We are using the Cisco ACS 5.2 for AAA to manage our network devices. We plan to migrate all our edge's devices to IPv6 soon. Can or when the Cisco ACS 5 support IPv6 address?
View 1 Replies
Is there a new software version that supports full ipv6 for wan and lan? What may be the replacement for rv016 that supports full ipv6 and may have a density of 8-16 10/1000 ports?
View 3 Replies View RelatedThe products from SRP 540 series line (541w etc) will ever support IPv6 features or remote VPN (eg SSL VPN or Cisco QuickVPN)? If yes, is there a time horizon?
View 6 Replies View RelatedNeed to confirm if WS-C3750-48TS-S supports Private vlans and IPV6?
Also need to know which stack cable like part number i can use for stacking them .
Region : UnitedKingdom
Model : TL-WR841N
Hardware Version : V8
Firmware Version :
ISP :
I'm interested in purchasing this router but I need to know how many clients it supports. We currently have a normal adsl wireless router but after about 20 clients it stops accepting anyone new.
Region : UnitedKingdom
Model : TL-WR841N
Hardware Version : V8
Firmware Version :
ISP :
I'm interested in purchasing this router but I need to know how many clients it supports. We currently have a normal adsl wireless router but after about 20 clients it stops accepting anyone new.
I set up the IPv6 on EA2700 (running firmware v1.1.39), and all the wired clients can get an IPv6 address, assigned by the router, without issue.However, all the wireless clients seem to unable to get an IPv6 address. If I connect a laptop to the router both wirelessly and with an ethernet cable, then the ethernet NIC gets an IPv6 IP but not the wireless NIC.
View 9 Replies View RelatedI Have a requirement to migrate from ipv4 to ipv6, I have checked the scalability of all the devices for this migration except ACS 1113 Solution Engine, Version 4.2. I couldnt reach the proper documentation to check its support for ipv6.
View 1 Replies View RelatedI have 2 ACS 5.2 (VMWARE) in my network configured as primary and secondary. When my AAA clients are configured for Primary ACS authentication works fine.But the clients configured with secondary fails authenticating.My replication status of the secondary box is showing UPDATED.
View 1 Replies View RelatedAny upto date reference for setting up the ACS v 5.3 for mac filtering via built in radius with wireless lan controllers?
all I seem to find is this old document - which uses the user database.
the ACS 5.3 has host store, which seems like the logical place to setup mac address information
[URL]
So if I do a static ip address it works fine, but if I turn off static, the machine authenticates fine, but is not assigned to the access vlan, and it does not get an ip address.now when I use static I notice in the ISE live authentication logs, 11213 No response received from Network Access Device, for the switch even though its configured correctly.
View 5 Replies View RelatedI've inherited some ACS appliances from another part of my organization. I need to keep most of the settings but want to remove all the AAA clients; and preferably not one-by-one. I don't see a way in the documentation and web searches have proven fruitless.
View 1 Replies View Relatedwe are moving network devices (200+) authentication/authorization/accounting to new ACS5.2, is there any easy way to copy/sync all those AAA clients configuration to another ACS5.2 server? I don't need other configuration to be synced/copied to another ACS5.2 server
View 8 Replies View RelatedI have a problem where wireless clients at a remote site cannot successfully authenticate through their WLC to my ACS 5.2 (Linux on VM). I have three sites where this authentication is functioning properly; at my fourth site the wireless clients fail with a PEAP error: "12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate". My wireless clients are Win7 using WPA2-Enterprise security type with AES encryption. The authentication method is set to Microsoft PEAP (EAP-MSCHAP v2) and the 'Validate server certificate' is not checked. My wireless access rules on ACS 5.2 are working well at three sites. My ACS 5.2 has a self-signed certificate that doesn't expire until August 2012. A laptop that can successfully authenticate at other sites cannot authenticate at the fourth site.
Phase one of the PEAP process is where the client authenticates the server certificate and the TLS tunnel is created so that in phase two user authentication credentials are sent through the TLS tunnel using EAP. My clients do not seem to be able to create the TLS tunnel because they reject the ACS local certificate; thus, user credentials are never passed and authentication fails. I have renewed the ACS local certificate and rebooted the ACS server but the problem persists. My WLAN on the WLC has its security policy set to [WPA + WPA2][Auth(802.1X)]. WPA uses TKIP and WPA2 uses AES; Auth Key Mgmt is set to 802.1X. The remote site where authentication fails is a different domain; the other three sites are the same domain.
