Cisco AAA/Identity/Nac :: ACS 5.1 How To Authorize Using Both MAB And AD Info

Sep 26, 2010

Nowadays, people have smartphones, typically iPhones and Android phones, and they all have WiFi.We already have a wireless net set up, with 802.1x security, where people connect using certificates and user informations stored in AD..I would like to see the smartphones use the same SSID as the computers, using the owners user info from AD.But I think user info from AD only is too weak (since I cannot use certificate enrollment on the phones), so I would like to add the smartphone's mac address to the internal hosts database, too, so I have 2 layers of security:If smartphone mac exists in internal hosts, then authenticate it with AD information.When I try this, I only get the message that the user credentials does not exist in Internal users, and then it fails.

View 12 Replies


Cisco AAA/Identity/Nac :: ACS 5.2 Command Set - How To Authorize Empty Arguments

May 19, 2011

after switching from a very old ACS 3.2 to ACS 5.2 I'm wondering on how to specify an empty argument in a command set.
I want to permit:
but I don't want to permit:
write terminal
write erase
write network
write core
and so on.
If I specify command="write" and leave the argument field empty, every argument is allowed. This would also permit "write erase" what I don't want.
In ACS 3.2 I could specify command="write" and argument="^<cr>$". This does exacly what I want. The command write with an empty argument is allowed. If there is any argument, the command is denied.
In ACS 5.2 if I enter the same string in the argument field, the "<cr>" is filtered out and in the config is now only the string "^$" which is not working.
how to specify an empty argument?
BTW: ACS View shows only [ CmdAV=write  ] in the logs...

View 3 Replies View Related

Cisco AAA/Identity/Nac :: C3560E / Authentication Event Fail Action Authorize VLan

Jul 15, 2012

when the supplicant is missing vlan500 is open for port and everything is ok, but when supplicant has wrong configuration something happend and port is always authenticating(every 30s, vlan500 is not assign to this port with bad configuration supplicant) and logs show something like that
Jul 10 10:20:12.362: %AUTHMGR-5-START: Starting 'dot1x' for client (001e.3718.7297) on Interface Ga0/1 AuditSessionID 0A0EFF5B000004A3545161E4 Jul 10 10:20:44.365: %AUTHMGR-5-START: Starting 'mab' for client (001e.3718.7297) on Interface Ga0/1 AuditSessionID 0A0EFF5B000004A45451DF11 Jul 10 10:20:44.399: %MAB-5-FAIL: Authentication failed for client (001e.3718.7297) on Interface Ga0/1AuditSessionID 0A0EFF5B000004A45451DF11 Jul 10 10:20:44.399: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (001e.3718.7297) on Interface Ga0/1 AuditSessionID 0A0EFF5B000004A45451DF11 Jul 10 10:20:44.399: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (001e.3718.7297) on Interface Ga0/1 AuditSessionID 0A0EFF5B000004A45451DF11 Jul 10 10:20:44.399: %AUTHMGR-5-START: Starting 'dot1x' for client (001e.3718.7297) on Interface Ga0/1 AuditSessionID 0A0EFF5B000004A45451DF11
version - Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 15.0(1)SE2
port config:

interface GigabitEthernet0/1
switchport access vlan 104
switchport mode access
switchport voice vlan 200
authentication event fail action authorize vlan 500


View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 1152 Losing Repository Info

Aug 14, 2011

I have two ACS1152 appliances running as a redundant pair. I notices that secondary box keeps losing its repository information in the config.

View 2 Replies View Related

Cisco VPN :: ASA With 4.2 - How To Authorize Clients On ACS

Oct 1, 2012

(with certificate)------>ASA(with SSL VPN enabled)---------->ACSserver
Client authentificates on ASA via certificate, and after successful authentification I want to Authorize my clients on ACS with DACL association per client. ASA get username from CN-field in certificate, and sends to ACS, ACS respond to ASA authentification fail, password incorrect, and no DACL assign happends. How can I define in ACS that it should be only authorization process without any password, just username from certificate?

View 1 Replies View Related

Cisco :: Will QoS Info In When L2 Loop In Switches

Dec 27, 2012

All my switches were connected together as ring topology. We use REP to block redundancy link.One of my colleagure was setting up a new link(VLAN) for one customer which was then caused a L2 loop. The CPU was hitting 100% and REP started to lost neighbors then we had a big outage.I am thinking to deploy QoS on all REP switch (on trunk links from switch to switch) to give priority to control traffic like REP and some importance data VLAN. Of course,Storm-Control already implemented on all access-port.

