Cisco AAA/Identity/Nac :: ACS 5.3 License - Redundancy Deployment
Feb 9, 2012
I have a question about my ACS redundancy deployment. I bought three ACS all of them came with base license. but i bought large deployment license my question is necesary to buy the large deployment license to add two seconday ACS to my Primary ACS ? now if I install the large deployment in my primary ACS it replique to other ACS or I have to install first the large deployment one by one (secondary ACS) before to join to the Primary ACS.
View 1 Replies
ADVERTISEMENT
Mar 26, 2011
i have 4 X ACS-1120. Each 2 are operating as an Primary and backup. I want to add a license in order for the ACS to support more than 500 networks which includes in the base license.As I understand this is the license required : L-CSACS-5-LRG-LIC=
·
Is this license applicable to ACS-1120 appliance with ver 5.2 ? – I understand that it is. for my scenario, do I need to purchase total of 2 X L-CSACS-5-LRG-LIC= (one for each environment, one license will serve 2 X ACS in Primary and Backup) or I need to purchase 4 licenses each for each ACS ? – I understand that one license will serve deployment of two ACS in primary and active scenario.
View 1 Replies
View Related
Mar 24, 2012
I already have large deployment add-on license. I also have 3 ACS Servers. Now, my primary ACS server is now up and my two secondary ACS server will be put up soon.
Just want to ask, when should be the large deployment add-on license be loaded? Can I load it to my primary ACS server eventhough my secondary servers are still not up? Or should I load it to my primary ACS server when my two secondary servers are already up?
View 3 Replies
View Related
Sep 26, 2012
I am still working on the design of my big project and always that you think that every thing is solve, appears a details.We need to deploy a fiber links to some buildings that will have access switches connected to the Core. I have been reading about ethernet ring topologies and quite differents to the hierarchical model because of the using of Ressilent Ethernet Protocol instead of STP or RSTP.My question is which of the next to scheme will be the best?
1.- Deployment an ethernet fiber ring topology with REP? Consider that the edge Switch of this ring will be my Core and this one is connected to my distribution switches in a hierarchical topology. In this situation, Acces Switch 1-A is connected to Acces switch 1-B, Access Switch 1-B to 1-C and Switch 1-C to the Core. Feel fre to recomend me wich switches and considerations are the best. We conssider 1 Catalyst 6506 Chasis for the Core and catalyst c2960s-48-TDL for acces, maybe the 3750x series. Each Acces node in the ring topology will have a maximun of 50 end devices.
2.- Deployment a Fiber ring but not connecting each switch with the next. In this case we want to ensure redundancy to the core wih equal costs path, but because of the ring each switch won´t have equal length link to the core. In this situation, Acces Switch 1-A is not connected to Acces Switch 1-B is connected directly to the core but the fiber cable will take the route to Access Switch 1-B, to Acces Switch 1-C and finnally to The Core Switch. This apply to the other to Switches. Note now that Acces Switch 1-A will have a 281 Ft link to the core and a second 1612Ft. link to the core. Here comes the question this differents lenght will negative affect RPVSTP ? or It doesn´t matter? Can i setup an etherchannel/load balance in this situation?
View 1 Replies
View Related
Jun 2, 2013
tell me when is available for order the High Availability for AIR-CT2504, like:
AIR-CT7510-HA-K9 Cisco 7500 Series High Availability Wireless Controller
AIR-CT5508-HA-K9 Cisco 5508 Series Wireless Controller for High Availability
View 1 Replies
View Related
Jul 1, 2012
I am having access point 1240AG and planning to deploy ISE as a exteral radius server. I would like to know how different authorization policy need to configure in AP/ISE. Whether I can use named ACL or VLANs (CoA) as a enforcement types without use of WLC. If yes then how?
View 10 Replies
View Related
Jun 6, 2013
I am going to deploy Cisco ISE with WLC 5500. I have two kinds of users one for which I want to deploy just open access Wi-Fi network, without working with Cisco ISE and Second group of Users for which I want to deploy Cisco ISE services like advanced authentication, posture and profiling. For both users I have just one WLC. Is there any problem to just deploy two SSID one for open access (without Cisco ISE) and second Secure with Cisco ISE ?
