We have implemented a local MAC address filter database on a WLC 4402. Right now, management access is restricted to a select few administrators. We would like to extend the ability of our PC services group to add MAC entries to this database via a script (avoiding the necessity to create Read/Write management user accounts). Is this possible? Is there a better way to accomplish this objective ?
View 7 RepliesI have a 4402 being used as a dmz anchor and we use WCS to allow our Helpdesk to create lobby ambassador accounts. Recently they have been getting error messages when attempting to create accounts. I am seeing the database maxxed out at 2048. The docs state database entries are made up of mac filters(don't use)..ap mic/ssc(don't use)..Dynamic interfaces(minimal) management users(2) local netusers (100 approx)..and excluded clients(none). So the numbers don't add up.I am on 4.2.61.0 code.. I will say also that WCS shows alot more netuser accounts than my anchor does but no where the numbers to max out the database. Is there some other criteria that hits against the datasbase number?? And what can I do on the WCS to insure it si synch'd up against the dmz anchor other than a audit..
View 3 Replies View RelatedWhen I try to add new MAC entrys to the WLC I get the following message unable to add mac entry to database, reached max size the problem is when I look at the stats there is only 386 MAC entry and the databse size was set to 1024 entry..The work around was to increase the size of the database to 2048.Is there any why to clean up the database?
View 2 Replies View Relatedl have implemented mac filtering auth on my wireless network, l have 2 WLC ( 1 WLC 5508 and 1 WLC 4402, and I wonder if you can migrate the mac address database of a WLC to another and how can l do this.
View 4 Replies View Relatedwe need to be required to import MAC filter databse from Cisco Wireless LAN Controller (4400) to Cisco ACS Server (v4.2).
View 2 Replies View RelatedReceiving the following syslog message from a 4402 WLC:
%CAPWAP-3-AP_DB_ALLOC: capwap_ac_db.c:145
Unable to allot AP entry in database. We receive this message about once a minute on average. I can't find any documentation saying what it is. It looks like a database error, which makes think it might be a memory issue or an issue with having too many AP's on the WLC. However, that controller has less than 30 AP's on it.
i configured pix 525 for easy vpn. About 100 to 200 people will use this service. i dont have much knowledge about radius and tacacas servers. Is local data base enough for extended authentication or should i configure the server for it ?
View 2 Replies View RelatedWe are wanting to use local database users to authenticate our SSH connections to our 6500 cores.
We have added the usernames and password into the 6500 using
username anameduser password astrongpassword or username anameduser secret astrongpassword
We where expecting the commands to be the same as other iOS devices example C3750 we would add.
Line vty 0 4 login local
And this would allow us to use the local user database to authenticate our ssh sessions.
The login local commands are not availbe on the 6500s and we have not found any documentation on how to impliment a local database for this purpose except in a CatOS 6500.
i'm trying to configure acs 5.2 to LDAP external idenity store, when LDAP failes ACS 5.2 should use internal indenity store. I configured A sequence to use LDAP 1st then Internal and i shut off the link to the LDAP but ACS will not use internal, AAA Diagnostics keeps telling me that Cannot establish connection with LDAP server and will not use the internal store.
View 7 Replies View RelatedI recently upgraded the firmware to 2.0.2.01-tm (from 2.0.0.19-tm). Now I noticed the RV082's local DNS server ("DNS Local Database" feature) does not work any more. Any URL-IPaddr combo I used to put in there was resolved prior to sending a request to the WAN's primary/secondary DNS server. It isn't a PC problem. I tested on different real and virtual machines, windows and Linux. Is there new "enable" switch somwhere?
View 3 Replies View RelatedHow i can use both LDAP Authentication and local user database to authenticate the remote vpn clinet in asa 5505?
when i try to do the things either only one method is working both are not working at a time.
i am running NX-OS image n5000-uk9.5.1.3.N1.1.bin on the nexus 5020 platform.i have configured authorization with tacacs+ on ACS server version 5.2 with fall back to switch local database.a user test with priv 15 is craeted on ACS server, password test2 everything works fine, until i create the same username on the local database with privilege 0. ( it doesnt matter if the user in local database was created before user in ACS or after ) e.g.: username test password test1 role priv-0 (note passwords are different for users in both databases)
after i create the same user in local database with privilege 0,if i try to connect to the switch with this username test and password defined on ACS, i get only privilege 0 authorization, regardless, that ACS server is up and it should be primary way to authenticate and authorizate the user.
