Cisco AAA/Identity/Nac :: ACS V.5 Cannot Be Added As Secondary Via WAN
Aug 26, 2012
i have planned a deployment with one acs in Europe working as primary, one acs in europe as secondary and one acs in USA as secondary also.
I can add one acs in europe to the deployment as secondary. When I try to add the acs in USA to the deployment - Nothing really works.
The status shown in the primary is offline (red) and status pending. It stays like this for hours. When I log in to the gui directly on the acs in USA, it still has status primary.
The two acs are transparently connected. There is WAN optimization (cisco waas) in between the two datacentres..
View 1 Replies
ADVERTISEMENT
Apr 24, 2011
I have two ACS 5.2 working in redundancy Primary and Secondary my question in when my primary ACS goes down i can´t see the log in the secondary ACS. I read in the documentación that only one ACS can be configurated for working like logg collector server. Now I configurated my secondary ACS like logg collector server now when my Primary ACS goes down i can see the logg. Finally when my Secondary ACS goes down i can modified the ACS Primary Configution by show me the logg.. Is possible to do this automaticaly for show me the event logg ? when the ACS that is configurate like logg collector server goes down pass the event other ACS automatically..
View 3 Replies
View Related
Feb 28, 2013
We are using ACS 5.3 with two servers in a distributed solution.All logs are collected on primary server so when this server fails all logs are lost.How can I enable log on secondary server also?
View 2 Replies
View Related
Jun 5, 2013
I've just had to rebuild my ACS appliance with new hardrives but I am unable to register the devices to each I get a system error. I thought it may have had something to do with the rebuilt device not being joined tothe domain but it has now been joined albeit using a different ad account, but still cannot register to primary.
View 11 Replies
View Related
Oct 23, 2012
We have 4 ACS 5.3 Servers connected as Primary and Secondary Servers.We use a "RSA SecurID Token Servers" External userdatabase for authentications and are able to sucessfully authenticate (vpn-)users when the requests are send from the primary ACS Server.As soon as a secondary ACS server sends the request to the RSA server the request fails. "Node verification failes"
On the RSA Authentication Manager 6.1 Server, we have created a Agent-host wich contains the 3 secondary nodes (FQDN and IP's). The "sdconf.rec" file has been installed on theprimary ACS Server and are automatically (so it looks like) replicated to all ACS Servers.Still none of the secondary server are able to authenticate the users agains the RSA server.
View 1 Replies
View Related
Nov 16, 2012
I am attemtping to install new ssl certs on our 5.3 cluster. I was able to generate the CSR on the Primary host. When I attempt to generate the csr on the secondary host, I receive the following error:
This System Failure occurred: Error while remotely calling Primary to create: com.cisco.nm.acs.im.certificate.CertificateRequest Object{ request=[B@144cead, privateKey=null, encryptedPrivateKeyPassword=[B@5ce155, certificateSubject=CN=xxxx.xxxxxx.net, keyLength=2048, digest=SHA1, timeStamp=null, friendlyName=null, guid=[B@1cd99ca, description=null, name=xxxx.xxxx.net, version=0, id=0}. Your changes have not been saved.Click OK to return to the list page.
Both hosts are running identical versions:
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40
Internal Build ID : B.839
View 1 Replies
View Related
Jan 22, 2012
I have a question about the number of Cisco licenses needed in two cases for ACS 5.3 Virtual Machine.One primary + One secondary : Just one license for all or one license for the primary + another one for the secondary ?One primary + several secondaries : Just one license for all or one license for the primary + just one license for all the secondaries ?
View 1 Replies
View Related
May 29, 2013
My customer has an ACS 1121 version 5.4. Now we want to install a secondary ACS 1121.
View 2 Replies
View Related
Jun 16, 2011
it is possible de use two servers ACS 5.2 (primary and secondary) in active/ active? or just in active/ passive?
View 3 Replies
View Related
Dec 6, 2011
I have installed 2 ACS 5.2 appliances, the two appear as Primary. When I try to register one of them with the other one using "System Administrator -> Local Operation -> Deployment Operations" I get the following message:
This System Failure occurred: Unable to authenticate with node.. Your changes have not been saved.Click OK to return to the list page.
I have tried with both "ACSAdmin" and "admin" users with their respective passwords.
View 3 Replies
View Related
Jun 11, 2012
Today I ran a failover test between our primary and secondary ACS systems (ran 'acs stop' on the primary) and in the process decided to promote the secondary while I had the primary down. All was fine until I brought the primary back up and tried to re-register the secondary to it. I get the following error message: I went into System Administration >Operations >Distributed System Management on each and it showed the other device as deregestered, tried to promote from there but it failed too, so I deleted them and tried to register the secondary again. After that didn't work I tried rebooting both but that didn't work either. I know the user/pass I'm using is good and I've tried using both the IP address and the hostname.
