Cisco AAA/Identity/Nac :: ASR9K Integrated With ACS 3.3 Equipment
Jun 2, 2013
I am currently deploying Cisco ASR9K BNG solution and it needs to be integrated with a Cisco ACS 3.3 (yes that old .. going to migrate to new product in the future) equipment. There are several specific attributes need that are not on the base config of the ACS 3.3 but it seems that i can configure them manually:In addition to supporting a set of predefined RADIUS vendors and vendor-specific attributes (VSAs), Cisco Secure ACS supports RADIUS vendors and VSAs that you define. Vendors you add must be IETF-compliant; therefore, all VSAs that you add must be sub-attributes of IETF RADIUS attribute number 26..This is from the ACS 3.3 configuration manual.I have never done this user defined VSAs.
View 1 Replies
ADVERTISEMENT
Mar 21, 2011
Any relevant doc for ACS4.2 on 1113 platform to be integrated with Unix Directory service having LDAP10.2.0.0 version from Oracle or guidance available.
View 1 Replies
View Related
Feb 5, 2012
I need to adapt a Cisco Catalyst switch configuration into a new ASR9000 router and I do not know how to configure trunks and access ports on an ASR9K router.
This is the configuration of the catalyst switch I want to replace.
interface GigabitEthernet1/0/1
description Access-Port -> SERVER
switchport access vlan 5
spanning-tree portfast
!
[code]....
Am I right? Or do I need to use the command “rewrite ingress tag pop 1 symmetric”on any of the interfaces o subinterfaces? Do I have to configure the command “encapsulation dot1q untagged“ on the GigabitEthernet0/0/0/0.5 subinterface?
View 5 Replies
View Related
Sep 7, 2011
I want to know, if it is possible to create multiples BGP AS Numbers on a ASR1K6 Router or ASR9K6 Router.
View 3 Replies
View Related
Apr 11, 2013
I have an installation of a new SMU on an ASR9k. Unfortunately, a previous install from a remote FTP source has stalled at 1%. The router is currently running v4.2.1, and the stalled installation was for a 4.2.0 SMU.
View 1 Replies
View Related
Dec 28, 2012
Doing a migration. During comparison of "show bgp nei x.x.x.x advertised-routes" between existing C7600 vs new ASR9K. Found that there were some r>i (RIB-Failure) route in C7600 doesn't flagged w/ r>i in ASR9K. Is it normal behaviour in ASR9K? How can I perserve r>i on ASR9K? Due to my IGP (e.g. AD etc) issue or ASR9K IOS-XR hidden config / default config issue?
View 5 Replies
View Related
Apr 7, 2012
Inventory in CiscoWorks with new devices ASR9K Series is not working. CW version: LMS3.2.1. Device: ASR-9006 AC Chassis. Credentials correct. Screenshot1: inventory request fail.
View 8 Replies
View Related
Jul 26, 2012
I'm doing a large-scale snmpwalk against an ASR9k (with IOS-XR v4.2.0) running as a provider edge router (full bgp table) and pulling the full contents of the BGP route table. On other routers, this completes within my timeout window, but not on the ASR9k.Figuring that this has to do with CoPP rate-limits, I've adjusted the rate-limits to ridiculously high values.
But still, the walk doesn't complete in an acceptable amount of time. Manual snmpwalks display a rate slower than even 7600s, with occassional stutters. CPU on the box doesn't even register that anything extraordinary is going on (@ 2 - 3%), and "show lpts pifib hardware police location" shows that there are 0 drops against SNMP.I haven't turned yet - either some traffic shaping mechanism or some combination of process scheduling/priority with SNMP.
View 1 Replies
View Related
Feb 19, 2012
I am very new to high end Cisco devices.(like 7600/6500 or ASR9K).
Why do we log in on RP. What actions we can perform after logging-on RP (route processor) or Why they are required ? Cant we make those by normal router mode (router#) .
