We have ACS 4.2 for our existing IOS routers mainly 7600.We have just integrated Nexus switches.
What is the appropriate ACS version/appliance that will support both the existing IOS routers and new NX-OS switches?
McAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1. Any way to specify only version 2 or turn off SSH?
View 9 Replies View RelatedI have setup an Identity Firewall on a ASA version 5.6 on a DMZ interface.I have installed the ADAgent on a domain member Win2008 and configured as follows: [code]
where ashdew is a domain user and ACL 122(only one line) is applied on the dmz interface and NAT is properly configured.The ADagent has been properly tested and ASA can register to it.The ASA can connect to AD DC controller and query user database.I have placed a laptop ip 172.17.h.x on the DMZ and can ping the DMZ interface.
The laptop cannot authenticate on the domain and the asa does not seem to retrieve the user identity.Do I need to add extra rules in the access-list 122 to permit trafic to DC?Can I check on the AD Agent if it can retrieve the user to ip mapping ?
I' have realy big layer two access network made of etherogenius Cisco switch with different IOS version and train.My customer bought ISE (ADVANCED AND BASE LICENSE).As far I read on DS it is seem that if you have Minimum IOS release 12.2(52) SE you are able to perform COA, reading DS with more attention I notice that cisco raccomend IOS versione 12.2(55)SE3 why ? does it means COA does not work with 12.2(52)SE,I need a minimum IOS release to perform 802.1x on my wired network ?
View 1 Replies View RelatedI have installed ACS Windows 2003 R2 Services Pack 2.
I am upgrading of version 4.1.1.23 to version 4.2.1.15. Recommended by Cisco.
Before of update everthing works fine.
After of upgrade, this does not authenticate user, sends the next message "External user not found", "Authentication session invalidated" and "internal error".
The mapping is ready. annex image.
I have ACS 1120 appilance does it support ACS version 5.2.0.x and corresponding patches.
View 2 Replies View RelatedWe are a Small company with 400-Users and currently we are using ACS 4.2 at our company.we want to upgrade and use Cisco ISE Appliance instead.
I want to know is there any major changes in configuration between ACS 4.2 and the ISE Latest Verizon.?
Is there any Hardware (Switch or Cisco AP ) compatibility issues with using Cisco ISE. (we are currently using Cisco Cat 3550 and Cisco Aironet 2600 APs with the existing ACS4.2) What ISE Series & what Soft version are the latest so i can order ?
Having an issue where a user will plug a PC into a switch. The switch does a MAB authenticaiton and the MAC is not located in the ACS server. It logs the failed attempt, but when the PC is removed from the switch, the failed attempts keep getting logged until the port is bounced. Any way to keep the attemps from happening after the PC is removed? If not, any way to make it stop without bouncing the port?
running ACS version 5.2.0.26
switch port config:
interface GigabitEthernet1/0/2
sw access vlan 2 sw mode access
authentication control-direction in
authenticaion host-mode multi-auth
authentication port-control auto
mab
spanning-tree portfast
We have ACS Engine 4.1 and want to upgrade it to 5.x.
Is the new version of ACS 5.2 allows a user to belong to several groups of AD ?
The table referenced in the new 1.1 ISE guide show 12.2(33)SXI6 is the minimum version for support. Does this mean this version or above? Does ISE is tested in newer SXJ streams? We have a massive rollout of SUP720s to do and need to know the most stable version to load in preparation for ISE.
View 1 Replies View RelatedI'm trying to configure a shell commnds set such that all commands (including under conf t mode) will be allowed, except for administrative commands, such as write, copy, admin, format etc.It's been working for (most) priviliged mode commands (such as write and copy) but has been unsuccessful for any command under conf t mode. It's important in order to prevent the users from performing 'do write' and 'do copy run start' commands, for example.Here's the input of the shell command authorization set (Partial_access):
Unmatched Commands: permit
Command list:
admin
copy
delete
do
[code]....
We are trying to make a restore from the backup done on ACS version 5.1 to a new appliance running ACS5.2 Before doing it I found this note in Cisco ACS user guide:
Note: You cannot back up data from an earlier version of ACS and restore it to a later version. Backup and restore must be performed on the same version of ACS. If you need the data on a different version of the ACS, you can perform an upgrade after you restore the data. Refer to the Installation and Setup Guide for Cisco Secure Access Control System 5.1 for more information on upgrading ACS to later versions.
