AAA/Identity/Nac :: Status-Server Request And ACS SE 4.2?

Mar 31, 2013

According to traces collected in mt ACS SE 4.2, it would seem that the underlying software does not support the RADIUS Status-Server request. Is this request type is supported in version 5.*?

View 2 Replies


Cisco AAA/Identity/Nac :: ASC5.2 - How To Tell Which Domain Controller Request Is Sent

Sep 12, 2011

Within ACS 5.2, does any know of a way to see which specific domain controller a request is sent to?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 4506 - ACS RADIUS Request Dropped 11051

Jan 10, 2012

Our ACS v5.2.0.26 started to drop connection from wired and wireless connections, with a "Radius Request Dropped" message. The detailed message is : "RADIUS Request dropped : 11051 RADIUS packet contains invalid state attribute".This message is usually preceded with a "RADIUS Request dropped : 24444 Active Directory operation has failed because of an unspecified error in the ACS" error.The communication with Active Directory seems to be ok since worstations are getting a valid ip adress when connected to a non 802.1x switch port (Cisco 4506).

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 - How To Generate Certificate Signing Request On Secondary

Oct 3, 2012

I have a pair of ACS appliances running 5.1 code. The appliances are set up as a replicated pair. I have valid local and trusted certificate authority certificates on the primary.

The trusted certificate authority certificate gets replicated to the secondary. Obviously the local certificate doesn't get replicated. I need to generate a certificate signing request on the secondary but it doesn't seem to allow you to do it.  

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 1121 - Configuring ACS To Strip Domain From Request And Sending It To AD

Jul 24, 2011

We are currently evaluating a ACS 1121 running 5.2, we are trying to configure this to Authenticate eap-peap requests.

Our users will be using credentials in a format, if the server sees a request using then it would forward the request to a external proxy radius server, if the server saw a request for our domain it would strip off the part and authenticate against AD.
Im finding it hard locating documentation to tell the server if a request comes from a NAS using then strip and authenticate username against AD.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Error Message 5405 RADIUS Request Dropped

Feb 22, 2011

The error message "5405  RADIUS Request dropped", what does it mean ? We have implemented 802.1X on a C4506 switch running IOS 12.2(53), it has worked fine for about 3 months but now I get users not able to authenticate. In the loggs on the ACS I get the obove message.
ACS 5.2 is running Build 3075.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 With AD - Status Is Disconnected

Feb 23, 2011

I have a number of users who are failing wireless authentication. Using the troubleshooter i notice that its show message that Active Directory servers are not available. Under the Identity stores when i check on the connection status it shows disconnected. When i click on Test connection it shows successful. This ACS is a secondary. It has happened before and i removed it from the ACS cluster, rebooted it and rejoined it. Ran test connection and it showed "CONNECTED". Now it keeps showing disconnected.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: What Is The Use Of Status Field In ACS 5.3

Aug 7, 2012

users whose status is manually disabled don not have difficulty in authenticating and access managing nework devices. that makes me wonder what is the difference between status enabled and disabled?

View 44 Replies View Related

Unable To Contact DHCP Server / Request Timed Out

Oct 15, 2011

I have reinstalled windows 7 on my Toshiba laptop, I have my wireless set to automatically connect, I have excellent signal strength and have another pc connected to wireless router, but my laptop does not capture IP addresses. I tried renew command but got message unabl to contact your DHCP server, request timmed out.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Accounting Setup On WLC 440x / 5508 ACS Takes It As Authentication Request And Fail

Dec 8, 2011

accounting in ACS 5.3. When I setup accounting on WLC 440x / 5508 ACS takes them as an authentication request and fail.
Here are some logs what I see in acsview:
Dec 9,11 6:05:11.783 PM
Radius authentication failed for USER: navrka2  MAC: a.b.c.d  AUTHTYPE: Radius authentication failed
 ACS Session ID:
Audit Session ID:
Tunnel Details:


View 4 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1 On ESXi 5.0 - Show Application Status ISE

Apr 11, 2012

I have a very unusual issue with my installation of ISE on my VMWare ESXi 5.0 environment. but whenever I issue the command "show application statuse ise" I get the following output:

ISE Database listener is running, PID: 13675
ISE Database is running, number of processes: 27
ISE Application Server is running, PID: 15163
ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory
ISE M&T Session Database is not running.
ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory
ISE M&T Log Collector is running, PID: 15379
ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory
ISE M&T Log Processor is running, PID: 15457
ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory
ISE M&T Alert Process is running, PID: 15296

View 6 Replies View Related

Unable To Contact DHCP Server Wirelessly - Request Timed Out

Jul 3, 2011

I've been having problems connecting my laptop to the internet through wireless. When I plug it in with a cable it works fine. I also know my wireless works fine because i have other things attached to it. When I try to connect it says limited or no connectivity, but the signal strength is excellent. I have tried to repair the problem but it then tells me it cannot renew my ip address. I've also tried the ipconfig /release then renew, and thats when it says about my DHCP.