View 2 Replies
View Related
Dec 22, 2010
I would like to connect my 1841 to the equipment that has RS-422 interface in order to transmit data. I have to buy one WIC-1T to support it. However, I am not sure that this module will be able to support RS-422 or not (As I can see there is DB25 which is the interface of RS-422, but I realize that RS-232 also has 25 pins.)
View 3 Replies
View Related
Jul 31, 2011
I have to do a policy route on my cat6500. basically, I want to redirect all traffic from 10.1.1.100 to internet address xxx.xxx.xxx.xxx to another machine 10.1.1.101. however, the 10.1.1.100 and 10.1.1.101 are in save subnet. not directed to cat6500, but both connecte to same switch which is linked to cat6500. However the 10.1.1.101 is not a cisco router. but some sort of equipment which change traffic and pass them to another subnet.
that means can I do below:
access-list 101 permit ip host 10.1.1.100 host xxx.xxx.xxx.xxx
route-map reroute permit 10
march ip address 101
[Code].....
View 1 Replies
View Related
Dec 19, 2012
On a small office setup we have many computers connected to one another using wireless LAN. One of the PCs on the WLAN also has a LAN connection with a few other equipment connected to it. The WLAN IP Addresses are 192. 168. 1.XXX and the LAN addresses are 192.168.0.XXX. How can I get to communicate the WLAN computers with the equipment on LAN.
View 7 Replies
View Related
May 19, 2011
what it looks like after it was cleaned up and my switches added in:That is a 3750, 48 port switch that it came with. I added in my 3750's and a 3550. The PC is for GNS3 and will have additional ports added for router interfaces soon.
I have a terminal server in the mail to round it out.
View 17 Replies
View Related
Feb 20, 2013
i am trying to monitor some UPS equipment,for that i am using a cisco 2960 switch and when the UPS is down it sends a L1 loop.when the switch detects the loop the int in which the UPS is conected to will get a link and go up.now my problem is this, as you probeblly know the switch has a protocol which protects it from getting loops and cuasing all kinds of problems.i need to remove this protocol and allow the switch to get L1 loops?
P.si have tryed to use UDLD, KEEPALIVE, BPDU guard, down-when-looped and errdisable commands with no success?
View 2 Replies
View Related
Dec 8, 2011
I want to set up a wireless video security system around my farm. I have been having a lot of predator problems this year and I am tired of getting up in the middle of the night and running outside in my underwear to check on my livestock (especially now that it is winter) because my wife thought she heard something attacking the animals. I have been looking around at wireless wifi security cameras to use with my home wifi network and all of them ( like the Foscam FI8918W) use IEEE 802.11g standards. I have done a lot of research on this and there is just no consistent data about to do this. I know that are a lot of smart people here because I have posted here before and got some great answers. So, I am just going to tell you what I would like to achieve and you can tell me how (if possible) I can do it. I am willing to buy all new equipment if necessary. I need a omni-directional wifi G network with a minimum range of 400 feet. I have several buildings to cover so it has to be omni-directional. My house is located 350 feet from the furthest building, so I figure a 400 foot range should give me good consistent results. I already have an old Linksys WRT54GS router with Firmware Version: v1.52.8. It is located in my bedroom against an outside wall and even now I get some signal from it out at my farthest building (350 feet) and even browse the web with my laptop. But the signal is spotty and seems to come and go for no reason. What is really funny is that I have less signal in the second bathroom on the other side of the house, but I guess that is because of all the walls in between.
Now I have read that you can increase a routers broadcast strength by modifying the router settings. But you need special firmware like, Tomato, to do that and I have already tried to install , Tomato, to my router with no success. So if modifying the router software is necessary, I will need another router I guess.
