Cisco AAA/Identity/Nac :: 6500 - ACS 5.2 - Clock Skew Error
Aug 14, 2012
I have 6500 VSS Core Switch configured as NTP Server .I have installed ACS 5.2 vmware and sucessfuly integrated with the AD . I have noticed in some case, i lose connectivity between ACS and AD and when i say test connection , it shows clock skew error . Reboot of ACS sometimes solves the issue, else it comes up automatically after some hours . In core switch , i have configured time as PST +4 and in ACS it is configured as PST +4 , which automatically goes to GST.
View 15 Replies
ADVERTISEMENT
Oct 6, 2012
I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.The local site topology is like this:
PC - AP - WLC - ACS - AD
Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.Users was working fine but some users reports intranet disconnections. I see in the ACS log many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.
I switched the role for ACS primary to works as secundary and we see the same alarms.
View 2 Replies
View Related
Jul 5, 2012
usually when I get a card that throws this error I assume it is dead however I just want to verify that I am not missing something[CODE]
View 2 Replies
View Related
Jul 3, 2011
We have NAM-2 installed in 6500 chasis. Some times in GUI It does not analyse the traffic and shows the error msg"error communicating with RMon daemon". But at the same time we can login to NAM through CLI,
The issue resolves by reseting the module by hw-module switch "" module "" reset but not always and happens not very often,
Device details:
NAM application image version: 4.0(1a)
Maintenance image version: 2.1(5)
NAM Daughter Card Micro code version: 1.34.1.28 (NAM)
[Code].....
View 3 Replies
View Related
Sep 19, 2012
One of our Cisco 6500's fitted with a WS-X6704-10GE line card is showing a large number of Rcv-Err's on port 3. The port is disabled and no optic is even plugged in.Upon clearing counters, after every refresh the counters increment by 131070 -- so 131070 > 262140 > 393210 and so on. Seems a little strange that the buffer is full when nothing is connected.
View 3 Replies
View Related
May 8, 2013
i have this message "DHCP Timeout"on few cisco IP Phones . try to assign IP manually and it's working fine.. seems DHCP not giving IP's to those.. 6500 have configured as DHCP pool.
View 3 Replies
View Related
Jun 5, 2011
my MSFC2 sent this strange log message. %DATACORRUPTION-SP-1-DATAINCONSISTENCY: copy error, The error message decoder tool says: "NOT FOUND". The level is "alert".
View 8 Replies
View Related
Feb 12, 2012
Cisco IP phones attached to a Moduke in one of my Cat6500 access Switches suddenly went down. Upon closer inspection of the Switch Sys log, I observed the following Sys log error messages: [Module 9 is experiencing the following error: Inline Power Module - PS Voltage bad. ]A sh Mod output indicates the PoE daughter card and Main Module are "ok" - see attached output. It appears issue is related to the the actual Power Supply module and not the blade module and installed PoE Daughter card. I am inclined to open a TAC case for a PS replacement, but wanted to see if this can be resolved without a hardware replacement. At this time all 48 IP phones attached to this module are out of Service.
View 2 Replies
View Related
Nov 15, 2011
Since yesterday, i see
Nov 16 13:23:21.355: %SYSTEM_CONTROLLER-3-MORE_COR_ERR: 255 correctable DRAM memory errors in previous hour
Nov 16 13:23:21.355: %SYSTEM_CONTROLLER-3-COR_MEM_ERR: Correctable DRAM memory error. Count 623, log 8053C830
Nov 16 14:23:21.340: %SYSTEM_CONTROLLER-3-MORE_COR_ERR: 255 correctable DRAM memory errors in previous hour
Nov 16 14:23:21.340: %SYSTEM_CONTROLLER-3-COR_MEM_ERR: Correctable DRAM memory error. Count 879, log 8053C810
error on switch console every hour.
ios version : Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXJ1, RELEASE SOFTWARE (fc2)
View 4 Replies
View Related
Dec 12, 2012
I was trying to configure copp on one of 6500 sup-2T. Is it ok to add customized policies to the default copp "policy-default-autocopp".When I created my own customized policy using policy-map, I get following error
control-plane service-policy input policy-custom
error: failed to install policy map policy-custom
View 7 Replies
View Related
Apr 27, 2013
I've ISE v1.1.2.145 and Cat 6500 IOS ADVENTERPRISEK9-M, Version 15.0(1)SY2
I'm trying to add 6500 in the trustsec group with ISE and followed the trustsec 2.1 documentation. After configuring it keeps on giving me error in the ISE logs below with the subject #CTSREQUEST#
11302 Received Secure RADIUS request without a cts-pac-opaque cisco-av-pair attribute
Below are the steps:
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
15012 Selected Access Service - NDAC_SGT_Service
11302 Received Secure RADIUS request without a cts-pac-opaque cisco-av-pair attribute
Also after i configure cts credentials and radius-server pac command in 6500, it starts giving me log messages that radius is down and the next moment it comes up again. It is continously doing that.