View 5 Replies
View Related
Dec 1, 2012
I am struggling in some areas to work out my firewall rules for a distributed deployment. The referenced documentation is not entirely clear in my opinion. In some instances it is easy to work out what ports need to be opened eg Admin node TCP 22,80,443 for management from administrator hosts/ranges. In other instances it difficult to work out eg TCP 1521 Database listener and AQ is this for ISE nodes only or for access devices aswell
My question is whether there is a better document that details these requirements. What rules are meant to be ISE node - ISE node communications and which rules are for access device - ISE, or ISE - access device. One of the rules I am pretty confused about is the PSN CoA ports. SHould the rule be WLC - PSN on 1700 and 3799 or is it the otherway round or unidirectional?
I am pretty sure that the ports are meant to be ISE-ISE in most instances barring the PSN for Radius and CoA.
View 3 Replies
View Related
Jan 11, 2012
I am wondering if having a Nexus 7K is mandatory to implement SGACLs within a TrustSec Infrastructure deployment or having a Nexus 5500 could be enough?
View 1 Replies
View Related
Jan 22, 2012
I have a question about the number of Cisco licenses needed in two cases for ACS 5.3 Virtual Machine.One primary + One secondary : Just one license for all or one license for the primary + another one for the secondary ?One primary + several secondaries : Just one license for all or one license for the primary + just one license for all the secondaries ?
View 1 Replies
View Related
Sep 19, 2011
have a ACS 5.2 version installed on Vmware . I purchased below liscense
Product Name : L-CSACS-5-LRG-LIC=
Product Description : L-CSACS-5-LRG-LIC= : ACS 5 Large Deployment License (Electronic Delivery)
When i am trying to upgrade the liscense i am getting an Error " Liscense file installation failed : The liscense file must contain single base liscense "
View 2 Replies
View Related
Jul 22, 2012
I have an ACS applicance that had a version 5.1 and i did an upgrade to 5.3 with latest patch.For some reason, the runtime process got stuck in (reinitializing and restarting) state.i did the recommended action to perform ACS stop and ACS start and even hard reset of the appliance, but it did not cut itThis process turned out to be a bug and it should have been fixed in version 5.3, but it has not i guess
i know that acs reset-config will solve the issue, but i have a problem here , the license file will be deleted as well with the config and i cannot find a way to export the license and then import it into the reseted config ACS hardware. Unfortunately, the license file is not saved anywhere in the company and i cannot affort to lose it.how to export the license from the applicance (CSACS-1120)?
View 3 Replies
View Related
Oct 11, 2011
We want to buy a ISE-3315-K9 for 500 end-devices.In the price-list I found the ISE-3315-K9 but cannot find the base license: L-ISE-BSE-500=. (I think I need this license)Will the shipment of the ISE-3315-K9 includes a 3000 end-points base license (maximum support of the ISE-3315) or do I need to order the base 500 license seperately?
View 1 Replies
View Related
Mar 25, 2013
Getting the following alarm from my ISE:Cause:Base License Enforcement Details: Base concurrent users exceed license allowable count.Currently only using 1656 out of 2000 base licenses so I'm not sure what the issue is. Running 1.1.2.145 patch 3.
View 1 Replies
View Related
Oct 16, 2012
What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
View 1 Replies
View Related
Apr 3, 2013
I’m stuck in some problem with installation of LMS4.0 in customer site.
- we purchase a LMS4.0(CWLMS-4.0-100-K9) but couldn’t install it on Windows server 2008 R2 64bit because those things don’t support each other.
- I need to upgrade the LMS4.0 to LMS4.2 that is supporting Windows server 2008 R2 64bit.
- So, I ordered following items via product update tool (url...) [code]
- In this status, how to install LMS4.2 with license for 100 devices? If I install R-PI12-BASE-K9 first, can i enter a licese for 100 devices for CWLMS-4.0-100-K9 into PI1.2?