1. A good strong router capable of IEEE 802.11g.
2. A good strong outdoor antenna that will connect to the router.
My problem is that I can find good routers and good antennas, but nothing that say they will work with each other. And another thing is that it appears to me from what I have read so far, that the stronger the antenna is, the more narrow the vertical broadcast field is. So, if I understand this right, with a strong antenna, the antenna and the receiving device have to be about the same height horizontally speaking. So if I put the antenna on the top of my house, it will basically shoot right over all my cameras. But if I put the antenna lower along an outside wall, then the cameras on the opposite side of the house won't receive signal. But again, this is just my understanding of what I read so far. You can see now why I am so confused about this. The more I read, the more I get confused. It seem like this should be simple, like, "Buy this router, Buy that antenna". Surly, I am not the first person who wants to extend their home network to a reasonable outdoor range. It's not like I want it to reach miles (that would be nice except for all the hackers trying hack my network).
View 5 Replies
View Related
Apr 26, 2011
I just got a server cabinet from a friend and i am going to put all my networking stuff in there i want to put my router inside it too but im not sure if it will affect the signal the cabinet is made out of metal but not thick.
View 2 Replies
View Related
Nov 16, 2012
I have an telemetry equipment which have one ethernet RJ45 port, so I have an internet connection and I can connect to this device remotely using a browser on my PC for security reason I want to feed this device with a second internet connection that is coming from a cellular line , can I just put the two different Internet cables into a switch and from that switch connect my device?
View 1 Replies
View Related
Jun 28, 2012
I have a Cisco 1751 that I wanted to use to create another network behind my Actiontec m1424wr Verizon router. My plan was to connect a linksys wrt54gs to the Cisco router for device connectivity. And I wanted everyone else in the house to still be able to use the Verizon router as expected. I know this is probably not the best way to create an internal network. But I am studying for the CCNA & CEH and just wanted to use the Outdated Cisco IOS on the 1751.
View 3 Replies
View Related
Mar 9, 2013
A client I have just taken on wishes to provide internet data and VoIP for multiple tenants in their new office they move to in a few weeks.
they currently have a Cisco 2811 router with a 24 port Catalyst 2960 PoE managed switch serving just their staff and one tenant company who is plugged into a single port on the switch. I dont know what the tenant has the other side of that at this time.
when they move they currently will provide single port access points on the switch for each tenant, so the tenant can deal with their own network LAN. The client will provide phones to all the tenants using VoIP phones on a single subnet and hosted on an external PBX the phones all plug into the Catalyst and use the PoE. the WAN is a 20mbps fibre connection.
The client has 16 staff, the tenants are 3 companies with 3,6 and 9 staff. They may all increase or decrease in size to a total size of about 30 or 40 people.
I have a few questions
1. should I look at Vlan setup for this instead of the current basic routing setup or is that overkill since they only use one port access point per tenant as gateway.
2. can the cisco 2811 handle this or is it a bit old.
3. what router replacement would be recommended for this task given the above info especially if I went with Vlan solution.
4. any thoughts on the current switch's capability for this task.
5. managing bandwidth solutions? is there any router designed with this in mind. the ASA maybe or something like it with nice visual webgui management capabilities for monitoring and controlling bandwidth use of tenants?
Mark
View 2 Replies
View Related
Mar 31, 2011
i'm triyng to establish a vpn ipsec tunnel between my cisco2801 and a cyberoam equipment, at the end point.Debugging isakmp, i have this output, where xxx.xxx.xxx.xxx is the remote peer address, and yyy.yyy.yyy.yyy is mine.What can i try?
Apr 1 14:48:12.542: ISAKMP:(0): SA request profile is (NULL)Apr 1 14:48:12.542: ISAKMP: Created a peer struct for xxx.xxx.xxx.xxx, peer port 500Apr 1 14:48:12.542: ISAKMP: New peer created peer = 0x661C2D4C peer_handle = 0x80000003Apr 1 14:48:12.542: ISAKMP: Locking peer struct 0x661C2D4C, refcount 1 for isakmp_initiatorApr 1 14:48:12.542: ISAKMP: local port 500, remote port 500Apr 1 14:48:12.542: ISAKMP: set new node 0 to QM_IDLE Apr 1 14:48:12.542: insert sa successfully sa = 66DF4F5CApr 1 14:48:12.542: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.Apr 1 14:48:12.542: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxxApr 1 14:48:12.542: ISAKMP:(0): constructed NAT-T vendor-07 IDApr
[URL]
View 2 Replies
View Related
Apr 14, 2013
I have two ethernet cards (from same equipment) that arent acquiring IP Address after instalation of WLC 2504.I dont want (yet) to disable DHCP proxy on WLC.