I can see the failed authentication attempts in my ACS "Monitoring and Reports | Reports | Catalog | AAA Protocol | RADIUS Authentication" report. They all fail with the same PEAP error: 12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate. The ACS local certificate works fine at three sites--just not at the fourth. Is my problem the certificate or is it an 802.1X client problem?
I need this SSL certficate installation on my acs appliance 1120 for PEAP clients.I have exported SSL server certficate from my old acs 3.3 server which is under acscertstore folder issued by CA vendor . I need to reuse this same SSL certificate on my acs appliance .ACS appliance certficate setup requires following two certificate to be installed for PEAP clients authentication
1) Server Certificate
2) CA certificate
Server Certificate : For server certifcate , I have my old certificate which is exported from my old acs 3.3 server , when i tried to download my server certficate via ftp server on my acs appliance , its looking for private key & private key file .Private key & file is generated intially on CSR request when this server certificate is requested to CA vendor for my old acs 3.3 . I dont know the private key password . If i need private key & file , then i need to generate new CSR from my acs appliance and i need to submit this CSR output to my CA vendor to generate new SSL server certificate .which is something like new server certificate request .CA certficate : For CA certficate , when i open my existing SSL certificate under detials tab in CRL distribution point , i could see below URL . whn i open this URL it giving certificate revocation list . [1]CRL Distribution Point.
I'm trying to use 802.1x to authenticate clients on my network with dynamic VLAN assignment from RADIUS. We have IP-Phones(powered by PoE) that only supports EAP-MD5, and we would rather use MAB(it also uses LLDP-MED for some settings) to authenticate the phones using the MAC-range from the phones vendor. The following scenario works perfect:Connect the phone and let it boot up(takes a while) and authenticate with MAB.Connect a computer in the phones data-port and let it authenticate with 802.1x(or fail and reach guest-vlan) However, the following scenario doesn't work:The computer is already connected to the phoneThe phone is then connected to the switch What happends now is that the computer is authenticated using 802.1x before the phone boots up and get's authenticated with MAB. When the phone is ready, it's authenticated with MAB and everything works. However, after a short period(let's say a minute), using `debug authentication all`, we see a "NEW LL MAC: phones mac" message(which is weird since the mac has already been MAB-authenticated), and then we are unable to contact the phone using ping. When I check `show mac address-table` it has now moved the mac from `Port Gi 0/12` to `Port Drop`. However, if I check `show mab interface Gi 0/12` or `show authentication sessions` it lists the phones-mac as `mab auth sucess `.why the first scenario works, and not the second?
The switch is a 3560E PoE 24p with IOS 12.2.58SE2. Sample of the switch-config: network-policy profile 1voice vlan 90!interface GigabitEthernet0/12switchport mode accessnetwork-policy 1authentication control-direction inauthentication event fail retry 1 action authorize vlan 60authentication event server dead action authorize vlan 60authentication event no-response action authorize vlan 60authentication event server alive action reinitializeauthentication host-mode multi-domainauthentication order mab dot1xauthentication priority mab dot1xauthentication port-control autoauthentication periodicauthentication violation replacemabdot1x pae authenticatordot1x timeout tx-period 5dot1x max-reauth-req 1spanning-tree portfast!Btw, when we tried authenticating the phones using 802.1x too (EAP-MD5), there are NO problems in any of the scenarios. However, we want to use MAB instead of 802.1x to avoid the requirement of configuring the phones with a username and password. The RADIUS response was the same when using 802.1x as it is with MAB for the phones (including device-traffic-class=voice AV-pair).
what is the maximum number of AAA clients supported by a single ACS5.3 instance?
View 1 Replies View RelatedWe are deploying BYOD with Cisco ISE 1.1.2 and WLC (5508) using 802.1x authentication.Windows clients cannot connect to 802.1x SSID with the following error on ISE:Authentication failed : 12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate
The client doesn't have preconfigured wifi profile or root certificate installed.The concept of BYOD suppose that you can connect your device without any installed certificates and preconfigured wifi-profiles.
The problem is that Windows 7 supplicant does not send TLS alert in pop up window, when connecting to 802.1x SSID.If this alert is seen, than you can accept it and proceed the connection. After that you will be asked to install ROOT-cert, get your own cert and etc.So, the question is: how to make the windows supplicant to show the pop-up window with TLS alert?
p.s. the attached file shows the example of pop up TLS-alert window
We have had an active ACS unit for many years now, and we've added a second one, both are 1121 Appliances. The newer one came with 5.4, so we upgraded the older one to 5.4.
We setup replication between the two, with the newer one primary and the older one secondary. Problem is, windows based clients are unable to authenticate to the older ACS appliance. The only problem we can see is that it indicates that adclient is not running, under Monitoring & Troubleshooting, ACS Health Instance Summary.
