Cisco AAA/Identity/Nac :: WS-C4510R+E - Wired 802.1X With ISE / Some Computers Cannot Be Authenticated

Aug 28, 2012

We have a customer which is using ISE with 802.1X in order to authenticate computers. All the computers have their own certificate and most of them can be authenticated fine! The issue is that some computers cannot be authenticated.The port configuration the authenticator (Cisco WS-C4510R+E IOS 151-1) are configured exactly the same: [code]
 
But for some reason some PC cannot be authenticated. A wireshark capture on the computer not working shows that the computer receives a EAP Request Identity and also send a Response Identity to the switch but then nothing happens more: So the process is stucked in the EAP-Response/identity. I attach a debug capture on the switch for one of the computer which cannot be authenticated.

View 4 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: 2960 - Remote Desktop To Machine 802.1x Authenticated By User (Wired

Jan 22, 2012

802.1x is working properly, 802.1x port is up,but;when I do a remote desktop to machine that is 802.1x authenticated by an user(Wired), first, login to pc successfuly  then(3 minutes) is switch port down..
 
Debug radius authentication
Debug aaa authentication
 
Does not appear in the log only message port is down
 
Equipment;
 
Cisco 2960, Cisco ACS 4.2 ,MS Active Directory Authentication
 Client:windows xp, windows 7
 Cisco 2960 Port Config
 switchport mode access
dot1x pae authenticator
dot1x port-control auto
spanning-tree portfast
spanning-tree guard loop

View 1 Replies View Related

Cisco AAA/Identity/Nac :: WS-C4510R Critical Voice Vlan Support

Dec 15, 2011

Critical voice vlan feature, used to place a newly authenticating phone when radius server is dead into appropriate voice vlan, seems to be a new feature and I find the documentation to be incomplete.  Do the following switches support this feature in any IoS versions? WS-C4510R, 4506, 3560, 3550,2960s.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 1120 - How Many Devices (MAB) Can Be Authenticated

Jan 23, 2012

I´m currently looking for a document that specify how many MAC addresses can be stored and authenticated via an ACS (1120)? I prefer to use the internal identity store over AD or LDAP for MAB authentication for 802.1X project. I would like to know what is the impact on the ACS? CPU/MEM? What is the impact on the user authentication? delay, timeout, etc.

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.0 Not Getting Authenticated With 2008 AD Server

Nov 8, 2011

I have a cisco ACS 4.0 build 27  on windows 2003 server . My site was working fine when i was having a AD on 2003 server . Recently i have migrated my AD servers is 2008 .
 
After the migration the ACS is not authenticating the users . Now i have made a server with 2003 and made the site working . I need a solution to make it work using 2008 server is there any compatiblity issue  between ACS 4.0 and  2008 server .

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 5520 VPN Users Are Authenticated Against MS-AD Through LDAP

Sep 1, 2011

I have 2 ASA 5520 (v. 8.21) in a active/standby fail over configuration.
 
VPN users are autenticated against the MS-AD through LDAP. For the most part this works well. Occasionally I'm having problems with new users in the AD. If I run a test I keep getting "User was not found". This can happen days after the account was created still. In some cases it never seems to work. The accounts I create exists on the same OU level as all the other accounts that are working.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5510 - Allow Only Authenticated Users To Enter Internet

Jan 3, 2012

I have an ASA 5510 with IOS 8.4. I want that only authenticated active directory users can pass the firewall.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Assign Static IP Address Depending On Authenticated User

Feb 12, 2012

Actually I have a lab with ACS 5.3 running with 802.1x, but when when the user is successfully authenticated, it's assigned and IP address from the DHCP server, is there a way to assign a static IP address depending of login username??

View 13 Replies View Related

AAA/Identity/Nac :: ASA5510 - WEBVPN User Authenticated Through LDAP Failure?

Feb 28, 2013

I'm trying to configure an ASA5510 with release 9.1(1) in order to authenticate VPN AnyConnect users through LDAP. In a first step the logs shiw me this kind of error:
 
[-2147483632] Session Start
[-2147483632] New request Session, context 0xadf415d4, reqType = Authentication
[-2147483632] Fiber started

[Code]......

