Why is it that when SNMPv3 user "TestV3-User" was added to my SNMPv3 implementation on my 6506 switch, the group/MD5/Emcryption settings are missing for this user (See "sh snmp user" output)???
router#sh snmp user
User name: TestV3-User
Engine ID: 80000009030000249706EFC0
storage-type: nonvolatile active access-list: test
[Code]....
We want to set up a wireless user group in our town between a few friends and new people who are interested to join. As far as I heard I don't need a ICASA License for the 5.8GHz Frequency if we are using it for a non profit orginization, so we may use that.
1 x Routerboard
3 x Radio Plugin Boards
3 x 120degree Antennas
to set up a 360degree HS (Highsite).Then at each person's house we will need:
1 x Routerboard
1 x Radio Plugin Board
1 x Whichever Antenna
Is that correct? Then also if we wanto run VoIP on our network, how do I do that? Basicly we want to use it for gaming, file sharing and VoIP. No Internet of anything else.
I have an interesting problem at one of my customers. They are using LMS 4.0.1, but they have a problem with user tracking with SNMPv3. They using a very simple SNMP configuration, wich is the following: [code]
Now they have UT working well for their Ctalyst 4500 switches, and the half of the 6500s (They have 2950 switches as well, but for those UT with SNMPv3 is unsupported). So the problem is the following: they have 12 6500 switches, with the same IOS version (10 pieces of WS-C6506-E + SUP720-3B IOS: 12. 2 (18) SXF17 (IP Services), 2 pieces of WS-C6506 + SUP720-BASE IOS: 12.2(18)SXF17 (IP Services)). They have identical SNMP configuration on both devices. Based on the logs from LMS it seems that on the problematic switches for some reason LMS identifies the switchports as routed: [code]
how to set up SNMPv3 on a Cisco Catalyst 2960-S switch in order to manage it with Cisco Prime NCS?
View 1 Replies View RelatedI got a new 1042 AP and connected it to the network. I have a 2504 contrller with 6 AP's already on it. I thought I could just plu in the new AP and it would show up in the AP group. Instead it shows up as a rouge AP. How do i get the new AP to show up in the default group?
View 24 Replies View RelatedI'am a novice with LMS 4.0.I create 4 device group in Group Management, I restarted my server and since this reboot, I haven't any device in my groups. I would like to use the archive synchronization but I can't see my device in my groups.
View 6 Replies View RelatedI have two tunnel groups using WEBVPN , I have local users at ASA 5510 version 7.2.
How can I authenticate one user in only one group?Now with local users I can loggin in both tunnel groups
We are using ACS 4.2.1.15 with patch 8 on ACS 1113 SE box.
Our requirement is to assign ACS loal group to user on basis of windows Nt group. Which means I dont wants to create individual users in ACS rather when user will login, the auth request will be forwarded to AD(remote database). Depeneding on the remote database group the user should be mapped to local database.
For this I have configured "database group mapping" according to following cisco guide. [URL]
However when ever my AD users are authenticating they are getting the membership of default group as configured in "Default" profile. I am using TACACS+ protocol in my routers and switches for authentication.
whether "Group mapping by External user database" works with TACACS+ or only with RADIUS protocol. If it works with TACACS+ what else configuration need to be done so that my ACS can map users to proper groups instead of default group.
I want to receive full BGP in my switch 6506 with the follow characteristics: cisco WS-C6506-E (R7000) processor (revision 1.2) with 458720K/65536K bytes of memory and Supervisor Engine 720.When I configure the session BGP in my router with me peer the switch begins to work slow and restarts.
View 2 Replies View RelatedI am little confused of how to take bootloader backup of cisco 6506 switch with WS-C6506-1300A CHASSIS and WS-X6K-SUP2-GE sup I am pesting a the part of sh run to show you the image files for the switch.
