secure ACS administrative user interface to configure group mappings for this domain.
Workaround/Solution: If the configuration changes are not vital, wait until the PDC becomes available again. Otherwise, promote a suitable Backup Domain Controller to the role of PDC.
Windows 2000 allows users to enter their user names as username@domain-name. For example, fred@domain.com. This format is equivalent to entering the Windows NT 4.0 user name of DOMAIN/fred.
Workaround/Solution: Cisco Secure ACS does not support this style of user name when authenticating against an external Windows 2000 server. Continue to prefix account names with the NT 4.0-style domain name.
On the Before You Begin dialog box of the Cisco Secure ACS installation, the following three check box items could be misunderstood.
Workaround/Solution: The three check box items are clarified below.
If you use Internet Explorer 5.5 or Netscape 4.7 and refresh or reload the frame when viewing Interface Configuration: TACACS+(Cisco IOS), you receive the following error message:
Workaround/Solution: Click Interface Configuration: TACACS+(Cisco IOS) and continue editing the TACACS+ settings.
In Cisco Secure ACS 3.0, this behavior does not occur with Internet Explorer 5.5.
A PPTP tunnel using a Cisco VPN 3000-series concentrator and MS-CHAP version 2 fails. The VPN concentrator indicates that authentication passed; however, tunnel establishment fails. When using the MS-CHAP version 1 method with the same configuration, tunnel establishment succeeds. When using the concentrator's internal user database with MS-CHAP version 2, tunnel establishment succeeds.
Workaround/Solution: There are few steps which needs to be filled when configuring Cisco Secure ACS to support PPTP Tunnel in MS-CHAP version 2 (and version 1) authentication methods:
Setup two users at least on Cisco Secure ACS, one as a tunnel user and the others as the authenticated users. The tunnel user and its password should be the same as the tunnel group name on the concentrator and its password.
The authenticated users must include the following settings in Cisco Secure ACS, as well:
Use the Windows 2000 PPTP client and establish the PPTP tunnel via MS-CHAP V2 authentication method.
Passwords get corrupted when submitted using Netscape on Solaris.
Workaround/Solution: Use a Windows version of the web browsers used to test Cisco Secure ACS.
When Installing Cisco Secure ACS, you may see the following error:
followed by several other errors, such as:
Workaround/Solution: Delete pdh.dll from the Windows system32 directory, then restart the installation.
During installation, if you use an IP address of 10.0.10.255 with a 23-bit subnet mask (255.254.0.0), the installation fails with an error message indicating that you cannot use a broadcast IP address.
Workaround/Solution: During installation, enter any IP address not ending in 255. After installation, use the Cisco Secure ACS HTML interface to correct the IP address.
Windows 2000 groups for remote domains cannot be seen by Cisco Secure ACS running on a Windows NT 4.0 member server.
Workaround/Solution: On the Cisco Secure ACS server, configure all Cisco Secure ACS services to run using a domain administrator account for the domain of which the server is a member. For more information about additional configuration required to run Cisco Secure ACS 3.0 on a Windows NT 4.0 member server, see Installing Cisco Secure ACS 3.0 for Windows 2000/NT Servers.
The services associated with Cisco Secure ACS are:
If you use Netscape Navigator v.4.7 to access the HTML interface, adding an administrator to Cisco Secure ACS can cause 100% CPU utilization for over a minute. This in turn can cause the CSRadius service to pause until the browser resumes normal operation. The fault lies in the Netscape browser rather than Cisco Secure ACS.
Workaround/Solution: Once the 100% CPU utilization has begun, wait until browser operation returns to normal. This should be less than five minutes. To avoid the behavior altogether, use a tested version of Microsoft Internet Explorer. See the Tested Web Browsers section of the Release Notes for Cisco Secure Access Control Server for Windows 2000/NT Servers
When a Novell NDS database configuration in Cisco Secure ACS has a context list greater than 4095 characters long, editing the NDS configuration page results in incorrect HTMLin the browser interface.
Workaround/Solution: Use a context list no longer than 4096 characters.
Customer is experiencing problems adding the user fields (3,4,5) to the RADIUS accounting file.
When he renames these fields in the User Attributes in Interface Configuration, and then attempts to add them to the RADIUS Accounting log, the changes do not appear in the log.
To reproduce this problem, follow these steps:
1. Change the names of Real Name, User field 2, User field 3, or any of the User Defined Fields in Interface Configuration.
2. In System Configuration, select Logging, and then select CSV Radius Accounting.
3. Add one (or more) of the changed fields to the right column.
5. Select the CSV Radius Accounting log again.
6. The field you just moved to the right column will no longer be in the right column, but will appear in the left column once more.
Workaround/Solution: After renaming a user-defined attribute, restart all Cisco Secure ACS services from the Windows Control Panel. Once the services have been restarted, the CSV RADIUS Accounting configuration screen shows the renamed attributes and remembers their selection when the page is submitted.
In the System Configuration section, settings made on the IP Address Recovery page and the Date Format Control page are not restored from backup.
