I am trying to install a digi cert on a 7921 and I get the message on import of "certificate verification failed".as there does not seem to be much documentation with the above error message.
View 2 RepliesWe plan to use machine certificates on our notebooks with Windows Vista. Our authenticating server is Cisco ACS 5.1. To access the wireless network we want to use the machine certificate of the notebook and a verification of the corresponding computer account in the Active Directory. What authentication method is the best to check the machine certificate and if in the Active Directory exist the enabled corresponding computer account ? How to configure the ACS and the notebook to use it like described ?
View 1 Replies View Relatedi get for all devices telnet credential failed in my credential verification report. I exported the device from the Device Manager into a csv file to verify the correct passwords.The export shows the correct values in
<DEVATTRIB Name="primary_username">cwuser</DEVATTRIB>
<DEVATTRIB Name="primary_password">secretpassword</DEVATTRIB>
There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
I'm trying to troubleshoot a problem with mpls fast reroute. The primary (protected) link is between PE-PE and the backup link is PE-P-PE. The IGP I'm using is OSPF. When there is a issue with the primary link and debug mpls tra tunnels signalling there is a message "LSP-TUNNEL-SIG: TunnelX [237]: re-route path verification failed (protected) [Can't use link x.x.x.x on node x.x.x.x]". After 30 seconds (without ospf tuning) the SPF is recalcalated, but that's not the point From the show mpls tra tunnels tu1013 (the backup one)everything looks ok:
Status:Admin: up Oper: up Path: valid Signalling: connected From show mpls tra fast-reroute database everything is ok, the status is Ready I'm using 7206VXR, Version 12.4(24)T3
I'm currently in the process of the setting up a new wireless network and I want to test out our 7925 phones on it. When I try uploading the certificate to the phone it fails and I find the following error in the trace logs
[code]...
I created this certificate using using Windows Server 2003 and it is 2048 bits. This certificate works fine with my laptop but I'm unable to upload it to the phone. The app load currently on the phone is CP7925-MFG-D.8.LOADS. Are there any specific guidelines out there when creating a certificate for a Cisco 7925 phone?
I got error message when I convert to certificate authencate via tunnel group.
error message: "certificate validation failure"
client prompte me that "your client certificate will be used for authenticate" but none certificate list popup even i disabled "autpmatic certificate selection" preferences.
some information about my configuration :
ASA 8.2(2)4
Anyconnect VPN 2.5.1025
authentication against aaa is working
some key point:
ASA:
ssl trust-point remote.apac outside
tunnel-group APAC_AnyConnect webvpn-attributes
authentication certificate
I've configured in an UC520 a SSL VPN.I can access properly and I can see the labels, but I only can access urls which are http, not https:I can access the default ip of the uc520 (192.168.1.10) but When I try to get access to a secure url I get the msg: Failed to validate server certificate I'm trying to access a Cisco Digital Media Manager, whose url is URL Does the certificate of both hardware has to be the same?
View 7 Replies View RelatedI just recieved new 7921 phones. I cannot get them to pick up a dhcp address
I keep getting DHCP "Timeout's" and " Configuring IP" . The ould 7921's and the new 7925's work just fine. I have tried removing and reconfiguring the WLAN and Interface on the Controllers. I even removed and reconfigured the DHCP scope in Infoblox.
We just installed MSE with CAS (7.0.201.204 software) and everything works fine and clients are shown on WCS floor maps except for Cisco 7921 wireless phones which dont appear in the WCS map.
View 3 Replies View Related We have two different entities we support and both are set up as autonomouse wireless groups. The SSID is the same though so they can use their 7921's between floors and buildings. The problem we have had is that the phones on the first floor were getting the IP's of the organization on the second floor. When you view the AP's on the phone the ap directly next to it on the first floor (the one its suppose to talk to) is listed first, The strange thing is that shows it is connected to the right AP (the first floor one). The AP on the second floor is also listed but its about third down. After the phone sits it will actually change IP's but not all of them. Their were a few phones that took about a half a day to get the correct IP.
My question is how do these phones grab their ip's? I know how DHCP works but I am needing to know specifically how the radio works on the 7921's. What is the boot up process? It appears that it must cycle through each channel starting with the highest and loop through a process in descending order: compare ssid's and then authenticate if possible. I am assuming it is seeing the second floor first because initially they all get the second floor ip. The second floor is on channel 60 and the one it should connect to is on channel 36 (We are using 802.11a). That's how I came up with my descending channel theory.
i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
would it be the change on GUI? So now where i can import the CA certificate to ISE?
