Cisco AAA/Identity/Nac :: ACS 5.2 Not Logging Correctly
Aug 21, 2011
I have 3 ACS 5.2 servers both here and in the US. On friday night, our building lost power and it came back up early saturday morning. During this, the Wireless controllers dropped their configs and reverted back to point to the old ACS servers again. After fixing this, all wireless works now in my location. But, ACS is not logging my sessions even though i can connect to wireless with phone or laptop. It should log the authentication process if the server is here or in the US, but it is only logging for the other 2 servers. now on a weird note, the VPN for users in this location is authenticationg just fine.
View 2 Replies
ADVERTISEMENT
Jun 21, 2011
I have a problem with my ASDM Logging(ASA5520, System image file is "disk0:/asa804-k8.bin").If i generate any traffic, the ASDM do not show the packets correctly. For example, if i generate a icmp traffic from interface inside to outsite, the ASDM does not show the packets, when it shows it apperars just in one direction.
View 5 Replies
View Related
Jun 18, 2012
I am trying to get the ACS 5.3 to work with NCS but cannot make it work correctly. url...But this does not show how the ACS referencing AD groups would work when determining which custom attributes to use.
On the ACS 5.3 i have set up the following .The ad is working and in Users and identity stores/External identity stores/Active Directory then my AD test works fine.I have set up the Users and Identity stores/Identity Groups with appropriate ip s.I have configured the Network Device Groups/Network Devices and AAA Clients with the ip address and Authenication optionsA.In Policy Elements/Authorisation and Permissions/device administration/shell profiles.I have creeated a shell profile called network shell pro which das a common tasks of def priv = 0 and max priv = 15
Now i can get into the NCS but i do not see any of the administration buttons on NCS - so this means the custom attributes are not working.i shouldnt need a user for this on the ACS as its using AD.
View 2 Replies
View Related
Jun 8, 2011
For unknown reason I cannot get WLC to authenticate correctly with ACS 5.2. it's very strange in the sense that when I checked the log. ACS authenticates and authorized the WLC 4402 but I cannot log to the WLC. login screen appeared, if I typed user name it jumped to Controller> user: password:
No matter what I typed (internal or external users) nothing seems to work. This is my frustration, I have no problem authenticating routers and switches except WLC 4402.
View 8 Replies
View Related
Mar 15, 2012
I have an ACS 5.2 VM that went down during an ESX host issue. Since it has no VMWare tools, it didn't migrate to another host very nicely. When the box came up, I had to delete the Virtual nic and re-add it and then set up the IP info again to get the VM communicating on the network.Currently the ACS box is not logging anything. There are no logs visable. What can I do to check why there are no logs visable? Authentication is working because wireless uses are still getting on the wireless network, but there are no logs that show passed or failed attempts.
View 4 Replies
View Related
Apr 30, 2013
I am looking for the way how to disagle logging of one user. We are using one testing user for checking accesibility of ACS from large number of switches - this checking exhausting logs quite quickly. Is it possible to disable logging of such user?
View 2 Replies
View Related
Dec 12, 2011
I am sending TACACS administration logging to a syslog server. When the messages show up on the syslog server, they are 5 hours ahead of the actual time. Time on the ACS is correct - local logging shows the correct time. Time on the syslog server is correct...all other devices/systems sending syslog messages to it are coming through with the correct time. why the ACS syslog messages would be 5 hours ahead?
View 3 Replies
View Related
Nov 30, 2011
Is the feature "event logging" that is present on ACS 4.2 with the option to "send all events to the windows event log" no longer supported in ACS 5.2?
View 1 Replies
View Related
Nov 16, 2011
I'm encountering what I think is an issue on logging system on FW ASA 5520 - Asa Version 8.4(2), ASDM version 6.4(5). When I disabled the logging inside a rule from ASDM, or from console with the "log disable" option inside ACL, If I check in ASDM logging real time window I continue to see all the entry related to disabled rules. This is a correct behaviour about ASA logging ? How I can "hide" the entry related to disabled rules (this is what I need for troubleshooting purposes) ?
View 1 Replies
View Related
Dec 9, 2012
I recently aquired a 2nd AP1140, however when i configure it for WPA 2 it works inconsistent, a ping for example will work only for 33% of the time.The same client has no issues with my 1st AP using WPA2, with the 2nd AP WEP works without a glitch.
View 2 Replies
View Related
Jan 18, 2012
we are running CiscoPrime LMS 4.1 and I have the following problem.I have configured SNMP Settings as shown below (the order of the targets is exactly as it is configured on the server):As can be seen we use three different read community strings. I also have exluded a bunch of IP ranges and IPs from the filter settings. When I manually start discovery everything works fine, meaning that all devices in the above ranges that need to be discovered are discovered as "reachable". The problem appears in the scheduled discovery (happens once daily). In that case only the devices with Read Community snmp1, get discovered as "reachable". All other devices with Read community snmp2 & snmp3, as well as those that are excluded in the filter settings, are discovered as "unreachable".The discovery uses DCR as seed and seed devices are also configured.I also have a problem with PingSweep in the discovery, but I will open another discussion so that I don't complicate this one too much.