Workaround/Solution: Manually configure the IP Address Recovery and Date Format Control pages.
The CSLog service crashes when you modify ODBC logging configuration during ODBC logging operations.
Workaround/Solution: Do not change logging configuration while Cisco Secure ACS is authenticating users.
Changes to user-defined fields in user records do not appear to replicate. After the user-defined fields are changed in the Interface Configuration section on the primary Cisco Secure ACS server and replication succeeds, the secondary Cisco Secure ACS server does not display the changes to the user-defined fields in the HTML interface.
Workaround/Solution: The changes to the user-defined fields do replicate successfully; however, to see the changes on the secondary Cisco Secure ACS server, restart the CSAdmin service.
Changes to HTTP Port Allocation settings do not appear to replicate. After the HTTP Port Allocation settings are changed on the Access Policy Setup page in the Administration Control section on the primary Cisco Secure ACS server and replication succeeds, the secondary Cisco Secure ACS server does not display the changes to the HTTP Port Allocation settings in the HTML interface.
Workaround/Solution: The changes to the HTTP Port Allocation settings do replicate successfully; however, to see the changes on the secondary Cisco Secure ACS server, restart the CSAdmin service.
In the System Configuration section, settings made on the VoIP Account Configuration page are not restored from backup. Neither are these settings preserved during reinstallation of Cisco Secure ACS 3.0 or upgrading to a later build of Cisco Secure ACS 3.0.
Workaround/Solution: Manually configure the VoIP Accounting Configuration page.
Customer is experiencing problems adding the user fields (3,4,5) to the RADIUS accounting file. When he renames these fields in the User Attributes in Interface Configuration, and then attempts to add them to the RADIUS Accounting log, the changes do not appear in the log.
To reproduce this problem, follow these steps:
1. Change the names of Real Name, User field 2, User field 3, or any of the User Defined Fields in Interface Configuration.
2. In System Configuration, select Logging, and then select CSV Radius Accounting.
3. Add one (or more) of the changed fields to the right column.
5. Select the CSV Radius Accounting log again.
6. The field you just moved to the right column will no longer be in the right column, but will appear in the left column once more.
Workaround/Solution: After renaming a user-defined attribute, restart all Cisco Secure ACS services from the Windows Control Panel.
Once the services have been restarted, the CSV RADIUS Accounting configuration screen shows the renamed attributes and remembers their selection when the page is submitted.
An AAA server cannot be deleted from the "(Not Assigned) AAA Servers" table if the "Synchronize" table in the "Synchronization Partners" is empty. An error message "x.x.x.x can not be deleted since it is an synchronization partner" is displayed.
Workaround/Solution: Move any AAA server to the Synchronize table, then delete the desired AAA server.
Changes to the order of the Replication Partners, under Database Replication is not saved when submitting changes. When you get into the Database Replication window, the servers are shown in alphabetical order and not in the order desired. The database replication is also done in alphabetical order, so in the order shown by the GUI after submitting changes.
Workaround/Solution: There is no workaround.
When the character \ is added in the AAA client name, eg: cis\co, ACS crashes.
Workaround/Solution: Do not use the backslash character in AAA client names.
After setting up command Authorization Sets in ACS 3.0, and specifying authorization for config-commands in NAS. Customer specifies to permit cmd=interface cmd-arg=permit FastEthernet 0
Issuing this config command fails as it expect the "0" as a separate argument. But after adding a cmd-arg="permit 0" all interface commands are allowed - not just on FastEthernet.
Workaround/Solution: None at this time.
Authentication services CSRadius and CSTacacs might crash when ACS 2.6.3.2 is installed on windows 2000 with service pack 1 and when safeword is used on a separate unix box. All users are safeword users.
Workaround/Solution: None at this time. We tested Cisco Secure ACS 3.0 on Windows 2000 Server using an English-language version of Service Pack 2. Apply Service Pack 2 may alleviate the issue.
Customer has run into a limitation on replication partners of 20. You can configure more, but the 21st partner in the list but it will not work - the master will say that it's not responding.
Workaround/Solution: If you delete one of the servers higher up in the list, thus moving the problem server into slot number 20, replication works.
Cannot delete the NAS. Giving the error:
Cannot delete AAA server, AAA server is a Synchronization Partner
Workaround/Solution: Need to go into the registry and delete the host.
Command authorization appears to fail on all AAA clients when the applicable command authorization set is configured to be applied to the <Default> network device group (NDG).
This is correct behavior. The <Default> NDG corresponds to the "Not Assigned" NDG in Network Configuration. If the AAA client on which the user is attempting to issue commands is not in the "Not Assigned" NDG and there is no command authorization set that does apply to the AAA client, Cisco Secure ACS denies authorization for the command.
Workaround/Solution: If you intend to apply a command authorization set to all AAA clients, assign it once per every NDG rather than solely to the <Default> NDG. There is currently no single option that applies a command authorization set to all NDGs.
EAP-MD5 Authentication fails when AAA Client use RADIUS (Cisco Aironet) as an authentication method.
