Cisco AAA/Identity/Nac :: ACS 5.x Large Deployment Add-on License / When Should Be Loaded
Mar 24, 2012
I already have large deployment add-on license. I also have 3 ACS Servers. Now, my primary ACS server is now up and my two secondary ACS server will be put up soon.
Just want to ask, when should be the large deployment add-on license be loaded? Can I load it to my primary ACS server eventhough my secondary servers are still not up? Or should I load it to my primary ACS server when my two secondary servers are already up?
View 3 Replies
ADVERTISEMENT
Mar 26, 2011
i have 4 X ACS-1120. Each 2 are operating as an Primary and backup. I want to add a license in order for the ACS to support more than 500 networks which includes in the base license.As I understand this is the license required : L-CSACS-5-LRG-LIC=
·
Is this license applicable to ACS-1120 appliance with ver 5.2 ? – I understand that it is. for my scenario, do I need to purchase total of 2 X L-CSACS-5-LRG-LIC= (one for each environment, one license will serve 2 X ACS in Primary and Backup) or I need to purchase 4 licenses each for each ACS ? – I understand that one license will serve deployment of two ACS in primary and active scenario.
View 1 Replies
View Related
Feb 9, 2012
I have a question about my ACS redundancy deployment. I bought three ACS all of them came with base license. but i bought large deployment license my question is necesary to buy the large deployment license to add two seconday ACS to my Primary ACS ? now if I install the large deployment in my primary ACS it replique to other ACS or I have to install first the large deployment one by one (secondary ACS) before to join to the Primary ACS.
View 1 Replies
View Related
Apr 25, 2013
Is it possible to have a license loaded on an AIR-CT5508-HA-K9 in order to have it working as a stand alone controller?
View 4 Replies
View Related
Jul 1, 2012
I am having access point 1240AG and planning to deploy ISE as a exteral radius server. I would like to know how different authorization policy need to configure in AP/ISE. Whether I can use named ACL or VLANs (CoA) as a enforcement types without use of WLC. If yes then how?
View 10 Replies
View Related
Jun 6, 2013
I am going to deploy Cisco ISE with WLC 5500. I have two kinds of users one for which I want to deploy just open access Wi-Fi network, without working with Cisco ISE and Second group of Users for which I want to deploy Cisco ISE services like advanced authentication, posture and profiling. For both users I have just one WLC. Is there any problem to just deploy two SSID one for open access (without Cisco ISE) and second Secure with Cisco ISE ?
View 5 Replies
View Related
Dec 1, 2012
I am struggling in some areas to work out my firewall rules for a distributed deployment. The referenced documentation is not entirely clear in my opinion. In some instances it is easy to work out what ports need to be opened eg Admin node TCP 22,80,443 for management from administrator hosts/ranges. In other instances it difficult to work out eg TCP 1521 Database listener and AQ is this for ISE nodes only or for access devices aswell
My question is whether there is a better document that details these requirements. What rules are meant to be ISE node - ISE node communications and which rules are for access device - ISE, or ISE - access device. One of the rules I am pretty confused about is the PSN CoA ports. SHould the rule be WLC - PSN on 1700 and 3799 or is it the otherway round or unidirectional?
I am pretty sure that the ports are meant to be ISE-ISE in most instances barring the PSN for Radius and CoA.
View 3 Replies
View Related
Jan 11, 2012
I am wondering if having a Nexus 7K is mandatory to implement SGACLs within a TrustSec Infrastructure deployment or having a Nexus 5500 could be enough?
View 1 Replies
View Related
Nov 4, 2012
We have some users who use AnyConnect regularly; the tunnel is terminated on a 5520 ASA. The tunnel group is currently set up to send RADIUS aaa requests to the ACS server, which in turn is set up to query Active Directory. This is working perfectly for all AnyConnect users except for one person. authentication worked fine for this person as well before we switched from an old Steel Belted Radius server that used to be doing the same thing basically, it handled the RADIUS requests but did a look up into Active Directory. So that part of it has not changed. So now when this user tries to log in he gets these the Windows event logs.
Date : 11/02/2012
Time : 21:13:39
Type : Information
[code].....
I've looked though the ASA configuration and it is using a valid certificate and everything, signed by GoDaddy etc…. It won’t' let me look at the certificate authority configuration because it says it can't be configured when in a failover pair. I don't really think the problem is at the ASA at this point, because all other users are authenticating correctly. (And so was this user before switching to ACS)Also in the ACS logs it says the user used the wrong password and that is why authentication is failing, but they are using the correct password. So now I am looking into issues with the users account in particular. Something that I think may be worth noting is that this user has a very large access token (one of the largest in the entire organization) belonging to over 98 groups (not including all the sub groups). I'm wondering if having a very large access token could be throwing ACS off for some reason.
View 3 Replies
View Related
Jan 22, 2012
I have a question about the number of Cisco licenses needed in two cases for ACS 5.3 Virtual Machine.One primary + One secondary : Just one license for all or one license for the primary + another one for the secondary ?One primary + several secondaries : Just one license for all or one license for the primary + just one license for all the secondaries ?