View 1 Replies
View Related
Sep 27, 2011
have been trying to load LMS3.2.1 on a 2008 VM ware box. Initially had problems with services having to be manually changed or forced. Once that was overcome it logs in but Apache feeds a never-ending 302 redirects until either the browser of the web server aborts.
View 1 Replies
View Related
Apr 17, 2011
Data link-ARP,RARP, presentation-SSL,TSL,ASCII,JPG, Session layer-ASP(apple talk session protocol),SCP are these correct?can your provide 2 new protocols for each with the long name?
View 17 Replies
View Related
Jan 14, 2011
We have two laptop computers and our Tivo hooked up to use the wireless internet through our cable company with a Belkin router. Over Christmas we got a camera that emails directly from it, and it told us to press the WSP button on the Belkin router. The camera magically worked, however our computers did not work anymore! After an hour long phone call to Belkin, I got one of my computers to work normally again. However the 2nd laptop won't connect to the internet and our tivo isn't picking it up either, which mean our shows are not recording.
Also, I'm using two apple computers. When I attempt to hook up the airport network, it says "unable to join the network."
View 2 Replies
View Related
Jun 30, 2012
"How do i setup a proxy correctly using firefox?"I forgot what addon it was that i was trying to use, proxy fox i assume. If there any better firefox proxy addon that i can use i will be happy to use.I want to know the steps to make the proxy work correctly, because i like to be anonymous as possible when using the internet. I don't care about internet speed.
View 3 Replies
View Related
Jan 21, 2011
Ok so our company has a VPN set up on our workstation laptops for employees to be able to connect to the office network from home.We use CISCO VPN CLIENT, and a pre-setting .pcf file to upload our vpn into the client. The settings are correct completely to allow the VPN to work from home. All of our older workstations (Latitude D510-D630's) work with Windows XP SP3 32b. Recently i purchased new laptops (Latitude E6410's) and have started issuing them out with Windows 7 Enterprise 64b.A couple employees from home cannot get their VPN to work correctly at home with the New Laptops. Their old laptops work fine with the VPN, but the new ones dont. They are running a Frontier DSL modem with wireless.The VPN connects just fine on the new laptops, but the problem is... Nothing works. Outlook does not connect, They cannot access any of our network shares or drives. And cannot use any of our company's software that requires our network access.
I tried uninstalling the the CISCO Client, and reinstalling it, No Go.I tried changing the MTU Settings on the client and network adapters and wireless adapters, No Go.And it seems to be just an ISSUE with employees trying to VPN through a dsl connection using the new laptops, where others with the new laptops can VPN in fine through a time warner connection. But remind you, their old laptops work fine.. which seems kind of odd to me.
View 7 Replies
View Related
Feb 17, 2012
I am user of Dell Inspiron 1545 and I have problem with Internet. Till yesterday everything just worked great, when I was turning on a wi fi, it always found a network I wanted to. Yesterday, the current has been cut of. (?) and I lost connection to internet. After current camer back, everyone got internet back, but not me. My wi fi is still finding almost all networks except one, the most important one.
View 1 Replies
View Related
Aug 10, 2012
So, I spent some time this weekend troubleshooting the issues I've had with the new SG300-28P switch and POE to many of my devices in the office. As a recap, I cannot utilize all of the 24 POE ports on the switch for POE purposes. Really only every other port [with a few odd combinations thrown in between]. In addition, the SG300-28P switch, on occasion, is sending POE to non-POE devices [e.g. my Ruckus Zone Director 1106].
Here are my POE devices [all 802.3 af-compliant]: 3 Ruckus 7982 access points1 Pakedge access point2 home-automation controllers2 Polycom voip phones I called Cisco support several times in regards to this problem, and they figured it was a hardware issue - a faulty switch. So, Cisco sent me a replacement SG300-28P, which I hooked up today. The exact problem still occurs. Default configuration [fresh out of the box]. No way I can land, for example, the 3 Ruckus 7982 AP's on ports 1, 2, and 3 [or ports 1,13, and 2]. I have to put them on ports 1, 3, and 5 in order for them to power up. In addition, I can't plug any other POE devices on the ports either between or below them. I had to skip another port bay. This is very odd behavior!! Two Cisco SG300-28P's in a row with the same problem.
However, I also had one of the new Cisco SG300-10P switches in my possession for a recent project of ours. I decided to hook up the same POE devices to this switch. ALL POE devices were recognized and worked! No need to skip a port. And it didn't matter what device was plugged in first or not. I am now convinced that it is either a hardware issue [bad power supply/transformer?] inside all of the SG300-28P switches, or a firmware issue.