View 3 Replies
View Related
Sep 13, 2011
I am currently testing Energywise deployment on LMS 4.0 with the 3 month evaluation. I am running into some issues and have some other queries that i cant find documented or on the forum.i have gone through the prep and upgraded 2 switches through lms which has been successful. i have created my domain, grouped some test endpoints and have been able to push this config out to the switches.I created a policy and have tried to push this out to endpoints but the job keeps failing. there is no error detail on the job failure task. i see that it uses protocol "EnergyWise Domain Query" and not netconfig which lms used to push out initial config? Is there somewhere in the logs i can check what is failing?I know i can apply this manually on the switch but i want to see if i can get lms to do this as i may be something one of our customers may use.
View 1 Replies
View Related
Oct 15, 2012
We are currently using Cisco VPN Client. I'm looking to migrate to Cisco Any Connect. Our ASA 5520 has 750 IPSec and 2 SSL license. I also have approximately 40 IPSec site to site VPN's on this. ,Will anyconnect interfere with the site to site tunnels?,If I setup anyconnect with the IPSec instead of SSL do I still need to purchase the premium or essentials license?,Lets say if I do have to get the license and I get essentials will it cause any issues with the site to site VPNs?
View 2 Replies
View Related
Sep 28, 2012
I have a custom that needs to deploy a wireless solution, in attach plan, does not want a solution with WLAN controller.I proposed a solution with AIR-AP1024N-E-K9. What solution should implement in order to have a good coverage? Repeater, bridge point-to-point, point-to-multipoint, or something else ?
View 7 Replies
View Related
Feb 12, 2013
My customer has this OOOLD deployment where some AP1231 are still working they are upgrading part of the WLAN to LWAPP but may need to leave some AP in stan alone for a while.I need to configure a new SSID that needs WPA2 enterprise AES but it seems that this version does not support WPA2. If it doesn't, from what version on is supported?
View 9 Replies
View Related
Jun 28, 2010
I have this Wireless deployment :
Main Site: WLC AIR-CT5508-50-K9
WCS 6.x for 50 APs
(32 ) AP 1140
02 Remote Sites : 03 AP 1140 using H-REAP
Now, my company is considering to implement a wIPS solution, so i planned to install in the Main Site a MSE3300 and (01) AP 3500e as a wIPS AP Monitor in the remote sites,
Need to confirm:
A) Can an AP3500 work with HREAP and as wIPS monitor AP at the same time? or in other words, if it is possible to have an AP wIPS monitor far away from the WLC (over the WAN)?
B) What are the requirements of WAN link if I want to install a Centralized MSE 330 Engine,which perform the wIPS solution in all the network.
View 2 Replies
View Related
Apr 10, 2011
If I am to add the Self-generated certificate of my new CAS to my existing CAM's trusted certificate authorities list, will it just be added or will it replace the existing trusted certificate?
View 4 Replies
View Related
Feb 12, 2012
I've been asked to implement a point to multipoint solution which I had never done before.My question is how many non roots can the root support?I am planning to use 1310 bride as root with a AIR-ANT24120 and non roots AP1242 with AIR-ANT2410Y-R they wont be longer than 1 km.
View 2 Replies
View Related
Nov 19, 2012
I search at all cisco pages about support of VSS quad supervisor 2T support.Even relase notes, q&a etc. But until now I don’t found any pros or contra. Customer use the newest IOS 15.1.1-SY Customer uses already several system with quad sup720, has also experience.Customers actual state is:With quad sup 2T the 2nd sup2t of each VSS-chassis drops in rommon.Without VSS the same sup2t comes up either as active or standby!
View 2 Replies
View Related
May 31, 2011
ACE 4710 deployment model. We'll be doing an eval later in the year, but I'm just looking to understand the architecture.We have a stack of 3750 switches with a single VLAN (10.1.1.0/24). Connected to that stack is a pair of web servers (10.1.1.5 and 6) that we want to provide load balancing/failover for. Some of the clients are located right there on that same VLAN. Other clients may be coming from other spots in the infrastructure.It sounds like I could put a pair of 4710s connected to that stack of switches, in a single arm deployment? And then the virtual IP and the real servers would all be 10.1.1.0/24. Maybe use an etherchanel to connect each 4710 to two 3750s?
