Cisco AAA/Identity/Nac :: 4.8.2 / Adding NAC Server To Manager?
Jul 6, 2011
I have a pair of managers in HA mode and a pair of servers in HA mode. The solution is working in OOB Virtual Gateway. When i add the server in the manager, which IP address must i use, the service IP address or the physical Ip address.I'm running 4.8.2
I have install the administration toolpack on Windows 7 and enabled remote connections on my server 2008 box, When i try and connect with my Windows 7 server manager it does not work.I see stuff on google about enabling a trustedhost with winrm but can't find a way to do this.
We got recently a Cisco Secure ACS 1120 and i upgraded the Appliance to 5.1 from 5.0 with all your support
Now I need to integrate Cisco ACS 5.1 with RSA Authentication Manager 6.1 . I Successfully Downloaded config file from RSA ACE Server and exported into ACS 1120.
I also Added ACS as a NetOS Agent in the RSA Server , during the process i found few warnings . The ACE Server is not able to Resolve the IP Address to NAme ( DOes it Necessary ?? ).
I havent created any secret Key file for communication between ACS and RSA and encryption i used is DES.
Now when I log into ACS and search for Devices in the Identity Store Sequences i am not able to Look for RSA Token Sever .
I have a cisco NAC Manager v4.6.1 when i restart it, the boot freeze at this msg <ext3 fs mounted filesystem with ordered data mode> and it take a very long time.
The server is pingable but no GUI access during the msg.
I setup one network where LMS is in subnet 192.168.5.0/24 and CUCM is in subnet 192.168.1.0/24. both are reachabe to each other and both are also in different EVN/VRF. when i try to discover the CUCM from LMS 4.1. It discover only routers and switches. I am unable to find any CUCM 8.6 server, i did the snmp read community setting in call manager under serviceability.
In addition, IP phones are appeared as END host not as IP Phones. (find attached image)
Using EMM as a nice friendly interface for their terminal server (ie router with NM-16A and octal cables)?when I ask the framework to run the following command it gets stuck will a blinking cursor and clear screen
I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). [code]
I'm using ACS 4.2 and was just wondering if it's possible to add user accounts to it by using snmpset? If so, any documentation on what needs to be done? I have the SNMP running on it and get information from the ACS using snmpget.
Does ACS v4.2 support the addition of the Nexus switches? We have a few new Nexus devices that have been added to ACS, but cannot be accessed successfully. A msg re: role based authentication is received. Do I have to do something special in ACS to support this?
I have a Cisco ACS 5.2 and have set it up as a RADIUS server. I was wondering if there is a way to add and update users automatically? We have a large number of users > 1000 that need to be added into the system and I don't want to do this manually. These users also update their passwords on a regular basis so I would need a script that would update the users automatically without any user intervention.
I am trying add custom attributes for Juniper Netscreen TACACS+ authentication to a v5.2 ACS. The advice is to add it to the group as follows:
ervice = netscreen { vsys = root privilege = read-write } I know how to add this to a version v4.x ACS
However, I do not know how to apply this to the custom attribiutes to a v5.x ACS?do I add the vsys and privilege attribute seperately or together? What should be the attribute name? netscreen? Should it be mandatory?
I just had comcast business class installed. They installed a SMC d3g router. It does not support nat loopback. I had a server installed and could not browse to it inside the lan because of this issue. I was instructed that I needed to set the the servers IP to the external address and open the ports to that. That worked, and I added an internal address 10.1.10.x so that I could see it inside the firewall. The issue that I am having is that since I did this, the server can not be seen by the macs and the mac shares don;t show up for them.
Customer is running LMS 2.6.Scheduled backup was running perfect. But it is no more happening.When we checked we found that the "License Manager/ Deamon Manager is down" message pop ups.
We reset the casuser password, and then restarted the services. It becomes ok.But only the immediate backup is successful. Scheduled task fails for all those devices."License Manager/ Deamon Manager is down" happens quite often.
so i want to move my dns and dhcp to a server (sbs2011). i am currently using a netgear 3700. i am a little confused on how to set this up. i know to turn off dhcp on the router. will the server give out a dns address? do i even need to router, or could i just use a switch?
I work in a small group with a network server so we can share files and documents from computer to computer. I am trying to access this server on a new computer and am not having any luck finding instructions on how to do so. I don't need to sign in to the network (to gain access to internet browser, etc), I need to be able to add this computer to our server so I can view these folders & files on this new computer.