*DHCP Socket Task: Apr 15 18:49:04.219: 00:0a:95:XX DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec00)
*DHCP Socket Task: Apr 15 18:49:04.219: 00:0a:95:XX DHCP dropping packet (no mscb) found - (giaddr 0.0.0.0, pktInfo->srcPort 68, op: 'BOOTREQUEST')
*DHCP Socket Task: Apr 15 18:49:07.218: 00:0a:95:XX DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec00)
*DHCP Socket Task: Apr 15 18:49:07.218: 00:0a:95:XX DHCP dropping packet (no mscb) found - (giaddr 0.0.0.0, pktInfo->srcPort 68, op: 'BOOTREQUEST')
[code].....
View 6 Replies
View Related
Sep 30, 2012
I have a 1.25 mbps download and .2 upload speed. I have a netgear n600 router and have wireless and cannot change to wired. I have around a 120 ping all most always. My current speed is the best in my area too. Is there any kind of equipment that will give me a lower ping for online gaming? Is there any router settings for this?
View 1 Replies
View Related
Aug 29, 2012
I have some questions in regards to network equipment I want re-utilize for my distribution layer in one of my buildings.The choices at the moment are:
OPTION 1.) 2x WS-3550-12G's (HSRP)
OPTION 2.) 1x WS-6509 with cards:
What option would be better from a performance aspect? We want to have network, voice, and wireless data go through this distribution layer switch(es).This is exisiting equipment I already have and can not buy anything else at the moment.
View 2 Replies
View Related
Oct 3, 2012
I have a WRT160n that I am trying to forward some ports on for some DVR equipment. When I use the single port forwarding and enter each port separately it works fine. But I have 2 DVR's and they use a bunch of ports each so I want to use the port range forwarding because there are not enough spots in the single port forwarding section. The ports I am trying to forward are 8000-8004 for one IP address and 8005-8009 for a second IP address. I have entered it into the port range forwarding section but I can not connect from outside my network. As I said if I enter them in the single port section seperately as 8000,8001,8002,8003,8004 then I can connect fine outside my network.
View 7 Replies
View Related
Nov 10, 2011
I just installed a 10 port Cisco SG300-10MP in my office, 9 of the ports are already in use. Connected to it are
PC
Laptop
Notebook
WIFI AP
B&W laser printer
Color inkjet printer
IP camera
Squeezebox SB3
Cat5e connection to basement HP 1810G-24 switch All of these devices are connected via a single Cat5e cable that was installed when the house was built. I had to re-terminate both ends of it when I moved in because the existing terminations were done very poorly. I have no idea how or where the cable is routed, nor what the quality of this Cat5e cable is. It did pass a test using my cable tester.
This single Cat5e is connected to my main HP switch in the basement equipment rack. Both of these switches have mini-GBIC ports that can utilize SFP transceivers and fiber. I priced out 2 MGBSX1 compatible modules along with a 30M multimode fiber patch 'cable' online at under $150. Although it would require at least a couple hours of work (including digging around in the attic and crawl space and drilling some holes), but running the fiber to the basement is very doable.
My question to my far more experienced forum members is if the performance gains would be worth the effort?My server is in the basement, and despite having an Intel GB NIC in my PC I am seeing read speeds of ~23MBs and writes of ~49MBs to/from my it. My server has teamed GB NICs (802.3ad LACP Layer 2) connected to trunked (LACP) ports on my HP switch.
