Cisco AAA/Identity/Nac :: ACS1113 Version 4.2 Ssh Version 1 / Specify Only Version 2 Or Turn Off SSH?
Sep 14, 2009
McAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1. Any way to specify only version 2 or turn off SSH?
We are looking to upgrade our WiSMs to version 7.0.230.0, but the Cisco compatibility matrix suggests we need to upgrade WCS to the same version (it is currently on 7.0.172.0). My question is can we upgrade the WiSMs and do the WCS at a later date with no issues or do we need to do them at the same time to keep visibility of everything?
The reason I ask is that some of my clients use lobby ambassador for some of their users and they will need wireless access on the day we are due to upgrade WCS (the WiSMs are due to be upgraded and rebooted earlier that morning.
I have setup an Identity Firewall on a ASA version 5.6 on a DMZ interface.I have installed the ADAgent on a domain member Win2008 and configured as follows: [code]
where ashdew is a domain user and ACL 122(only one line) is applied on the dmz interface and NAT is properly configured.The ADagent has been properly tested and ASA can register to it.The ASA can connect to AD DC controller and query user database.I have placed a laptop ip 172.17.h.x on the DMZ and can ping the DMZ interface.
The laptop cannot authenticate on the domain and the asa does not seem to retrieve the user identity.Do I need to add extra rules in the access-list 122 to permit trafic to DC?Can I check on the AD Agent if it can retrieve the user to ip mapping ?
I' have realy big layer two access network made of etherogenius Cisco switch with different IOS version and train.My customer bought ISE (ADVANCED AND BASE LICENSE).As far I read on DS it is seem that if you have Minimum IOS release 12.2(52) SE you are able to perform COA, reading DS with more attention I notice that cisco raccomend IOS versione 12.2(55)SE3 why ? does it means COA does not work with 12.2(52)SE,I need a minimum IOS release to perform 802.1x on my wired network ?
I have installed ACS Windows 2003 R2 Services Pack 2.
I am upgrading of version 4.1.1.23 to version 4.2.1.15. Recommended by Cisco.
Before of update everthing works fine.
After of upgrade, this does not authenticate user, sends the next message "External user not found", "Authentication session invalidated" and "internal error".
We are a Small company with 400-Users and currently we are using ACS 4.2 at our company.we want to upgrade and use Cisco ISE Appliance instead.
I want to know is there any major changes in configuration between ACS 4.2 and the ISE Latest Verizon.?
Is there any Hardware (Switch or Cisco AP ) compatibility issues with using Cisco ISE. (we are currently using Cisco Cat 3550 and Cisco Aironet 2600 APs with the existing ACS4.2) What ISE Series & what Soft version are the latest so i can order ?
The table referenced in the new 1.1 ISE guide show 12.2(33)SXI6 is the minimum version for support. Does this mean this version or above? Does ISE is tested in newer SXJ streams? We have a massive rollout of SUP720s to do and need to know the most stable version to load in preparation for ISE.
Having an issue where a user will plug a PC into a switch. The switch does a MAB authenticaiton and the MAC is not located in the ACS server. It logs the failed attempt, but when the PC is removed from the switch, the failed attempts keep getting logged until the port is bounced. Any way to keep the attemps from happening after the PC is removed? If not, any way to make it stop without bouncing the port?
running ACS version 5.2.0.26
switch port config: interface GigabitEthernet1/0/2 sw access vlan 2 sw mode access authentication control-direction in authenticaion host-mode multi-auth authentication port-control auto mab spanning-tree portfast
I'm trying to configure a shell commnds set such that all commands (including under conf t mode) will be allowed, except for administrative commands, such as write, copy, admin, format etc.It's been working for (most) priviliged mode commands (such as write and copy) but has been unsuccessful for any command under conf t mode. It's important in order to prevent the users from performing 'do write' and 'do copy run start' commands, for example.Here's the input of the shell command authorization set (Partial_access):
Unmatched Commands: permit Command list: admin copy delete do
We are trying to make a restore from the backup done on ACS version 5.1 to a new appliance running ACS5.2 Before doing it I found this note in Cisco ACS user guide:
Note: You cannot back up data from an earlier version of ACS and restore it to a later version. Backup and restore must be performed on the same version of ACS. If you need the data on a different version of the ACS, you can perform an upgrade after you restore the data. Refer to the Installation and Setup Guide for Cisco Secure Access Control System 5.1 for more information on upgrading ACS to later versions.
