AAA/Identity/Nac :: ACE30 Module 4.2 Integrating With ACS 5.2?
Mar 10, 2012
I am using ACE30 having s/w version: 4.2. I am using ACS 5.2
I have used the below commands to add ACE with ACS for AAA.
tacacs-server key 7 "nacs0wvd!q"
tacacs-server host 96.86.76.66 key 7 "nacs0wvd!q"
tacacs-server host 96.86.76.67 key 7 "nacs0wvd!q"
[Code].....
I am getting authenticated by ACS, but the problem is authorization is not happening. In ACS, i have just added the device IP using TACACS+.
View 0 Replies
ADVERTISEMENT
May 30, 2012
we use ACE30 module, ver. A4(1.0) for access to intranet application. The https connection from client is terminated on ACE module, LB algorithm is used and new SSL connection is initiated to the server. Standard operation works without problems.
But when user generates a .xls od .pdf report in the application, it should open in a new popup window. Problem is, that it does not (but on the server, the report is generated and stored). The PC and browser are configured fine, when accessing the application from the same PC directly (bypassing the ACE module), the popup window appears.
View 2 Replies
View Related
Dec 2, 2012
My ACE module ACE30-MOD-K9 crashed today, and at the show ver output i see "last boot reason: Service "cfgmgr" ".the curent version we running is Version A5(1.2) [build 3.0(0)A5(1.2).
After doing some research i found known bug that supposed to be fixed in this version: CSCtu36146
CSCtu36146—The ACE becomes unresponsive due to a configuration manager (Cfgmgr) process failure with the last boot reason: Service "cfgmgr."
View 2 Replies
View Related
Sep 10, 2012
I am trying to get documentation on how to integrate an ACE30 module in a service chassis design integrated with the Nexus 7000 in routed mode. Only documentation I could find shows this design with the ACE30 module in a one arm mode. Any documentation that shows this implementation of this design?
View 2 Replies
View Related
Jun 17, 2012
What are the maximum number of real servers, server farms and virtual servers i can configure on ACE30 module,Is there any documentation available on cisco site where i can check this? Does it depend on the hardware or does it depend on the software version?
View 3 Replies
View Related
Aug 19, 2011
I have a question about upgrade NAC Module, I follow standalone procedure to do the upgrade but I wonder about the upgrade file should I use because on the Cisco site I didn't find the upgrade file from 4.8.0 to 4.8.2.
what I found is nme-nac-upgrade-4.8_2-from-4.6.x.tar.gz ??!!!
So my question If I use the NAC upgrade file I was used for upgrade the CAM & CAS applaiances
View 2 Replies
View Related
Jan 6, 2011
Trying the config as depicted in the WCS 7 config guide? I have tried today to integrate WCS 7 with ACS 5.1 and got a partial success. I have created a unique Shell Profile that invokes for the WCS only which contains 1 role (role0=Root) and 73 task entries (as copied from the WCS group pages) and I can log in to WCS with the new account, but some things I dont appear to have priviledges for, such as Reports. Is there any way to debug which task WCS thinks I dont have to do this?
View 8 Replies
View Related
Mar 11, 2012
I am using Cisco LMS 3.2.1 with ACS 5.1, actually, i want to integrate my Cisco Work with ACS 5.1 in AAA mode i already setting up the AAA mode to Cisco ACS, when i apply the configuration, i got failed as image attached.
What should i do to resolve the problem ? i have configure the ACS in Network Devices and AAA Client, i have added the Cisco Work Address to ACS, but i got the same error.
Besides, would you like to give me some explanation about the function of AAA mode Setup on Cisco Work,
is it used for User Authentication to logging in to Cisco LMS, or is it used for discovery process (Credential Information) when we want to add some devices into Cisco LMS ?
View 3 Replies
View Related
Jan 4, 2012
I am trying to populate the LMS 4.1 components to ACS.
View 2 Replies
View Related
Feb 2, 2012
I know nothing about Tablets (iPad or Android) or their operating system. My wife is interested in getting a iPad 2 or Android tablet.
I have a home WiFi network based on two laptops and a desktop. They are all running Windows OS. I also have 3 external drives and two printers USB wired into the main desktop.
I have two questions:
1) Will I be able to integrate an iPad/Android tablet into the Windows home network so as to be able to access the .jpg photographs on the desktop drives?
2) Will the tablet be able to output work to the printer attached to the Windows Desktop?
View 3 Replies
View Related
Aug 13, 2012
I need to integrate a 2504 WLC with a windows 2003 LDAP server for extented authentication, is there any guides available for this ?
View 1 Replies
View Related
Jan 2, 2013
I have 3 Cisco AP 1140 at my customer (Service Industry) place, so they requenst us to provide Hotspot solution to them for managing the Internet connection for limiting to their Customers over the account system. Let me know how i can integrate hotspot BOX with Cisco AP.