I have a weird issue. I recently setup an ASA 5510 and had SSH working. To make it easier on my VPN users I then decided I wanted to setup a Windows 2008 Network Policy Server for RADIUS authentication. Ever since I added the RADIUS part to aaa authentication, when I use SSH to connect to the ASA it will not take the local user name and password I have setup. I can however get in using a Domain user name and password. Below is the SSH and AAA configuration. Am I missing something here? The username and password in the ASA is not on the domain and it's like the ASA is not even trying LOCAL when it tries to authenticate. I want it to use the local username and password if possible. I'm kind of new to ASA's..
On another note, I have never been able to SSH in on the internal interface. I always get a "The remote system refused the connection" error message. I can only use the outside interface.
Site-ASA# sh run | in ssh
aaa authentication ssh console SERVER_RADIUS LOCAL
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
[code]....
We are currently looking to upgrade (re-design) our wireless network at our college. Any experience going from a local, controller-based wireless network to a cloud-based controller? If so, what have you found the pros and cons to be?
If you thought about going to a “cloud solution”, what stopped you?
We are currently running wireless at our 3 primary campus locations, and looking to add it to our 3 satellite locations. We use 4402 WLCs at our primary locations with a mix of 1140 and 1240 APs.
i'm trying to setup a local DNS server to manage small office local-only domain names for our servers. i have the DNS working properly (resolving local machines and using the ISP dns if it can't). so i put the DNS server ip into the "Static DNS 1" field of the router settings. the other 2 static dns fields are empty.the problem is that the router is still using the ISP dns server as the primary and my local dns server as the secondary. i verify this in two places. first, if i go to the "status" tab, DNS 1 shows the ISP server while DNS 2 shows my local DNS server. secondly, if i connect to the wireless device with a linux-based machine, the /etc/resolv.conf file shows the nameserver ips in the same incorrect order.
View 1 Replies View RelatedHow do I, if I even can, adjust the MAC table timeout from 5 minutes to whatever is bigger and allowable?
I would like to also like to change the ARP table timeout as well.
I need to generate an ODBC connection to the upm Datasource on LMS 4.1 running on Win2K8. I have successfully built connections to cmf, ipm and rmeng, however UPM keeps failing saying that the Database is not found.
Here are my settings.
Driver = CiscoWorks Embedded Database
ODBC Tab - Data source name = upm
ODBC Tab - Description = Device Performance
Login Tab - Supply user ID and Password is selcted
Login Tab - User ID = lmsdatafeed (i have tried DBA as well)
Login Tab - Password = set using the password I estabplished with the dbaccess.pl and dbpasswd.pl scripts
Database.Server name = upmEng
Network.TCP/IP = HOST=<lms server ip>;DOBROADCAST=NO;ServerPort= 43800
I validated the server port using netstat -a -b -o and matching up the PID with the UPMDBEngine process shown in the LMS Manage Processes window.Windows firewalls on the remote machine and the LMS server are off.
what is the database to use cisco LMS3.2 and how to access the database?
View 3 Replies View RelatedIf i reinialize(restore) the cmf database.do i need to reinialize all the databases.???
or if i reinialize the cmf database and do bulk import the devices is enough?
I would like to know if its possible setup database replication from Cisco ACS 4.2 server to ACS 5.4 server ?
View 3 Replies View RelatedI am not able to replicate Database between two ACS SE 4.2. I am getting the following error:
Inbound database replication from ACS 'ACS_BEX_001' denied - shared secret mismatch.
The configuration apparently is ok. I am attaching the configuration from both ACS.
We are using CWLMS 2.6 on a UNIX machine. And recently we changed the SNMP String to our network devices. One of L2 switches keeps logging the following message:
%SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 10.x.x.1
Where 10.x.x.1 is ciscoworks LMS server. I found a solution on many sites that suggest resetting DFM database. I stopped first the daemon manager and tried to apply the perl script:
perl dbRestoreOrig.pl dsn=dfmInv dmprefix=INV npwd=cisco
but it gives me the following error:
Can't locate CRM.pm in @INC (@INC contains: /usr/perl5/5.6.1/lib/sun4-solaris-64int /usr/perl5/5.6.1/lib /usr/perl5/site_perl/5.6.1/sun4-solaris-64int /usr/perl5/site_perl/5.6.1 /usr/perl5/site_perl /usr/perl5/vendor_perl/5.6.1/sun4-solaris-64int /usr/perl5/vendor_perl/5.6.1 /usr/perl5/vendor_perl .) at dbRestoreOrig.pl line 31.