View 7 Replies
View Related
Nov 30, 2012
I have a requirement to connect two 3750 switch with 10G speed between two sites with 150km distance. We will lay-out our own fiber (48 core) between two sites. I just want to consult the following:
1. Could i use two core switch 6500 with single mode fiber as a transport equipment?
2. Or i need to use SDH equipment because of the distance concern? If so do i need a repeater?Could i use Cisco Metro Core ONS, which one?
3. Any other option to achieve this requirement?
View 4 Replies
View Related
Sep 2, 2012
I can't get the internal 3G modem on my HP2510p with Windows 7 Professional 32 bit working. So far I've downloaded and installed the following:-
HP Broadand Wireless Modules - Sierra Wireless Inc
HP Connection Manager - Hewlett Packard
HP Wireless Assistant - Hewlett Packard
Qualcomm Gobi Driver Package for HP - QUALCOMM
but it's still saying 'no dial tone' and not reading that it has a 3G modem. If I've downloaded anything, how I can uninstall it.
View 1 Replies
View Related
May 21, 2013
How to upgrade the IOS of the Integrated wireless AP in a Cisco 881W using TFTP server (I do have software)Router side is not an issue it is the integrated AP that gives problem?
View 14 Replies
View Related
Feb 26, 2012
I have a client that that is installing a new network. They have requested the use of an CISCO891W-AGN-A-K9 mostly to be consistent with upgrades perfomed at other sites. I agree with the use of this router, so that's OK. The issue is that they have requested that I use the integrated PoE available on this model. I'm also OK with this as it will make a much neater installation. However, I can't seem to find much information on how to get the integrated PoE. I need clarification as to whether I can get a kit to upgrade this router. I generally purchase from sites like newegg or cdw (I'm an independent contractor) and I can't seem to find one with it. I have found some information on 800-IL-PM-4 and 800-ILPM-4 (who could confuse those ). Are they the same or different? Which one is the correct one and does it include the AC power adapter and can if be retro'ed into a router without the PoE?
View 2 Replies
View Related
Oct 1, 2012
I was doing some research on the Cisco ASR1001 model Router and within the description on the official Cisco page it mentions having various models that come with an "Integrated Daughter Card" or "IDC". I was curious as to what the IDC is exactly, considering there is an ASR1001 model without it.
View 2 Replies
View Related
Jun 1, 2013
I have 3850 switch with integrated WLC and i wonder if i can access the WLC via GUI ,also i need to know if it support Dynamic vlan assignment over SSID.
View 2 Replies
View Related
Mar 28, 2011
I have two desktop PCs connected via PRO/100VE LAN and am about to replace one of these with a desktop that has Integrated 10/100/1000Base-T. Will the two machines be able to communicate? One machine will use XP Home and the new machine Windows 7.
View 2 Replies
View Related
Mar 12, 2011
What I am trying to do is port forward certain ports so the servers I'm trying to run will allow other people to connect.So far I got no where since I got a new ISP. They can't provide any assistance since I use a netgear router. One of their tech support said their modem has a built in router. The rest all said no. I noticed that the IP in CMD when I type ipconfig /all is 192.168.1.(15-47) it switches every now and then. But that is a local IP. Wouldn't that single that the modem is already routing the IP? When I put my router on it switches to 10.0.0.(2-55). These are all local IP's though. Does the modem have an integrated routing feature? Verizon really sucks so far. They can't answer their own questions without conflicting with each other.
The modem is getting the IP, and putting it into a local IP (What I believe is a routing feature) for the network. Now the local IP goes to the netgear wireless router, and gets routed again (Changed the local IP to 10.0.0.?). The netgear only got a Local IP the first time however, so the external IP is not being... worked with in the netgear router. It is trying to port forward for the local IP address, which already works for me obviously, however it is not a WAN IP address and therefore no one else is able to connect to any of my servers.And lastly, verizon states they have only "Modems" and "Wireless routers" so if they have no modems that doesn't come with this feature, then I need to learn how to port forward while the IP is being routed twice, similarly to when you have two routers hooked into each other.
View 4 Replies
View Related
