AAA/Identity/Nac :: ACSv5.3 Best Practices For Conditions Configurations
Feb 15, 2012
I want to apply an authorization profile depending of the login username used, like assign the VLAN ID, so on a lab I created 2 rules, each of them using the System:Username field and then apply the Authorization profile with the correct VLAN to the user.Which one of the following configurations will be the best practice doing this if this condition will be applied for 300 users?? In my opinion, the best practice will be using the System:UserName condition on Authorization Network Access but I want to know what you think, do you agree??
View 0 Replies
ADVERTISEMENT
Feb 2, 2012
I understand that on ACSv5 you can use either "show udi" or "show inventory" to find out the S/N of your ACS appliance....i.e. the S/N that you will use to open a TAC case....however, this particular install is a VM install and when I type either of those commands, under S/N the only thing I see is this: Serial: Cisco-VM-SN.how can I actually locate the S/N of ACS ona VM install to open a case with TAC?
View 1 Replies
View Related
May 22, 2012
I am struggling since many weeks for an issue in my Wireless infrastructure.
I have an LAP (1242AG) in one B site that I would like to attach (in H-REAP mode) to the WLC of site A(5508 v6.0.199.4). The topology is as follows:
MPLS - Site A - MAN - Site B.
When Site A is fully connected, all is fine, my AP of site B can successfully join the WLC of site A.
However, when the WAN interface of the router of site A is disconnected, the AP cannot associate successfully to the WLC. For us, it does not make any sense during that time, the AP of site B can successfully ping the WLC of site A and the traceroutes show the exact same path.
I took some debug on the AP and the WLC while the AP's was trying to associate to the WLC (when the WAN link of Site A was disconnected) and also when the AP could successfuly join the WLC when the WAN link of site A was reconnected.
View 7 Replies
View Related
Jan 17, 2013
I am currently working on a lab and simulating a scenario that I will have to implement into production in the future. I am trying to setup a Guest SSID on a WLC (5508). This Guest SSID is to display the a set of Terms & Conditions, which then a user is to accept and then they move forward onto having access to the guest network.
I am familiar with performing this step using WebAuth, but it seems like the T&C are extremely long. The WebAuth page comes back with a "text exceeded limitation", on top of that I do notice that I would have to have a username and password.
Is there a feature in the WLC that would allow this scenario to work? Or will I have to build or download a customized WebAuth page?
View 10 Replies
View Related
Apr 4, 2013
I try to make session-reuse working on an ACE-4710 Version A5(1.0) without success. Actually, I am facing the problem of the high number of backend HTTP connections that must pass through a firewall. I want to reduce this amount of open sessions with real servers by allowing the ACE to establish permament TCP connections with each rserver. However, it does not work as I expected. I still see individual TCP sessions established and closed after each GET - 200OK exchange. The parameter-map I have to enable this feature is as follows :
parameter-map type http PERF_YHA_HTTP_PARAM
persistence-rebalance
set header-maxparse-length 65535
set content-maxparse-length 65535
server-conn reuse
Note : I use PAT, on the backend, as required by the session-reuse feature
My questions are the followings :How many sessions the ACE would establish with a specific rserver ? only one ? one per TCP option set ?How much time a backend session would last if kept idle for a certain time ?What End Points must share the same TCP options to make sure session-reuse works ? Client to ACE ? ACE to rserver ? all together ?
View 3 Replies
View Related
Feb 1, 2012
with LMS 4.1 Reporting in several areas it is possible with selecting devices to use 'Group Selector' (e.g. Syslog Severity Level Summary Report).Group Selector dynamically chooses devices in selected Group at Report runtime to get the latest devices.Not all Reports in LMS 4.1 provide this Group Selector, e.g. Best Practices Deviations/Discrepancies.Is that a bug? As DCR changes often (add/delete) we urgently need to dynamically perform reports to latest DCR-Population.
View 1 Replies
View Related
Nov 8, 2012
We have 3 3602Es connected to a 2504 WLC. I was wondering for best practices for antenna placement. They are all mounted on the side of a wall, near the ceiling (above everyone's head).
View 10 Replies
View Related
May 19, 2013
I'm looking for a document that states the best practices for WLC configurations (Management/Security/AP's..etc). I can currently only find the following document:URL
But this document has last been updated in 2008, in a few days that's almost 5 years ago, and we all know how quickly technology is evolving. 10Gb wireless is around the corner, with 1GB starting to go production now. This document also mentions the 4400 (which is end of life).
