I had to spend a complete day to figure out an internet browser work well with ACS 5.2. The issue came to my notice, when I was testing config example of “Dynamic VLAN assignment with ACS 5.2“. Under Acces Policies, Identity section I could not configure(cannot select Identity Source, etc) required settings as described in that Cisco doc. Here is the screenshot of “Access Policies > Identity ” section of ACS 5.2 from my firefox client on my windows 7 laptop. As you can see there are no way of selecting identity source.
I used firefox as my preferred browser & configured it to update firefox client when updates available. My firefox version was 18.0.1 at this time of testing. Initially I tried with alternative browser IE 9.0. It had completely different issue of get connected to ACS due to “Certificate Error:Navigation blocked”. Then I tried another browser “Chrome ver 24.0.x” which had a little success. Identity section worked, but not Authorization section. Then I thought it may be a bug of the ACS 5.2. version & downloaded the latest patch(5-2-0-26-11) & applied it to the server. Still no luck with this & thought of givng a try to reconfigure the ACS from its default config. You can do this by one CLI command acs reset-config. After reconfiguring the ACS, I was at the same position where behavior is same as before. After all I searched on the cisco support forum & found the below post which indicating issue I am experiencing is client browser related.
Unfortunately post is describing about ACS 5.3 ( Which I cannot go with as CCIE lab exam is demanding ACS 5.2). Also it does not specify which browser version worked for them as well.
In the Release Notes of ACS 5.2 it claimed following browsers supported.
Since all those 3 browsers did not work with my Windows 7 laptop, I decided to go back to my old PC which is running on Windows XP-SP3. It had IE 8.0 on it & firefox 18.0.1. It had the same issue which I am having with my Windows 7 laptop. Tried to downgrade IE version to 6.0 & 7.0 (Doing this is another painful exercise as control panel add/remove program option sometime does not work with this). Still had no luck of getting this working. Finally I decided to downgrade firefox version on my PC & randomly selected 10.0 to go with (as firefox 3.0 seems to be too old). That’s the trick for it, with that version all seems working fine & I was able to configure this as described in the config example document. Here is the screenshot of the same page with firefox 10.0.
From the lab exam perspective I do not think this is going to be an issue as Cisco would give compatible browser version to work with ACS 5.2. But from candidates (who study for the lab exam) point of view they have to have good understanding of this sort of weird behaviors as it cost them lots of valuable study time.
Since Firefox 10.0 is working for me I am stick with that version to work with ACS 5.2 until I clear CCIEW-v2.0 . Sometime other latest version may work, but I do not have time to spend trialling those as it does not give me any value (compare to time I have to spend on it).