We have some remote H-READ APs at a branch office and a 7921 phone which drops calls/loses audio when roaming between APs.We are just using WPA2 without any 802.1x or CCKM/PKC.
Do we absolutely have to set up a radius server/8021.x/EAP to enable fast roaming?We had 2 AP's autonomous with WPA2 before and roaming didn't seem to be an issue. We now have 4 APs over WLC in the same office and the phone calls are very unstable.
I'm getting high utilizatiom from a 7921 ip phone and call quality is getting very low sometimes. What can cause this high utilization?802.11 Mode 802.11a Scan Mode Auto Restricted Data Rates False Call Power Save Mode U-APSD/PS-POLL BSSID xxxAccess Point xxxTx Power 15 dBm Channel 44 RSSI -57 Channel Utilization 153 DTIM period (ms) 2 Security Mode Shared+WEP Encryption WEP Key Management Shared
Load Information
Load Profile................................. PASSED
Receive Utilization.......................... 0 %
Transmit Utilization......................... 0 %
Channel Utilization.......................... 69 %
Attached Clients............................. 4 clients
I have configured a cisco UC520 with inbound called coming in on FXO port 0 and have configured it as a co-line. I have 4 phones set up on the system including the wireless 7921 phone, the problem is that if i answer the call on the 7921 it does not give me the option to hold or transfer the call however the other phones do (7931).
View 1 Replies View RelatedOne of my 7921 phones disconnect ten time an hour and during conversations. Sometimes, people who call on this phone are redirected to the answer message.This phone is connected through WIFI network and Cisco Callmanager 4.2 manage all phones (we have about 80 phones on the network). I thought it was a problem with the phone but I exchange with another one and it's exactely the same problem. The problem is just for a line in particular. All the 7921g phones in my company are configured from mac address in the call manager. This problem occured after a storm but I'm not really sure that it's related to.
View 2 Replies View Relatedwhen running Credential Verification Report, I get following notification: "None of the devices have credential verification data".I have made different Default Device Credential sets that I'm using when I add devices to LMS. I could not see wether this is bug in LMS 4.1 or if I have to do this a different way?
View 1 Replies View RelatedWe have a new deployment where we have 5 total 7921G wifi phones connected via 2 AP541n access points, one connected to a ESW520p switch and then to the UC540 and the other connected directly to the UC540. The wifi phones are intermittently giving no audio when calling each other, however, calls to the PSTN consistently do have 2 way audio. Is this a security issue perhaps? We are running the latest CCA software pack as this is a brand new deployment, also the AP's were upgraded to the latest firmware.
View 14 Replies View RelatedI have a problem when doing this report. If I do a device credentials report on a user defined group (40 devices) 11 of these devices fails to connect via SSH. I can make an SSH connection to all 11 devices from the CiscoWorks server, but 11 devices still fails on the report
Device Name Read Community Read Write Community SSH
1. 149.212.XXX.164 Ok Ok Failed to connect.
2. 149.212.XXX.153 Ok Ok Failed to connect.
3. 149.212.XXX.152 Ok Ok Failed to connect.
4. 149.212.XXX.151 Ok Ok Failed to connect.
5. 149.212.XXX.150 Ok Ok Failed to connect.
[code]....
My Dell Laptop is connected to Wildbue via LAN connection to Broadband. January or February I connected Belkin Router to obtain Wi-Fi access for other laptops, Cell and PS3, Everything seemed to be working fine. I tried to disconnect the Dell in order to use it via Wi-Fi. This caused problems when my sons laptop lost connection. My guess was that it was actually routed through the Dell via network. Anyway, as I was working to network all correctly. My sons friend decided that he couldn't wait for internet and forced another laptop to login to internet. In the process, it appeared that he changed by router password so that I could not access it. Being a beginner when it comes to network connections, etc., I spent alot of time trying to correct the Belkin Router. I finally disconnected the router and attempted to remove all detail on my Dell. I am sure that my adapter information is not completely accurate. Or so it appears. Note that I do have LAN internet connection and I can search for wireless access. If necessary, I will reinstall the Belkin Router since it is my understanding that it is needed for Wi-Fi access to my internet provider connected via Broadband modem.
I am sure that there will be corrections. I am sure that there is more that will need to be done in order to provide access to other laptops and cells. At this time, I am getting internet on my main laptop that is connected via LAN connection. However, I am having problems understanding adapters for wireless connects.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Documents and SettingsPenis>IPCONFIG/ALL
Windows IP Configuration
[code]...