Both of the SG300-28P switches were running firmware 1.1.2 [the latest on Cisco's website]. So, I decided to install an older firmware version on the SG300-28P switch that I'm returning [installed 1.1.1.8]. Here's what I found out. I could then plug 2 POE devices [e.g. two Ruckus AP's] in adjacent horizontal ports, but not three in a row. In addition, not all adjacent ports. It's funky. For example, I could plug an access point in ports 20 and 21, but not in 21 and 22. No rhyme or reason in how it worked. And I still couldn't plug an access point in adjacent vertical ports [e.g. ports 1 and 13]. BUT...
It's interesting that the same exact switch that would not initially allow 2 horizontally-adjacent POE ports to be utilized WOULD allow 2 horizontally-adjacent POE ports to be utilized when running a different firmware version. It's also interesting to note that when plugged into a "non-working" POE port, the SG300-28P would actually make a small whining noise. Very subtle noise; I could hear it when approx. 1ft away from the switch. The noise was not noticeable when ports were skipped [and POE actually worked]. Therefore, I believe that Cisco has some SG300-28P firmware bugs [at least in the last two versions of firmware] that is not truly allowing all 24 ports to utilize POE correctly. This problem does not exist with the SG300-10P switch.
In addition, I'd like to know when they think a solution could be created if it's firmware-related. If hardware-related, I don't think I'll be recommending any 28P switches in our projects. Perhaps just the regular SG300-28 with a separate SG300-10P. It's a shame because the SG300-28P is more of a bargain when compared to the two separate components.
View 53 Replies
View Related
May 3, 2012
I recently implemented an ASA 5520 HA pair with CSC-SSM-20s in each non stateful per cisco. The CSC management sits in a management subnet 192.168.4.0/24 with the management interface of the ASA as its default gateway in the same subnet. Ever since the implementation frequently webpages will not load correctly, the formating will not look right and pictures will be red x. If you hit f5 to refresh the pages loads fine. If I add a deny any any eq 80 rule before the permit any any eq 80 the issue appears to go away. TAC can't seem to find anything worng. All we want to do is use a simple web content filter with the check boxes in the global filtering policy. ASA is running 8.2(5) and CSC is running 6.3.1172.0. Everything else works fine SVC and rules and such. [code]
View 2 Replies
View Related
Nov 20, 2012
I have a problems with one SA520W.The LAN port don't work correctly. If i connect PC directly via ethernet cable (i try 2 different cable and 2 different PC) the DHCP don't assign an IP. If i reset to factory default and manual insert IP (192.168.75.1) don't work.
View 2 Replies
View Related
Sep 23, 2011
My RV220w has a problem with DNS. I have configured the device for my network, but it seems as though DNS is not working correctly. For a background, I have a primarily Windows environment in my network, W7 PCs. I use homegroup to share files/printers amongst them. I like that I can type "\<server-name> in the Windows search box, and up comes the other computer's files. This functionality is still there with the RV220w, so that's not my issue. My problem arises when attempting to type "<server-name>" into the Remote Desktop Connection dialog box. I can no longer RDP to my other computers by name. Attempting by IP does get me there.
View 11 Replies
View Related
Jan 18, 2012
I need to setup an ASA 5520 to correctly NAT over two wan links. The idea sounds pretty straingforward but it does not, I have only 2 IPs that are involved with the NAT
192.168.1.10(Nated Server) -- 172.16.1.10(Web Server)
I have 2 interfaces that sould be applied to it let's say outside1, outside2. The server is reacheable through each outside interface, the outside interfaces is selected uppon dynamic routing and that is working OK.
So if link outside1 is up the Nat follows this schema 192.168.1.10(inside) -- 172.16.1.10(outside1)
that works fine, but I want that automagically changes over when the link outside1 is down to 192.168.1.10(inside) -- 172.16.1.10(outside2).I know I can't have a NAT with 2 IPs and 2 different interfaces (ASDM doesn't allow me to), is there a way to implement this??
View 22 Replies
View Related
Aug 30, 2012
We have LMS 4.1 - it was working perfectly for some time - it was rebooted and now the services don't start correctly. I manually started most of the services but the Daemon service will not start.
The main page comes up and after I log in - all the sections list an error
'License Server / Deamon Manager is down. Please check license.log for more information'.
View 3 Replies
View Related
Mar 27, 2011
I use the Windows7 Virutal WIFI when traveling abroad to give my Iphone an internet connection in my hotel.I've had zero issues until this week. The WIFI connection is still showing up on my iphone, but I no longer get internet access (I only get an IP and subnet on the iphone now, no router or DNS info). The issue began (coincidence or not) as my MagicJack downloaded and installed a software update. MagicJack support says they aren't the issue. I experimented with created an Ad-Hoc network...no change. I've removed and reinstalled the wireless card and driver. No change. I suspect some corruption with ICS, but haven't found any solutions online to fix it.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Richard-PC
Primary Dns Suffix . . . . . . . : MARCOGROUP.local
[code]....
View 1 Replies
View Related
Feb 10, 2012
Just finished my first build and everything went pretty smoothly but my wireless network card wasn't working. I noticed after I opened it back up that in order for my to screw the card in place it made the right side of the card tilt up.
So I just set it in the PCI slot correctly but there's no way for me to screw the card in place. I know my MOBO is set properly. My graphics card fits perfectly.
View 3 Replies
View Related
Dec 12, 2010
I have hardware version B1, firmware version 2.00NA and several computers (wired & wireless) with Vista & Win 7 x64 and a Brother HL1440 printer.When I print something it comes out scrambled, images missing or cut off, empty pages, etc. This same setup worked fine when it was directly into one computer, then shared on the network though windows sharing. The problem was that computer had to be running to print off the network. I got the dir655 since it had printer sharing but so far its not been of any luck.
View 5 Replies
View Related
Jan 23, 2013
One of the two supervisors in an IOS 6509-E did not come back up after a power outage. The failed supervisor in slot 5 was replaced and it booted successfully. However, the supervisor in slot 5 only booted up to a "Cold" state. I did notice the Hw version of the replacement module in slot 5 is 4.9 while the Hw version in the supervisor module in slot 6 is 4.8. What command do I need to issue to bring the supervisor module in slot 5 from "Cold" to "Hot"? [code]
View 4 Replies
View Related
Aug 16, 2011
Does Cisco 602 office connect AP working correctly with a 5508 controller? As cannot get it to work as having random problems. Ie I see the SSID broadcast on the AP, but no authentication messages for clients on the controller.I have the same configuration setup on a 1142 office extend access point and works fine.The other 602AP i have is seen by the controller, but will not even broadcast the SSID.
View 3 Replies
View Related
Jun 17, 2012
I am trying to configure a 3560 (Version 12.2(55)SE3) with IPServices to run WCCP to two to an Ironport WSA.
I believe everything is setup correctly, however WCCP is still not operational. I have check the debug logs on the switch and I'm presented with a number of messages along the lines of...
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_update_assignment_status: enter
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_update_assignment_status: exit
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
[Code]....
View 7 Replies
View Related
Sep 11, 2012
I just upload firmware1.0.1.10 on 2 WAP121. After the update and reboot, I was able to confirm the firmware version in the System Summary menu. The update is uneventful.However, the functions WDS Bridge and WorkGroup Bridge no longer works on two WAP121:
- For WDS Bridge, when I configure a Remote MAC Address with WPA Encryption and then I click on the Save button, nothing happens there. But it works well when I choose without Encryption.
- For WorkGroup Bridge, when I click on the Save button (even without changing the configuration), I have a message "Certificate file uploaded successfully" and another error message in the background: "error occured for query you send path . device.sync ... "
1.0.0.3 firmware is not available on your site, it is imposible for me to go back.
View 2 Replies
View Related
Feb 8, 2012
We have an RV042 on firmware version 1.3.13.02 and 2 ISPs:
WAN1 = Telepacific T1
1.5Mbps down and 1.5Mbps up
WAN2 = AT&T U-Verse
12Mbps down and 5Mbps up
I have it set to Load Balance, Primary WAN = WAN2
Network Service Detection enabled, only pinging the Remote Host of 4.2.2.2 and set to Generate Log
Bandwidth is set to:
WAN1 = 1000Kbps upstream & downstream
WAN2 = 5040Kbps upstream & 12000Kbps downstream
It seems to pick WAN1 a lot of the time. Do I have something setup wrong?
View 12 Replies
View Related
Jan 30, 2012
I have a Catalyst 3750 switch configured in a network. I would like an additional 3750 switch as a "hot" standby. A 2nd 3750 switch was purchased, and the same configuration was entered in to the new switch, so I have 2 switches with the exact same configuration.
When I move the connections to the new switch, I have a few VLANs that do not come up. One VLAN does come up and work normally. The VLANs in question show down, protocol down, and a show ip route reveals routes to the networks on these VLANs are not there When I put everything back on the original switch, everything works normally.
Why would the new switch not work with the exact same configuration?
View 6 Replies
View Related
Sep 2, 2011
I have a user with a Mecer laptop using Windows 7. For some reason the laptop isnt working correctly when connecting to wireless.When I choose auto IP settings it doesnt even want to connect to the wireless access point (and gives the laptop some strange ip that isnt even on the range of the network), when I enter IP settings manually it connects but still cant access the internet.When I take another laptop with Windows XP, it connects to the wireless and can access the internet NO problem with auto IP settings.
View 2 Replies
View Related
