Cisco :: 1.1.1.1 / WLC And ACS Specific Authentication Criteria Query
Sep 29, 2011
I have a wireless network with WLC and WCS and ACS integrated for user authentication.Web login has been enabled on the WLC and authentication of Username is done through ACS.
Q1. For specific SSID (TEST) specific username (Tom) is used for authentication,where as Tom cannot be used for authentication for any other SSID.
Q2. Weblogin page pushed by WLC is https on virtual IP 1.1.1.1 want it to be pushed through http protocol.
View 1 Replies
ADVERTISEMENT
May 14, 2011
Is there a way to configure an email notification for a specific authentication failure? Specifically, I'd like to see if I can have an email notifcation sent to me when failure reason is "13017 Received TACACS+ packet from unknown Network Device or AAA Client".
View 1 Replies
View Related
Oct 16, 2012
I've not found much detail regarding election of a root port other than "The root port is the switch port with the lowest path cost to the root bridge" they also expand on this a bit more for the case below, (italics)." When there are two switch ports that have the same path cost to the root bridge and both are the lowest path costs on the switch, the switch needs to determine which switch port is the root port. The switch uses the customizable port priority value, or the lowest port ID if both port priority values are the same".They explain that on S2, F0/1 is root port because it's lower than F0/2 but don't go beyond this.My understanding is that the following order is true with regards to priority of criteria (in this case), am I right?:
1. Lowest cumulative path cost back to the root bridge
2. In case of tie, the device with lowest Bridge ID
3. In case of tie, the port with the lowest received priority #
4. In case of tie, the port with the lowest local ID #
So, shouldn't this demonstration factor in the BIDs of S3 and S4 before the port priority and IDs of S2 ? For instance, if the BID of S3 was lower than that of S4, wouldn't F0/2 on S2 become the root port? I'm hoping I'm correct in this? Also I've not actually seen these four bullets in any of my official material for STP which I thought was a bit odd. I wondering if anyone else who has seen this before, considered the bridge ID aspect.
View 9 Replies
View Related
Jan 18, 2012
I'm trying to track down the installation and configuration procedures for the common criteria EAL4 evaluated ASA5510 but not having any joy.
The ASA Release 8.3.2 certification report [URL] identifies the required configuration documentation as the "Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Common Criteria Operational User Guidance and Preparative Procedures" but I can not find any reference to this on the Cisco web site.
So far I've only been able to locate the proceedures for the older 7.0 release. [URL]
How to locate the correct documentation needed to configure an ASA5510 to achieve the common criteria EAL4 evaluated configuration.
View 2 Replies
View Related
Oct 25, 2011
I use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.
View 2 Replies
View Related
May 24, 2011
ASA 5520 running 8.0.4
ASDM v.6.1
Need assistance understanding how in ASDM/Configuration/Site-to-Site VPN/Connection Profiles/ "Any Entry" I can specify that I only want to offer an IKE Proposal of pre-share-aes-256-sha?
The IKE Proposal field has a number of possible options including: pre-share-aes-256-md5, pre-share-3des-md5, pre-share-aes-256-sha, pre-share-aes-192-sha, pre-share-3des-md5, pre-share-aes-sha and pre-share-3des-sha.
I am able to pick a specific IPSec Proposal w/o issue but when I attempt to do the same for the IKE Proposal, and click OK the choice does not "stick" but rather returns to the entire list as defined above.
View 2 Replies
View Related
Jul 1, 2012
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1
match ip 10.136.0.0/16 any
exit
policy qos port-a1-ratelimit
class servers-to-be-slowed action rate-limit kbps 1000
exit
interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
View 4 Replies
View Related
Dec 18, 2012
I have a Router 2801 with the run conf :
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.63
ip dhcp excluded-address 192.168.1.192 192.168.1.254
!
[code]....
I want to assign a specific IP to a specifig host by MAC .. for example i want the ip 192.168.1.10 to be assign to the host "client1" by mac.I've been creating a new dhcp pool static:
!
ip dhcp pool static
host 192.168.1.10 255.255.255.0
hardware-address xxxx.xxxx.xxxx
client-name client1
!
but the "client1" is still taking other ip.