I recently installed and configured the Prime LMS 4.1 Soft Appliance. After discovering the devices on the network I ran a credential verification check on everything. All of my devices passed accept for the Nexus 7010s and Nexus 5020s -- these show up in the failed device report with a BLANK value for SSH and "Did Not Try" under Enable by SSH. I have verified SSH is enabled and accessible outside of Prime, and that there are no access lists preventing access. All other tests pass for these devices.
I've also visited the troubleshooting workflow section for these devices, and when I test the connectivity, SSHv2 passes.
I've downloaded all of the updates available for the device packages and have tried other credentials. All other aspects seem to be working properly.
Recieved this unit from an individual who has very little knowledge (like myself) with the 800 series.
I'm having issues just getting into this device, when I power it on and console into the unit i am presented with an "Access Verification" prompt that requires credentials that I do not have/know.
At some point (not sure how) I managed to get to a "yourname#" prompt at which point I configured using this document here and created a username and password and some other basic settings, I saved the config and did a reload and it takes me right back to that "Access Verification" prompt.
Sould I be using the CCPE to gain access to this device instead? Is there a way to recover that "Access Verification" username and pass? How did I ever get to that "yourname#" prompt?
I have a 6509E switch with dual 6Kw power supply that is logging "Power supply 1 input has changed. Power capacity adjusted to 2671.20W" then will bounce back to normal at random times from 1sec to 10sec. Is there a command to check what each input level of the power supply to try to identify possibly which source is causing the problem? The power supply input lights remains green while this is occuring.
View 3 Replies View RelatedI'm trying to test port-security in my c3550 but when I show port-security int f0/23 shows it only "Disabled" as below:
run
interface FastEthernet0/23switchport access vlan 200switchport mode dynamic desirableswitchport port-security mac-address stickyspanning-tree portfast
Network newbie need to verify all necessary services and protocols on a new WS-C6509-E are turned on. This layer 3 switch will be used to connect to servers.
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI9, RELEASE SOFTWARE (fc2)
[Code]....
I seem to get conflicting information on using the Management port as a regular routed interface on the ASA5510..The management interface can be used for the traffic that passes through the firewall as well. The Security Plus License for the ASA 5510 is required in order to use the management0/0 port as a regular interface. With a base license on the 5510, the management0/0 port cannot be used as a regular interface.
I believe that I saw another post that mentioned it was part of the standard IOS if you had a later version.
I am having Cisco 3845 series router with c3900-universalk9-mz.SPA.151-4.M2.bin IOS . I want to install new Licence on it for DATA. When i am trying to install licence on it i am facing the error "% Error: License installation failed with error: XML parsing failed".
View 4 Replies View RelatedI've been reading over the documentation, but only see instructions for using a self-signed certificate for SSL. Or even trusted certificates between LMSes. But I can't seem to find anything on LMS 4.0 using a Certificate Authority. And I have a security requirement to do so.
Is this possible in LMS 4.0?
It appears we had a vendor setup an SSL certificate for our vpn. I see it under the ASDM on configuration -> device management -> Certificate management -> identity Certificates
there is the certificate there and I also see it pointing to the outside under configuration -> device management -> advanced -> ssl settings and under outside the primary enrolled cert is the ssl cert.
only thing i can see which may be incorrect is if i look at the cert details under indentity certificates and select issued to the url says http not https..
I'm currently dealing with a problem related to the integration between the a Cisco ASA 5510 and an AD Microsoft CA on a windows2008R2. I'm basically trying to enroll the ASA in the CA and get a certificate for the ASA to use for SSL VPNs. I'm using SCEP enrollment and I've set up NDEP on the Win2008 CA.
Everything seems to be working just fine and I get the certificate but If I assign it to the interface, first the client receives a warning and then a blank page is shown (everything works just fine with the ASA self-signed certificate). The problem looks like to be related to the purpose of the keys (key usage field) which is not Server authentication. The certificate is automatically generated using the IP Sec (offline) template.
We are trying to re-enroll our certificates that are expiring today and all goes well until we actually try and install the newly generated cert and it it tells us that we cannot install the cert until the old cert is deleted. When we try and delete the existing cert, it tells us that it is currently in use and cannot be deleted. How can we re-enroll these certs without breaking the tunnel essentially kicking us out of the device?
View 0 Replies View RelatedIn order to authenticate wireless users with EAP-TLS or PEAP-MSCHAPv2, what should I select the key length and digest to sign with? 2048 and SHA256 combination should work?
View 9 Replies View RelatedI am operating a 2800 series Cisco router. The router is working fine except that I am not able to SSH into the router. I have checked the running config with cisco's documentation and every line is correct. Prior to me getting this job they did an update and think they have corrupted the a certificate key for SSH.
Any command to generate just the SSH key and not all the other keys that would cause bigger connection issues.