ACS/admin# sh app version acs
Cisco ACS VERSION INFORMATION-----------------------------Version : 5.3.0.40.5Internal Build ID : B.839Patches :5-3-0-40-5
View 3 Replies
View Related
Jun 1, 2013
I'm constantly seeing that the sync and replication status for my secondary admin/monitor node in the primary node as node not reachable. The secondary still thinks it is in standalone mode. When I run the ISE diag tool connectivity tests I am able successfully ping the devices from each other using both hostname and ip and the nslookup also works fine between both nodes. Ping and nslookups also work from different networks within the environment. The two nodes are in the same vlan on a 6500 vss pair but on different switches of the pair.
View 6 Replies
View Related
Oct 3, 2012
I have a pair of ACS appliances running 5.1 code. The appliances are set up as a replicated pair. I have valid local and trusted certificate authority certificates on the primary.
The trusted certificate authority certificate gets replicated to the secondary. Obviously the local certificate doesn't get replicated. I need to generate a certificate signing request on the secondary but it doesn't seem to allow you to do it.
View 1 Replies
View Related
Apr 21, 2013
I have a couple of ACS 5.2 configured as active and backup and I am doing dot 1x authentication using these servers . I have configured the switch with the bellow configuration.
radius-server host 10.0.10.15 auth-port 1645 acct-port 1646
radius-server host 10.0.10.16 auth-port 1645 acct-port 1646
radius-server key 7 aaaaaaaaaaaaaa
please help to understand what will happen in switch
1) in case of primary failure
2)in case if primary returns alive .
View 8 Replies
View Related
Aug 9, 2011
IP address of Primary had to be changed, to respond to a hardware failure of TACACS server with IP in many device configs.
Now the Secondary fails to respond to repeated "Deregister from Primary" requests, even after reload - apparently because it cannot reach the Primary at its old IP address.
Requesting Deregister in GUI generates pop-up that says, "This operation will deregister this ACS Instance from the Primary Instance. Management applications on this ACS instance will be restarted and you will be required to login again. After performing this operation
[code]....
View 1 Replies
View Related
Nov 2, 2011
Cisco ACS 5.2 secondary server is configured as a log collector for both primary and secondary server .Now i am facing problem in log collection from primary server .ACS secondary server is not collecting any logs from primary .
View 2 Replies
View Related
Mar 28, 2013
I'm using ACS 5.4p2 within distributed systems: one primary and one secondary instance.For now, primary instance is acting as Log Collector server and I can see any AAA audit logs.
When the primary instance fails I can authenticate successfully using the secondary instance.However, when primary instance comes back, I'm not able to see any audit logs operated by secondary.
View 9 Replies
View Related
Nov 13, 2011
I am installing LMS 4.0 in my site newly I have nearly 1000 devices in network .When i had tried the autodiscovery mode using ping sweep method the devices are getting discovered but showing us unreacheable . All the devices are going under unreacheable no devices are getting added to the DCR .SNMP settings are configured correctly.
whether the autodiscovery will add the devices to DCR or i need to add the devices manually.As per my requierement i need to configure below things , is it possible to configure the same
1)LMS as SYSLOG server
2)LMS should send EMAIL notification if device goes down , interfaces goes down , memory / cpu goes high ,switch module goes down
3)Need to know if cisco releases new device packages how we will update to the cisco works .
View 4 Replies
View Related
May 30, 2011
We have just installed LMS 4.0.1 and started to discover parts of the network. After the discovery process finished successfully - 100+ new devices were added to DCR message - I was able to see the devices by clicking on their number but when I go to Inventory-Add/Import/Manage Devices I cannot see any device in the Group that I created.If I restart the CiscoWorks Daemon Manager process the newly discovered devices are added to the custom Group. This seems like a bug as I had a LMS 4.0 evaluation installation a few months ago and device discovery was working fine meaning the devices were added immediately to the Inventory.
View 4 Replies
View Related
Aug 22, 2012
I am pretty new to Cisco - and I have a little 506E that I love. I got it working with my first scenario where I have one server that is my web, and e-mail server.I also opened the RDP port so I can remote into it. The IP's for the old server are internal 192.168.1.23 name ferbweb-external 71.12.111.219 name ferbwebpub. Now - I need to add another server in the exact same way with the same ports 80, 25, and 3389 open to the outside - IP's internal 192.168.1.31 name ferbmail and external 71.12.111.220 name ferbmailpub.I can get to all of these ports on the new server on the inside network - so that is not the problem.So, I went into the config, copied the statements for the old server, and changed them for the new server and added them to the config. I can still get to the old server from the outside fine, but cannot get to any ports on the the new server from the outside at all.I have done a lot of research, and cannot find what I am doing wrong.
View 6 Replies
View Related
Jun 23, 2011
How many WLCs 5508 can you add to the mobility group?
View 1 Replies
View Related
Dec 22, 2011
I have the Cisco Router 861 whit the IOS c860-universalk9-mz.150-1.M7.bin. I have created a Vlan, but when I create a second vlan, I have this message: "Vlan can not be added. Maximum number of 2 vlan(s) in the database.
I need to add more than two vlan.