Workaround/Solution: When RADIUS (IETF) is being used EAP-MD5 authentication operates properly.
Cisco Secure ACS accepts empty and therefore invalid PIX ACLs. There are two ways this can occur. In the first, you can submit only a space in the PIX ACL. In the second, you can delete the contents of a previously submitted, valid PIX ACL and resubmit it successfully.
Workaround/Solution: None at this time.
Users authenticating with CryptoCard incorrectly receive a password prompt in addition to the username, challenge, and response prompts.
Workaround/Solution: Users can enter any string at the password prompt and press Enter, then continue CryptoCard authentication normally.
LDAP group mappings were lost during the upgrade to Cisco Secure ACS 3.0.
Workaround/Solution: Manually reestablish LDAP group mappings.
The "Previous" button disappears when using the User Setup page in the Cisco Secure ACS HTML interface.
Currently, Cisco Secure ACS cannot provide the ability to page backwards.
Workaround/Solution: Use the browser back button.
Cisco Secure ACS 2.6.4, 3.0.2, and 3.1.1 all log an incorrect value in TACACS+ Accounting for the "disc-cause" attribute. If you set up a PPP session to do an idle timeout, when it disconnects you will get "CLID-Authentication-Failure" in the TACACS+ Accounting log for "disc-cause" - but the TACACS+ documentation for IOS says that the value "4" is Idle timeout.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fappendx/scftacat.htm#20164
Aironet wireless client cannot LEAP login when "MAX sessions" set to limit 1 user.
While upgrading from Cisco Secure ACS 3.0.2.5 to 3.0.3, if you cancel the upgrade at the dialog box that presents the options to keep or delete the existing database and then continue the upgrade by clicking Resume, you receive an error message for each Cisco Secure ACS service that the service cannot be found. Upgrade cannot be resumed.
Workaround/Solution: Use the clean.exe application for 3.0.3 to remove Cisco Secure ACS, reinstall 3.0, restore Cisco Secure ACS configuration from the most recent backup file, and upgrade again without attempting to cancel the upgrade.
If you attempt to upgrade to Cisco Secure ACS 3.0.3 from 3.0.2.5 and abort installation of 3.0.3 before it is complete, using the clean.exe application that comes with 3.0.2.5 does not remove all related file system directories or registry keys.
Workaround/Solution: Manually edit the registry to remove HKLM:SOFTWARE/Cisco/CiscoAAAv3.0 entries. Manually delete remaining Cisco Secure ACS 3.0 subdirectories.
Occasionally updated components are not replicated to the third replication partner in a replication cascade. This happens because replication pre-checks on the second partner indicate incorrectly that outbound replication is not required for the third partner in the cascade. This occurs because the pre-checks performed by the second replication partner happen before replication is completed from the first replication partner.
Workaround/Solution: On the following replication cycle, the unreplicated component will be replicated from the second replication partner to the third replication partner.
The initial dialog box encountered in the clean.exe application distributed with Cisco Secure ACS version 3.0.3 incorrectly says that it is for version 2.6.
Workaround/Solution: None. You can use this version of clean.exe with 3.0.3.
This behavior occurs after upgrading Cisco Secure ACS from 3.0.2.5 to 3.0.3 and when Cisco Secure ACS is running on a member server. Users whose accounts reside in a Windows 2000 user database and whose accounts are configured to enforce a password change at next login are disconnected after providing the new password.
When Cisco Secure ACS authenticates a Windows 2000 user from native trusted domain, MS-CHAP password changing doesn't work even though authentication via MS-CHAPv2 works properly.
EAP-TLS Authentication fails after successful Restore process. Seems that the problem is related to Private Keys decryption failing after restore. The following error is presented in CSAuth log after a successful restore process:
The problem occurs when using restore from a dump file created during backup on other machine.
It also occurs when the dump file was backed up, ACS was uninstalled and then Installed and restored from a dump file.
Workaround/Solution: None at this time.
The following documents directly support Cisco Secure ACS:
You can find other product literature, including white papers, data sheets, and product bulletins, at the following URL:
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/prodlit/index.shtml.
In addition to these documents, online documentation is provided within the Cisco Secure ACS user interface. The entire Cisco Secure ACS documentation set is also available at the following URL:
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/
The following sections explain how to obtain documentation from Cisco Systems.
You can access the most current Cisco documentation on the World Wide Web at the following URL:
Translated documentation is available at the following URL:
http://www.cisco.com/public/countries_languages.shtml
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.
Cisco documentation is available in the following ways:
http://www.cisco.com/cgi-bin/order/order_root.pl
http://www.cisco.com/go/subscription
If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Leave Feedback at the bottom of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to
You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Inquiries to Cisco TAC are categorized according to the urgency of the issue:
Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:
All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:
http://www.cisco.com/register/
If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.
The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.
This document is to be used in conjunction with the "Related Documentation" section.
CCIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That's Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0201R)
Copyright © 1999-2002, Cisco Systems, Inc.
All rights reserved.
Posted: Thu Oct 16 12:16:37 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.