View 2 Replies
View Related
Apr 10, 2012
I have the next config of radius authentication:
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
aaa session-id common
ip radius source-interface Vlan31 vrf LEGACY
[Code] .....
View 3 Replies
View Related
Sep 11, 2012
I´ve implemented 2 Cisco ISE v1.1 in HA to run MAB and 802.x Authentication / Authorization. Using Local ISE DB and Active Directory as an External Identity Source for wireless and wired users and devices. This was working fine 2 weeks ago after finishing installation.
My NAD devices are a Core SW 6500 for wired users (there are no access SW, just the Core for the whole network, its a small office) and a WLC 2405 for Wireless Users.[code].....
View 3 Replies
View Related
Sep 14, 2011
Today I have configured my ACS 5.2-0.26.4 to synchronize with NTP server which is implemented in Cisco 6500, but it don´t become to work. The switch Core is configuared in HSRP, for that reason in the ACS server I defined the IP virtual of the Core like ntp server, maybe the ACS don´t work with IP virtual of the switch Core. Finally I wanto to kown if is posible to synchronize this versión of the ACS withc cisco 6500. I had integrated this ACS versión with cisco 2800.. maybe the ACS could integrate with same special models.
View 3 Replies
View Related
Oct 29, 2012
I have Configured a WLAN with WiSM2 Controller installed on a 6500 series, Aironet 3600series APs and ACS 5.3 for userauthentication. The ACS is connected to Active directory so users are authenticating using the AD (802.1x is used and not a pre-shared key) on SSID A. I have created a separate SSID B for guest users. I have put restrictions on this SSID. Guest users are also created on the same AD where internal users are created. How can I force Guest users to connect to SSID B and not be able to connect to SSID A? Currently they can connect to both.
View 3 Replies
View Related
Feb 26, 2013
I have a need to allow a small group of users temporary level-15 access to several 6500 switches (running 12.2-33 SXJ2 code), but do not want to provide them with the enable secret password which is used on the rest of the network (over 1200 devices). I tried to eliminate AAA using the "no aaa new-model" command, but was told I could not remove aaa while there were active sessions, and "login local" no longer appeared as an option for vty lines. So, I created a local user database called "support" which I used to replace the "group" entry in the authentication and authorization sections of our AAA config and for login on vty 0 4. [The username is given a privilege level of 15 along with an individual password for authentication. (ex. user name jsmith privilege 15 password 0 xxxxx)] I modified our AAA configuration to support local login, but was unable to establish "enable mode" (i.e. # prompt) with any account. I can login locally, but only to a normal "user mode" (i.e. > prompt).Here is the current, unmodified and sanitized config for our AAA and line vty 0 4 sections. [code]
View 2 Replies
View Related
Jun 3, 2013
ACS 5.4, when I was working in it. In the CLI appeared this file to solution I have to reload the ACS.
SMflag : 1Cmd str: haltSave the current ADE-OS running configuration? (yes/no) [yes] ? noContinue with shutdown? [y/n] Func Trace: <<< vsh_mark_process_status >>>22007: Terminated by signal 2.EOL ==>completedJob is completeRestored the shell's terminal mode.EOL: abnormal exit: code: 0EOL: signaled: 2 InterruptCmd execution successful
[Code] .........
View 3 Replies
View Related
Jun 11, 2013
I am trying to find information on what the max clock rate supported on WIC-2T on a Cisco 2851 and Cisco 3845 Routers.
View 1 Replies
View Related
Mar 6, 2012
I am using Cisco 2960 access switches and dont have NTP server so i can manually set time on switches but problem raised when these switches restart they show their factory default time.
View 2 Replies
View Related
Mar 8, 2012
In cisco 1841 clock time is not stable.Every time the clock time is changed.
View 4 Replies
View Related
Oct 8, 2012
On ACS 4.2.0.124 version installed on Appliance 1113.We are getting error code as "Internal error" and also "Enabling Tacacs+ is not allowed for this Access Server" while client authentication.
View 5 Replies
View Related
Sep 7, 2012
I configured ACS 5.3 and added AAA clients with TACACS+ server and shared secret key as cisco123. i did the below config on switch also. when i try to authenticate login with ACS it does not respond. Find the configuration and debug output.nd
In debug output it gives ruser and rem_addr is null. i did not understand why .
