Cisco AAA/Identity/Nac :: Compatible Nexus 5020 5.0.2.N2.1 With Tac Plus?
Sep 10, 2012
I have a problem with the switches Nexus, is impossible authenticate from tac_plus. In other company, I configured ACS for authenticate the Nexus Switches and OK The configuration of my tac_plus is:
user = gian {
login = cleartext prueba
member = nexus
group = nexus {
default service = permit
service = shell {
#double-quote-values = yes
#shell:roles=""network-admin""
cisco-av-pair*shell:roles="network-admin"
The configuration of switch is:
tacacs-server host xx.xx.xx.xx key 7 "xxxxx"aaa group server tacacs+ AAA_TACACS_SERVER server xx.xx.xx.xx source-interface mgmt0
aaa authentication login default group AAA_TACACS_SERVERaaa authorization commands default group AAA_TACACS_SERVER localaaa accounting default group AAA_TACACS_SERVER
View 4 Replies
ADVERTISEMENT
Feb 23, 2011
We are facing issue of continous packet discards On nexus4001L link (int po2) to Nexus5020 switch. Nexus4001L is installed in IBM blade center server and we have FCOE enabled in this setup. [code]
View 2 Replies
View Related
Mar 22, 2010
I have two different model's of GLC-T SFP's. One is PN 30-1410-02 the other is PN 30-1410-03. The -02 will not work in Nexus 5020 or an ASR-1000 router that I have, but works fine in my Cisco Wireless Controller. The -03 works fine in any device. My problem is when ordering, you can not specify the -03 they get ordered as GLC-T and none of my suppliers can assure me that I would get the -03.What is the difference between these two?
View 8 Replies
View Related
May 27, 2012
The below nexus 5020 nx-os version and type/revision of my GLC-T is compatible with each other? I noticed also the "Transceiver calibration is invalid" when i do show int e1/8 transceiver details , what does it mean?
View 8 Replies
View Related
Apr 23, 2013
What is the correct command to check the hardware of a Nexus 5020, like the show Inventori, show diag etc Used the same or is there a specific one for these items?
View 2 Replies
View Related
Oct 24, 2011
I have an alert from monitoring system about: “ fan for this system is not in the NORMAL state”. In the switch I found that the problem is with fex 3, see below:
Nexus5020# sh env fex 3 fan
Fan Fex: 3:
------------------------------------------------------
Fan Model Hw Status
------------------------------------------------------
Chassis N2K-C2148-FAN -- failure
PS-1 N2K-PAC-200W -- OK
PS-2 N2K-PAC-200W -- OK
Technician said: fans appear to be operational, BUT the only thing that appears abnormal is STAT light is amber (not sure what it means).
Also, if I compare the temperature from module 3 with module 2 (which doesn’t have an alert) is almost the same, this is why I think the fan is working fine, since module 3 is not hotter that module 2.
What I can do to reset this fan (chassis)?
View 2 Replies
View Related
Oct 10, 2011
2 Nexus 5020 (SysObjId 3.719) brings internal error in inventory collection as following:"RICS0001: Internal Error, unable to process the collected data from the device".whereby 2 other devices from same type, same sysobjid are working well. SDT from v401 shows this device as supported.
View 10 Replies
View Related
Jan 22, 2012
I have two N5K (5020) switches with NX-OS - 5.0(3)N2(1). These two switches form VPC domain: peer-link = 2*10Gb ports (1/17-18) and peer-keepalive link over managements ports.Also I have two HP servers with two 10 Gb ports on each server.Each server conected by one link to each N5K switch (1/9-10). N5K downlinks configured as access ports with LACP Active mode.There is only one VLAN (1).When "no shut" command entered on N5K access ports - ports going in "not connected" status, begin flap and then going in "linkFlapErrDisabled" state.In attach - "sh run" from N5K.
View 1 Replies
View Related
May 6, 2013
We have two Nexus switches in our network, one of them is Nexus5020 other Nexus5596UP. System image is identical on both switches 5.2(1)N1(4). When we try to setup VPC between these switches we see that all configured vlans on VPC peer link between Nexus switches are blocked by spanning tree protocol with message "Bridge Assurance Inconsistent, VPC Peer-link Inconsistent". We still can't solve this problem.
Topology:
NEXUS_5020---Peer_link(Po2)---NEXUS_5596UP
/
/
Member_link (Po100) Member_link (Po100)
/
/
SERVER
Configuration:
NEXUS_5020:
speed 1000
interface Vlan2000
no shutdown
description VPC_keepalive_link
vrf member VPC_kepalive
ip address 10.55.55.2/30
View 2 Replies
View Related
Aug 7, 2012
I'm trying to create a vpc between a Nexus 5010 and Nexus 5020 switch. I recently upgraded the software so they are running the same version. I connect get a vpc link. Is there something wrong with my setup? Is a vpc between a 5010 and 5020 even possible? They are connected using a pair of Intel X520's in 802.3AD teaming mode. [code]
View 2 Replies
View Related
May 29, 2012
Our customer is willing to have a Cisco Nexus 5020 to provide server connectivity and this Nexus would go connected to their core switch 6509. They are concern about Spanning tree compatibility between the Nexus and the 6509. Are they fully compatible for Spanning tree?
View 3 Replies
View Related
Mar 3, 2013
I have a customer who is having some issues with 5m passive HP twinax cables, 537965-001, with a Chelsio 10G NIC. Aside from NIC driver issue, if NX-OS recognizes this SFP+, should it be expected to work in a 5020 running 4.2(1)N1(1)? Whether Cisco has certified passive HP twinax cables? I have included output to 'transceiver details' to a Cisco twinax and the HP (WL GORE) cables.
Nexus5020# show interface eth 1/7 transceiver details
Ethernet1/7
sfp is present
name is CISCO-MOLEX
type is SFP-H10GB-CU3M
[code]....
View 2 Replies
View Related
Feb 7, 2011
I am using ACS 5.2 and attempting to authorize users through TACACS to Nexus 5.1 code. I seem to have ACS setup correctly based on documentation I received through here. The problem is that the NX/OS doesnt seem to be operating as expected.
View 2 Replies
View Related
Jan 28, 2013
Does ACS v4.2 support the addition of the Nexus switches? We have a few new Nexus devices that have been added to ACS, but cannot be accessed successfully. A msg re: role based authentication is received. Do I have to do something special in ACS to support this?
Nexus 5596 v5.1(3)N2(1)
View 4 Replies
View Related
May 29, 2012
We have Nexus7009 at client network but due to limitation of Nexus switches that they can not be directly integrate Nexus with RSA so client has purchased cisco ACS for the AAA. We are able to do the authentication and authorization via ACS.However clients wants to further integrate the ACS with RSA so that authentication should happen via RSA and authorization should happen ACS. Is that possible ? if yes, how can i configure the ACS ?
View 5 Replies
View Related
Mar 24, 2013
i am trying to assign a right role for a user who authenticates to nexus 7k switch via radius. i am using cisco ISE version 1.1.1.268 and the nexus version is 5.0.2,I have created a role on nexus.
View 1 Replies
View Related
Mar 13, 2012
I have setup my radius server access on the Nexus but am unable to authenticate through putty. If I do a radius-server test on the Nexus it says I authenticate. Here is the log I am getting.
2012 Mar 14 16:03:21 switch-a %AUTHPRIV-4-SYSTEM_MSG: pam_unix(aaa:auth): check
pass; user unknown - aaad
[Code].....
View 1 Replies
View Related
Jan 3, 2012
I am having an issue with authorization on the Nexus 5548. Note: The tacacs configuration has and still works correctly with all non-Nexus gear.
Authentication succeeds, and initiatial authorization passes. However, all sh and config commands fail, though AAA Autho Config-Commands .... and Commands Default Group <Grp Name), are configured.
ACS generates the following error: 13025 Command failed to match a Permit rule. The Selected Command Set is DenyAllCommands. I created an AllowAll, but am unclear how to associate this with Access Policy.
View 1 Replies
View Related
Sep 13, 2012
how do i set limit on the log file size in ACS 5.3. I had the same issue with Nexus 1000v but there is a command that enables you to set log file nane and size. it is getting bulky.
View 7 Replies
View Related
Jul 18, 2011
how to add tacacs custom attribute to ACS 4.2 for Nexus 1000V:shell:roles="network-admin admin-vdc"In the interface configuration I've added new service, service - shell, protocol - tacacs+.In the group settings I've enabled this attribute configuration. And it is not works. Default privilege level is assigned to any user with access allowed.
View 8 Replies
View Related
Apr 13, 2011
I can authenticate between our MDS 9216i switch and RSA radius server but my role does not come across. The logged in user is a network-operator not admin. In the AV Pair i have defined shell:role*network-admin but it doesnt seem to come across
View 4 Replies
View Related
May 26, 2011
I m trying to setup a Tacacs config onto my new NEXUS 5000 series.Nevertheless the authentication doesn't work.Actually I followed the config guide but something is not working or missing.I have setup everything through VMWARE with ACS installed on a Windows server.
View 20 Replies
View Related
Apr 9, 2012
I see there is a similar post for Nexus 5000 to ACS 5.2. Identical symptoms. The supervisor crashed and switched to secondary. Is there a comparable field for ACS 4.1 that needs to have something in it? 2012 Apr 9 11:07:55 va-core02 %$ VDC-1 %$ %SYSMGR-2-SERVICE_CRASHED: Service "Tacacs Daemon" (PID 9390) hasn't caught signal 11 (core will be saved). 2012 Apr 9 11:07:55 va-core02 %$ VDC-1 %$ %SYSMGR SYSMGR_AUTOCOLLECT_TECH_SUPPORT_LOG: This supervisor will temporarily remain online in order to collect show tech-support. This behavior is configurable via 'system [no] auto-collect tech-support'.
View 2 Replies
View Related
Jun 6, 2011
I am experiencing an issue where NX-OS on our 5010s is allowing both Local AND TACACS authentication concurrently. If I don't configure any aaa authorization commands, the locally logged in user has unmitigated access to the device. Once I enable aaa authroization, all commands issued by the locally logged in user are denied by ACS, but they can still log in to the device. When I comb through the logs on the ACS server, I see successful logins when TACACS credentials are used, and also the failed attempts when the locally configured credentials are used. On the switch, however, I receive "%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond" when using locally configured credentials on the switch itself. We are running ACS v4.2.
View 6 Replies
View Related
Feb 14, 2012
When transferring traffic between two VLANs my throughput rate seems to drop to about 1.5 - 3.0 megabits / second.
My setup is like this...
Two Nexus 5020 switches. (switch01 and switch02)
Two Nexus 2232PP fabric extender switches. (switch03 and switch04)
Two Dell R815s with Chelsio and Intel NICs. (host1 and host2)
The servers run Xenserver 6.0, but as part of testing with this I've tried installing RedHat 6.2, VMware ESX 5.0 (vsphere 5).
The issue occurs when using trunking and transferring data from one VLAN to another. Example...
VM1 is in VLAN401 with an IP address of 10.100.40.40. The VM is on Host1. VM2 is in VLAN402 with an IP address of 10.100.50.50. The VM is on Host2.
I've been using a network throughput tool called iPerf to test and I find that I can only get a throughput rate of about 3.0megabits.
If I switch VM2 to be in VLAN401 with an IP address of 10.100.40.41 I get a throughput rate of about 6.7gigabits/sec.
In the above scenario, I'm using a Layer3 interface on the Nexus 5020, but in production we use a Vyatta virtual firewall.
I worked with Citrix for about 3 months and that was a dead end.
View 1 Replies
View Related
Apr 26, 2011
my customer has FreeRadius, and I'm trying to get the server to assign a network admin role to a 5K running 5.0.3 code.This is based on the example given in this document: url...The server authenticates the user name, but will only put the user into the network operator role. This is confirmed by checking the output of show user-account and debug security user-db.The Radius test using the same credentials passes the authentication test. I'm sure the problem is that the N5K dosent understand the VSA format of the attribute, and that this is a simple syntax problem.
View 2 Replies
View Related
Jan 11, 2012
I am wondering if having a Nexus 7K is mandatory to implement SGACLs within a TrustSec Infrastructure deployment or having a Nexus 5500 could be enough?
View 1 Replies
View Related
Mar 15, 2013
I have been tasked to replace the existing Cat 6500 and 3750 switches by Nexus 7000 and Nexus 2000.I was told initially my boss plans to get 2 x Nexus 7000 and then eventually blow up to 4 x Nexus 7000s.For Nexus, is there a list of tasks / points that i need to consider for building the initial design?
Can i just link the Nexus 7000 like the following?
N7k-A ========= N7k-B
| |
lots of N2ks lots of N2ks
View 12 Replies
View Related
Dec 22, 2011
Struggle to find the SNMP MIBS of the Nexus 5000 FEX tranceivers.
View 3 Replies
View Related
Nov 13, 2012
we are planning a Nexus datacenter project with this layout:Our experiences with Nexus switches are not so large until now and the manuals are very extensive.Both N5K´s should be connected directly with all 4 N2K switches. I did not find a layout like this in the manuals. Only a design,where only 2 N2K are connected to one N5K, with this fex config:Now I´m not sure if it is right to make a config like this with the same slots and fex´s or with different slots and fex´s.
View 1 Replies
View Related
Jan 22, 2013
I have a Cisco Router 881 with c880data-universalk9-mz.150-1.M7.bin IOS file. I want to upgrade to the latest IOS c880data-universalk9-mz.152-4.M2.bin. But when I upload the file, it appears the message The selected file c880data-universalk9-mz.152-4.M2.bin is not compatible with this router model.
View 4 Replies
View Related
Aug 21, 2011
I have a customer with an ACS for Windows version 3.3. I know the ACS is End-of-support, but if I could do Authentication for a WLAN with a Controller 5508 Softwareversion 7.0.116.0 and how?
View 3 Replies
View Related
Aug 9, 2011
compatible LAN driver for M2N-MX SE PLUS
View 4 Replies
View Related