View 3 Replies
View Related
Nov 11, 2012
We have a WLC 4404 with about 85 1121 and 1241 APs. - I just added 6 new 3501E with Antennas, and configured the a new SSID, but non of my clients can connect to any of the 3501s. One solution from a tech was to update the NIC drivers. I verified that all test clients are 802.11N and sometimes they find the 3501 but often they switch to another of the older and weaker 1121 or 1241s. On one test I had a 3501 just outside his room and his client nic was picking up a weak signal 2 floors up, then it would go to one 1 floor down. eventually we could get it to feed of the nearest 3501 but it would go back to another 1121 or 1241 soon thereafter,.
View 5 Replies
View Related
Nov 20, 2011
I have a single production 5510 with 2 contexts. Now I want to integrate the secondary failover unit. My question is: How much configuration needs to be done on the secondary firewall? How much of the configuration will be sync'd from the primary to the secondary when the secondary is connected?
For example, do I need to add the following on the secondary or will it be sync'd from the primary?
admin-context NAME
context NAME
allocate-interface Ethernet0/0.14
[Code].....
View 3 Replies
View Related
Dec 17, 2012
We have an existing network with a Catalyst 4510 core switch and departmental 3560 switches connected via fiber. Due to company restructure we can no longer afford to buy new 3560's when anything goes wrong so this week I purchased an SG200-26 which I'm trying to get onto the network.
This is a legacy network which I didn't setup so my Cisco skills are somewhat limited (another reason for the SG200's hopefully), anyway have been looking at the configs on the existing switches and trying to match settings in the SG200 setup however not getting anywhere! I have the config from the dead switch so I can show what needs to be achieved, any experience in downgrading environment in a similar way?
View 7 Replies
View Related
Mar 7, 2012
I've just started a new job after a couple of years not touching cisco gear and been pitched in... My new employer has a network that's Juniper based. We've inherited a load of Cisco switches as part of the deal for hosting matches during the Rugby world cup (plus a load of Aruba wireless gear that promises to be my very own special millstone, but that's bye the bye.)
My task is to hang these catalyst 2960's onto our existing infrastructure via fibre connections.
On the Juniper switch, there are four vlans being pushed to the port the cisco's hooked into: Code...
View 7 Replies
View Related
Jan 6, 2013
I have ACE 30 module which is runing on SW 6500 in VSS mode, Vr. 15.0.2 with enugh power avilable ( 2550 W ) , i have insert the module at slot number 7 , the issues am facing it's desribe below :
7/0 ACE Expansion Card 1 ACEMOD-EXPN-DC 1.1 PwrDown
7/1 ACE Expansion Card 2 ACEMOD-EXPN-DC 1.1 PwrDown
And if i take out the blade and insert it again it's work for some time then goes down . here is the consle messages before it goes down :
.ACE platform with 2097152 Kbytes of main memory
.Loading disk0:c6ace-t1k9-mz.A4_1_0.bin. Please wait ....
Uncompressing Linux...
Starting the kernel...
[Code].....
View 2 Replies
View Related
Oct 26, 2011
Is it all possible to use an ACE30 to RHI a VIP which acts as route for servers on LAN A to reach LAN B . We have 2xL2 WAN circuits between 2 sites used by only 4 servers for (different L3 subnets for the hosts). I`m considering using a VIP to load balance across 2 WAN circuits using L3 interfaces on the MSFC either side as rservers with a single VLAN in/out on the ACE where the VIP resides - simlair to using the Cisco design for firewall load balancing minus the inspections etc. Obviously we can do this entirely in the MSFC but considering options.
View 1 Replies
View Related
Jul 12, 2012
I have a pair of ACE30 in Active/Standby mode. I can ssh to all active contexts. I can also ssh to all standby contexts except one.
View 6 Replies
View Related
Jan 16, 2013
We did a faulty ACE30 module swap in a HA pair. Both the ACEs have stopped syncing since then. Below is the error message I see:
FT Group ID: 1 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_STANDBY_CONFIG
Context Name: Admin Context Id: 0
Running Cfg Sync Status:Failed to convert/transform configuration to peer version
Both ACE modules are running 5.2 with the same license.sh ft peer status from both active and standby show the same results.
Peer Id : 1State : FSM_PEER_STATE_COMPATIBLEMaintenance mode : MAINT_MODE_OFFSRG Compatibility : COMPATIBLELicense Compatibility : COMPATIBLEFT Groups : 15
Am I missing something here?
View 5 Replies
View Related
Oct 25, 2011
Have a client with one ACE20 and now he needs a second one for redundancy.Since ACE20 is EOL, can I use an ACE30 with an ACE20 as a failover pair?