How should I understand it? This note has conflicting statements. We can't restore to a later version but if you need data on a different version of ACS you can perform an upgrade AFTER YOU RESTORE the data. Doesn't it mean that the restore will still work? How would I do the upgrade to version 5.2 or even version 5.3 that was announced to be released very soon? I didn't find anything on the software upgrade in ACS5.1 guide.
We are running ACS 4.0 so understandably so we are looking to upgrading to a Cisco supportable version of ACS. The limitation of our current version of ACS does not support nested AD groups. The latest version of ACS (I think it is 5.4) will?
We have an issue with View db (Monitoring & Reports) backup on ACS, version 5.2.0.26. We have scheduled incremental backup daily and full backup monthly. Everything has been working well, but since yesterday following errors have appeared, and full and incremental backup stopped working:
Alarm Name System Alarm [Incremental Backup] Cause/Trigger On-demand Full Backup failed Alarm Details CARS_BR_BACKUP_CREATE : -405 : Internal error: couldn't create backup file Alarm Name
[code]....
We use same repository as always. Backup to the same repository works from CLI.
Need URL for patch 4.2.1.15.3 with comptaible for cisco acs appliance 1120 . Though its for appliance patch should be along with webserver . I have downloaded patch of SE its not comptaible to this hardware .
I Have a requirement to migrate from ipv4 to ipv6, I have checked the scalability of all the devices for this migration except ACS 1113 Solution Engine, Version 4.2. I couldnt reach the proper documentation to check its support for ipv6.
I have ACS1121 running version 5.1.0.44.6 on my network environement , I need to enable account lock-out for internal user during failed attempt for more than 8 times , How to achieve this . I could see account lock-out for administrator user account , not for internal user .
Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
My problem is that when i try to use device manager it tells me mmc cannot run a version of internet explorer earlier than 5.5 and i have internet explorer 7. One thing is that we dont use interent explorer any more we use american online but we still have internet explorer. We got rid of it when we stopped wanting to pay for it. And if i try to hook up the modem for this the dsl light keeps flashing red and everything else is green i dont know why it is red i set up everything. i used the splitter and powered the modem and put the ethernet cord into the back of my xbox and then used the spiltter for the phone line thing and connected the phone line to the back of the computer to the phone thing on the splitter and then used the dsl cord to the back of the modem and on to the splitter.
Is there a way that I can specify which version of the 802.11 standards I can use.e.g. I have an 802.11 B/G/N wireless card and I want to test each on a directional antenna to see how they perform
I'm not sure how to tell if I'm running ssh version 1 or ssh version 2, or both.I thought a show run would show a line like, "ip ssh version 2" or "no ip ssh version 1", but I don't see these anywhere.
issue with their ASA version 8.4.2 code? I loaded this code on my beta ASA last week and have seen it "hang" twice since the upgrade. The previous versions of 8.3 and 8.4 code on this same ASA did not have this issue.
I configured the below in IOS ver 12.4(5a) is working fine (able login using Putty) , but the same configuration is not working in IOS ver 15.0(1)M2 (Not able to login using Putty)
hostname hostnameip domain-name domainnamecrypto key generate rsa ip ssh time-out 120 ip ssh authentication-retries 2
I am trying to SSH into my controller after upgrading to 7.0.103 and I get the username prompt but it seems to be disconnecting as soon as I do. Is there something different about this version of code as opposed to the older ones?
WCS fails to start with a Tomcat error , see below ;See launchout below - without re-installing WCS
Checking for Port 21 availability... OK Checking for Port 8456 availability... OK Checking for Port 8457 availability... OK Checking for Port 1299 availability... OK
setting up VPN on my CISCO 851 W-G-A-K9 version 12.3 ?I read on the cisco site that it supports VPN and L2TP and PPTP Tunnels?I did a show VPDN and itt shows no tunnels setup?I use a hyper terminal connection and make all my changes via command line?
I run a windows 2003 server environment with active directory that I have some remote users that I would like to logon to the network?I also have a laptop that I would like to take on the road and be able to logon via vpn?what commands would I need to set this up
I can do simple command like
enable conf t ip nat inside source static tcp xxx.xxx.xxx.xxx 25 interface FastEthernet4 25 exit wr mem enable