I am able to ping to ACS server and i used telnet 192.x.x.10 49 and it gives the proper output.
aaa new-model
aaa authentication login default group tacacs+ local
!
tacacs-server host 192.168.60.10 key cisco123
tacacs-server directed-request
ip tacacs source-interface Vlan172
View 2 Replies
View Related
Oct 12, 2012
what is maximum clock frequency of LAN card?
View 3 Replies
View Related
Jun 4, 2013
I have the message error in my ACS 5.4 after migrate the versión (5.3 to 5.4)
View 2 Replies
View Related
Jan 12, 2012
I have a brand new ACS version 5.2. Everything is working fine. I go to cisco website and download the following packages:5-2-0-26-8.tar.gpg
From there, I ssh into the ACS and performed the following: acs patch install 5-2-0-26-8.tar.gpg repos acs-52-patch That works without any issues. My ACS is now upgrade to 5.2.0-26-8 An hour later, when I tried to perform this: acs patch install ACS_5.3.0.40.tar.gz repository Upgrade_to_5.3.0. it is not working. I get this message: Failed to copy file 'ACS_5.3.0.40.tar.gz' from repository Upgrade_to_5.3.0 (Error -306).
View 2 Replies
View Related
Jan 1, 2013
what command will show the clock rate as received on the DTE side of a back-to-back configuration?the show controllers command shows the configured clock rate on the DCE side.But how about viewing the received clock rate on the DTE side?
View 4 Replies
View Related
Apr 11, 2005
I have a 2811 that I'm in the process of turning-up to support a 4xT1 using VWIC-2MFT-T1's. The question is how to "correctly" set clocking on the MFT's.
As is typical of the 2MFT's, as soon as a 2nd T-1 on a VWIC-2MFT comes up, I start taking "Slip Sec"s on the 2nd T-1. I have tried different clock source combinations, including "clock source line primary", various "network-clock-participate" (or not) combinations, and about a dozen other stab-in-the-dark configurations. Before I started playing with it, the slips were consistently every 9 seconds. After playing with it, I got them to every 18 seconds. But there shouldn't be ANY. So the question is what SHOULD the correct timing configuration be on that platform?
The VWIC-2MFT-T1's are in slots 1 and 3, so the controllers involved are 0/1/0, 0/1/1, 0/3/0 and 0/3/1.
View 9 Replies
View Related
Jan 23, 2013
What happens with the sip phone 3905, because i cant set the rigth clock. its always display plus 2 hours from the right time in Brazil.
View 3 Replies
View Related
Oct 29, 2012
I understand that most of the cisco switches does not have a battery-supported system clock. The better solution is to setup the NTP server and let the rest of the switches to synchnorise the clock with it. How about cisco switch 4948? Does it have a battery-supported system clock?If the cisco switch 4948 is the NTP master, how I am going to make sure that the clock will not be reset after reload?
View 3 Replies
View Related
Jun 17, 2010
I upgraded an ACS4.2 to ACS5.1, and in the ACS View Dashboard „ACS – System Errors” I see the following error message: [code] Unfortunately I can't find any documentation what describe what ERROR codes mean, so I don't know what does 32603 ERROR code mean.
View 11 Replies
View Related
Dec 12, 2011
this is what happens when I try to join an acs 5.3 to the domain. On two other acs appliances, it works.
View 1 Replies
View Related
Nov 16, 2012
I am attemtping to install new ssl certs on our 5.3 cluster. I was able to generate the CSR on the Primary host. When I attempt to generate the csr on the secondary host, I receive the following error:
This System Failure occurred: Error while remotely calling Primary to create: com.cisco.nm.acs.im.certificate.CertificateRequest Object{ request=[B@144cead, privateKey=null, encryptedPrivateKeyPassword=[B@5ce155, certificateSubject=CN=xxxx.xxxxxx.net, keyLength=2048, digest=SHA1, timeStamp=null, friendlyName=null, guid=[B@1cd99ca, description=null, name=xxxx.xxxx.net, version=0, id=0}. Your changes have not been saved.Click OK to return to the list page.
Both hosts are running identical versions:
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40
Internal Build ID : B.839
View 1 Replies
View Related
Jan 16, 2011
I'm trying to get an HP laptop running Win7 to see a desktop running WinXP on my network (both wired and wireless) When I run the troubleshooter in Win7, it tells me "system clock does not match local time" as the reason. I have a Belkin wireless router attached to my cable router. I have updated the system clock via the internet on the desktop and checked the time setting in BIOS. These seem to match. I have googled around on this and can't find any accounts similar. My son's Vista laptop and the Win7 laptop have seen each other since day one. The laptop and desktop did see each other at one time, but the connection was lost after I went to a hotel and changed public network settings temporarily. I can ping the desktop from the laptop, but it times out when pinging the laptop from the desktop. I'm running an avast firewall on both, but can't see a problem there.
View 6 Replies
View Related