View 1 Replies View Related

Cisco :: 5508 RADIUS Server Failed To Respond To Request

May 22, 2013

We are experiencing a lot of these RADIUS failed to respond messages on our WLC's leading to a lot of RADIUS server hopping within the WLC.We are using Cisco 5508's, 1142 AP's and a Microsoft NPS RADIUS backend. SSID is WPA2+802.1xThe first workaround to this problem was to disable aggressive failover on the WLC. But this is only a temporary fix, because in the end, there will be more than 3 consequetive clients, failing to authenticate to the WLAN network. As a result, the WLC will swap to the 2nd RADIUS server configured.When we dived into this a little bit more we saw the following messages being logged on the RADIUS backend at the time we saw the RADIUS messages on the WL:Event ID: 6274: Network Policy Server discarded the request for a user.

View 16 Replies View Related

Cisco Routers :: RV120W - Pass VPN Request To LAN Server To Handle It?

Mar 6, 2012

I want to pass my client VPN request to MS Win Server 2003 - on FW I forwarded port for PPTP service to my server address, but on client side I get an error 619. On Cisco RV120W I have Site-to-Site VPN tunnel which works fine, PPTP server on Cisco is disabled. What should I do to pass VPN request to my LAN server to handle it?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.1 In New MCS Server?

Mar 21, 2011

we Bough new mcs server in order to install ACS 4.1,now acs is running on normal PC and its fully configured , so now i want to back up the acs database and the configuration file in order to install it in the new server so how to do that

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Patch ACS Server To From

May 9, 2011

I need to patch our ACS server to from My question is, do I need to apply the same patch to our remote agents? Cisco's documentation only states that both the ACS and the Remote Agents need to be 4.2.0.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Server Certification From MS CA For ACS 5.3

May 23, 2013

I am wanting to generate a signing request for an ACS 5.3 box to send to a Microsoft CA.  Is there anyone out there using a MS CA for eap-tls? 

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Upgrade An ACS Server From 5.0 To 5.1?

Dec 7, 2009

I'wont to upgade my ACS server to 5.1 . I wont to use Active Directory .  it's seem that  in my curent version AD is not supported !

View 12 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 For A Second Server To Resiliency

Apr 21, 2013

I am looking for any PDF, recomendation, link for best approach for secondary ACS as resiliency.

View 4 Replies View Related

AAA/Identity/Nac :: 1121 - Add Secondary ACS Server 5.4?

May 29, 2013

My customer has an ACS 1121 version 5.4. Now we want to install a secondary ACS 1121.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS Server Certificate From 3.3 To 4.2?

Mar 2, 2011

We have enabled EAP-TLS authentication for our wireless LAN end user in our network setup , And we have defined certificate on our old acs server 3.3  from a third party  CA . I want to use the same certifcate which is being used in 3.3 ,how i can copy that certficate from 3.3 and get it installed on new acs 4.2 .

View 7 Replies View Related

Cisco AAA/Identity/Nac :: 5.2 - Add Second ACS Server To Existing 4.2?

May 13, 2012

Question on this, is 5.2 backwards compatible with 4.2 appliance? If not, what is needed to bring the 4.2 appliance up to 5.2 and will the VMWare version work for the second system with the appliance as primary?  Years ago I had 2 of them and replication worked flawlessly, but we had to take the one unit offline for another project and have never replaced it.

View 3 Replies View Related

AAA/Identity/Nac :: Cisco 881w - Way To Get AAA Configuration Through Server

Jun 3, 2011

configure AAA (Radius server, access list) There are two devices An access point and cisco 881w. It is necessary to set up authentication through a radius server. You can configure detailed how to do this?

View 3 Replies View Related

AAA/Identity/Nac :: ACS 5.3 - Assign Ip Addresses From A DHCP Server?