How should I understand it? This note has conflicting statements. We can't restore to a later version but if you need data on a different version of ACS you can perform an upgrade AFTER YOU RESTORE the data. Doesn't it mean that the restore will still work? How would I do the upgrade to version 5.2 or even version 5.3 that was announced to be released very soon? I didn't find anything on the software upgrade in ACS5.1 guide.
We are running ACS 4.0 so understandably so we are looking to upgrading to a Cisco supportable version of ACS. The limitation of our current version of ACS does not support nested AD groups. The latest version of ACS (I think it is 5.4) will?
View 1 Replies View RelatedWe have an issue with View db (Monitoring & Reports) backup on ACS, version 5.2.0.26. We have scheduled incremental backup daily and full backup monthly. Everything has been working well, but since yesterday following errors have appeared, and full and incremental backup stopped working:
Alarm Name
System Alarm [Incremental Backup]
Cause/Trigger
On-demand Full Backup failed
Alarm Details
CARS_BR_BACKUP_CREATE : -405 : Internal error: couldn't create backup file
Alarm Name
[code]....
We use same repository as always. Backup to the same repository works from CLI.
Need URL for patch 4.2.1.15.3 with comptaible for cisco acs appliance 1120 . Though its for appliance patch should be along with webserver . I have downloaded patch of SE its not comptaible to this hardware .
View 4 Replies View RelatedI Have a requirement to migrate from ipv4 to ipv6, I have checked the scalability of all the devices for this migration except ACS 1113 Solution Engine, Version 4.2. I couldnt reach the proper documentation to check its support for ipv6.
View 1 Replies View RelatedI have ACS1121 running version 5.1.0.44.6 on my network environement , I need to enable account lock-out for internal user during failed attempt for more than 8 times , How to achieve this . I could see account lock-out for administrator user account , not for internal user .
View 2 Replies View RelatedIs there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
View 5 Replies View RelatedThe 7600 platform support x.25 and XOT features. In ios versión S764AEK9-15103SCisco 7600-RSP720 IOS ADVANCED ENTERPRISE SERVICES SSH The feature navigator display that support this features, but i'dont see these on the other newer ios version. If posible use 7600 for x.25 / xot or maybe will used de 3900 platform?
View 1 Replies View RelatedI am looking for the best QoS method for a 7600 series router. We have a 7604 edge router that has remote branch connections to it via GRE tunnels. unfortunately I cannot shape on these GRE tunnels neither can I use bandwidth or priority statements.
View 1 Replies View RelatedI want to ask about cisco 7600 model is it a switch or router or layer3 switch or Multilayer switch ?
here is the sh version :
===================================
Gateway7600#sh version
Cisco IOS Software, c7600s3223_rp Software (c7600s3223_rp-ADVENTERPRISEK9-M), Version 15.2(1)S, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Sun 27-Nov-11 15:27 by prod_rel_team
[code]....
I have an issue with 7600 router where CPU goes up to 60-70% and memory is also high. Both due to BGP Router process. URL We are seeing this issue since ISP has upgraded their router 20 days ago. Router also seen following error.I have not reset the BGP session with ISP yet. Is there any way I can supress BGP updates coming from ISP and see if CPU and memory USAGE reduces. IOS version 12.2(33)SRD and RSP720 with PFC 3cXL
View 1 Replies View RelatedI have an issue with 7600 router where CPU goes up to 60-70% and memory is also high. Both due to BGP Router process. [URL] According to our baseline it should not be more than 40% at any given time. We see high CPU uptp 70% consistently.
CPU utilization for five seconds: 99%/0%; one minute: 57%; five minutes: 55%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
442 66173704 90234125 733 96.86% 46.09% 46.30% 0 BGP Router
7 509291060 26330202 19342 1.17% 3.90% 2.99% 0 Check heaps
Router has 1 eBGP session with ISP from where it downloads whole IPv4 internet routing table and two IBGP session with other two rotuer. When I look at BGP summary table I see many updates received from ISP and sent out to IBGP neighbors. Also did debug BGP updates to confirm it.