View 3 Replies
View Related
May 31, 2011
Note If you configure VPN, the client dynamically adds invisible NAT rules to the end of this section. Be sure that you do not configure a twice NAT rule in this section that might match your VPN traffic, instead of matching the invisible rule. If VPN does not work due to NAT failure, consider adding twice NAT rules to section 3 instead.
View 2 Replies
View Related
Jul 1, 2011
By reruning discovery with new seeds etc I have more devices discovered. Howeverr they are not shown in the inventory, only in the Device Discovery Summary however.
View 10 Replies
View Related
Mar 25, 2013
when we add new switch to STP converged enviroment, switch flush the data from the data base.how to protect database from deleting the information
View 10 Replies
View Related
Feb 27, 2011
I recently installed a wireless printer and all seemed to work well until the next day. I am able to get on the Internet with my iPad but not my PC. I've tried winsock fix, ipconfig, netsh commands and other stuff but I can't connect to the Internet. When I tried to run ipconfig/all here's what I got:
An internal error occurred:The request is not supported.
View 13 Replies
View Related
Jun 5, 2012
I am researching on the behaviors of routers when MTU is increased beyond the MTU set in the routers. Also, when I use jumbo frames instead of normal MTU, how does it affect the network. So, what I plan to do is
LAN_A -- > blackbox --> WAN --------> WAN --> blackbox --> LAN_B
All the traffic coming from LAN_A will be of size 1500 Bytes or less. The blackbox in the center will add an overhead of 4 bytes, recalculate the CRC and transmit the packet on the WAN side. I wanted to know that:
1- if my LAN router and WAN router, both are set at 1500 MTU, then will WAN router drop the packet if it receives a packet greater than 1500B ?
2- If i keep my LAN side to 1500 MTU and I switch my WAN router to Jumbo frames, how will this configuration affect the complete network ? Will it work or not ?
3- I want to add the overhead on every packet coming in from LAN side, so, what options do I have to achieve this goal ?
PS. All types of traffic can come from LAN side.
View 2 Replies
View Related
Feb 8, 2011
I added the network printer cum scanner - cm1312, going to control panel >> add printer >> etc. etc. Now I can print. But there is no scanner installed. What I can do?
View 5 Replies
View Related
Jan 2, 2013
I added RAM to my HP Pavilion a6000n PC, and the only downside is that it no longer identifies the Netgear WNR1000v2-VC router as wireless.I run Windows 7 - have Comcast Internet and have an Arris TM722 modem.The modem and router were supplied by Comcast.I reloaded the cd that came with the router, everything appears to be on the hard drive, but the wireless is still not "enabled". The computer shows the connection as a local area connection, even though the modem and router are connected to each other and the pc.
View 2 Replies
View Related
Dec 27, 2011
I have a friend who asked me how he could stop his children accessing porn etc on their ipods etc that they pick up from a wireless router.Is it possible to route a wireless signal through a computer that has parental controls?
View 1 Replies
View Related
Jun 25, 2011
I am doing an evaluation of LMS 4.0. I have loaded the system on Windows and manually added my core 3750 switch into the system. Device availability is showing the device as available. However, the other pollers like link utilization, error count, etc. all show that there is no data. When I go into the poller config, the pollers for link utilization and errors show 0 devices associated and a status of "instance not found". The CPU and availability pollers show active with my one device added. I have verified the credentials and if I go into Inventory -> Port and module and select my 3750 I do get a list of all the interfaces and the descriptions so LMS is connecting to the switch and pulling data.
So how do I get the pollers for link utilization and errors to start populating data?
Second question, during install I did configure the software update section and it said there was an LMS 4.0.1 available which I told it to download. Now I have a psu_download directory and some more directories like cm, cmf, etc. but I don't see any file on what to do with them. What do I need to do to install the new package files that were downlaoded to psu_download?
View 4 Replies
View Related
Jul 31, 2012
I have run out of public facing IP addresses and I need more. Assuming I have been issued 1.1.1.0/24 and my new/additional range/subnet issued is 2.2.2/0/24 - Can I carry on with the same configuration on my ASA5510 and just add static NAT for new services in the 2.2.2.0/24 range.
i.e.existing config
route 0.0.0.0 0.0.0.0 1.1.1.254 (upstream ISP)
Interface outside ip address 1.1.1.1 255.255.255.0
NAT 2.2.2.1 to 10.1.2.3
or, assume my ISP will deliver 2.2.2.1 to my outside interface (1.1.1.1.1/24) and if my NAT is in place it will get delivered to 10.1.2.3 inside.
or, put another way I dont need change my set-up as I just static route to my ISP!
my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?
i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31
Outside interface = 1.2.3.1/27
Can I use 1.2.3.31 and NAT it to an internal server?
View 3 Replies
View Related
Sep 30, 2012
Nice for those who want to see what it looks like:
Cisco Connect Cloud: [URL] EA6500: [URL] . And of course all other Linksys devices: [URL]
View 1 Replies
View Related