Dec 8, 2011

I imagine I can use the framed-ip-address attribute to assign ip-addresses but there seem to be support for static ip addresses only?A bit of a drag when we're talking 200+ nodes.

View 1 Replies View Related

AAA/Identity/Nac :: Possible To Send VSA From Radius Server To ASA-5505

Oct 26, 2009

Wondering if it's possible to send a VSA from my radius server to my ASA-5505 that will instruct the ASA to use one of several split tunnel lists I have created, based on the user name supplied in the Radius request.For example, I can send a VSA of "ip:inacl#1=permit ..." and the ASA will dynamically create an access-list for that user.Is there a similar VSA for split tunnel?

View 8 Replies View Related

Cisco AAA/Identity/Nac :: Guest NAC Server AAA Administration With ACS 5.3

Nov 30, 2011

I'm having problems settting up a Guest NAC server to authenticate administrative users against a ACS 5.x server.   In the ACS RADIUS Authentication log,  I can see the user authentication is successful.In the AAA Diagnostics log, I can see the following warning:An Access-Request MUST contain either a NAS-IP-Address or a NAS-Identifier or both; Continue processing.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Converting 3140 CAM To CAS Server

Feb 7, 2011

How to convert a 3140 CAM to a CAS ? if so what software / licensing would be required and is there a documented process

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 How To Enable Log On Secondary Server

Feb 28, 2013

We are using ACS 5.3 with two servers in a distributed solution.All logs are collected on primary server so when this server fails all logs are lost.How can I enable log on secondary server also?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.0 Not Getting Authenticated With 2008 AD Server

Nov 8, 2011

I have a cisco ACS 4.0 build 27  on windows 2003 server . My site was working fine when i was having a AD on 2003 server . Recently i have migrated my AD servers is 2008 .
After the migration the ACS is not authenticating the users . Now i have made a server with 2003 and made the site working . I need a solution to make it work using 2008 server is there any compatiblity issue  between ACS 4.0 and  2008 server .

View 1 Replies View Related

Cisco AAA/Identity/Nac :: How To Setup Sync Between Two New ACS Server V5.3

Dec 4, 2011

I setup one acs v5.3 in one server in NYC and another acs v5.3 in SJC.I want to make the as primary and acs.sjc as the secondary, how do i setup it up?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Integration With NGenius Server

Mar 8, 2011

I'm currently working on ACS 5.1 to use it as AAA server for Netscout NGenius.I followed a guide for ACS 4.2 and tried to replicate the configuration settings in ACS 5.1.
- created a host profile on network devices and AAA clients having the same shared key with NGenius
- added three (3) NGenius required attributes in system administration > configuration > identity > internal users
- added attribute values to Internal User database
- created an access policy:
* identity pointing to Internal Users
- edit in NGenius server to match the requirements
I would like to have NGenius authenticate via ACS 5.1, but as of the moment there is an error message that I receive:

Unicentified error, Code=16510, Details: AV pairs do not match NGenius format ::<insert tacacs username here>, Severity 1, Code: 16510.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Import Server Certificates On ACS 5.2

Jan 10, 2012

When I tried to import the file, there are two lines there, One is Certificate file, the other is for "Private Key File".
My question for you is, is this the private key of CA? My understanding has always been that the private key stays in CA only, not going to any other devices.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Errors In ACS View Server In ACS 5.2?

May 30, 2011

I have deployed 7 appliances CSACS-1121-K9 whose 6 are performing AAA authentications while the last one is is the primary and is the master for configuration and log collector.
Since this morning, I cannot access anymore the view where I can see all Radius authentication for today. I obtain the following message:The server workspace storage for on demand transient reports is full, please try again later or contact administrator to increase on demand transient report storage capacity?

Moreover, if I generate other report, I have the message:18002: iPortal generate report failed.I could find some information which makes references to a Cisco bug CSCtb98071, as below:

Launching a shared report in the ACS 5.1 Monitoring and Report Viewer displays an iportal error for a particular scenario.
#Symptom: You will see the following iportal error message when you launch a shared report:
#iPortal generate report failed.
#Conditions: This error occurs when you add a report to a group in the interactive viewer and save it as a shared report.
#Workaround: Avoid using the option Add Group from the interactive viewer for hyperlinked column entries when you save the report as shared
However, I am not adding any report to any group, so I don't understand why this error appears and how to solve it.

View 8 Replies View Related

Copyrights 2005-15, All rights reserved