At my office we have a dell server running windows small business server 2003, there are around 15 computers on our network running mostly windows 7 (a few with XP). I am wondering how difficult it is to add a computer to the network so it can log into our domain and all that.I just had to reformat one of the computers and would normally wait for our network guy to do it remotely but If i could do it myself it would save time (and money). I am already an administrator and basically i just need to make it so the log in prompt when windows starts has our office network listed as the domain instead of jus the local log in. It is a dell running windows 7 64 bit.
we Bough new mcs server in order to install ACS 4.1,now acs is running on normal PC and its fully configured , so now i want to back up the acs database and the configuration file in order to install it in the new server so how to do that
I need to patch our ACS server to 4.2.0.124.17 from 4.2.0.124.6. My question is, do I need to apply the same patch to our remote agents? Cisco's documentation only states that both the ACS and the Remote Agents need to be 4.2.0.
We have enabled EAP-TLS authentication for our wireless LAN end user in our network setup , And we have defined certificate on our old acs server 3.3 from a third party CA . I want to use the same certifcate which is being used in 3.3 ,how i can copy that certficate from 3.3 and get it installed on new acs 4.2 .
Question on this, is 5.2 backwards compatible with 4.2 appliance? If not, what is needed to bring the 4.2 appliance up to 5.2 and will the VMWare version work for the second system with the appliance as primary? Years ago I had 2 of them and replication worked flawlessly, but we had to take the one unit offline for another project and have never replaced it.
configure AAA (Radius server, access list) There are two devices An access point and cisco 881w. It is necessary to set up authentication through a radius server. You can configure detailed how to do this?
I'm having problems settting up a Guest NAC server to authenticate administrative users against a ACS 5.x server. In the ACS RADIUS Authentication log, I can see the user authentication is successful.In the AAA Diagnostics log, I can see the following warning:An Access-Request MUST contain either a NAS-IP-Address or a NAS-Identifier or both; Continue processing.
We are using ACS 5.3 with two servers in a distributed solution.All logs are collected on primary server so when this server fails all logs are lost.How can I enable log on secondary server also?
I have a cisco ACS 4.0 build 27 on windows 2003 server . My site was working fine when i was having a AD on 2003 server . Recently i have migrated my AD servers is 2008 .
After the migration the ACS is not authenticating the users . Now i have made a server with 2003 and made the site working . I need a solution to make it work using 2008 server is there any compatiblity issue between ACS 4.0 and 2008 server .
I setup one acs v5.3 in one server in NYC and another acs v5.3 in SJC.I want to make the acs.nyc as primary and acs.sjc as the secondary, how do i setup it up?
I'm currently working on ACS 5.1 to use it as AAA server for Netscout NGenius.I followed a guide for ACS 4.2 and tried to replicate the configuration settings in ACS 5.1.
- created a host profile on network devices and AAA clients having the same shared key with NGenius
- added three (3) NGenius required attributes in system administration > configuration > identity > internal users
- added attribute values to Internal User database
- created an access policy:
* identity pointing to Internal Users
- edit serverprivate.properties in NGenius server to match the requirements
I would like to have NGenius authenticate via ACS 5.1, but as of the moment there is an error message that I receive:
Unicentified error, Code=16510, Details: AV pairs do not match NGenius format ::<insert tacacs username here>, Severity 1, Code: 16510.
When I tried to import the file, there are two lines there, One is Certificate file, the other is for "Private Key File".
My question for you is, is this the private key of CA? My understanding has always been that the private key stays in CA only, not going to any other devices.
I have deployed 7 appliances 5.2.0.26.4 CSACS-1121-K9 whose 6 are performing AAA authentications while the last one is is the primary and is the master for configuration and log collector.
Since this morning, I cannot access anymore the view where I can see all Radius authentication for today. I obtain the following message:The server workspace storage for on demand transient reports is full, please try again later or contact administrator to increase on demand transient report storage capacity?
Moreover, if I generate other report, I have the message:18002: iPortal generate report failed.I could find some information which makes references to a Cisco bug CSCtb98071, as below:
Launching a shared report in the ACS 5.1 Monitoring and Report Viewer displays an iportal error for a particular scenario. #Symptom: You will see the following iportal error message when you launch a shared report: #iPortal generate report failed. # #Conditions: This error occurs when you add a report to a group in the interactive viewer and save it as a shared report. #Workaround: Avoid using the option Add Group from the interactive viewer for hyperlinked column entries when you save the report as shared
However, I am not adding any report to any group, so I don't understand why this error appears and how to solve it.