View 1 Replies
View Related
Sep 19, 2011
have a ACS 5.2 version installed on Vmware . I purchased below liscense
Product Name : L-CSACS-5-LRG-LIC=
Product Description : L-CSACS-5-LRG-LIC= : ACS 5 Large Deployment License (Electronic Delivery)
When i am trying to upgrade the liscense i am getting an Error " Liscense file installation failed : The liscense file must contain single base liscense "
View 2 Replies
View Related
Jul 22, 2012
I have an ACS applicance that had a version 5.1 and i did an upgrade to 5.3 with latest patch.For some reason, the runtime process got stuck in (reinitializing and restarting) state.i did the recommended action to perform ACS stop and ACS start and even hard reset of the appliance, but it did not cut itThis process turned out to be a bug and it should have been fixed in version 5.3, but it has not i guess
i know that acs reset-config will solve the issue, but i have a problem here , the license file will be deleted as well with the config and i cannot find a way to export the license and then import it into the reseted config ACS hardware. Unfortunately, the license file is not saved anywhere in the company and i cannot affort to lose it.how to export the license from the applicance (CSACS-1120)?
View 3 Replies
View Related
Oct 11, 2011
We want to buy a ISE-3315-K9 for 500 end-devices.In the price-list I found the ISE-3315-K9 but cannot find the base license: L-ISE-BSE-500=. (I think I need this license)Will the shipment of the ISE-3315-K9 includes a 3000 end-points base license (maximum support of the ISE-3315) or do I need to order the base 500 license seperately?
View 1 Replies
View Related
Mar 25, 2013
Getting the following alarm from my ISE:Cause:Base License Enforcement Details: Base concurrent users exceed license allowable count.Currently only using 1656 out of 2000 base licenses so I'm not sure what the issue is. Running 1.1.2.145 patch 3.
View 1 Replies
View Related
Oct 26, 2011
url is not valid and cannot be loaded
View 1 Replies
View Related
Feb 28, 2012
ASDM cannot be loaded. Click OK to exit ASDM. Server returned HTTP response code: 503 for URL...
I'm attempting to access the ASDM externally (where x.x.x.x is the external IP). I was able to access 3 days ago just fine. So far, I've found suggest a reboot.
ASA Version 8.2(1) - I think the ASDM version is 6.2
View 11 Replies
View Related
May 6, 2012
I have a small network, that consists of a wireless router, a switch, three wired pc's, a couple of wireless pc's and an xbox.I have a switch wired to the router. There are three pc's (2 with XP and 1 with vista) and a xbox connected to the switch. All three pc's work fine as long as the xbox is turned off. When I log on with the xbox, one of the pc's (vista) refuses to work on the network.The network and sharing center shows I have a connection to the internet, but it won't load any pages or allow me to connect to the other pc's either.
View 6 Replies
View Related
Jan 11, 2012
2950 switch has a IOS on flash , but i would like to set the swith like...
1. switch IOS to be loaded from TFTP server .if it fails
2. Loaded from local flash IOS1 , if it fails
3. IOS loaded from local flash IOS2.
does 2950 switch support this feature.
View 2 Replies
View Related
Sep 24, 2012
I have a cisco 5508 WLC that I have setup WebAuth on and trying to install the certificate on. I have generated the csr and gotten my cert from Verisign (X.509, server platform=apache). I have followed the instruction via the cisco documentation url...I found an error in uploading and find out how to encrypt mykey: url...
I am also having exactly the same issue with a certificate from Thawte. I followed the unchained guide and have tried both with and without a password in the initial step key generation step, requesting a new cert each time. As with Jeensernchew's issue there are no errors in OpenSSL but when uploading the cert to the WLC get the following error. [code] The WLC is running version 6.0.196.0. I am using OpenSSL 1.0.0 29 Mar 2010.
When I requested the cert from Thawte I was asked to specify the device type, I chose Cisco, but as all the work and conversion is being done by OpenSSL, should I have chosen differently? When I do this I can load the cert in the 5508, but the controller fails and doesn't allow that VLAN or config access to the wireless network. I am at a loss of why I can load and it not work. I have verified my hostname and password and those are good.
View 1 Replies
View Related
Aug 14, 2011
I'm using a RV082 and have about a dozen users on my network.Occasionally, when a user is accesssing a website like yahoo.com, twitter.com, cnn .com, etc, the web page only loads half way. Most often the page is missing stylesheets and/or images. Called Cisco support and they adjusted the MTU size to 1492 from 1500.Have a looked at the bandwidth report from my ISP and it shows nothing out of the ordinary, no spikes or surges in d/u. Have set LAN port to high priority, 100 Mbps, full duplex.. Seeing an error count around 327282.. which I don't understand.Why sites only partially load using this router?
View 1 Replies
View Related
Jan 6, 2012
I am having a tough time connecting these two routers wirelessly, i had connected a WRT54G Linksys software to the WRT54G DD-WRT router with no effort. But these two will just not connect.