View 2 Replies View Related

Cisco WAN :: CSS 11500 Switch - Info About SAN

Mar 14, 2011

I am new to load balancing technology pls give me the articles for  load balancing technology of servers  & want to know about CSS 11500 switch.I am Interseted to know about SAN do for the same.

View 1 Replies View Related

Cisco VPN :: Rv220 VPN Info Not Showing

May 31, 2012

I have successfully set up a pptp vpn from my new rv220w.  I have also successfully logged in using 2 seperate laptops and also my iPhone.  They all work great.   There is one issue.  When connected and I log into the router it does not show these laptops or iPhone as being connected to the vpn.  There is two spots that its supposed to show the page refreshes and shows nothing connected.  Is there a setting I am missing?

View 2 Replies View Related

Cisco WAN :: 3750 - Info About OPT_E_MAN

Jul 23, 2012

Any info about OPT_E_MAN, I want to run from A to B with two 3750.

View 3 Replies View Related

Exchanging Info Over Two Networks?

Oct 29, 2011

I'd like to be able to have access to all the hard drives that are on both networks, with the aim of easy media sharing.Heres what i'm working with so far,I've got two networks each in a different apartment, each with internet access with a different provider.Network A has a wifi n duel band router, with two PS3s, two Xbox360s, two computers (one Macbookpro OSX and one PC win7 ) and one Wii all connected to the router wierlesly.Network B has a wifi, with PS2, Xbox360, a laptop win7 and a pc win7 I also have a portable hard drive, that i want to have access to wirelessly.'m not sure where to start, how to gain access to the other network without using the internet.I've been told that i'd have to get a server, but i'm not very computer lit, i just want the freedom of info over the two networks.

View 2 Replies View Related

Cisco Infrastructure :: Not Getting CPU Utilization Info For ASA 5520

May 30, 2012

Device config is shown as follows in application doing the discovery.  Cisco ASA 5520. [code] Is there any new updated agent available for Cisco ASA 5520 that contains the oid  ". "

View 4 Replies View Related

Cisco VPN :: Get IPSec Tunnel Between 2 881-s / No Debug Info Comes Up?

May 23, 2011

Iam fairly new to Cisco IOS and am having trouble getting an IPSEC tunnel to come up between 2 cisco 881-s. I have entered both debug crypto isakmp and debug crypto verbose but when I try to ping an internal IP at the other location through my VLAN1 interface no debugging info comes up.

Also my ACL-s for the crypto maps show no activity.  I have tried many things so my configuration files are starting to get really messy.


View 1 Replies View Related

Cisco Routers :: RV042G Not Communicating With Isp For Ipv6 Info?

Jun 27, 2012

I enabled dual stack on my rv042g router but its not recieving ipv6 information from my isp.  My isp is Time Warner in Milwaukee.  They assure me that they are ipv6 ready and assume the problem is on my end.  All they want to do is have me connect one computer up to my modem.  What good is that when I have a network that needs service.  The router needs to be working not just one pc.  My ipv4 is working perfectly.  It is obtaining all information automaticly.

View 3 Replies View Related

Cisco Wireless :: AP541N - See Logged In Device Info

May 7, 2013

Is it possible to see device information for equipmnet that is logged into the AP541N access point?  I was able to determine a specific IP address was eating a significant amount of bandwidth and was hoping to get the device information (name, type, etc) in the hopes of tracking down who it was. 

View 1 Replies View Related

Light Levels LX SX Info About Fiber Experience

Jun 7, 2012

I've got tons of fibre in my network. However, tbh, my knowledge about correct light levels isn't great. I generally wait until my router complains about a light level before I do anything. I would like to set up SNMP monitoring for light levels, but I need some kind of baseline.Anyone with extensive fibre experience? What light levels should I be looking at for both multimode and singlemode fibre?

View 6 Replies View Related

How To Get Info About Mobile Wifi Network Ssid

Jun 14, 2012

I am Using Micromax A75 how can i know my mobile wifi Network ssid

View 1 Replies View Related

Belkin Routers :: Can't Find Any Info On FD5031v1?

Feb 8, 2013

Belkin router model FD305v1 no longer being provided any technical support by its Makers.You have to pay for it now. My router went out and first of all it's hard to find any information even on their own website. And if you do you still have to pay them to get it working again

View 2 Replies View Related

DIR-655 - Secondary DNS Server Blank In Router Info

Jul 14, 2011

I was setting a static IPs for my PCs, and for the Preferred and Alternate DNS Server addresses I looked on my router's Device Information page. It had "Primary DNS Server:", but "Secondary DNS Server:" is reported as "". Router is a DIR-655:

I looked on my ISP's website and they have "" listed as the Secondary Name Server/DNS:

Why does the router not report that? Is there something wrong? Should I still set as the Alternate DNS Server in Windows?

EDIT: BTW, my modem reports both primary and secondary DNS servers on it's info page.

View 6 Replies View Related

Cisco Application :: CSS11503 How To Hide Cookie ARPT Info

Jun 28, 2012

I have two CSS 11503 in my network, recently we had configured sticky with advanced-balance arrowpoint-cookie.
The sticky is functioning but we found our server's private IP in the IE cookie ARPT box.
Is there any way to hide ARPT info? Below is an example configuration of my CSS and attached screenshot is Firefox cookie info.

content 5301
 add service
add service


View 1 Replies View Related

Cisco WAN :: 3945 Router Generating Crash Info And Booting

Jun 15, 2011

We have Cisco 3945 Router and generating crashinfo while firing PRI from this Router.

View 1 Replies View Related

Cisco :: 3310 Rouge Access Point Info Not Showing Up In NCS

Aug 27, 2012

The rouge access points being detected by the 5508 WLC are not showing up on the Context Aware tab of NCS? I have a MSE 3310 installed and configured and it shows to be syncronizing with the WLC. I'm sure I am missing some part of the configuration just not sure where.

View 3 Replies View Related

Cisco Switching/Routing :: 6500 - Reboot With Crash Info

Oct 25, 2012

Our 6500 was reboot by self with crash info and i found it was happened by CPU HOG. The log is below for CPU HOG and you can see many times from attached crash info file.
%SYS-SP-3-CPUHOG: Task is running for (16000)m secs, more than (2000)m secs (15/12),process = RPC pagp_switch_mp2sp.
I think this process made high CPU & memory issue and then there were internal communication fail.. isn't it? So i need to know what PRC pagp_switch_mp2sp is to prevent next issue.

View 8 Replies View Related

Cisco WAN :: C1921 One Way Multicast And Wrong Interface Info In Show Ip

Nov 5, 2012

C1921, running version 15.1(4)M2, with licence for "IP base" feature set only.Trying to pass multicast via a PPTP VPN from a Windows XP machine to work around a non multicast-aware WAN link

1. With the IP Base feature set I am able to create a plain PPTP VPN without any encryption; the Windows XP machine can bring it up and unicast data passes through it OK in both directions.
2. But when trying to send multicast, only one-way traffic is observed:i. Windows XP host on far end of PPTP VPN and a local PC both running old Microsoft tool "MPING.EXE", sending and listening for traffic on the groiup The distant host receives and echoes back the packets received from the local machine + sending its own (confirmed with Wireshark running at the far end)ii. But the local machine directly connected to the C1921 router does not hear any packets from the far end; Wireshark shows only the ones it is sending.
3. Group status ("show ip igmp membership") as far as the C1921 is concerned shows both ends ( (local end) and (distant end via the PPTP VPN)) joined to the group [code]

4. But "show ip mroute" for that group shows an error; for the source on the far end of the PPTP VPN (having the IP address, the source interface is incorrectly shown as GigabitEthernet0/0 (should be Virtual-Access2.1 for that PPTP VPN) and the outgoing interface is shown as Virtual-Access2.1 [code]

5. I have tried adding static mroutes and messing about with parameters for the virtual-template interface for the PPTP VPN, but the problem remains. And if I put another local PC onto a different Ethernet port of the router, the multicast traffic does flow both ways - so the issue is solely with the PPTP VPN.After a week of head-scratching I am getting more and more convinced that it's a bug... but wonder if it is already-known, has a workaround, or a fix in newer firmware?

View 1 Replies View Related

Belkin Routers :: Looking For Firmware Update And Info On F9K1004

Oct 31, 2012

I cant find any info for my router F9K1004 on belkin's support site. I would like to see if there is a firmware update and if there is any info to setup my VPN at home.

View 1 Replies View Related

Cisco :: CUCM Calling Party Info - User Extension Number?

Mar 21, 2012

In CUCME if you do not configure any translation rules and leave the system mainly at default, when a call is routed to the PSTN the CUCME system sends the true calling party ID which would be a users extension number. Is it correct to assume that a CUCM server based system, when too left at the majority of default (without translation rules or stripping etc) that it will send the true calling ID to the gateway?

View 1 Replies View Related

Cisco Switching/Routing :: WS-C6513 - Display GBIC Module Info From Within IOS?

Apr 24, 2012

I have a Cisco WS-C6513 switch, with a couple of GBIC module cards in it.  I am trying to display the part number (or model number) of the modules which are inserted into this module card.  How to do that?  I don't want to schedule down-time to pull the module(s) - just to read the label!  :-)
This shows me info for the "module card": sh module 9 But this doesn't work: sh module 9/6

View 4 Replies View Related

Cisco Routers :: Unable To Find Any Info Pertaining To PD In Relation To RV220W

Nov 5, 2011

I have an RV220W with firmware version My ISP makes available IPv6 over PPPoE in a Dual Stack configuration. One of the requirements is that my home router should support prefix delegation. I don't appear to be able to find any information pertaining to PD in relation to the RV220W -

View 6 Replies View Related

Cisco VPN :: ASA 5550 - ASDM 7.0(2) Not Showing Bookmark Info For Remote Access VPN?

Nov 26, 2012

I have an ASA 5550 running 8.4(5) and have installed ASDM 7.0(2), but when I try to manage the bookmarks under the Remote Access - Portal when I try to edit an individual item in a bookmark list the screen does not display any information.  Is this a know bug, or do I need to have a specific java version for the new ASDM?  As a side note, I have not noticed any other issues with the new version of ASDM, only the bookmarks.  I initially tried to downgrade the ASDM version that I was using to connect, but it will no longer allow me to connect.

View 6 Replies View Related

Cisco Switching/Routing :: 1760 Crash Info Not Recovers At Flash

Aug 10, 2012

Got a problem with my 1760 router. Bought it from ebay and booted it on today and got this error,It has 180224K/16384K bytes of memory and 2 paritions of 32768K flash.I erased both partitions and put a different version of the IOS on (still 12.4) and there is no difference, still get the errors.These aren't on any of my other 1760 routers so I assume they are linked to the problem.

View 3 Replies View Related

Cisco Switching/Routing :: 4507 - Show ARP Returns Info Only On VLAN?

Jan 19, 2012

We have a number of 4507s. Most are managed via VLAN 1 address. All have multiple VLANS for traffic control. When I do a show ARP or show IP ARP the command only shows VLAN 1 info. No entries for any of the other VLANS on the switch.

View 2 Replies View Related

Cisco Switching/Routing :: 3750 - How To Remove Stack Info On 2 Switches

Feb 20, 2012

I have been given 2 x 3750 switches that were a stack, I need to keep the configs on both but how do I make them individual switches again and remove the stack info?

View 3 Replies View Related

Routers / Switches :: Unable To Find Info Regarding WISE 4016

Mar 19, 2012

I got an old WISE WS-4016 16-port 10/100Mbps Fast Ethernet Switch from a friend of mine which was not in use. However i am unable to find any information regarding this switch anywhere online.Unfortunately we couldn't find any manual for this switch as well.

View 4 Replies View Related

TP-Link 3G/3.75G Router :: TL-MR3420 / Setup Info For Service Provider?

Mar 15, 2013

Region : Austria
Model : TL-MR3420
Hardware Version : V1
Firmware Version :

When I first installed the router I used the built-in provider settings for "ONE" which used to be the name of the provider before it was taken over by It seemed to work fine but I experienced some funny server errors with certain web services. I contacted about this and they told me to adjust the provider settings in the router as follows:

Dial number: *99#
APN: fullspeed

The reason for the problems was that they use different proxy servers for their services and applications. Now it works fine (so far).

View 1 Replies View Related

Copyrights 2005-15, All rights reserved