Cisco AAA/Identity/Nac :: (ACS 5.4 Patch 3) Error On Administrative Access Control

Jun 5, 2013

Configuration: VM with ACS 5.4 with patch 3. (upgraded from 5.2.0.26 patch 10)When I go on "System Administration" - "Administrators" - "Administrative Access Control" - "Authorization", I got this error:
 
What I tried:

"acs backup" on this server and shutdown
Install  an ACS 5.4 with patch 3 on new VM --> I don't have the problem on GUI
"acs restore" to restore my configuration on new server --> I got this problem again...
 
I want to use this feature...After this error, others pages generate this error: I have to reload server or restart management service to get him back...How could I solve this? (I don't want to reconfigure manually the server )

View 3 Replies


ADVERTISEMENT

Cisco Switching/Routing :: 3560 / Administrative Control On L3 Switch For DHCP Service

Sep 25, 2012

My Network Layout is as,  Firewall (with Routing)------>Cisco 3560 Switch (L3)------> connected 8 Cisco 2960 switch (L2)----> all users I have configured 20 VLAN's on cisco 3560 switch with Dynamic Pool and Static, Means, 5 Vlan's are Dynamic and remaining are Static Our Company process provides only internet access to existing clients computers. Problem is that, I configured Static VLAN 5 for one of our Client in their seperate room, mean to say, i activated all ports of their room with Static VLAN 5. one day they configured own DHCP server on Windows 2003 Server with same subnet (Same as VLAN5) in their room without any information and now their all computer/ Laptop acquiring ip address Dynamically.
 
If i have configured Static vlan on that port's then how it is get Dynamic ip from same port's.How to restrict to permit another DHCP server/Service in our premises. I Do not want to give administrative control to Clients to do such kind of thing with LAN.

View 8 Replies View Related

D-Link DIR-655 :: Error When Adding Policy To Access Control?

Nov 3, 2011

My firmware is 1.35NA and have a schedule established.  When I try to add a policy for access control, I can select a policy name but when I hit "next", I get an error stating "Internet Explorer has stopped working" and wants to close. I was able to add policies previously but can not any more.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 For Network Access Control

Feb 16, 2013

We recently deployed ACS 5.3 on a VM, while the main purpose of implementation was to control access (authentication/authorization) on network devices; Can we use the same user to authenticate users' access to our wired network? So only users with a valid credentials on our Windows AD can have access to the network?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Method To Control Access To Different WLAN On Same ACS 5.2 And WLC

Aug 6, 2012

is there any method to control an access to the different WLAN(PEAP) on the same ACS 5.2 and WLC?That is, there is two AD groups the one have access to domain network only the other group have access to internet only and may be third group that have access to both networks.Currently if i add new authorization policy the user will have access to both networks.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5520 - VPN Access Control Using LDAP

Mar 13, 2011

I am configuring an ASA 5520 for VPN access.  Authorization & Authentication use an LDAP server.  I have the tunneling configured successfully, and I can access internal resources.  What I want to do now is to restrict access to a specific AD Group membership.  In the absence of that group membership, a user should not be allowed access to the VPN.
 
My test VPN client software is Cisco Systems VPN Client Version 5.0.05.0290.  The group authentication is configured into a Connection Entry that identifies the Tunnel Group. I think I worded that correctly.
 
The Software Version on the ASA is 8.3(1).
 
My current challenge is getting the VPN to stop letting every access request through regardless of group membership. 
 
[URL]
 
The configuration (AAA LDAP, group policy, and tunnel group) is below.
 
aaa-server LDAP protocol ldapaaa-server LDAP (inside) host x.x.y.12      server-port 636      ldap-base-dn dc=domain,dc=com      ldap-scope subtree      ldap-naming-attribute sAMAccountName      ldap-login-password ********      ldap-login-dn

[Code].....

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Patch ACS Server To 4.2.0.124.17 From 4.2.0.124.6?

May 9, 2011

I need to patch our ACS server to 4.2.0.124.17 from 4.2.0.124.6. My question is, do I need to apply the same patch to our remote agents? Cisco's documentation only states that both the ACS and the Remote Agents need to be 4.2.0.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Clean And Patch ACS V4.2 (0.124)

Mar 2, 2011

properly patching and/or cleaning the ACS version listed in the title.
 
First off - what does the Cleaning utility do?
 
Second - I have obtained the two following files:
 
ACS-4.2.0.124.17-SW

ACS-4.2.0.124.16-Clean
 
Can these both be used to correct a problem we have with our current installation?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Patch In Distributed Mode?