View 1 Replies
View Related
Jun 1, 2011
We have 2 5508 WLC's on site (5508-1 & 5508-2) and at the completion of this project we will have around 150 access points. We are also using WCS. 5508-1 is set as the primary/master controller. 5508-2 is the secondary controller, serves as backup if/when 5508-1 fails. All LAPs connect to 5508-1 by default, so 5508-2 is basically sitting there doing nothing. Is this the best way to take advantage of the resources that are available? Would wireless clients see improved performance if the access points were split between the two controllers? If we do split LAPs between the controllers should I make sure that all of the LAPs on a particular floor are connected to the same controller or does that matter?
View 7 Replies
View Related
Jan 10, 2012
What are considered the best practices for monitoring ASA's--specifically the 5510 with Sec+ License.
My current monitoring application keeps reporting issues with outbound interface buffers being too high, but there are not any performance issues and I believe the thresholds are just set absurdly low.
View 1 Replies
View Related
Jul 26, 2012
setup a WEP SSID on my 5508 controllers. THat being said, I have multiple sites with extremely old scan guns that only do 104bit wep. I plan on locally switching this SSID and using static WEP 104bit key with MAC authentication, and then ACLing to limit my inherent security issues/exposure once someone compromises my WEP key. [code]
View 4 Replies
View Related
Oct 10, 2012
i am looking for the best practices when using a Cisco ASA 5505 to provide NAT and protect my inside network from the outside.
I have the inside security level set to 100 and the outside set to 0, want other features can be used to protect the network from the Internet, am assuming that the security levels will ensure no traffic comes from the outside to the inside unless there is a rule that allows it.
Would any firewall policies be required to increase the level of security?
View 1 Replies
View Related
Mar 2, 2011
how to connect UTP cable
View 1 Replies
View Related
Aug 12, 2012
My devices configurations are not getting backed up.
View 1 Replies
View Related
Jun 1, 2011
I have a Domain Controller on windows 2003 advanced server. and I have roles and some configuration such as rights, user accounts, DHCP configuration, DNS server and etc on it.Some times windows needs to be reinstalled but after reinstalling,configuration of roles would be lost. I don't know how can I backup these settings? Is there any solution about this problem.I know a simple way is creating an image of windows installation drive by an application such as Norton Ghost but I'm talking about windows solution.
View 3 Replies
View Related
Sep 9, 2011
My friend recently let me have his Seimens Gigaset SE567 modem which i needed cause it has a router but as soon as i switched it with my old router which is a Westell 6100f,the internet light wont show up ..so i contacted verizon and they said that there service is plug and play type of service so i am lost on what to do ..i looked around the forums and i got close by going to the browser and typing the IP but from there i am stuck ..i don't know how to set up any thing in the configurations.
View 2 Replies
View Related
Feb 27, 2012
setting two network, I try but the other other network is so slow and a lot of time will not connect to the net
View 1 Replies
View Related
Jan 18, 2013
Platform: LMS 3.2.1 with RME 4.3.2 on Windows 2003.I'm having a problem with several devices that were backing up fine until this week - suddenly they aren't backing up their running configurations, but RME is fetching their startup configurations fine and VTP backups are fine. At first I thought it might be timeouts, so I used inline edit to incease the telnet timeout for a device to 180s. However, the job fails well within this time period (debug shows on i/o error?). My order of protocols is SSH, Telnet, TFTP. I took a stab in the dark that this suggested a database problem so I picked one at random and deleted it from DCR, and readded it and it worked. However, for the other 48 devices affected it did not.
I'm wondering if I need to do anything to the RME database to get things back to where they were? Do I need to reinitialize the RME database, and if I do that what do I lose? [code]
View 2 Replies
View Related
Oct 14, 2012
I would like to have a support on AIR-AP1142N-E-K9 configurations.How I can config this AP?
View 1 Replies
View Related
Sep 27, 2011
I was recently given a Cisco 7200 VXR and told to erase the stored configurations in it. how to do erasing of Cisco 7200 stored config else I might have to delete them line by line.
View 4 Replies
View Related
Jun 11, 2012
I like to know how I can save or export all of my devices configurations to an FTP server for example.Cisco Prime LMS 4.2 appliance.
View 4 Replies
View Related
May 20, 2012
What module is used to push configurations in LMS 3.2.1?