We are seeing this issue since ISP has upgraded their router 20 days ago. Router also seen following error.
%BGP-6-BIGCHUNK: Big chunk pool request 628 for community. Replenishing with malloc
I have not reset the BGP session with ISP yet. Is there any way I can supress BGP updates coming from ISP and see if CPU and memory USAGE reduces. IOS version 12.2(33)SRD and RSP720 with PFC 3cXL
We have cisco 7600 Router with 76-ES+XT-4TG3C Module connected. The Module is getting detected after upgrading the Router with SRD5 IOS.Below are the testing which we have done on the Router but we are facing the issue while configuring the Transport mode LAN and Transport Mode WAN:Brief about this is:- 2 Cisco 7606-s Router with Module 76-ES+XT-4TG3C each.- two ports on 7606-s Ten2/1 & Ten2/2 are configured as a Transport mode WAN while Ten2/3 & Ten2/4 are configured as Transport mode LAN.- We connect Fiber Cable from LAN Port to MUX and from MUX to 2nd LAN Port of the same Router. Same thing we tested by using the WAN Port-MUX-WAN Port connection.- Now on MUX end LAN port, connected Single and Multi mode fiber and on 7606 end 2/4 port which is configured as transport mode LAN, using Multimode SFP module -> XFP-10G-MM-SR, port did not came up then replaced 2/4 port with single mode SFP ->XFP-10GLR-OC192SR port came up. this is testing for LAN.- For WAN testing on MUX end used WAN port and on 7606 end checked with single mode and multimode fiber and with single XFP-10GLR-OC192SR / mulimode XFP-10G-MM-SR SFP, port did not come up.Wanted to know 1) If we have to go for Transport Mode LAN then which SFP/XSFP Module should go with along with the Single/Multimode Fiber.2) If we have to go for Transport Mode WAN then which SFP/XSFP Module should go with along with the Single/Multimode Fiber.Anything else is required while configuring the Transport Mode WAN as this is for Packet-Over_SONET/SDH? 3) MUX Side change is required while connecting both of this Modes on Cisco 7600 Router.4) Is hardware of the Router is giving any issue? Though we tested by connecting Back to Back LAN Port as well as Back to Back WAN Port. In both the situation the Ports are coming UP.
View 1 Replies View Relatedtoday i installed new router 7600 , but im facing some thing the cpu is increasing and it reached 50 % and still increasing as the bw dissipated is increasing .im applying ip policy which set next hop for many internet source my question is , how to know the cu percentage which is used by this ip policy , also , how to know the percentage by access-list ??
View 4 Replies View Relatedhow can I clear the counters of the policy-map statistics in an 7600 and the 1841 router?
View 6 Replies View Relatedwe are using 7609 router. it forwarding traffic to wards my firewall which was not allowd in my router. when ever im checking for routes in router using show ip route x.x.x.x its showing SUBNET IS NOT IN TABLE, but in workmy firewall dropped connection i can able to see that networks.
View 2 Replies View RelatedCan we use ACS 4.1 version recovery disc on 4.2 verison to recover the forgotten password.
View 1 Replies View Relatedwhich version of prime infrastructure supports wlc5508 version 7.4
View 2 Replies View Relatedprovide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM
View 10 Replies View Relatedi am using Cisco ASA 5510 with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3
View 6 Replies View RelatedWe are looking to upgrade our WiSMs to version 7.0.230.0, but the Cisco compatibility matrix suggests we need to upgrade WCS to the same version (it is currently on 7.0.172.0). My question is can we upgrade the WiSMs and do the WCS at a later date with no issues or do we need to do them at the same time to keep visibility of everything?
The reason I ask is that some of my clients use lobby ambassador for some of their users and they will need wireless access on the day we are due to upgrade WCS (the WiSMs are due to be upgraded and rebooted earlier that morning.
When mutiple Policy based routing configured on 7600 routers, did the router performace degraded with the number of policy based routing rules?Also, did 7600 running 12.x use per-flow based routing or per packet based routing?
View 1 Replies View Related