Mar 22, 2012

what's the best way to apply a patch in ACS 5.2 distributed configuration ?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 3315 Need To Patch The Files

Aug 2, 2012

I installed ise-1.1.1.268.i386.iso on a scratch to the new NAC 3315. As i check cisco download mentioned it need to patch following files :ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz,But once try to patch it show like attachment message, is it mean that i no need to do the patching?Or is there any instruction need to remove and reinstall for this files.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Patch Application Procedure ACS 5.2?

May 4, 2011

procedure to apply the  5-2-0-26-4.tar.gpg  patch. I don't know how to get the patch file into the ACS server.The procedure in the "Read me" for the patch does not indicate anything about how to this:
 
1. open CLI console2. define new repository in which the 5-2-0-26-4.tar.gpg resides3. issue: 'acs patch install 5-2-0-26-4.tar.gpg repository YOUR_REPOSITORY'4. verify installation by getting the following version information via CLI by issuing:#show application version acs I  don't know how to put the patch file from my local machine to the  repository created in the GUI (if there is where the actual place to creat the repository).

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Failure To Apply Patch To ACS 5.0.3

Jun 12, 2012

I am trying to apply pach 5 to my ACS version 5.3 using FTP but i receive the following errors after issuing the show backup history command. When i use TFTP, i get a message saying that the file is too big, which i understand 164 MB.
 
after issuing the show repository "repository name", i get the following error.% Error reading directory on remote server.the patch is on one of my hard drives D, how do i specify on the ACS file path which drive to use?I can only place a url but without specifying which drive.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Patch And AD Alternate UPN Suffix

May 31, 2012

i'm using ACS 5.3.0.40.2 and its setup with an AD External Identity store for wireless PEAP MSCHAPv2. AD is configured with Alternate UPN suffixes so that for example: 22056 Subject not found in the applicable identity store(s). ##
 
I've checked the release notes for 5.3.0.40.5 and there are some changes/fixes for AD but nothing I can see to explain the behaviour above. I'm looking to upgrade to 5.3.0.40.5 soon but I really need the Alternate UPN suffixes to work.mydomain.com is the AD domain namean Alternate UPN suffix of another.com has been added to AD 
 
A valid AD user can add either the @mydomain.com or the @another.com suffixes to their username and login successfully. This works fine with 5.3.0.40.2 but changes when I upgrade to 5.3.0.40.5 - users who use the @mydomain.com login ok but users using the Alternate UPN @another.com fail with the error: [code]

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Applying A Patch To ACS 1121

Jun 3, 2012

I have an issue with applying a patch to an ACS 1121 appliance running version 5.2.0.26. I have 5 units that needed updating and the first one is the unit with the problem. The subsequent ones updated with no issues.
 
When I do a show version the 5.2.0.26.10 does not show. When I try to do a reinstall I get back patch all ready exists. When I try to do an uninstall I get back patch does not exist.

Is there a command can wipe out patch 10, so I can start over? The CLI factory-reset only wipes the web configuration not the running-config or IOS.

View 7 Replies View Related

Cisco AAA/Identity/Nac :: Unable To Upload Patch To ACS 5.2 Appliance?

Jul 21, 2011

I'm trying to upload the 5-2-0-26-4.tar.gpg patch to our ACS and so far have been unsucessfull. I keep getting the "please verify the patch bundle is valid".
 
When I download the 5-2-0-26-4.tar.gpg file, for some reason the download always comes down from Cisco as 5-2-0-26-4.tar.tar. I've renambed the file to 5-2-0-26-4.tar.gpg and verified the MD5.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Patch Rollup For Secure ACS 4.2 Fails?

Jan 7, 2010

I've got 2 freshly installed ACS 4.2 for Windows servers and I need to apply the latest patch rollup before I build the configurations.  I stopped the ACS services and ran Acs-4.2.0.124.15-SW.exe to install the patches.  The application begins running fine but fails on upgrading the database and then none of the ACS services would start.  I was able to restore the files from the backup that runs with the patch utility and get ACS functioning again.  What am I missing - does the patch rollup require any specific Microsoft Patches to be installed or something like that?

View 7 Replies View Related

Cisco AAA/Identity/Nac :: Required Patch For ACS Appliance 1120 Version 4.2.15.3

May 4, 2011

Need URL for patch 4.2.1.15.3  with comptaible for cisco acs appliance 1120 . Though its for appliance patch should be along with webserver . I have downloaded patch of SE its not comptaible to this hardware .