BEGIN failed--compilation aborted at dbRestoreOrig.pl line 31.
CRM.pm already exists in the path ENV{NMSROOT}/lib/perl/db
At line 31 of dbRestoreOrig.pl – the error – I found the following:
push(@INC, "$ENV{NMSROOT}/cgi-bin/dbadmin/pdbadmin");
use lib "$ENV{NMSROOT}/lib/perl/db";
I gave the system the path of NMSROOT and run the script again but it gives me the same error “Can't locate CRM.pm”
we are desperately trying to set a custom password of our WCS database in order to use it for direct SQL queries (Cumbersome over Web surface). To my knowledge there is a way to reset it however this password would be randomly generated and not available in plain text.
Until version 6 there was a feature to directly set a password via the dbadmin command.
I have done a WCS 7.0.220.0 to NCS migration prior to moving to Prime 1.2. I followed the instructions to export the WCS database via the export.bat all command and exported the database. However, when I import this zip fileto NCS there do not seem to be any of the original WCS templates. All the maps and AP details have migrated but no templates.
I have tried the export again and ploughed through the resultant zip file looking for anything that looks like template files but there is nothing immediately apparent that looks like templates.
I tried to change my password for rmeng using the following command:
./dbpasswd.pl dsn=rmeng encryption=yes npwd=NEWPASSWORD
Here is the output from the dbpwdChange.log
INFO: Start changing password for database 'rmeng'...
Thu Sep 29 14:51:18 GMT 2011> INFO: New userinfo updated into database
[Code].....
Recently I installed LMS 4.1 accidentally on the c-drive, which, as a result, fills itself with a growing database and associated logfiles. How can I move both items to another drive safely? I allready managed to move configs and downloaded software.
View 7 Replies View RelatedI have question about the basics of a high performance application and database server connection to each other. I have two servers, one application and one database server. Both of them are Windows 2008 R2 servers. I would like to connect them. What is the best configuration for quicker communication between them. Is it better to connect them through a network switch? Or directly connect them? Do I need to dedicate one of the ethernet ports on each server to separate their traffic to each other, from the internet connection traffic?
View 5 Replies View Relatedan attacker have configured his PC with an static IP address but there is no such entry configured statically in switch, neither in DHCP snooping database.now when he want to generate traffic will switch block him? because there is no entry of his PC in the switch database.
View 2 Replies View RelatedFirstly the ACS 4.2.1 for Windows database replication does any one have and documentation on the processes required?Secondly I have a single system installed which is providing TACACS authentication for management access to a Cisco 5508 WLC, the controller prompts with a login box on connection to the web interface. When you put in the username and password pair the box comes back as if the authentication has failed. On the ACS I was unable to see any failed authentications so enabled passed authentication reporting and can see the user passing the process. The WLC is running software version 6.0.199.4. On the ACS I have added the extra two options within the TACACS interface configuration and have a ‘role1=all’ against both the user and the group the user is part of so I am confused as to why the user is still denied access.
View 3 Replies View RelatedJust installed ACS 5.0.0.21. Monitoring and reports database was working, but now is not. When trying to open, I get "Monitoring and reports database currently unavailable. Trying reconnect in 5 minutes." From CLI "sho application status acs" gives me the following:
ACS role: PRIMARY
Process 'database' runningProcess 'management' runningProcess 'runtime' runningProcess 'adclient' runningProcess 'view-database' runningProcess 'view-collector' runningProcess 'view-jobmanager' runningProcess 'view-alertmanager' running
Also, logs show nothing unusual.
Would like to check up either Microsoft SQL Express 2012 is able work with ACS 5.3 remote database?
View 5 Replies View RelatedI have the following message in my CiscoPrime LMS 4.2.2 home portal: Discrepancies: Unable to connect to Data base. Probable Cause: ANIDbEngine process may be down.
View 4 Replies View RelatedI am considering using IP sticky timeout, but have a quick question about the database, is the 800,000 sticky connection per appliance or per context?
View 1 Replies View Related