So... been trying to figure out how to correct this, yet have been hard pressed to find a knowledgebase article that works. So far, Cisco hasn't added my smartNet on the new box so I can get some support?
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
:
ASA Version 7.2(4)
!
hostname ASA
domain-name default.domain.invalid
[code].....
what I need to add to get the vpn client to be able to ping the router and clients?
We currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
My testing shows packets just dying in the 5520.
I have 4 desktops cat5 to Dlink DIR 615 router. All work fine. Any wireless clients, laptop or netbooks, see the desktop computers for a while then disconnect somehow. All machines can see the Internet through the router at all times. The desktops disappear from the laptop/netbooks but the wireless machines can be seen from the desktop computers but clicking on them gets 'Access Denied' message after a wait.3 desktops = XP, 1 98SE. All laptop/netbooks = XP
View 2 Replies View RelatedI have a Netgear WNDR4500 running the stock firmware, acting as a router for my home. I also have 2 routers that are flashed with DD-WRT (Linksys WRT54G and Asus WL-520GU) running as client bridges. The Netgear is 192.168.1.1 and the other 2 client bridges are 192.168.1.2 and 192.168.10.3. The Netgear router is performing DHCP giving addresses from 192.168.10.100 to 192.168.10.254. I have numerous machines connected to the Netgear, wirelessly and wired, and numerous machines wired to each client bridge. All machines have IP addresses that are 192.168.10.100, 192.168.10.101, 192.168.10.102, etc... Everything is working fine, but I have one question: When I access the Netgear router, it shows the client bridges as clients, machines that are wired and wireless to the Netgear router are listed as clients, but the client list does not show any clients that are connected to the client bridges. I assumed that since the router is performing DHCP that all clients would show up.
View 2 Replies View RelatedIs Ciscoworks LMS 3.2 supports WISM 2?
View 3 Replies View RelatedWhich version of IOS for the 2621 supports NAT?
View 1 Replies View Relatedthe max amount of AP's one 5508 WLC can support ?
View 4 Replies View RelatedImagine on a 3845 router, I need to bond 2xDS1 circuits (for a Metro Private Line, point-to-point circuit). I have done that multiple times for NxT1s with MLPPP - OK.So my question is, is the card below and MLPPP valid for 2xDS1? I read all the product specification and it always mention "T1", but it does not officially say I can configure DS1.VWIC-2MFT-T1-DI#Two-port RJ-48 multiflex trunk - T1 with drop and insert
View 1 Replies View RelatedI have 2611xm router with 2 fastethernet ports. Now I want to install NM-1FX-TX module. I just want to conform that does 2611 supports NM-1FX-TX module. I am using this device for lab purpose. I am using latest IOS"
View 2 Replies View RelatedI am interesting is ESW-520-24-K9 switch supports GLC-LH-SM SFP? In official data sheet there is no information about that. it is supported and I am interesting if it is true ?
View 5 Replies View Relatedany 3725 IOS image that supports the ip sla command? I tried searching for it using the feature navigator but i received something like "15T" and I'm not too sure what that is.
View 4 Replies View RelatedWe are using Cisco 1941 Router as CPE where we wanted to trap CPU, Memory & ISYSTEM MIB. The same we are achiveing using SNMPV2 but when we tried using SNMPV3, there is no response for these MIBs.
We tried to configure SNMPV3 using below Link but still there was issue. There was response fr [URL]
Wanetd to know SNMPV3 MIB are supported for Cisco 1941 Router IOS Code universalk 15.2(3)T1 & Data License. When we tried using Cisco IOS MIB Locator, we are not able to see any MIB for SNMPV3. whats is that mean. Does this Platform + IOS Support SNMPV3 or not.
Below is the Snapshot from Cisco IOS MIB Locator for said image.
[Code]......
I have a small network of about 12 Mac's running OS X, about 20 or so iOS devices and a OS X Server. Currently i have a Cisco SRP547W which works fine when we're all wired in, however we have connection issues when trying to access the server over Wi-Fi. I'm lead to believe that this could be a result of the lack of support for Bonjour within the router. What might be a solid alternative?
View 1 Replies View RelatedWe have a 10 MB Internet Link coming from our ISP through there MUX.The link is connected to our Router 1841.Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(3i), RELEASE SOFTWARE (fc2)From past few weeks we are facing link speed issues. It gives not more then 1-2 MB.The ISP is telling there is no Problem in there network. We have kept Default Routing pointing towards there IP.We want to know whether our router will support 10MB Internet Link or Not.
View 9 Replies View Related