View 1 Replies
View Related
Jan 27, 2013
I have four rservers. I have found that if the first listed server in my serverfarm is off line, the entire farm quits working. How did I come to this conclusion? You see as part of "serverfarm host PORTAL-FARM" rservers "SISPOAS1 through 4". I can shut down any server except SISPOAS1 and all is well. The load balancer sees the probes have failed to that given server and continuses to load balance to the others. However, If I shut down SISPOAS1, nothing works. I confirmed this by eliminating SISPOAS1 from the configuration completely. After doing so, I could reproduce the exact same problem using SISPOAS2 since it is now the first rserver in the list after I removed SISPOAS1. I'm stumped! Looking at the configuration below, what am I missing???
access-list TRAFFIC line 8 extended permit ip any anyaccess-list TRAFFIC line 16 extended permit icmp any any
probe tcp 389 port 389 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 636 port 636 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7777 port 7777 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7778 port 7778 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7780 port 7780 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp [Code]...
View 4 Replies
View Related
Dec 13, 2012
in lab trying to run a test upgrade of an Ace30,can seem to get it right ace30 is in slot 1 of the 6500, management vlan 10
View 4 Replies
View Related
Jun 11, 2012
I am new to the ACE30. I a basic configuration from the CLI and I am trying to use the device manger. I am able to get to the web informational page rather then accessing the login page. I have rest the password for both the admin and www and still no go. my question is how to go into enabling the GUI access.
View 1 Replies
View Related
Feb 18, 2013
I would like to know if I can migrate the config from ACE20 to ACE30 (last software) without any issue.I don't have any ACE30 to test
View 3 Replies
View Related
Feb 4, 2013
is it possible to construct the L7 HTTP class-map expression to match all URLs except one? I have 1 correct url, for example: /correcturl.* and want to redirect requests to all other possible URLs to this one, without the need to list them all in "possitive match" statements.
View 6 Replies
View Related
Aug 25, 2012
We have a subnet setup on the ACE as follows:
interface vlan 300
description CALLISTA Environment
ipv6 enable
ip address 2001:388:608c:8b8::fffd/64
alias 2001:388:608c:8b8::fffe/64
peer ip address 2001:388:608c:8b8::fffc/64
ipv6 nd ra interval 30
[code]....
Notes:There is the primary subnet 130.194.13.0/26 and the secondary IP subnet 130.194.19.192/27?The nat-pool is configured to allow server initiated connections to their frontend VIP when necessary.We are noticing that when a server on the 130.194.19.192/27 subnet needs to communicate with a server on 130.194.13.0/26, albeit on the same VLAN, the destination server sees connections with a source IP of 172.16.25.231, which is the NAT address. Is this expected behavior, where connections between IP subnets, albeit on the same VLAN are NATed?
View 1 Replies
View Related
Aug 25, 2012
We have a subnet setup on the ACE as follows:
interface vlan 300
description CALLISTA Environment
ipv6 enable
[Code].....
We are noticing that when a server on the 130.194.19.192/27 subnet needs to communicate with a server on 130.194.13.0/26, albeit on the same VLAN, the destination server sees connections with a source IP of 172.16.25.231, which is the NAT address. Is this expected behavior, where connections between IP subnets, albeit on the same VLAN are NATed?
View 1 Replies
View Related
Nov 28, 2011
Am looking to upgrade the software on the ACE30 from: [code]. Any ACE30 guide that explains this. Have looked at the ACE30 configuration guide which I thought would cover this in the section "Managing The ACE Software", however everything else has been covered off except how to go about upgrading the software.
View 1 Replies
View Related
Apr 18, 2013
I have a strange behaviour with some ACE30 running A5 release :
Setup is in bridge mode, working correctly with a default gateway set in the context.
For some reason, some return traffic is being routed on the ACE instead of being bridged.
On what conditions would the ace decide to route the traffic of simply bridge it from the server vlan to the client vlan.
View 4 Replies
View Related
May 23, 2012
After upgrade from ACE20 with A2(3.5) to ACE30 with A5(1.2) I get failures in a number of server farm's, where before upgrade the number was zero. No drops in VIP and logs from applications do not notice any new errors.
View 2 Replies
View Related
Apr 14, 2013
I have a request to configure an ACE30 for Oracle Hyperion utilizing SSL termination at the SSL offloader(ACE30). Any sample configuration or template of some sort that could guide me through what needs to be configured. We have many applications on the ACE#) but this is the first time we are going to try SSL termination.
View 3 Replies
View Related
Nov 9, 2011
We currently have 6 admin context and they are all utilizing the same snmp engineid (Local SNMP engineID: 800000090441646D696E) which is causing issues as far as our monitoring/performance platform CA eHealth. Isn't the engineID, by default, the first interface on the device?
Doesn't seem to be the case on an ACE30.How is the SNMP engineID derived on the ACE30?
View 1 Replies
View Related