Cisco AAA/Identity/Nac :: ISE 3315 Stuck In INIT Entering Runlevel 3
Oct 1, 2012
my ISE 3315 is stuck in ISE 3315 stuck in INIT Entering runlevel: 3 when i connect a screen and keyboard i can only see this last message : ISE 3315 stuck in INIT Entering runlevel: 3 There is nothing after, i cannot login (no prompt) even after waiting 20 minutes with this message
I have no char return via serial cable depsite i was able to run initial setup from console (same cable, the DB9-DB9 provided, same serial config, same laptop)
Version ADE : ADE-OS-2.0 (2.6.18-238.1.1.el5PAE)
Version ISE : 1.1.0.665
View 4 Replies
ADVERTISEMENT
Mar 29, 2012
My site got the NAC-3315 appliance and we would like to reimage this appliance to inline posture mode (for VPN purpose)What's the proper migration process should deal with this? Is the NAC-3315 hardware comply with the Inline posture mode requirement?
View 4 Replies
View Related
Aug 2, 2012
I installed ise-1.1.1.268.i386.iso on a scratch to the new NAC 3315. As i check cisco download mentioned it need to patch following files :ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz,But once try to patch it show like attachment message, is it mean that i no need to do the patching?Or is there any instruction need to remove and reinstall for this files.
View 4 Replies
View Related
May 2, 2013
Is it possible to add another NIC to the Cisco 3315 NAC appliance. It ships with Four ethernet interfaces, but would like to add at least 1 extra interface i.e. PCI card if possible.
View 1 Replies
View Related
Aug 8, 2012
We have insatalled 5 ise 3315 boxes IOS 1.0.4 in our network where in two of them are admin node , two of policy services and one is mnt node. We are using guest sponsor portal for wirless guest user where in we have integrated WLC 5508 with ise and using weblogin for guest users.
We have created open ssid in wlc and using external redirected url of ise for guest login page. But when we create any guest user in sponsor login for guest user we faced following issue
1) When guest user gets conected to wirless and login in to guest portal with credential after putting credential then its again redirect to same login page wihout successful login prompt.
Can we pompt successful login after guest login to guest portal or redirect to any other link like google.com so guest user will gets to know he is able to access internet now
2) We have creted time profile 8hours first login for guest user. When guest user gets connected while putting credential in to guest portal. But we face issue after approximately every 20 mins guest gets disconnected from internet and guest again gets login page of guest portal and if we put same credential then its working but after approx 20 min interval user get disconnected from internet.
View 3 Replies
View Related
Mar 10, 2013
I have a nac guest server 3315 appliance with 4 NICs. I want to connect each NIC to 4 different networks without allowing traffic between them. So RADIUS interface will be different from sponsor/admin interface to the NGS. how to achieve this. I have created and assigned a static IP address using system-config-network, but when i do ifconfig i dont see the remaining 3 NICs and the web interface doesnt seem to have provision to create this interfaces.
View 3 Replies
View Related
May 24, 2013
we have a new ISE 3315 installation going on, I powered on the Appliance and appliance booted sucessfully, I run the Setup command. however after Setup is completed and appliance got a reload, it is not booting at all , booting seems to be hang up as per the snapshot attached.however Appliance is pingable, . i carried the following tasks as part of troubleshooting.
2: suspecting that Setup was corrupted, i then re-initialzied / re-installed the ISE Completely, then i run the setup command and after self reload, exactly same behaviour.
3: I tried with both Secure CRT & Putty and results are same
View 2 Replies
View Related
Nov 28, 2012
Whether ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting.
View 1 Replies
View Related
Jul 19, 2012
We are conduction a Proof Of Concept (PoC) on Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
Our Setup has ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory.Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
-MDM can be integrated to ISE ?
-How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
-What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
-If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
-Is MDM will do client provisioning or ISE should do ?
-Is MDM send or update patches of Mobile Devices ?
View 5 Replies
View Related
Oct 17, 2012
I would like to ask, given that i got 2 units of ISE-3315 appliance, one need to be primary node for admin-policy service-monitoring, another unit then become Inline posture node.For the preparation on line posture node, what shoud i do on it?
01. For the unit ready to become inline posture node, so I just boot it, install the OS from sractch (using version 1.1.1), then start the initialize setup etc, like Normal setup?
02. Before i regieter, what is the deployment nodes i should select for inline posture node unit? provided the admin-policy service-monitoring will become primary node, and registration for inline posture node will be next action.
View 10 Replies
View Related
Oct 11, 2011
We want to buy a ISE-3315-K9 for 500 end-devices.In the price-list I found the ISE-3315-K9 but cannot find the base license: L-ISE-BSE-500=. (I think I need this license)Will the shipment of the ISE-3315-K9 includes a 3000 end-points base license (maximum support of the ISE-3315) or do I need to order the base 500 license seperately?
View 1 Replies
View Related
Mar 18, 2012
I am using 802.1x authentication with multi-domain ports; Phone and PC connected to phone. The phones are Nortel (Avaya) and the PCs are Dell/HP Laptops. All are configured for Certificate authentication and this works well. However we sometimes get some ports stuck in Guest mode. when a non certificated laptop connects to a phone port and fails authentication, the data port is placed in the Guest VLAN. However when the laptop disconnects the port isn't reset and remains in the guest state. When a subsequent good laptop connects and attempts to authenticate the switch ignores this and leaves the data port in the Guest VLAN. he switch is a 2960S with Version 12.2(58)SE2 IOS.
The port is configured as follows:
!
interface GigabitEthernet1/0/15
description DANS Port
switchport access vlan 1807
switchport mode access
switchport voice vlan 1855
priority-queue out
[code]....
I placed the AAA, dot1x, eap and auth debug on for all events and then connected a good laptop, the only debug message I got were as follows:
Mar 19 16:17:01.391 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:17:01.653 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:17:02.654 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
[code]....
I would have expected the auth function to have reacted to the EAP packets sent by the good client when it connected and performed eap authentication but it didn't, all it did was say the ports in Guest mode and left the laptop in this VLAN.
View 2 Replies
View Related
Oct 27, 2005
My app session was working fine and i managed to see it all up and working. now that i have tried to run script commit-redundancy etc i see the session as APP_SESSION_INIT instead of up. The log shows me on the standby box now that it sees the following :
FLOW-MGR 7 - DOS-SYN ATTACK 192.168.1.1 - 192.168.1.2:5001
View 5 Replies
View Related
Feb 16, 2012
I have a doubt about CiscoWorks. I need to generate the self-signed certificate with a key of 2048 bits to generate a CA with VeriSign. CiscoWorks do this automatically with a key of 1024 bits and I do not find a form to elect a a diferent key. Is it possible to generate a certificate with 2048 bits key?
Another problem is that I have CiscoWorks installed on Solaris. Many times at day the web application does not work and the only way to recuperate it is with the command "init 6" and I have to way 15 minutes until I can have access again. Why is produced this error? Who can I fit it?
View 1 Replies
View Related
Feb 11, 2013
I have a problem when trying to access from a workstation on the internal network to an external FTP server using Explicit FTPS. After the server requires the client TLS Authentication the client inits TLS but the connection is closed by timeout.
I have disabled the FTP inspection on the firewall and I have opened some high ports from the Internet to the test workstation (ACL and NAT rules), but without results.
If I try to connect from a workstation to the FTP server using a direct Internet connection I can access the FTP server without problems, so I think the problem is in the ASA.
View 6 Replies
View Related
Jun 28, 2013
I just bought an N66U and started the process of flashing dd-wrt onto it via Asus' web GUI. I followed the steps on their wiki and it said 'complete!' I went to do another hard reset, as per the instructions, and no dice. I fear I may have bricked it
The next apparent step to me was to get it into recovery mode and either restore the asus fw or continue down that path with the ddwrt stuff, but I can't get it into restore mode
The documentation says the power LED is supposed to blink 'slowly' after holding the reset button + insert power adapter. I can't get to this stage.
Also, whenever I plug it in, the LED's on ports 2, 1, and WAN are solid for a few seconds. I don't know if it did this before, but I thought it could be an error code of some sort.
View 6 Replies
View Related
Jan 21, 2013
I got a ISE 3315 with an IP-Plus license on it. Now I need to install a Wireless advanced license, but I got an error when trying. I've read that the wireless license doesn't need the ip-base one but I can't remove it?
View 1 Replies
View Related
Jul 13, 2012
I would like to authorize a friend in my house to access my wifi I was told to go to http://192.1.1 and enter the MAC address of my friend. However on the site I was unable to enter the information into the box - how can I authorize my friend to use my wifi?
View 1 Replies
View Related
Feb 23, 2011
I need to estimate the installation and configuration time of Cisco NAC (NAC Network Module spare for 2800, 3800 ISR) and Cisco NAC Manager(NAC Appliance 3315 Manager -max 3 Servers. There is some Cisco tool to estimate the installation and configuration time?
View 3 Replies
View Related
Jun 24, 2011
How i can get access lan computer drives with out entering login password
View 1 Replies
View Related
Jan 10, 2013
D-Link Router 615, with Xplornet Satellite Internet <-(internet sucks).
We got the router about 5 months ago and it has been good, few losses of connection and you have to reboot which is understandable. The internet is always random so if the router needs reset/reboot its no problem.
However about a month or so ago its started redirecting constantly once you put a website in the address bar. Its not always the same sites either. Sometimes its google for part of the day, some times the site wont work for a week. It redirects me all the time to the D-Link Router Log In, and no matter how i try to access the website im trying to go to, it redirects me to the D-Link.
View 3 Replies
View Related
Oct 5, 2011
My network topology consists of 3 directly connected routers where the central router contains sensitive data and i need to block traffic from ENTERING the LAN adjoined to that router. My issue is creating an access list to DENY traffic from entering the network connected to Fa0/1 but ALLOW traffic to exit from that network. I am using one class C network which is subnetted 7 times to provide me with the required LAN's.
View 2 Replies
View Related
Jan 14, 2013
When i try to enter the password for my N300 Belkin Router into my wifi connection setup in my computer it will not accept any letters, only numbers.
View 1 Replies
View Related
Dec 11, 2006
I have reconfigure my Cisco 3825 for ssh after we lost the config sue to a power faliure. I have reconfigure the same way it was configured before and working properly.
when I try to access the router using Putty ssh, I get to the authentication screen but after entering uername and password (enable secrete and line password the same) i get access denied.
Below is the ssh and line configuration on the router. I have seen the pdf that has been recommended here at Netpro and have followed that document but still having problem:
[code]...
View 16 Replies
View Related
Jun 3, 2011
Trying to connect (ipod touch) to DIR-655 with WPA2 enabled.
* Is there a way to connect without having to enter entire Long WPA2 Pre-Shared Key?
* why iPod has required me to enter security password several times - why would it keep losing the saved password I've entered?
- What is the PIN SETTING for on Device homepage? Is that a shortened key?
-I'd already added multiple times in past, too...
View 1 Replies
View Related
Feb 4, 2013
Region : Ireland
Model : TD-W8960N
Hardware Version : V4
Firmware Version : TD-W8960N
ISP : Vodafone Ireland
I am having a rather annoying problem. I run a small hotel (just 3 floors) and my modem gives a strong enough signal to provide wireless access to everybody in the house however I'm finding that a lot of people, whilst they can connect to the modem, cannot browse online. Connection just times out when they open their browsers.Recently a guest gave me his laptop and asked me if I could do anything with it. I'm by no means an expert when it comes to this kind of thing so I chanced my arm by putting his MAC address into the CP's Wireless/MAC Filter page. He connected immediately and was able to go online much to my relief.
Thing is, I don't want to have to do this for every guest that comes through my door! Is there any way everybody who has a laptop can connect without me manually entering their MAC addresses? MAC restrict mode is set to 'disabled' but I thought that would allow everybody unrestricted access?
View 2 Replies
View Related
Jul 15, 2011
I have tried to connect my Kindle to my E3000 without success. The Kindle shows that the router is there but after entering my password in the Kindle it will not connect. I tried going into Cisco Connect and enable "Guest" user. Again the Kindle shows that the router is there showing "Guest User" and after entering the password for the guest user it still will not connect. The Kindle does connect to the internet through a router that is shown - I have no idea whose router it is - but at least it proves that the Kindel will connect to the internet.
View 2 Replies
View Related
Jul 21, 2012
indows 7 Studio 1458 Crashes when entering Sleep Mode
View 2 Replies
View Related
May 25, 2013
I have 5508 controller in my lab. I am working on a project to set up a public internet but with some condition.
- User should able to connect to the SSID without any authentication.
- Once user will connec to the SSID it should redirect to an external URL which indicates terms and condition and email address field.
- User should enter his/her email address in email addrss filed and click I accept button.
- Once that is done then he/she is allowed to access internet.
We are not sure how can we achive this as I do not know what should be the return value for WLC to allow that user to go through or what should be the settings on the WLC to redirect to the page.
I have seen a settings on web authentication for external URL but I guess it is only for username passwor or Radius authentication. While in this case I do not want to use any authentication just an accept buttor or Decline button and all good to go.
View 2 Replies
View Related
Jan 3, 2011
I have a 851 that I'm trying to apply CBAC on. However, it seems that new sessions are stuck in SIS_OPENING. I'm guessing maybe because packets are not returned,I can't understand why - everything works just fine up-until I add ip inspect INBOUND out' on the WAN-interface.
View 19 Replies
View Related
Oct 1, 2011
Im trying to upgrade my IOS. It wasnt at ROMMON before but I thought I can upload the IOS on the xmodem so i did a
en
conf t
config 0x0
reset / reload
Now that I am in the ROMMON. If i type CONFREG to change the BAUD, nothing shows up. Usually it gives options but this time, nothing.
>confreg
>
So I tried to go back to the normal CLI
[Code].....
I turned on the router manually and turn it back on hoping that it will work but it brought me back to rommon.
View 1 Replies
View Related
Mar 22, 2011
I'm at my girlfriend's house and every laptop in the house works beside hers! I tried mine and it connects flawlessly also my itouch and my eee-pc also connect without any trouble but her laptop is stuck on Identifying i tried the whole netsh reset thing and sadly we cannot have access to her router as her dad hates it when we play in his Linux based stuff anyways any simple fix would be welcome, i hope no one will suggest changing routers/reinstalling the whole OS[CODE]
View 5 Replies
View Related
Feb 3, 2013
Dell inspiron 1525 / Windows XP
Linksys/Cisco Router.
When trying to connect (wireless or wired), I can't get past the authenticating status. Have used this computer with same router for 3 years. If there was ever a problem, I would unplug/replug the router.I am currently connected through my neighbor's unsecured network.
View -1 Replies
View Related