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Applying Patch To ACS5.3 - Change File Extension?

Nov 11, 2012

About to apply a patch for the first time on the ACS 5.3 tonight. Ihave tftp'd it onto a directory i have created on the server. However my support hints i may havre to rename the file ? copy the latest patch file you got from Cisco – you may need to rename as gpg) Current filename is 5-3-0-40-7.tar.tar
 
So would i need to rename this as 5-3-0-40-7.tar.gpz . If so i will rename it on my pc and redownload it on tftp

View 3 Replies View Related

AAA/Identity/Nac :: Cisco ISE 1.1.1 Is Given Certificate Error While Trying To Access Any Of Nodes

Nov 9, 2012

Cisco ISE 1.1.1 is given Certificate error while trying to access any of nodes. It is started after adding other nodes in to primary node. Accessing by IP's redirect to other nodes suppose if we accessing primary admin node by IP, it redirect to other nodes (secondary nodes or other nodes).

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Fails To Send Files To Sftp Server After Installing Patch 5

Jul 21, 2011

After we have installed patch 5 on several ACS 5.2 server they aren't able anymore to write their backups to the sftp servers. I tried to search on the bug tool kit, but it seems to be broken when searching for the keyword "sftp". It's the same when I try to do a "copy logs" with sftp as destination.running a debug I can see,

acs/admin# copy logs sftp://10.1.115.11/,Collecting logs...,Username: backupuser,Password: ,6 [16376]: transfer: cars_xfer.c[301] [admin]: sftp copy out of /var/tmp/ADElogs.tar.gz requested,6 [16376]: transfer: cars_xfer_util.c[412] [admin]: resolved server to 10.1.115.11,7 [16383]: transfer: sftp_copy.c[75] [daemon]: Executing SFTP command: /usr/bin/scp -o StrictHostKeyChecking=no /var/tmp/ADElogs.tabackupuser@10.1.115.11://ADElogs.tar.gz,% Error: Transfer failed3 [16376]: transfer: sftp_copy.c[230] [admin]: sftp_copy ERROR: command execution failed,3 [16376]: copy: cm_copy.c[1226] [admin]: Logs archive transfer to url sftp://10.1.115.11/ failed retcode=-306,acs/admin#

View 21 Replies View Related

Cisco AAA/Identity/Nac :: 1252 AP - 24427 Access To Active Directory Failed Error In ACS 5.1

Jan 2, 2011

I'm working on implementing a RADIUS authentication for wireless access with the following :
 
- PCs running Windows 7, protocol used is PEAP (without validating the server certificate to make it simple at first),

- AP 1252  configured to use a RADIUS server to authenticate (it's working good with an ACS server 4.2),

- ACS Server 5.1.0.44.5 running as VM connected to an AD domain and working good with VPN connections,

- AD domain running on Windows 2003 Server.
 
My ACS VM is working good since a couple of months for VPN (RADIUS) and administration (TACACS) remote access, both using Active Directory. Now, I'd like to use it to authenticate people connecting to a 1252 Cisco access point but I'm getting this error "24427 Access to Active Directory failed". I switched from PEAP to LEAP but this is the same.
 
All I can get running the expert troubleshoot
 
Investigating failure code: 24427 Access to Active Directory failedChecking if Active Directory is configuredActive Directory is configuredAttempting connection to Active DirectoryConnection to Active Directory was successful.Troubleshooting completed.Click on Show Results Summary to view results.
 
I followed this guide, at least for the ACS certificate section :
 
[URL]

View 27 Replies View Related

Cisco WAN :: SPA Module On 6509E - Control Store Parity Error

Nov 28, 2012

Have spa module on 6509E experience that error:
!
sh log | b crash
SLOT 3: Aug 18 12:52:10 CST: %CARDMGR-2-ESF_DEV_ERROR: An error has occurred on
Ingress ESF Engine: Control Store Parity Error
SLOT 3: Aug 18 12:52:10 CST: %ESF_CRASHINFO-2-WRITING_CRASHINFO: Writing crashin
fo to disk0:crashinfo.esf_20110818-175210
[Code]....

View 1 Replies View Related

Linksys Cable / DSL :: X2000 Parental Control Error

May 17, 2012

I've just bought all-in-one router X2000.And I found that in the parental control [ADD] windows does not show every device's name.It shows only 3 of 20 devices (ex. My-nb, PCaccount, PChuman, but the others show "Network device").