View 1 Replies
View Related
Oct 16, 2012
What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
View 1 Replies
View Related
Apr 3, 2013
I’m stuck in some problem with installation of LMS4.0 in customer site.
- we purchase a LMS4.0(CWLMS-4.0-100-K9) but couldn’t install it on Windows server 2008 R2 64bit because those things don’t support each other.
- I need to upgrade the LMS4.0 to LMS4.2 that is supporting Windows server 2008 R2 64bit.
- So, I ordered following items via product update tool (url...) [code]
- In this status, how to install LMS4.2 with license for 100 devices? If I install R-PI12-BASE-K9 first, can i enter a licese for 100 devices for CWLMS-4.0-100-K9 into PI1.2?
View 3 Replies
View Related
Jul 23, 2012
Can a C3560-24PS switch with 32 MB flash be loaded with IOS 15? Will it be able to execute the code and function properly?
View 2 Replies
View Related
Oct 13, 2012
Recently I changed our default gateway from a pair of PIX515 to ASA5510. Since I changed the gateway anyone connecting to our wireless VLAN/network who tries to access the Internet may or may not get a page load. If the page loads it is extremely slow and sometimes the browser page indicator will just spin like it is loading. It's not our access points, if attach an ethernet cable to my laptop and put my switchport in the wireless VLAN I experience the same problem. DNS resolves OK, ping responses are consistent with no drops and access to any internal resources are good. All other LAN VLANs/networks work just fine, it's just Internet access on the wireless VLAN. I see the correct traffic flow in the ASA packet capture. Anything in the ASA Packet inspection related to wireless networking that could be blocked? Is there a way to check for a routing loop possibly?
View 2 Replies
View Related
Apr 7, 2013
My daughter bought a Dell Optiplex 745c from a company who is replacing their cmputers. This particdular computer does not have any drivers loaded for the installed NIC card, so te machine will not talk to the intenet. Are the drivers in the 745 and the 755 the same?
View 1 Replies
View Related
Sep 13, 2011
I am currently testing Energywise deployment on LMS 4.0 with the 3 month evaluation. I am running into some issues and have some other queries that i cant find documented or on the forum.i have gone through the prep and upgraded 2 switches through lms which has been successful. i have created my domain, grouped some test endpoints and have been able to push this config out to the switches.I created a policy and have tried to push this out to endpoints but the job keeps failing. there is no error detail on the job failure task. i see that it uses protocol "EnergyWise Domain Query" and not netconfig which lms used to push out initial config? Is there somewhere in the logs i can check what is failing?I know i can apply this manually on the switch but i want to see if i can get lms to do this as i may be something one of our customers may use.
View 1 Replies
View Related
Oct 15, 2012
We are currently using Cisco VPN Client. I'm looking to migrate to Cisco Any Connect. Our ASA 5520 has 750 IPSec and 2 SSL license. I also have approximately 40 IPSec site to site VPN's on this. ,Will anyconnect interfere with the site to site tunnels?,If I setup anyconnect with the IPSec instead of SSL do I still need to purchase the premium or essentials license?,Lets say if I do have to get the license and I get essentials will it cause any issues with the site to site VPNs?
View 2 Replies
View Related
Sep 28, 2012
I have a custom that needs to deploy a wireless solution, in attach plan, does not want a solution with WLAN controller.I proposed a solution with AIR-AP1024N-E-K9. What solution should implement in order to have a good coverage? Repeater, bridge point-to-point, point-to-multipoint, or something else ?
View 7 Replies
View Related
Feb 12, 2013
My customer has this OOOLD deployment where some AP1231 are still working they are upgrading part of the WLAN to LWAPP but may need to leave some AP in stan alone for a while.I need to configure a new SSID that needs WPA2 enterprise AES but it seems that this version does not support WPA2. If it doesn't, from what version on is supported?
View 9 Replies
View Related
Jun 28, 2010
I have this Wireless deployment :
Main Site: WLC AIR-CT5508-50-K9
WCS 6.x for 50 APs
(32 ) AP 1140
02 Remote Sites : 03 AP 1140 using H-REAP
Now, my company is considering to implement a wIPS solution, so i planned to install in the Main Site a MSE3300 and (01) AP 3500e as a wIPS AP Monitor in the remote sites,
Need to confirm:
A) Can an AP3500 work with HREAP and as wIPS monitor AP at the same time? or in other words, if it is possible to have an AP wIPS monitor far away from the WLC (over the WAN)?
B) What are the requirements of WAN link if I want to install a Centralized MSE 330 Engine,which perform the wIPS solution in all the network.
View 2 Replies
View Related
Apr 10, 2011
If I am to add the Self-generated certificate of my new CAS to my existing CAM's trusted certificate authorities list, will it just be added or will it replace the existing trusted certificate?
View 4 Replies
View Related
Feb 12, 2012
I've been asked to implement a point to multipoint solution which I had never done before.My question is how many non roots can the root support?I am planning to use 1310 bride as root with a AIR-ANT24120 and non roots AP1242 with AIR-ANT2410Y-R they wont be longer than 1 km.
View 2 Replies
View Related