View 10 Replies
View Related
Dec 12, 2011
If i require ACS 5.3 in HA. Do i need to procure two ACS with the add-on licenses?
View 1 Replies
View Related
Feb 8, 2011
i have a query regarding the no. of isakmp policy priority creating..when i create a new policy in ASA 5500 firewall, i get the below error...i assume it will support only 20 nos, where as we can use between 1-65535.. can anyone from cisco confirm it...running version is 8.x & VPN Plus license.Policy limit reached. No more than 20 isakmp policies can be configured.”
View 2 Replies
View Related
Jun 5, 2012
I inherited a PIX 506 with 6.3. I will admit my background is more towards switching/routing. But while I know it is dinosaur, I need to maintain for partner interoperability. I just want to confirm that what I am thinking is correct and inf not how I can correct it.My thought is that since the access-list command doesn't list "eq" at the end, all ports and protocols are allowed?The other thing I am not used to is that the access-list has not id/number included in the command, so I assume that access-group specifies this functionality.
Here is a snippet of the current config:
object-group network Ext_Net network-object 192.168.0.0 255.255.255.255
object-group network Int_Net network-object 10.0.0.0 255.255.240.0
object-group network DNS network-object 192.168.0.254 255.255.255.255 network-object 192.168.0.253 255.255.255.255
object-group network Servers network-object 192.168.0.25 255.255.255.255 network-object 192.168.0.62 255.255.255.255 network-
[code].....
View 2 Replies
View Related
Nov 2, 2011
We have subscribed for MPLS links from Service provider we have a DC where the core connectivity is 90 MB and Remote branch location Connectivity is 64 Kbps. We are in process of enabling QOS for our links with co-ordination with Service provider ; as per our finding the branches have more RX traffic (downloading) so after discussion with provider we were advised to mark traffic from the core end and give it to the provider.The provider at its PE will honor the marking and set some B/W percentages and prioroty based on the DSCP marking values.
We need to mark this traffic so it is feasible to mark the traffic at the core DC router which has the below H/W details,Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory.
Processor board ID 36161439
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.11
or is it feasible to mark the traffic at the core switch.
View 6 Replies
View Related
Feb 8, 2011
I am setting up a Linux apache and bind server to test the behaviour of Windows XP,Vista, 7 and Mac OS X.I have setup a apache and bind already and they were tested individually. I used Firefox and IE to access the apache page by type in the IPv6 address and the page was showed correctly. And I have tried to query the AAAA record of a local zone "testing.com" in my Bind server using nslookup and the result is good too.However, it is strange that I cannot get it work if I type in the FQDN "http://testing.com" in Firefox and IE. I tried to capture the IPv6 traffic in Wireshark (Attached in this post) and there are no DNS query when I try to access the page. Is there anything that I have to set to get it work properly?(Actually I have tested the same thing on Mac OS X and Vista too but the result is the same)Below is my Windows 7 network setting and some nslookup query:
C:Usersvmware>ipconfig /all
Windows IP Configuration"
Host Name . . . . . . . . . . . . : vmware-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
[code]....
View 7 Replies
View Related
Aug 22, 2011
I am in the process of planning our new network. Our business is changing from hosting its own data centre, to moving it to a professional facility. We have 120 users, over 100 servers (physical and virtual) and three sites (main premise, data centre, dr site). The new network will connect all three. Our new WAN links are almost ordered. We will be making use of a managed MPLS IP VPN, with a 100M access rate at each site. I am currently focusing on the desing of the network at the main business premise. We have a significant investment in Cisco 2960 & 3750 switches and Fortinet firewall appliances. I plan to re-use these in the design.
Our current LAN is very flat and I want to segment the network. My plan is to create a number of VLANs, enable the Inter VLAN routing on the 3750 and then attach the 3750 to the Fortinet appliance which will provide stateful firewalling and traffic policin based on the VLAN (subnet) addresses. It is important that the traffic be routed as quickly as possible from this site to our prod and dr data centres.The 2960's act as the access layer, the 3750 as the distribution layer. The 2960's will connect via port channels (layer 2) to the 3750's and the VLAN interfaces will be configured on the 3750.
