Cisco AAA/Identity/Nac :: 802.1X Switch IOS Version
Jul 12, 2012
I' have realy big layer two access network made of etherogenius Cisco switch with different IOS version and train.My customer bought ISE (ADVANCED AND BASE LICENSE).As far I read on DS it is seem that if you have Minimum IOS release 12.2(52) SE you are able to perform COA, reading DS with more attention I notice that cisco raccomend IOS versione 12.2(55)SE3 why ? does it means COA does not work with 12.2(52)SE,I need a minimum IOS release to perform 802.1x on my wired network ?
View 1 Replies
ADVERTISEMENT
Apr 18, 2012
The table referenced in the new 1.1 ISE guide show 12.2(33)SXI6 is the minimum version for support. Does this mean this version or above? Does ISE is tested in newer SXJ streams? We have a massive rollout of SUP720s to do and need to know the most stable version to load in preparation for ISE.
View 1 Replies
View Related
Sep 14, 2009
McAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1. Any way to specify only version 2 or turn off SSH?
View 9 Replies
View Related
Aug 27, 2012
I have setup an Identity Firewall on a ASA version 5.6 on a DMZ interface.I have installed the ADAgent on a domain member Win2008 and configured as follows: [code]
where ashdew is a domain user and ACL 122(only one line) is applied on the dmz interface and NAT is properly configured.The ADagent has been properly tested and ASA can register to it.The ASA can connect to AD DC controller and query user database.I have placed a laptop ip 172.17.h.x on the DMZ and can ping the DMZ interface.
The laptop cannot authenticate on the domain and the asa does not seem to retrieve the user identity.Do I need to add extra rules in the access-list 122 to permit trafic to DC?Can I check on the AD Agent if it can retrieve the user to ip mapping ?
View 6 Replies
View Related
Sep 18, 2011
I have installed ACS Windows 2003 R2 Services Pack 2.
I am upgrading of version 4.1.1.23 to version 4.2.1.15. Recommended by Cisco.
Before of update everthing works fine.
After of upgrade, this does not authenticate user, sends the next message "External user not found", "Authentication session invalidated" and "internal error".
The mapping is ready. annex image.
View 1 Replies
View Related
Aug 27, 2011
I have ACS 1120 appilance does it support ACS version 5.2.0.x and corresponding patches.
View 2 Replies
View Related
Jan 26, 2013
We are a Small company with 400-Users and currently we are using ACS 4.2 at our company.we want to upgrade and use Cisco ISE Appliance instead.
I want to know is there any major changes in configuration between ACS 4.2 and the ISE Latest Verizon.?
Is there any Hardware (Switch or Cisco AP ) compatibility issues with using Cisco ISE. (we are currently using Cisco Cat 3550 and Cisco Aironet 2600 APs with the existing ACS4.2) What ISE Series & what Soft version are the latest so i can order ?
View 2 Replies
View Related
Sep 9, 2012
We have ACS 4.2 for our existing IOS routers mainly 7600.We have just integrated Nexus switches.
What is the appropriate ACS version/appliance that will support both the existing IOS routers and new NX-OS switches?
View 9 Replies
View Related
Jan 8, 2013
Having an issue where a user will plug a PC into a switch. The switch does a MAB authenticaiton and the MAC is not located in the ACS server. It logs the failed attempt, but when the PC is removed from the switch, the failed attempts keep getting logged until the port is bounced. Any way to keep the attemps from happening after the PC is removed? If not, any way to make it stop without bouncing the port?
running ACS version 5.2.0.26
switch port config:
interface GigabitEthernet1/0/2
sw access vlan 2 sw mode access
authentication control-direction in
authenticaion host-mode multi-auth
authentication port-control auto
mab
spanning-tree portfast
View 2 Replies
View Related
Jul 7, 2011
We have ACS Engine 4.1 and want to upgrade it to 5.x.
Is the new version of ACS 5.2 allows a user to belong to several groups of AD ?
View 2 Replies
View Related
Sep 22, 2012
I'm trying to configure a shell commnds set such that all commands (including under conf t mode) will be allowed, except for administrative commands, such as write, copy, admin, format etc.It's been working for (most) priviliged mode commands (such as write and copy) but has been unsuccessful for any command under conf t mode. It's important in order to prevent the users from performing 'do write' and 'do copy run start' commands, for example.Here's the input of the shell command authorization set (Partial_access):
Unmatched Commands: permit
Command list:
admin
copy
delete
do
[code]....
View 2 Replies
View Related
Oct 3, 2011
We are trying to make a restore from the backup done on ACS version 5.1 to a new appliance running ACS5.2 Before doing it I found this note in Cisco ACS user guide:
Note: You cannot back up data from an earlier version of ACS and restore it to a later version. Backup and restore must be performed on the same version of ACS. If you need the data on a different version of the ACS, you can perform an upgrade after you restore the data. Refer to the Installation and Setup Guide for Cisco Secure Access Control System 5.1 for more information on upgrading ACS to later versions.
How should I understand it? This note has conflicting statements. We can't restore to a later version but if you need data on a different version of ACS you can perform an upgrade AFTER YOU RESTORE the data. Doesn't it mean that the restore will still work? How would I do the upgrade to version 5.2 or even version 5.3 that was announced to be released very soon? I didn't find anything on the software upgrade in ACS5.1 guide.
View 4 Replies
View Related
Dec 20, 2012
We are running ACS 4.0 so understandably so we are looking to upgrading to a Cisco supportable version of ACS. The limitation of our current version of ACS does not support nested AD groups. The latest version of ACS (I think it is 5.4) will?
View 1 Replies
View Related
Jul 27, 2011
We have an issue with View db (Monitoring & Reports) backup on ACS, version 5.2.0.26. We have scheduled incremental backup daily and full backup monthly. Everything has been working well, but since yesterday following errors have appeared, and full and incremental backup stopped working:
Alarm Name
System Alarm [Incremental Backup]
Cause/Trigger
On-demand Full Backup failed
Alarm Details
CARS_BR_BACKUP_CREATE : -405 : Internal error: couldn't create backup file
Alarm Name
[code]....
We use same repository as always. Backup to the same repository works from CLI.
View 2 Replies
View Related
May 4, 2011
Need URL for patch 4.2.1.15.3 with comptaible for cisco acs appliance 1120 . Though its for appliance patch should be along with webserver . I have downloaded patch of SE its not comptaible to this hardware .
View 4 Replies
View Related
Aug 3, 2011
I Have a requirement to migrate from ipv4 to ipv6, I have checked the scalability of all the devices for this migration except ACS 1113 Solution Engine, Version 4.2. I couldnt reach the proper documentation to check its support for ipv6.
View 1 Replies
View Related
Jun 4, 2011
I have ACS1121 running version 5.1.0.44.6 on my network environement , I need to enable account lock-out for internal user during failed attempt for more than 8 times , How to achieve this . I could see account lock-out for administrator user account , not for internal user .
View 2 Replies
View Related
Feb 28, 2010
Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
View 5 Replies
View Related
Sep 4, 2012
Is SSH v2 feature is supported on cisco 3560G switch for below image if no what is the latest image .
c3560-ipbase-mz.122-35.SE5/c3560-ipbase-mz.122-35.SE5.bin)
View 11 Replies
View Related
Nov 13, 2007
im trying to find out what is the latest ios version for 3500xl switch for upgrade it .
View 4 Replies
View Related
Apr 20, 2011
Which IOS version of 3560-X switch support NAC-L2-IP ?
View 1 Replies
View Related
Nov 15, 2012
I am confused about some things regarding the different IOS versions and their compatibility with certain switch hardware. I understand the differences between the IPBASE and IPSERVICES ios but am not quite clear as to how you can tell which ios images will work on which Cisco switch model platforms, other than the fact that some switches are designed only to run the IPBASE images and others have advanced hardware to run the advanced images. For instance, if I have a 3750-24TS-E with an IPBASE ios on it, can I load an IPSERVICES ios that came from say a 3750G-24TS-E1U? whether the ios on one platform can be transferred to another?
View 5 Replies
View Related
Dec 19, 2012
We have the following stack configuration:
Switch Ports Model SW Version SW Image------ ----- ----- ---------- ---------- 1 28 WS-C2960S-24TS-L 12.2(55)SE3 C2960S-UNIVERSALK9-M 2 28 WS-C2960S-24TS-L 12.2(55)SE3 C2960S-UNIVERSALK9-M 3 52 WS-C2960S-48TS-L 12.2(55)SE5 C2960S-UNIVERSALK9-M * 4 52 WS-C2960S-48TS-L 12.2(55)SE5 C2960S-UNIVERSALK9-M
View 5 Replies
View Related
Oct 9, 2012
I am using Packet Tracer to simulate Cisco networking.As the existing IOS of the 3560 and 2960 switch are in older version which has no new feature in new IOS, how to upgarde the IOS of Cisco switch at Packet Tracer?
View 5 Replies
View Related
Jan 16, 2012
Can we use ACS 4.1 version recovery disc on 4.2 verison to recover the forgotten password.
View 1 Replies
View Related
Mar 11, 2013
which version of prime infrastructure supports wlc5508 version 7.4
View 2 Replies
View Related
Apr 3, 2012
provide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM
View 10 Replies
View Related
May 10, 2011
i am using Cisco ASA 5510 with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3
View 6 Replies
View Related
Dec 19, 2011
I want to use LDAP accounts to administrate switches.It works fine when I use telnet. I just need to push RADIUS attribute Login-Service (ID 15) with Telnet value (ID 0) Now, I want to use SSH (for security reasons )RADIUS have to push RADIUS attribute Login-Service (ID 15) with SSH value (ID 50)(For example with Steel-belt RADIUS [URL] SSH value doesn't exist in RADIUS IETF dictionary for Login-Service attribute.I can't create SSH value because this dictionary is protected...
View 2 Replies
View Related
Jan 16, 2013
I am writting in response to MAB issue which I noticed a few days ago and I am still not able to undestand what exactly happend. First of all I would like to say that I configured MAB authentication and according to the MAC the ISE configure a VLAN. All worked well: the test computer can change VLAN based on its MAC. The problem appear when I cut the connection to ISE server. Accourding to configuration the switch authorize the new device to VLAN 11 (critical VLAN) That is fine ! When the ISE server is up again I had a configuration which should reauthorize all ports assign in critical VLAN. But why that is not happend ??? It looks as the switch didn't notice that the RADIUS (ISE) was up and working again. [code]
View 1 Replies
View Related
Dec 18, 2011
I have Some Alcatel Switch and I want to use ACS 5.2's tacscs+ for Alcatel Switch admin authentication.the Failure Reason:13011 Invalid TACACS+ request packet - possibly mismatched Shared SecretsBut I was check the share secret is correct.Before I was tried associated ACS with vision 4.2 is work.
View 12 Replies
View Related
Jan 10, 2012
I replaced an access switch 3750 with a switch 2960. Basically I just copy the whole config of the 3750 to 2960.
The 3750 use AAA, Crypto pki trustpoint TP-self-signed and radius-server host etc.
Now I can only telnet to 2960 but not SSH to it.
View 3 Replies
View Related
Mar 11, 2012
I am using ACS 5.3.I need to make macauthentication on Enterasys switch with Cisco ACS 5.3.I get the following error;
Parsing error or event type unknown:xxxxxxxxxxxxx ERROR RADIUS : RADIUS packet contains invalid attribute(s) ;Failed-Attepmt:Radius request dropped
How can I integrate Custom Attribute Enterasys A2 Switch with Cisco ACS 5.3 ?
View 3 Replies
View Related