!
boot buffersize 522200boot system sup-bootflash:c6sup22-jsv-mz.121-8b.EX5boot bootldr bootflash:c6msfc2-boot-mz.121-8b.EX5enable password !
redundancymain-cpu auto-sync standarddiagnostic level complete
take backup two files in a tftp server.
I would like to ask some question about VPN clinet and SSL VPN, on my ASA 5510 i have many tunnel-group it have around 5 tunnel-group and i have one SSL VPN,i also have user 20 user. let me show you that:
1- tunnel-group Staff-VPN remote-access
2- tunnel-group Manager-VPN remote-access
3- tunnel-group normalstaff-VPN remote-access
4- tunnel-group guest-VPN remote-access
5- tunnel-group other-VPN remote-access
and tunnel-group sslgroup type remote-access
and i have user around 20 user and i want to specific user to tunnel-groups like this
1- tunnel-group Staff-VPN remote-access
username AAA password AAA
username AAA01 password AA01
2- tunnel-group Manager-VPN remote-access
username BBB password BBB
username BBB01 password BBB01
3- tunnel-group normalstaff-VPN remote-access
username CCC password CCC
username CCC01 password CCC01
5- tunnel-group other-VPN remote-access
username DDD password DDD
username DDD01 password DDD01
So, How can i manag tunel-groups with user?
I need to block the multimedia streaming to a certain group of users accessing my wireless connection.I'm using squid as my proxy server and the users are registered on a LDAP database. A RADIUS server provides authentication.
View 1 Replies View RelatedI tried to upgrade IOS from SXI2a to SXI9 in cat 6506 VSS. But the problem is that switch always boot with old IOS. I put the new IOS in sup-bootdisk and slave sup-bootdisk, bootvar is ok with new IOS: [code] Show bootvar is ok but switch always boot with old IOS SXI2a, some bug in IOS sxi2a???, I will try to delete de old IOS from sup bootdisk and try with the new one only.
View 5 Replies View RelatedThe core switch is a 6506 and one of the modules is the 48port POE module. The 6506 resides in the main building and we need to interconnect two other annexes to the main building via fibre. is it possible to have just 2 sfp ports on the 48 port module or how to connect the fibre cable to the switch?
Also, if the existent network is made up of Cat5e cables would it be of anyuse to use Cat6 cables for uplink for the switches on each segment to the core switch. I feel basically the Cat5e would nullify the speed of the Cat6 or am i wrong and this would make uplink speed faster.
We have one Catalyst 6506 ( with WS-SUP720-3B, IOS is 12.2(18)SXF14 ) and one Catalyst 6509 ( with WS-SUP720-3B, IOS is 12.2(18)SXF17a ). We used WhatsUP to collect I/O & process memory utilization for both switches. The memory utilization for Catalyst 6509 was ok, but it seems not correct for Catalyst 6506 ( show proc memory displayed the total memory is 512MB, but the WhatsUP displayed only 64MB only )
View 1 Replies View RelatedI just started configuring AnyConnect with ASA 5520 that uses Cisco SecureACS to pass radius authentication. I configured two profiles with different split tunnel restrictions and what I discovered is that when the client connects to the ASA, they are provided a choice of these two groups (I guess there is no way to restrict this) and I can log into either one with any user account. How do I restrict this so that the user can only use one profile? Currently users capable of VPN would be placed in one specific AD group so that is what SecureACS checks. Is there a sample configuration guide to handle multiple profiles with different levels of access?
View 3 Replies View Relatedhaving LMS 4.0.1 is it possible to authenticate user on a group base and assign different privilege to different groups?. The user's group are available in the LDAP server.Do I have to use a TACACS/RADIUS server between the Ciscoworks LMS and the LDAP repository?
View 1 Replies View RelatedThis question might actually belong under tacacs server but it's only happening with the ACE. I've configured tacacs on the 4710 and configured the tacacs server per the documentation. If I enter the shell:<context>*Admin default-domain under the group settings when I login with my tacacs ID my role is set to Network-Monitor. If I set the shell in my specific tacacs ID I'm assigned the correct role as Admin. We're running ACS ver 4.1 and the ACE is A4(1.1)
View 1 Replies View RelatedWe are migrating our ACS 5.1 to ISE 1.0.4.
- On ACS we were doing 802.1x Authentification over an Activedirectory, assigning Vlan according to computer/user group. In some case the user vlan could be different from the computer vlan (ex admin account connecting to a user account). This works great with ACS.I tested the same function with ISE and the behaviour is a bit different :
- When the computer boot, I can see the computer account being authenticated on ISE. The logs show the AD groups the computer belongs to and the Authorization profile is well applied according to the AD group.
- When the user login, I can see the user account being authenticated on ISE, BUT the logs show the AD groups of the previous authentication, the one belonging to the computer not the user. So the authorization profile is the one from the computer not the user.
It seems that the AD group attributes are not well updated :
- AD logs show the second authentication doesn't engage a new group parsing from AD
- Shutting down the switch port when user is logged engage a new authentication a AD group are well updated.
- Bug toolkit reference the same bug but for WLC CSCto83897 so I suspect it's present in other case.
I have a Cisco ASA 5505 that I've setup with an SSL VPN. This is for personal use, and I therefore don't have need for anything more than local authentication. [code]
I'd like to have one profile/policy where I only encrypt data going to my split-tunnel ACL, and I'd like to have one profile/policy where I encrypt all traffic.
The issue ive been fighting is - it doesn't seem like its possible to associate more than one group policy per user. If it IS possible - can you tell me how I associate both groups to my local account?
I just configure VPN for end users in PIX515e with IOS 8 and get stuck with "Tunnel Rejected: User (msveden) not member of group (VPN-shared), group-lock check failed.". tell me how I add user to my VPN group?
View 1 Replies View RelatedI am attempting to install an asa 5510 at my hq. Our MPLS network is provided by our ISP and the routers are managed by them. They will be working with me to add the needed routes to the routers. Using version 8.4.1 That said, here is my challenge:
I am connecting the MPLS routers and WAAS device to my core switch(also performing inter-vlan routing) in VLAN 2. There are 3 connections needed for the mpls equipment and they are all in vlan 2 on my core switch. The firewall (ASA 5510 with security plus licensing) also has an interface (outside) in vlan 2.
e0/0
shutdown
no nameif
[Code]....
configuration guides or suggest TAC as they have been a bit inconsistent with this issue thus far. What am I missing because I cannot get to where inside interface of the firewall is pingable by the lan and the outside interface of the firewall is pingable by the lan.
My question is on ASA and ACS5.2 users.Have my ASA SSL VPN and IPSEC VPN, the my ACS5.2 many users, for example, wireless user.I would now like to establish an independent user group, only the VPN user name and password, while both the ASA VPN can only allow users in this independent group of ACS5.2 VPN login, how to configure?
View 1 Replies View RelatedWe have several ASA 5510 firewalls which are being used as VPN gateways.RSA SecurID is the authentication mechanism using native SDI connectivity. No ACS server is being used.Is it possible to assign user Group and other attributes (such as ACL), using the SecurID RADIUS server? I know this is what the Cisco ACS is for, but is it possible using the RSA RADIUS server itself?
View 11 Replies View RelatedI'm running a Windows Server 2008 Enterprise Edition server that is currently the domain controller, and a Windows 7 Ultimate client. I have a 'Test' user for messing around with group policy - anyway, on the client Start Menu it has 'Test User' which leads to some form of libraries folder. Is it possible to restrict the link without removing their name?
View 3 Replies View RelatedI am using lms 3.2.1 and CM 5.2.2. I have even enabled ping sweep but the hosts IP never show on the user tracking report. I can not see any Available Subnets/Available Sources on Configure Subnet Acquisition and Ping Sweep windows. When I try to enable End host discovery on Trunks and click Show Trunks comes a message: "There are no Trunks in the device(s) selected", but every access device is connected to the nexus core via a Port channel:
interface Port-channel1
description sw-ser-core01 Po12
switchport trunk native vlan 998
[Code]....
We have two catalyst 6506 switches with 10 gb u plinks and around 120 edge switches cat 3750-x switches. Still the module on the core wheere servers are connected is 1000mbps port.Now if we induct a nexus switch to the datacenter what kinds of benefits we can reap In a virtulised environment as well as real environment?following are the some of the queries.Can we reduce the number of edge switches? ( by virtual environment), Inter operabaility between cat ios and nexus ios, how this will affect the environement,What will be the over all benefits ?, What are the cons of this induction ?
View 22 Replies View RelatedI have several 2960s and 3750s and two 6506 (ws-cac-3000w) recently move to new location The power outlet is the same ,but Volt is different current 2960/3750 use this(one phase 3 wire) 220v and new location change to (from 3 phase 4 wire -> one phase 220v)6506 current using(one phase 3 wire) and will be change to (from 3 phase 4 wire -> one phase 220v)
I had search doc about power supply /cable , only show support single phase 220 v ,but not description vlot between each wire !!Does new location power outlet suit for 2960/3750s power and 6500 ws-cac-3000w ?!? Do I need chane power outlet back to current using?
Can I use AAA Radius on a ASA 5505 to block outgoing user access by user name in a group?
View 2 Replies View RelatedI just got the WRT610N and I really like it so far, I'm playing with the NAS option and I can't get it to create any new users or groups. I click on the link, fill out the form and click on 'modify user' (The set-up guide has a button there for 'save settings') and nothing gets created. I tried this several times and there are no new groups or users. I checked the storage.info file and there is no additional users or groups there either. I think I can edit that file but I'm not too sure what these last 2 lines mean
nas_login@admin:admin:admin: off guest:guest:guest: onusers_content@admin:admin:admin:admin: off guest:guest:guest:guest: on
I got a DAP-1522 and here is my situation. I have a wireless router connected to the internet downstairs. I want to extend the range by creating a new wireless network upstairs. So I want the DAP-1522 to connect to the wireless router, and then become another access point upstairs.
I was able to connect to the wireless router in the DAP-1522 setup wizard, but nowhere was I able to configure that actual DAP-1522 WIRELESS setup. Nothing ever showed up on the "Wireless Settings". Just "Save Settings" "Do Not Save Settings" and the rest of the screen empty. On the status page it does show it is connected.
Am I doing something wrong or will the DAP-1522 not do this?
Having problem locating why when a user logs on to their profile, their personal network drive shows everyones personal drive file and they have acces to all files.This is a major security concern as uppper management files are then accessable.It is random, may not always be displayed, or always occur on the same user.The User drive normally displays.
joed on \serverusers$ (H:)
When this takes place the users name is replaced with just Users Users on \serverusers$ (H:) (This can sometimes change to Z drive)
This then exposes all user drives.This does not run from a script but is used in AD under the profile drive letter. Have tried to:Rebuild profile in Active Directory. (New Profile)Re Build user profile on workstation>Rebuild Operating system on Workstation.Change drive on the user profile in AD letter H to Z.Have also tried on a different workstation.
A quick query regarding setting up a local user on a Cisco 2811. I have setup a few users as they need to have remote VPN access into our edge router, this works fine and I'm happy with it. The only thing is that when they come into the office they now have logins to get onto the router, they do not have the enable secret so they can't exactly do a lot (plus I've created them with privilege 0 which cuts a few extra CLI options) but I'd rather not allow them access at all if possible.If they weren't on DHCP then I could setup an access-list but this isn't really an option, I could also set me up statically and deny everyone else, but yet again I'd rather not.Is there anyway to restrict telnet/ssh access based on user alone? So when they put in their login it just boots them out. I could setup something like RADIUS (and therefore remove the local users completely) but I think it will be a bit over kill for the sake of a couple of users.
View 1 Replies View Related