I was then planning on creating a VLAN on the 3750 to connect to the Fortigate appliance with a /29 address to limit the addresses used whilst also providing some flexibility for any future design changes.I want to implement a little security between the VLANs on the 3750 switches. I have a question about this coming up.I then plan to use the Fortigate appliance to do basic traffic policing based on source/destination addresses.
The WAN routers will connect to the Fortinet appliance on a Gigabit copper interface. The WAN routers will run HSRP between themselves and only one router will be active at any one time. The failover will be managed by the Fortigate and Cisco routers.I plan to define those addresses hosted at the other data centres and associate them with the interface associated with the WAN.I will then define the routing on the firewall for the two other data centres through summary routes for each of the sites. We will run static routing from the Cisco 3750 to the Fortigate and Fortigate to WAN router. We have no other networks/sites and won't have any others in the future.
View 25 Replies
View Related
Aug 27, 2011
We have Cisco 7609 Router and one 6 Mbps link which is on ethernet . When we are trerminating on Gigaethernet of 7609 router it is not coming up. While same link is showing up and working fine on other routers which is having Ethernet interface.
View 1 Replies
View Related
May 29, 2011
I have a Linksys RV042 and I came aceoss the setting " Dynamic IP+Domain Name(FQDN) authentication" setting under the Local Security Gateway type. How this option actually works. I tried googling but couldn't find a proper link.
View 1 Replies
View Related
Mar 2, 2013
Interface Utilization report displays the interface utilization data for each device polled for the Interface Utilization template. The information is presented using the percentage specifier.
For eg its displayed % (Rx Max%,Rx Avg%,RxMin%,
Tx Max%,Tx Avg%,TxMin%)
I wants report should have the data(interface utilization In Bytes of data)Can we display the data instead of the percentage?
View 0 Replies
View Related
Mar 8, 2011
I was unable to telnet in to a SQL server on port 1433 to test the connection from the client PC.the application could connect and this alone verifies it is working on port 1433 for sql.My question is how can a telnet command on a specific port be blocked ?
View 3 Replies
View Related
Sep 23, 2011
I think I know what I'm talking about here, I just need someone to confirm that what I want to do is possible, and the way Im planning on doing it will work..Basically, I have a sky router (sagem model), and the wireless is weak upstairs in my house.So, I have ordered a new access point.What I want to do is keep the same wireless ssid and key etc, so my devices just connect.
View 6 Replies
View Related
May 24, 2011
Is it possible to find out the IP address of a PC connecting via Remote Desktop Connection.Running XP Pro on a network,I have admin rights to the PC's, but no direct access to the servers.Event viewer shows some details, but no IP address.
View 3 Replies
View Related
Dec 10, 2012
I would like to be able to query the dot1dStpPortState obect on the Catalyst 2960-S on our LAN . Im running firmware c2960s-universalk9-mz.122-55.SE2.bin and according to the Cisco SNMP Object Navigator the object is supported (via the BRIDGE-MIB).However when i query using snmpwalk from my workstation :snmpwalk -v 2c -c bic-zua-ro 10.u.y.x 1.3.6.1.2.1.17.2.15.1.3 I receive and error .SNMPv2-SMI::mib-2.17.2.15.1.3 = No Such Instance currently exists at this OID For the sake of comparison, querying our 4700 :snmpwalk -v 2c -c bic-zua-ro 10.u.y.x 1.3.6.1.2.1.17.2.15.1.3 returns (as expected, cropped)
SNMPv2-SMI::mib-2.17.2.15.1.3.1 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.3 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.40 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.67 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.104 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.257 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.258 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.259 = INTEGER: 5
Is there some special configuration i need to do on our 2960's. The only snmp related settings i can see in the running config is snmp-server community. In this case :
snmp-server community bic-zua-ro RO
View 3 Replies
View Related
Apr 21, 2011
Kerio Control with AD, DNS."Failed to send DNS query to server 127.0.0.1: 10049".
View 1 Replies
View Related
Jan 28, 2013
I wanted to know how, if there are any script which will send an alert once a file has reached a destination over an TCP network.
View 3 Replies
View Related
Nov 18, 2012
in my simple network setup, I cannot resolve DNS queries from inside my NATted network. On the router I can ping both IP-addresses and names. Ping from the local machine works for IP-Adresses but not for names. When doing nslookup, addresses are not found and a SERVFAIL message is returned. I use a Cisco ISR 861 Router to connect our local LAN to the Internet (The WAN of the 861 is connected to another DHCP/NAT-Router, which in turn connects to the ISP-Modem). Addresses in the local LAN are DHCP-distributed, the DNS-Servers from my ISP are configured on the Router and the DNS-Information is distributed correctly to my local LAN machines (as I can verify by doing nslookup on Linux).
View 21 Replies
View Related
Oct 30, 2011
I'm looking at a stack of WAP200 and WAP4410N APs. I'd like to use Cacti to track number of associations on each AP.What's the OID I should be querying? Are there multiple OIDs that would correspond to the multiple SSIDs? I'm running 2 SSIDs on all of them, and it would be extra nice to be able to track number of stations on each SSID, though the total number would also be acceptable as well.
View 4 Replies
View Related
Dec 14, 2012
I have a Compaq Evo N610c with XP Professional version 2002 SP3 that cannot connect to my internet connection. Has error that failed to query TCP/IP of the connections setting.
View 1 Replies
View Related
Oct 17, 2012
confirm if "negotiation auto" is supported gigabit port for C3925E router.
Router(config-if)#Interface gi0/2
Router(config-if)#description test link
Router(config-if)# no ip address
Router(config-if)# negotiation auto
^
% Invalid input detected at '^' marker.
View 5 Replies
View Related
May 2, 2012
How I can allow dmz zone server to resolve only dns query through nslookup on ASA 5540? What is the configuration required on ASA 5540 ?
View 13 Replies
View Related
Nov 23, 2011
I need support on understanding and configuring dhcp relay agent And forwarding. Lets say a bunch of TCP/IP devices required a dhcp ip where it is installed on a perticular server to run so. The server having dhcp pool where it provide the devices with IP addresses as he recieve queries from them requesting to release their addresses. On 2960 switch no dhcp configured and ports assigned under specific vlan under those devices. The issue here, if power goes down and booting process started, the devices started to ask the server for ip add and it takes too much time and somehow it does not take ip and those request kind a dropped. As the minimum requirement is to configure relay agent on the switch and forwarding and multicast?
View 7 Replies
View Related
Feb 16, 2013
I have two 5548s as core. 8 FEXs are multihomed (advanced vPC topology?) to both the cores.Suppose, I have to configure a bunch of ports on the FEXs, say Eth101/1/10 - 20. I would login to the first core and apply the configs.
My question is - do I have to do the same on the second core also? Or would the first core replicate the stuff to the second core? I know about port-profiles/CFS and such. But, without that would it automatically sync to second core?
For testing purpose, I went to Core 1 Eth101/1/10 and put a description "TEST". Wrote the config. After 5 minutes logged into second core and did show run Eth101/1/10. But, the description "TEST" didn't show up there.
Also, doing sh run on any FEX port is faster on one of the cores and very slow on second core... all the FEXs have 20 GB uplink to core 1 & 2 (so total 40GB in vPC, max pinning 1)
View 2 Replies
View Related
Feb 16, 2013
I found my dir-601 router keeps making arp query to all ip addresses in same network periodically.all dhcp clients are general laptops and smart phone, I don't think there are any arp cheats attack on those devices.is it normal?
model: DIR-601
hardware version: B1
firmware version : 2.00NA
View 7 Replies
View Related
May 6, 2012
I am planning on implementing a mode-conditioning patch solution along with LX/LH SFP's over multimode fiber in my network. I wanted to know if this solution is also supported by the G5486 Gbic's, ie, can I use the 5486 GBIC along with a mode-conditioning patch over multimode fiber as well?
View 2 Replies
View Related
Aug 26, 2012
Is there a way to ask the above switch how much power it's supplying to various ports?I've found some stuff in POWER-ETHERNET-MIB, but it's only the main power supply and the up/down status of the various ports.
It looks like what I want is
[URL]
but my SG500 tells me:
snmpwalk -v2c -cpublic serverswitch 1.3.6.1.4.1.9.9.402
CISCO-SMI::ciscoMgmt.402 = No Such Object available on this agent at this OID
View 6 Replies
View Related