View 0 Replies View Related

Cisco AAA/Identity/Nac :: 5510 / Failed To Privilege Mode When Authenticated By Radius Server

Aug 26, 2007

I tried to authenticate and authorized Nokia/checkpoint Nortel/AD3 and Nortel 5510 platform using an 4.1 for windows ACS. the ACCESS-REQUEST is well processed bi the radius server wich send ACCESS-ACCEPT to the AAA Client (ie NORTEL or NOKIA), but i'have got privilege access denied on the Client side. RADIUS IETF Dictionnary is used for every device. all others Cisco Devices authenticate and are well authorized.

View 3 Replies View Related

Cisco Switching/Routing :: WS-C4510R+E Modules

Feb 7, 2013

I have a WS-C4510R+E with
 
Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
1    48  10/100/1000BaseT Premium POE E Series  WS-X4748-RJ45V+E   CAT1612L1JD
2    48  10/100/1000BaseT Premium POE E Series  WS-X4748-RJ45V+E   CAT1612L1JW
3    12  10GE SFP+                              WS-X4712-SFP+E     CAT1622L0SC
4    12  10GE SFP+                              WS-X4712-SFP+E     CAT1622L0RM
5     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1620L1UJ
6     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1620L1Z2
 
Can i add two WS-X4712-SFP+E and two 10 GE ethernet module also?
 
Is there 10GE ethernet module with WS-C4510R+E.

View 2 Replies View Related

Unknown Computers On A Wired Network?

Apr 1, 2011

I use a Ethernet Powerline adapter.Right now, there are 5 other computers on my wired network, and i don't know what they are. What are they doing there, and how do i get them out?

View 6 Replies View Related

Cannot Connect To The Same Network With Wired And Wireless Computers

Nov 2, 2012

I have a dell desktop running windows vista that connects to my wireless router with a cable. I have an HP laptop that is running windows 7 that is wireless.When I look at network computers on the dell I get an error message that says that the computer is not accessible. The same thing happens when I try to log onto the desktop from the laptop. When I try to run the network wizard from the desktop, I see see connect to the internet, connect to a wireless router or access point, setup a dialup connection and connect to a workplace.None of them make sense but I tried connect to a wireless router and got a message that said to set it up manually or set up a flash drive, neither of which makes sense. I tried set it up manually and all that happened is the router setup screen opened up.I tried the same thing on the laptop and the setup the network wizard opened a screen that said choose a wireless router or access point to configure, but nothing ever showed up on that screen.

View 2 Replies View Related

Restrict Internet Access To More Than 8 Computers On Wired LAN?

Feb 13, 2011

I've been using "Linksys by Cisco Wireless-N Home ADSL2+ Modem Router WAG120N". I can restrict internet access to only 8 computers using their Mac adresses but there are no ore entry fields for Mac adress than 8. What shall I do when I need to block internet access to more than 8 computers say 20 computers on wired LAN? I don't like the option blocking the internet access via IP address. I found they are not that effective as the option Mac adress

View 1 Replies View Related

Setup A Hard Wired Network For 30 Computers?

Jan 28, 2013

I want to setup a hard wired network for 30 computers

View 1 Replies View Related

Cisco Switching/Routing :: How To Connect Two Core Switch C4510R+E SUP 7-E

Nov 4, 2012

I have 2 units core swicth C4510R+E SUP7-E  need to connect together for redundant purpose , i bought also 4X 10GE uplinks for each core switches .May i know how i shall connect both core switches together using my spec Catalyst 4500 E-Series 12-Port 10GbE (SFP+) ?

View 6 Replies View Related

Setup A Wired Network Between Computers But Leave The Wifi On Them?

May 5, 2011

I'm sort of new to networks so I'm not sure if this is even possible but what I'm trying to do is set up a wired network between computers but leave the wifi on the computer as how it connects to the internet. I'm using two computers connected through a lynksys router(not connected to the internet) and ethernet cable, and one of the computers has a wireless card that connects to another router that is connected to the internet. i can set up a network between the two computers but then the one can't connect to the internet(even though it says it is connected the network with internet),

View 2 Replies View Related

Linksys Wired Router :: RV042 - Can't See Remote Computers When Connected Via VPN

Feb 10, 2011

I've got an RV042 router at home and am connected from my office via the QuickVPN client ver 1.4.1.1.2.  I can ping the RV042 and log into the administration page and make changes.  However, I can not see other computers on the remote network.  I can not ping them.  When I open my Network page, I still see the computers on my local network.
 