View 9 Replies
View Related
Jun 6, 2012
I am implementating wlc 2504 and 1520 ap,i installated wlc and ap are got registered. In WLC i changed parameter as RAP and MAP.
As per doucment i have to enable Zero touch configuration in bridging. But bridging option is not their in wlc, wlc is running on 7.0.220
View 2 Replies
View Related
Mar 8, 2013
I have read in some documents that we should have one Ap for more or less 50 clients. But i also read for example in ap 2600 specs that it support maximum 200 connections per radio.So for example in a conference room (10mx5meter) for 150 users in theory can i have just on Ap2600 for web surfing or i should have 3?
View 14 Replies
View Related
Apr 16, 2012
We have instructed our user community to start their VPN sessions by connecting to our ASA 5520 with a browser to download (if necessary) and initiate the Anyconnect essentials VPN client. Everything was working fine until a few days ago.
We have had several people report the same problem. They connect with the browser, enter their login information and are greeted with our "authorized use only" message by the ASA. Then, instead of downloading (if necessary) and starting the VPN client software, the web page just goes back to the login prompt without displaying any error message. The client software is never downloaded or started.
We've been able to work around this by installing the client software manually (where necessary) and starting the VPN client from the start menu. However, this isn't our preferred solution because this method won't have them automatically picking up updated versions of the VPN client.
We have seen this behavior before when there was a pending Java update that had not been applied. However, that doesn't seem to be the case this time. Clients have recently updated to IE9, but I have personnally been running the Anyconnect client and launching through IE9 for months.
View 8 Replies
View Related
May 20, 2013
I have recovered some configuration files from my 2950 switches with the Configuration Archive Tool in LMS.
Now, I'd like to replace my old 2950s by 2960 switches, which have the same number of ports.
Will there be any issue if I copy the exact same config from 2950 to 2960 ? Will some features not work or is everything interoperable ? Here's an extract of the config :
Global
version 12.1
no service pad
service timestamps debug date time
service timestamps log date time
no service password-encryption
[ code]....
View 2 Replies
View Related
Feb 21, 2013
WDS allows you to capture and deploy images on a network to client pcs. I Was wondering how many images wds allows you to capture and deploy and if there were any work a-rounds that would allow you to deploy more.
View 1 Replies
View Related
Jan 13, 2013
I currently work for an enterprise that want to deploy wireless network (6AP for now) and I'm the one who will manage and install it.I had initially planed to deploy Ubiquiti network because I've heard lot of good thing about them. But they did not wait me and bought (crappy?) HP access point (MSM410)
What do you think about HP wireless network ? They did not yet buy the access point controller and I'm not sure they want to buy one.I can't find any review on the HP solutions it looks like no one is using it.
Do you recommend me to continue with the HP solution and buy a HP controller or go with Ubiquiti and rebuy the access points (no so much expensive in comparison with the price of the HP controller alone)
View 19 Replies
View Related
Apr 2, 2013
We currently have an existing 6506 in data center that we want to add another 6506 to and do a VSS implementation.I'm trying to minimize down time so our current basic plan was to do the following:
1. Bring up the new 6506 and configure it for VSS
2. Trunk a port between the new 6506 and the production 6506
3. Physicall move connections from the production 6506 to the newly connected VSS switch
4. After all physical ports have been moved, power off the original 6506 swap the supvisor card out for the new 2T Sup card
5. Configure original 6506 for the virtual domain and then connect the VSL's.
According to the documentation, to run "switch convert mode virtual" the standby unit has to be in hot standby. This means I can't run this prior to moving the connections over, which means once I run "switch convert mode virtual" it will reboot the switches (~ 9 minutes of down time). Is there anyway around this?
View 3 Replies
View Related
Jul 20, 2011
Is Cisco WCS mandatory when deploying an outdoor enterprise mesh solution?If I am goin to use the 1552E purely as an outdoor access point ,do I really need the Cisco WCS?
View 2 Replies
View Related