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Error - 22056 Subject Not Found In Applicable Identity

Oct 6, 2012

I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.The local site topology is like this:
 
PC - AP - WLC - ACS - AD
 
Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.Users was working fine but some users reports intranet disconnections. I see in the ACS log  many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.
 
I switched the role for ACS primary to works as secundary and we see the same alarms.

View 2 Replies View Related

Error 1053 - Service Did Not Respond To Start Or Control Request In Timely Manner

Apr 11, 2012

Day before yesterday my Laptop [Dell Studio] has suddenly stopped working and i have to shut it down forcefully. Then i logged in again but my wireless was not working, i have googled the solutions and tried to start the WLAN Autocofig service but its throwing an error : 1053 : The service did not respond to the start or control request in a timely manner.I have Windows 7 installed on my system.Suddenly the speed of my laptop reduced drastically. Now its taking almost 12 mins to start instead of 2 mins.I have also removed some lines from the test files from the registry as mentioned in the below website as a resolution, but its not working.Unable to connect to wireless networks on Windows 7 Enterprise laptop. I dont have OS [Operating system's] CD as it was pre-installed on my laptop when i bought it.

View 2 Replies View Related

Linksys Wireless Router :: Customize Parental Control Error Message Page

Oct 30, 2012

Is there I can customize the error page which is shown when someone visits a blocked site 

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Doc Covering Using ACS 5.3 To Control Guest VLAN

Oct 10, 2012

I've configured an ACS 5.3 system and all my groups etc fucniton corrcetly both for Network Access and for Device Administration.

However I'm stuck trying to allow clients to authenticate against the router's web-page i.e. Web-Authenticaiton, using TACACS+ between the router and the ACS5.3.
 
I've looked into this and I need to configure a custom-attribute of "service" with type Outbound and link this to an Authorization policy.

View 3 Replies View Related

No Connections Available - What Settings In Administrative Tools / Services Should Be Enabled

Aug 23, 2012

My Dell laptop on my home network was connecting fine until I tried to figure out why it was booting and running so slowly and tinkered with the settings (per a web site with recommendations). Now it says no connections are available (there are, and other devices are fine). I tried all the simple solutions and have made any programs automatic that even vaguely look internet related and I still can't connect. The wireless adapter is enabled. I need to know what settings in the administrative tools/services should be enabled. The laptop is running Win 7 pro.

View 9 Replies View Related

Cisco WAN :: 3560 / 3550 - Difference Between Administrative And Operational Mode In Switch

Apr 15, 2011

What is the difference between administrative mode & operational mode in cisco 3560/3550 ?

View 6 Replies View Related

Wifi Access Points With User Access Control?

Nov 27, 2012

We have a small office and already have a firewall in place that uses content filtering. I am looking for a low cost wireless access point that I can place behind my firewall that will allow me to control access by a username and password list, not just the passkey.

Does this exist without having to go to an Aruba or Ruckus type enterprise WIFI product?

View 1 Replies View Related

Cisco Switching/Routing :: Disable Administrative Native Vlan Tagging On 6509?

Dec 13, 2012

We have a problem with CDP packets on sent by our Cisco 6509's.  Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan.  As a result the CDP packets are sent with an 802.1Q header with a tag of 1.  The other switches send the CDP packets untagged on the native vlan.  This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509.  They see the packets from the 4948 and 5020 just fine.
 
How can I disable the administrative native vlan tagging on the 6509?  Here is the current setup:
 
nwkdev-6509-1#show vlan dot1q tag native
dot1q native vlan tagging is disabled globally
nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport

[Code].....

View 13 Replies View Related

Disk Space - Reduce Administrative Effort And Minimize The Chance Of Volume Failure?

Mar 1, 2012

One of the file servers in your office is running out of space on the D: volume. There is unallocated space available on the same disk as the D: volume, as well as on other disks.What option should you choose to reduce administrative effort and minimize the chance of volume failure?

View 3 Replies View Related

Cisco :: Access Control For Static NAT

Jun 15, 2012

(1) forward range of ports to a specific IPs using static NAT? for ex, i would like to forward port 5060 and 10000-20000 to a server 192.168.1.22..

(2) how to apply access control to this static NAT ? for ex. i would like to deny specfic IPs from accessing it from public..

====================================================
interface ethernet 0
ip address 192.168.1.1 255.255.255.0
ip nat inside

[code]....

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved