Cisco :: 802.1x For LAN Authentication?

Jun 27, 2012

how many of you use 802.1x for authenticating users on a wired LAN. We have a new site which supports a ton of users and before implementing an RA VPN solution for them I was thinking about using 802.1x to ensure they've got proper credentials before they're put on the production VLAN.

View 11 Replies


ADVERTISEMENT

Cisco :: Authentication Proxy In ACS 4.0?

Feb 2, 2011

how can I config Auth-proxy In ACS 4.0 in ACS 3.3 we can Add this in the Interface , but I can't see any thing for Add Auth-proxy in This menu

View 2 Replies View Related

Cisco :: Proxy Authentication On IOS?

May 20, 2011

Currently working on Proxy Authentication on a catalyst 3750GCisco's documentation says that I can customize my own web pages for the login, success, failure, and expire web pages. However, I am having a difficult time finding a template to build upon.

View 8 Replies View Related

Cisco :: Setting Up NTP Authentication

Oct 13, 2011

Just a sanity check, but setting up NTP authetication on our switches to sync with our Core first, then our NTP server that the Core syncs to second.

View 3 Replies View Related

Cisco :: Mac Authentication By IAS In WAP4410N

Feb 20, 2012

I have a access point model WAP4410N , I want to configure for mac authentication by using MS IAS , but when I set MY SSID to radius in wireless connection control and try to connect to that SSID by a laptop I didn't get any logs in my IAS. My methods for radius mac authentication is correct or not ?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Web-authentication Using ASA And ACS 5.1

Feb 2, 2012

In order to restrict access to websites on our internal network, would we be able to put an ASA in front of the web server and force users to authenticate through the ASA and, once authenticated, allow only port 80 or 443 traffic for that use?  The ASA would query the ACS 5.1 server for authentication/authorization using AD as the identity store.  Is this even possible with TACACS? 

View 1 Replies View Related

Cisco AAA/Identity/Nac :: MAC OS-X And Authentication Via ACS 5.2?

Apr 1, 2012

My customer has a large installed base of MACs, all connected via controller-based (5508) WLAN. He wants to grant access to the network based on the device's mac addresses and move the WLAN-clients to a specific VLAN.I added all devices with their mac addresses to the ACS internal identity store for hosts.According to the following message the client sends the user-login credentials (chegger) within the RADIUS-request instead of the clients mac address and of course it has to fail.  After many configuration changes, I ended up always with the same result.

View 2 Replies View Related

Cisco :: ACS 5.2 EAP-TLS Machine Authentication

Feb 21, 2012

I have set up an ACS (5.2) to do EAP-TLS Machine and User Authentication.I am getting intermittent results with the machine authentication using the same laptop as a test client.When the machine authentication succeeds the RADIUS name shows as host/xxx-yyy.When the machine authentication fails the RADIUS name shows as xxx-yyy without the host/.

View 9 Replies View Related

Cisco WAN :: 881 To Be Able To Pass On PPP Authentication

Feb 26, 2012

I need to order a CISCO881, only CISCO881-K9 is available.I checked everywhere, still not sure if it is enough for me. We used to buy Sec-K9.I've got an adsl modem in bridgemode in the front. As only 1 IP provided by ISP, I need 881 to be able to pass on the PPP authentication.I also need the router to have vpn server function.Could CISCO881-K9 do this or not?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: EAP-TLS Authentication With ACS 5.2

Jun 13, 2012

I have question on EAP-TLS with ACS 5.2. If I would like to implement the EAP-TLS with Microsoft CA, how will the machine and user authentication take place? Understand that the cert are required on both client and server end, but is this certificate ties to the machine or ties to individual user?
 
If ties to user, and I have a shared PC which login by few users, is that mean every user account will have their own certificates?
 
And every individual user will have to manually get the cert from CA? is there any other method as my environment has more than 3000 PCs.
 
And also if it ties to user, all user can get their cert from CA with their AD login name and password, if they bring in their own device and try to get the cert from CA, they will be able to successfully install the cert into their device right?

View 7 Replies View Related

Cisco :: 877 - SMTP Authentication

Dec 17, 2010

I'm using a router 877 at home and i really need to check out what this router do during the day. So some time ago i configured it using some eem actions and sending to me email, without any problems. Yesterday I changed my internet provider and now i need to use smtp autheticantion to send emails.

I read about how to authenticate, like username:password@host and also made a fast search here, without solve my problem. I need to put as username the email of the provider like: mouse@host.com:mypassword@smtpserveraddress.com. So, i want to know if someone had the same problem and solved it. Of course i couldn't use @ two times or eem would think that host.com is my smtp server! And right now is going in this way!

My IOS version is 15.1(2)T2, eem version is 3.1.

View 27 Replies View Related

Cisco :: NTP Authentication On 3750

Oct 31, 2011

Trying to apply NTP authentication to 3750 switches (layer-2 WS-C3750-24P switches) but they don't wont to work. Applying the same config to any router or 4500/6500 chassis, and NTP authenticates straight away. NTP without authentication works fine on 3750s as well...
 
ntp authentication-key 1 md5 <key>
ntp authenticate
ntp trusted-key 1
ntp server 10.200.11.200 key 1
 
Is there additional config required for 3750s? This is across different IOS versions, so doesn't look like a bug..

View 1 Replies View Related

Cisco VPN :: 851 - AAA Authentication - Not Configured

Jan 18, 2012

I have cisco 851 using ccp to configure EASY VPN
 
I click on TEST VPN SERVER then click start  the status shows successfull
 
when I tried to connect a client I get mm_no_state
 
When I reviewed the report from the test I found
 
AAA authentication : Not configured
 
My AAA
 
aaa new-model
!
!
aaa authentication login tgcsusers local
aaa authorization network tgcsvpn local(code)

View 24 Replies View Related

Cisco VPN :: SSL VPN Authentication Using Radius ASA 8.4

Apr 25, 2011

I am running ASA version 8.4(1), and anyconnect version 3.0.1047. My SSL VPN works fine, but i run into an issue with one user . his account did not work , and everytime users logged in it got this message "VPN Server could not parse request".
 
I found the problem after getting a user information meaning his username and password. His password had "&" as one of the special characters. when we change it to something that does not have that , it works just fine.
 
We are using microsoft NPS server as radius. but when i run a test within CLI it works just fine, only when anyconnect asks to authenticate it fails.

View 5 Replies View Related

Cisco :: Getting CWLMS 3.2 And ACS 5.2 Authentication?

Aug 26, 2011

before i have problem, i installed CWLMS3.2 and ACS 4.2 and everything is ok, but after upgrade, ACS 4.2 to ACS 5.2, CWLMS can't authenticate to devices and get their configuration. i checked everything include creadential, and i debuged aaa authentication and tacacs on devices. it seems devices can not get username from CWLMS. also i run putty on CWLMS server and try to telnet to devices with ACS username nad password, and the result, there is no problem, and i can telnet to device with ACS username and password without any problem.
 
the below text is the output of debug on devices when CWLMS try to archive configuration:
 
R#
Aug 27 05:10:11.571: AAA/BIND(00000064): Bind i/f
Aug 27 05:10:11.571: AAA/AUTHEN/LOGIN (00000064): Pick method list 'CACS'
Aug 27 05:10:11.575: TPLUS: Queuing AAA Authentication request 100 for processing
Aug 27 05:10:11.575: TPLUS: processing authentication start request id 100
Aug 27 05:10:11.575: TPLUS: Authentication start packet created for 100()

[code]...

View 3 Replies View Related

Cisco VPN :: LDAP Authentication On ASA 8.2(1)

Oct 29, 2011

i am facing an issue while trying to configure LDAP integration on Cisco ASA firewall. The requirement is allow the remote access VPN to specific group defined on AD. When i checked the debug logs " debug ldap 255" , it shows that the authenication is sucessfull with the LDAP server , but the ldap attribute is not getting mapped and because of this reason , the tunnel-group default group policy of "NOACCESS" is getting applied ( vpn simultanous set to zero) that results zero connection.
 
I confirmed this by changing the value of NOACCESS from zero to one and found that the VPN is getting connected
 
The name of user account is testvendor that belongs to the group of Test-vendor. 
 
The configuration and debug output is shown below.
 
SHOW RUN
ldap attribute-map ABC-VENDOR
map-name  memberOf Group-Policy

[Code]....

View 5 Replies View Related

Cisco Switches :: ESW 520 802.1x Re Authentication

Sep 13, 2012

I have problem with ESW 520, on 802.1x authentication. The problem is when host authenticates successfully it works about couple of minutes, after it truest too authenticate again but it lags. On network interface it shows notification that if Failed authentication. On ACS I see only one authentication attempt which is successful. This problem is happening on Win7 and Win XP. If I unplug and plug cable it authenticates successfully, but then about couple of minutes it again lags. Switch sees port as authenticated. On Win7 event viewer I have following error:
 
                Reason: 0x70004
                Reason Text: The network stopped answering authentication requests
                Error Code: 0x0
 
If I connect same hosts on Catalyst 2960 switch, they work successfully.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: AD Authentication In ACS 5.3

Jan 22, 2012

I have a new ACS 5.3 installation which I have joined to our AD Domain and added the directory groups into.  I have also added all our devices into ACS and their groups etc but I am still only able to authenticate on the our switches with an internal ACS account, when I try with an external AD account the log shows the following error   "Subject not found in the applicable identity Store (s)"

View 1 Replies View Related

Cisco :: 802.1x ACS 4.1 Authentication Required

Jul 9, 2012

I will attempt to explain the history of our wireless controller configurations as best I can.  We are currently using a 4400 controller running 7.x software which authenticates to and ACS 4.1 appliance.  All of this was set up prior to my arrival on the job and the previous engineers had already left with no documentation in place so I'm trying to piece it together.  The ACS is setup to map to AD for specific groups. 
 
  In the controller we have an SSID called triton which is our corporate SSID that all internal users connect to.  Three different interfaces have been defined, a general one for most users and two others( lets call them INT1 and INT2) that place users on separate ip networks.  The reason for this is those ip networks can reach certain services that are not allowed for general users.  ACS maps those users upon authentication to the Vlans associated with those separate ip networks.
 
Problem 1.  When I first took this job, users could not map drives or any services because only user authentication was taking place..After some troubleshooting and realization that ACS was authenticating, placing the "Domain Computers" group as an ACS group mapping fixed that issue, allowing the computers to authenticate prior and therefore execute the login script
 
Problem 2.  Recently it has come to my attention that some of the users on one of the other interfaces (INT1 and INT2) that should be placed in the vlans associated with their AD group mapping are not.  Upon further investigation it was discovered that the reason they are not is that the authentication is not correct.  When the computer first authenticates before the user logs on its shows in ACS as host/xxxxx.yyyy.org where the user authentication shows as xxxxx/username .  So some of the computers never change from authenticating as a host to a user and the ip address ends up in the wrong vlan.

View 2 Replies View Related

Cisco :: Chap Authentication Not Working

Apr 3, 2012

im having trauble when using chap as authentication for my two routers, i dont know whether my configuration is wrong or not.Is theres anything wrong with the configuration ??note : both routers are c2961

View 11 Replies View Related

Cisco :: Radius Authentication Time

Aug 6, 2012

Any software to measure Authentication time between client and Radius serverr.

View 8 Replies View Related

Cisco :: VRRP Authentication Failure

Jan 1, 2013

I have a following question. I configured different authentication passwords in Master and slave VRRP setup.

View 2 Replies View Related

Cisco :: CHAP Authentication / One-Way Hash

Jun 17, 2012

How the one-way hash is generated given the challenge number and shared secret password?It's just that I was reading Cisco 3 chapter 7, and it doesn't explicitly outline how the one-way hash is actually generated, it simply states that it is generated given the challenge number (randomly generated for every challenge message) and the shared secret password.

View 1 Replies View Related

AAA/Identity/Nac :: Cisco ACS 5.1 And RSA Authentication Manager 6.1?

Apr 18, 2010

We  got recently a Cisco Secure ACS 1120 and i upgraded the Appliance to 5.1 from 5.0 with all your support
 
Now I need to integrate Cisco ACS 5.1 with RSA Authentication Manager 6.1 . I Successfully Downloaded config file from RSA ACE Server and exported into ACS 1120.
 
I also Added ACS as a NetOS Agent in the RSA Server , during the process i found few warnings . The ACE Server is not able to Resolve the IP Address to NAme ( DOes it Necessary ?? ).
 
I havent created any secret Key file for communication between ACS and RSA and encryption i used is DES.
 
Now when I log into ACS and search for Devices in the Identity Store Sequences i am not able to Look for RSA Token Sever .

View 10 Replies View Related

AAA/Identity/Nac :: IPS / IDS Authentication With Cisco Radius ACS 5.2

Nov 22, 2011

I have been trying to get our IPS (ASA-SSM-10 and 4260) to authenticate with Cisco Radius ACS 5.2 and they are not working. However, I was able to get them working with Microsoft Radius. Below is the logs from the IPS:
  
evStatus: eventId=1321566464942057375 vendor=Cisco  originator:    hostId: NACAIRVIDLAB1    appName: authentication    appInstanceId: 350  time: 2011/11/23 17:50:38 2011/11/23 09:50:38 GMT-08:00  controlTransaction:

[Code].....

View 0 Replies View Related

Cisco :: Wism 6.0.196.0 / Web Authentication With Android?

Nov 11, 2012

web authentication when using Android devices. I've been testing it and it seems to be caused by certificates (as it has been said in others discussions). With https disabled in the WLC (Wism 6.0.196.0), the portal authentications loads, but no with https. In addition, another issue I've detected is the DNS resolution of my controller by 1.1.1.1 when redirection takes place. With https enabled, DNS resolution and redirection works fine, so I don't think DNS server misconfiguration is the cause of the problem.I've only been able to see the portal with https disabled and entering manually 1.1.1.1/login.html

View 13 Replies View Related

Cisco AAA/Identity/Nac :: Re-authentication In End Points Using ISE 1.1

Dec 13, 2012

If laptop/desktop goes on sleep mode or keep connected with interface configured for 802.1X for more than 12 hours it does not work or not connect to Exchange server, Cisco ISE console, office communicator..for re authentication i need to restart PC/ Laptop or unplug and replug lan cable from it!but before restarting i am able to ping all DNS, DHCP, OCS, everything..[code]

View 6 Replies View Related

Cisco VPN :: ASA 5510 VPN User Authentication

Apr 5, 2011

We are changing our old Pix 515e this weekend and for brand new ASA 5510.With this new installation, I would like to implement the Radius authentication for remote vpn user. Changing the firewall of the company has many impact and for the first phase the user will keep authenticating locally but I need that in phase 2, they will be authenticated via a radius server.Is there a way to configure both authentication for remote vpn user?
 
All user will be authenticated locally except the member of the IT Department who will be authenticated by the radius server for testing.I have remote vpn users around the world so I do not want these users to be blocked by the testing of the radius authentication. What I want is that users in group1 will be authenticated locally on the ASA and users in group2 will be authenticated by the radius. When testing will be done, all users will be transfer to the radius authentication gradually.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Two Factor Authentication On ACS 4.x / 5.x

Mar 9, 2011

I would like to konw does Cisco ACS 4.x / 5.x natively support Two factor authenication, but not act as a Radius Proxy?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Limit AD Authentication With ACS 5.3

Feb 23, 2012

I need to limit to some AD groups, authentication with ACS 5.3.For example, i need that only users os somedomain.com/users/test1 are authenticatet via ACS --> ADS.

View 1 Replies View Related

Cisco Firewall :: SSH Authentication In PIX 515E?

Sep 5, 2012

I have a PIX 515 Ewhich does authentication for SSH via RADIUS protocol and fails over to the local database if radius server goes offline. But when the radius server comes back online, authentication still takes place through LOCAL and not the radius server. Following are the commands:
 
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10

[Code].....

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 And TACACS + Authentication From VPN?

Mar 4, 2012

I have a Cisco ASA (8.2) setup with remote access for my users using Cisco VPN client. The authentication is passed off to my ACS 5.3 which then checks with AD. What I've done so far is create Access Policy rule where I define specifically the Location and NDG where the ASA is and then a DenyAllCommands command set. This should pass authentications just fine but this also gives those users the ability to remote connect directly into the ASA and login successfully. Even though there is a Deny Commands there I still would prefer they get Access Denied as a message. If I do a Deny Access on the ShellProfile then this stops the login authentication altogether.

View 2 Replies View Related

Cisco VPN :: Two Factor Authentication With ACS 5.1 And Vasco

Jan 2, 2012

How two factor authentication can be implemented using cisco acs 5.1 & vasco?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved