Cisco AAA/Identity/Nac :: Making ACS 5.3 Work Correctly With NCS
Jun 18, 2012
I am trying to get the ACS 5.3 to work with NCS but cannot make it work correctly. url...But this does not show how the ACS referencing AD groups would work when determining which custom attributes to use.
On the ACS 5.3 i have set up the following .The ad is working and in Users and identity stores/External identity stores/Active Directory then my AD test works fine.I have set up the Users and Identity stores/Identity Groups with appropriate ip s.I have configured the Network Device Groups/Network Devices and AAA Clients with the ip address and Authenication optionsA.In Policy Elements/Authorisation and Permissions/device administration/shell profiles.I have creeated a shell profile called network shell pro which das a common tasks of def priv = 0 and max priv = 15
Now i can get into the NCS but i do not see any of the administration buttons on NCS - so this means the custom attributes are not working.i shouldnt need a user for this on the ACS as its using AD.
View 2 Replies
ADVERTISEMENT
Mar 14, 2011
How do i make sure that my voip softphone is going through the vpn i have and the other party ( voip prvider is seeing the vpn ip insted of my real ip
View 2 Replies
View Related
Sep 1, 2011
I have a customer with an ASA5505 where it will not reply to SNMP polls from any source, i have followed the configuration guide [URL].at and tested another ASA in our internal network and i have that working fine on our LAN, here is the snmp and logging sections of the show-run on the ASA, it there anything obvious im missing to make the SNMP work on this device?
snmp-server host outside 203.XX.75.122 community XXXX
snmp-server host outside 203.XX.84.196 community XXXX
snmp-server host outside 203.XX.86.82 community XXXX
snmp-server host outside 82.XX.244.3 community XXX
[Code] .....
View 3 Replies
View Related
Jan 21, 2011
Ok so our company has a VPN set up on our workstation laptops for employees to be able to connect to the office network from home.We use CISCO VPN CLIENT, and a pre-setting .pcf file to upload our vpn into the client. The settings are correct completely to allow the VPN to work from home. All of our older workstations (Latitude D510-D630's) work with Windows XP SP3 32b. Recently i purchased new laptops (Latitude E6410's) and have started issuing them out with Windows 7 Enterprise 64b.A couple employees from home cannot get their VPN to work correctly at home with the New Laptops. Their old laptops work fine with the VPN, but the new ones dont. They are running a Frontier DSL modem with wireless.The VPN connects just fine on the new laptops, but the problem is... Nothing works. Outlook does not connect, They cannot access any of our network shares or drives. And cannot use any of our company's software that requires our network access.
I tried uninstalling the the CISCO Client, and reinstalling it, No Go.I tried changing the MTU Settings on the client and network adapters and wireless adapters, No Go.And it seems to be just an ISSUE with employees trying to VPN through a dsl connection using the new laptops, where others with the new laptops can VPN in fine through a time warner connection. But remind you, their old laptops work fine.. which seems kind of odd to me.
View 7 Replies
View Related
Feb 17, 2012
I am user of Dell Inspiron 1545 and I have problem with Internet. Till yesterday everything just worked great, when I was turning on a wi fi, it always found a network I wanted to. Yesterday, the current has been cut of. (?) and I lost connection to internet. After current camer back, everyone got internet back, but not me. My wi fi is still finding almost all networks except one, the most important one.
View 1 Replies
View Related
Nov 20, 2012
I have a problems with one SA520W.The LAN port don't work correctly. If i connect PC directly via ethernet cable (i try 2 different cable and 2 different PC) the DHCP don't assign an IP. If i reset to factory default and manual insert IP (192.168.75.1) don't work.
View 2 Replies
View Related
Dec 12, 2010
I have hardware version B1, firmware version 2.00NA and several computers (wired & wireless) with Vista & Win 7 x64 and a Brother HL1440 printer.When I print something it comes out scrambled, images missing or cut off, empty pages, etc. This same setup worked fine when it was directly into one computer, then shared on the network though windows sharing. The problem was that computer had to be running to print off the network. I got the dir655 since it had printer sharing but so far its not been of any luck.
View 5 Replies
View Related
Aug 21, 2011
I have 3 ACS 5.2 servers both here and in the US. On friday night, our building lost power and it came back up early saturday morning. During this, the Wireless controllers dropped their configs and reverted back to point to the old ACS servers again. After fixing this, all wireless works now in my location. But, ACS is not logging my sessions even though i can connect to wireless with phone or laptop. It should log the authentication process if the server is here or in the US, but it is only logging for the other 2 servers. now on a weird note, the VPN for users in this location is authenticationg just fine.
View 2 Replies
View Related
Aug 16, 2011
Does Cisco 602 office connect AP working correctly with a 5508 controller? As cannot get it to work as having random problems. Ie I see the SSID broadcast on the AP, but no authentication messages for clients on the controller.I have the same configuration setup on a 1142 office extend access point and works fine.The other 602AP i have is seen by the controller, but will not even broadcast the SSID.
View 3 Replies
View Related
Sep 11, 2012
I just upload firmware1.0.1.10 on 2 WAP121. After the update and reboot, I was able to confirm the firmware version in the System Summary menu. The update is uneventful.However, the functions WDS Bridge and WorkGroup Bridge no longer works on two WAP121:
- For WDS Bridge, when I configure a Remote MAC Address with WPA Encryption and then I click on the Save button, nothing happens there. But it works well when I choose without Encryption.
- For WorkGroup Bridge, when I click on the Save button (even without changing the configuration), I have a message "Certificate file uploaded successfully" and another error message in the background: "error occured for query you send path . device.sync ... "
1.0.0.3 firmware is not available on your site, it is imposible for me to go back.
View 2 Replies
View Related
Dec 23, 2011
E4200v2 DMZ does not appear to work correctly?I have two e4200v2 both with latest firmware and it appears to me that the DMZ setting does not work. I continue to have to apply many port forwarding and triggering rules to make needed ports accessible.
View 9 Replies
View Related
Jul 27, 2012
First off, my router is a D-Link DIR-655, firmware v2.07. I'm trying to port forward port 25565.
My port forward settings are this:
However, when I use this open port checker, it claims that I don't have that port open. It looks like this, without the blurred out parts:
Added note: The way I want to use it is by my IP (xxx.xxx.xxx.154:25565). I have the software installed to do so (I'm using a minecraft server, connecting through minecraft), but I can't enter my IP in the IP address field, it says that it's out of the range of the LAN.
View 2 Replies
View Related
Feb 11, 2013
Im having a issue with that any of my computers without a wireless connection have been incapable of getting out on the internet with the new router that i got myself, i know the cables works etc, since they work perfectly fine with the old modem alone, but wont work at all with this unless on a computer with wireless connection
View 5 Replies
View Related
Jun 8, 2011
For unknown reason I cannot get WLC to authenticate correctly with ACS 5.2. it's very strange in the sense that when I checked the log. ACS authenticates and authorized the WLC 4402 but I cannot log to the WLC. login screen appeared, if I typed user name it jumped to Controller> user: password:
No matter what I typed (internal or external users) nothing seems to work. This is my frustration, I have no problem authenticating routers and switches except WLC 4402.
View 8 Replies
View Related
Jun 30, 2012
I have done this before on this exact model about a month ago, so it's still fresh in my mind on port forwarding. (note, I'm using firmware version: 1.0.00) I am running a windows 7 computer wirelessly using this router.What I do for port forwarding is type in router IP (192.168.2.1) in internet explorer, type in "default" as username and "admin" as password. I click the "applications and gaming" link which brings me to port range forwarding.
I fill in my port info, in this case a mine craft server running on 25565. I set up two of the same ports, different names both at the same port, one running TCP and the other UDP, when it worked previously the "both" option did not work correctly. (I used to have a private network that a buddy of mine set up a while back, and I doubt he remembers what to do and I don't know where the manual is to make a new one, searching the internet sends me spam of people asking questions.)
I read somewhere it may have something to do with DHCP server settings conflicting with my IP. My IPv4 address reads 192.168.2.100, and the DHCP settings says the same.
View 1 Replies
View Related
Apr 23, 2013
how the certificates work when using PEAP on ACS 5.2.Currently we have clients which are Cisco wireless IP phones that are using the ACS server(s) for authentication to the wireless network. The phones are configured to use PEAP with server validation enabled. The phones have a Godaddy root certificate, and Godaddy intermediate certificates installed on them, (in addition they have all the certs that are on the phone by default). On the ACS server there is a certificate that is signed by Godaddy. This was creating doing the CSR process etc...
So from what I understand, because all the phones are set up to validate the server certificate, they require the public root certs and the intermediate certs that are installed on them, in order to validate the private cert that is on the ACS server. The private certificate (the one signed and issued by Godaddy), expires the middle of next year (2014) (a little ways off I know, but it is never too early be concerned about stuff). When we go to get a new private certificate for the ACS servers (or get a renewal) and when we install this new signed certificate onto the ACS servers…will all the clients still trust this new certificate, and everything will continue to work smoothly? Or will the clients all need to have new root certs installed, and new intermediate certificates installed? From what I can gather I think the first scenario should be the case, because the root certs and intermediate certs are there to trust certs that are signed by Godaddy, so as long as the new private certificate is signed by Godaddy everything should be okay.
View 8 Replies
View Related
Feb 21, 2012
We have ACS 5.3, and trying to set up sftp backup on freesshd server. SSH connection works, but ACS cannot copy backup file to sftp server, we get following errors:
Acs.MGMT.ACSVIEW Backup failed: CARS_XM_SSH_CONNECT : -306 : SSH connect error
FTP backup works fine.
View 1 Replies
View Related
Mar 8, 2012
I have several 2950 switches that I cannot get to work with TACACS. I'm using the same config for these that I am using for other cisco switches. [code]
View 1 Replies
View Related
May 18, 2012
I am trying to install ACS 5.0 on workstation, however once the install finsihes it reboots and I enter the Linux bash command line rather than the Cisco CLI.
Note - this is now fixed. I followed the steps here to install ACS 5.0 on VMware Workstation 7: url...
View 2 Replies
View Related
Feb 21, 2013
I have an issue about ACS v5.3 Appliance.I have an ACS v 5.3 wo authenticate wireless users, together with a cisco wlc. One profile is to corporate users and the second profile is to guest.
The corporate users should authenticate with Active Directory and the guest with WLC. Guest users should authenticate with the ACS Local Database. I have configurate two service selection policy that match with protocol Radius. The first rule is to users of Active Directory and the second is to users in
the Local Database of ACS.When i try to authenticate users with active directory is OK, but when try to authenticate users with Local Database (Guest Portal) the ACS try to find the
the internal user in the Active Directory, because math the first rule, and the second profile can not authenticate.When I change the order, first the Rule of internal users and second the rule of users of Active Directory, the internal users can authenticate in to ACS, but
the users in the Active Directory can not authenticate.I think my ACS only authenticate the first rule of radius to Active Directory, no two rules of radius in the same time. Or maybe exists an issue in OS of the ACS.The authentication by separately is OK.
View 5 Replies
View Related
Apr 6, 2011
I have win 2008 server as DC, i have installed acs 4.2 on menber server (win 2003) , but it doesn't work, how to let this one work.
View 6 Replies
View Related
Nov 25, 2012
As observed ACS 5.x " Change Password on Next Login" Feature does not work with SSH Clients ( tried with X-sheel, Secure CRT, Putty etc...) , however through telnet session to IOS devices, users can change their password on their next login.
1: on ACS 5.x i create a new user & Set " Change password on NExt Login" option.
2: Logged into the device through Telnet & Password can be changed after i authenticate successfully. however the same is not happening when i login to the devices through SSH.
is it because of the fact that SSH is encrypted session ?
Because changing password through a telnet session is not accepted in many fanancial organizations as per PCI Standard.
View 2 Replies
View Related
Dec 13, 2011
i bought a computer the old one works fine but it is slow. am using ethernet dsl cable. it connects through lan connections. the new one connects local only and will not let me get on internetwhen i try to go on the internet it brings up a connection through broadband and askes for a user name and password. the other computer doesn't and i have no username or password through the dsl.
View 2 Replies
View Related
Feb 22, 2012
i want to make my minecraft and gmod servers permanent so i got stupid and built a low powered server out of an old athlon media pc i had laying around. anyways my current setup i have going is my main router is in the basement and i have a dd-wrt d-link repeater in my room. ok so i gave the repeater a static ip of 192.168.1.56, and gave my server a static ip of 192.168.69.25 (i made the ip of the repeater 192.168.69.1) i forwarded all the necessary ports to the static ip of the repeater then to the static ip of the server. but my servers wont work. on minecraft it says "end of stream" but if i look at the active server log on the server it says "myipaddress has lost connection" and on gmod i just cant connect or see my server at all.
View 4 Replies
View Related
May 20, 2011
Making Configuration between 2 Apps?
View 1 Replies
View Related
Dec 4, 2012
You have to make 4 subnets for 4 VLANs, the router interface assigned to each VLAN is the LAST usable host on the subnet.so unless I'm really bad at networking the graph should be:
NET ID // HOSTS // BROADCAST ADDRESS // VLAN
192.168.0.0 // 192.168.0.1 - 192.168.0.62 // 192.168.0.63 // VLAN1
192.168.0.64 // 192.168.0.65 - 192.168.0.126 // 192.168.0.127 // VLAN2
192.168.0.128 // 192.168.0.129 - 192.168.0.190 // 192.168.0.191 // VLAN3
192.168.0.192 // 192.168.0.193 - 192.168.0.254 // 192.168.0.255 // VLAN4
So if I'd have to write down a single host configuration for VLAN2..I think it should be:
IP: 192.168.0.65
subnet mask: 255.255.255.192
default gateway: 192.168.0.126
Is this correct? I'm not sure whether the default gateway should be 192.168.0.255 (as would with normal subnets) or as I wrote down 192.168.0.126, this is the first time i've ever gotten assignments including VLANs and I havn't really gotten a solid explanation.
View 1 Replies
View Related
May 14, 2012
We're running three networks (inside, outside and dmz). Inside is 10.0.1.0/24, dmz is 10.0.2.0/24, outside is a static ip allocated by our ISP. We'd like to configure the following:All traffic from the outside to [static provider ip] on port 80 should go to 10.0.2.200 port 8080.
View 14 Replies
View Related
May 12, 2011
We have a customer that recently changed IT Vedors and came to us. We needed to change the ISP and need to make changes in their Firewall. I went out on site and wasn't able to get into the Routers and I contacted the previos company but they wouldn't release that information. So we had to reset the devices and set everything back up. Everything works great except before they had an IPSEC VPN Tunnel between the 2 buildings. Both Buildings have WRVS4400N Routers and I have setup a VPN IPSEC Tunnel on both sides. I have named them the same and the summary says that both are up. But when I try to go from one side to the other I am unable to Ping or resolve anything. I called Cisco but they said they are out of warranty. Cisco directed me here.
View 1 Replies
View Related
Mar 3, 2011
I'm trying to connect our ASUS VIJ series laptop to a dlink DIR-615 wireless router. The router connection page asks us to: "Please enter the PIN from your wireless device and click the below "Connect" button". How to find the PIN number for the laptop? The laptop uses a wireless g connection. The laptop can find the dlink router's signal on the wireless profiles & has been connected wirelessly in the past to a router (a plug & play type) without a problem.
View 7 Replies
View Related
Dec 19, 2011
I have a computer hooked up to the internet with a cable modem via usb cable. The ethernet part of the modem is hooked up to my xbox 360.
I don't have a wireless router or a wireless internet connection but I do have a Belkin USB Wireless Adapter and I read on the web that you can turn your computer into a wireless hotspot if your computer has a wireless card with antennae or a usb wireless adapter.
Example, I have a Nintendo USB Wireless Adapter. All I do is stick it into my computer's USB port and it becomes a hotspot that I use to connect to my Nintendo DS to the internet wirelessly. So I basically thought that my Belkin adapter would be able to do the same thing only with whatever other devices I try, not my DS.
View 9 Replies
View Related
Mar 24, 2012
i WANT Making Wireless access secure
View 1 Replies
View Related
Nov 27, 2011
If you have a router connected to several computers can a person create a shared drive using a remote USB drive?
View 7 Replies
View Related
Feb 1, 2011
i have to make a wireless network for 48 apartments, thats in 4 floors and the area surface is 400 x 400 meters i want to go with netgear maybe buy 1 router and 2 access points?
View 1 Replies
View Related