View 1 Replies
View Related
Aug 22, 2011
Here is my basic network layout for multicasting for Syn-apps
Multicast Source-->3750 SW (add PIM SM-DM? Yes/No)-->3845 WAN Router (add PIM SM-DM? Yes/No)-->T1-->2821 (add PIM SM-DM? Yes/No)-->3560 SW (add PIM SM-DM? Yes/No)
OK, in this is it necessary to configure "IP Multicast-routing" on the switches? Do I configure PIM on all interfaces that will handle multicasting (router and switches?) If PIM is enabled on the 3750 do I need PIM configured between the 3845 and the 2821 ? Do I configure the Auto-RP on the 3750 or the 3845 ?
View 3 Replies
View Related
Apr 5, 2012
What's a good product to use to backup device configurations?
View 19 Replies
View Related
Jan 31, 2011
I'm trying to figure out what's wrong in a LAN having 70 computers.There are three routers in the same subnet with three switches (kinda crappy). DHCPs are off.The problem is that randomly the routers are losing their configurations or the network hangs a lot. There is no problem in the routers (tested many times).The thing is that when i start packet sniffing over the network using wireshark there's a big flood (over 10.000 packets in a sec) coming in a internal ip inside the network ex. 192.168.1.60.Next thing is that when one of the routers shuts down manually, the other one is losing it's config. Today, when i went to check 192.168.1.60 i saw the power plug was not connected, when i re-plugged it the flood was gone. (the computer was turned off).I enabled SPIs / firewalls in all of the three routers and there is no problem yet.
View 5 Replies
View Related
Oct 12, 2012
using packet tracer, how can i find dns server ip address and i am having trouble pinging the desktops and server that i manually assigned the ip addresses to
View 2 Replies
View Related
Dec 18, 2012
i have few devices in Cisco works, when i try to view their configuration. i get this error.DCMA0011: No configurations archived for the device(s). The selected device(s) should have at least one archived version.
View 1 Replies
View Related
Jun 5, 2011
I have this firewall working as active/standby. Everything seemed to be ok, but we noticed that confirgurations are not being replicated by saving configuration either copy run start or write. The workaround here is write standby command. Below the configs and stats, plus the show version, which is the same in both equipments:
Header 1
failover
failover lan unit primary
[Code].....
View 9 Replies
View Related
Sep 13, 2012
We upgraded to Cisco LMS 4.2.1 recently and we have noticed that every time we reboot our Windows VM Server the archived configurations from the network devices are no longer displayed. They do not appear in the archive, version tree or directory. We are meeting the minimum system requirements for running LMS 4.2.1 and we do not seem to have found any possible bugs related to this.
View 8 Replies
View Related
Feb 21, 2012
We have a number of 2651XM with WIC-1ADSL. These are supplied by another company and we do not have access to the configs.We are told that the maximum througput from the ADSL WIC to the FastEthernet 0/1 is 2.5Mbps ( "it's a backplane issue" ), even though the ADSL speed reported by the router on the external interface is 8MbpsT
View 3 Replies
View Related
Dec 9, 2012
We are deploying over 20 RV180W Routers for a client and need to find a faster way to configure them for shipping.We have created a base image (all settings that will be shared between the 20 locations), we need an easy and quick way to make IP changes for the 3 VLANs and Local Security Groups for the IPSEC VPN.I tried to edit the CFG file by hand, but the checksum fails when it is loaded into the RV180W.How can I accomplish this? Can I manually create the checksum?Can I remove the checksum?
View 3 Replies
View Related
Dec 5, 2012
I have an ASA 5505 without any IPS module.While copy/pasting some configurations from another 5510 with IPS I copied my mistake the some of the IPS configurations part. Now I can't remove it.When ASA starts I get this Warning:
...WARNING> IPS policy is configured without an SSM card.
*** Output from config line 828, " ips inline fail open"
Those lines are:
policy-map Outside_Policy
class IPS_class
ips inline fail-open
When I try to do "no ips inline fail-open" I get an "invalid input detected".If I try a no class IPS_class I get that is being in use.What can I do to clean up those lines?
View 8 Replies
View Related
Jul 16, 2012
I am using Cisco Works LMS 4.0 for collecting configurations of the devices. After changing the configuration of the device what is the minimum time that LMS detects the configuration was changed and save (make archive) the new configuration in the LMS database ? (Periodic Collection and Polling are disabled). Which mechanism drive this process, SNMP Trap?
View 4 Replies
View Related