All machines are running Windows 7 Ultimate.  ISP is Comcast at both locations.  WAN IP's are dynamic, but have not changed in over a year.  Local IP's on the remote (home) network are static..[url]....

View 1 Replies View Related

Linksys Wired Router :: BEFSR41 V3.1 Compatible With Windows 7 64bit Computers

Apr 25, 2011

Is the BEFSR41 Ver 3.1 compatible with Windows 7, 64 bit computers?

View 2 Replies View Related

Belkin Routers :: 300N - Access WAN Via Wireless While Firewall Wired Computers?

Dec 15, 2012

The facility provides WiFi access. I'd like to configure his router to access the facility's WiFi, as WAN access to the internet while providing DHCP service to the wired ports. The idea is to use the 4 wired ports to provide inter-connectivity to each other and internet access via the router's wireless connection via wireless for internet access by the wired client machines.I'd also like to firewall the wired devices from access by other users of the facility Wireless network.Can I do that? How do I configure the wireless aspect of their Belkin Share 300N? What other settings do I have to set.

View 2 Replies View Related

Linksys Wired Router :: RV082 ICMP And HTTPS - Computers Only Can Navigate Through HTTP Web Pages?

Oct 21, 2012

Let's see if you can with this one:
 
DSL Internet Router (Dynamic IP) -> Linksys RV082 -> Firewall PC -> LAN
 
DSL Internet Router: 192.168.3.0/24
Linksys RV082 WAN2: 192.168.3.0/24
Linksys RV082 LAN: 192.168.5.0/24
Firewall (2 Nics): Nic1 is 192.168.5.0/24 and Nic2 is 192.168.1.0/24
LAN: 192.168.1.0/24
 
RV082 WAN 2: Configured with a DHCP IP Address from DSL Internet Router so it has 192.168.3.0/24 range IP.
Load Balancing enabled
Static Route added on RV082: 192.168.1.0 mask 255.255.255.0 gateway 192.168.5.x interface LAN
Firewall PC is completely Open as i was using it before.
 
I had a Fortgate 60B and everything worked fine, then a bought a RV082 and now i can get this up and running properly.The thing is this....whit the actual setup i have, computers only can navigate through HTTP web pages, other ports seem to be closed, but if the Firewall PC was blocking this i guess i'll know because it shows a message on screen when a policy is being applied. If i try to open HTTPS Pages it doesnt work, Even a simple pinng to google.com doesn't work from my LAN (192.168.1.0/24), but if i connect a computer on a local port on RV082 i can PING and i can browse anywere i want.
 
It seems to be that Firewall PC is causing problems but i execute a tracert to [url]...., the packet get stuck in the RV082.What im thinking is that maybe the RV082 doesn't allow to go trhu at all if the traffic comes from other networks that doesn't belong to the one configured on its LAN side.By the way the Firewall PC connected to the RV082 directly navigates perfectly.
 
PS. The reason im using Firewall PC is because that way is much easier and flexible to handle policies for Internal users than in the RV082 Router. I use this ume basically to set up VPN IPSEC and Dual WAN Load Balancing.

View 3 Replies View Related

Cisco Switching/Routing :: Install Line Cards (WS-X4548-GB-RJ45 / Chassis WS-C4510R-E) On Chassis Ws-6504-E?

May 15, 2012

we need to install a line cards (WS-X4548-GB-RJ45, chassis WS-C4510R-E), on a chassis Ws-6504-E.where I can find information about compatibility?

View 2 Replies View Related

Cisco Wireless :: AP541N / Can't See Other Computers On Network Through Wireless / Wired OK

Jul 14, 2011

Our wireless clients that connect through our AP541N cannot see other computers on the network.  They can ping other computers by IP and host name and access the internet OK.  Mapped network drives can be connected initially but are very unreliable and always end up disconnecting.  Restarting the computer does not work.  When these computers are wired they see the network as expected. why my wireless network would behave differently then the wired?  The wired and wireless networks are on the same VLAN.  The wireless clients are all Windows 7 systems.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.0 - Disable NAC From 802.1x Wired Access Authentication?

Jul 8, 2011

I would like to disable NAC policy control from my ACS 4.0.I would like only 802.1x AAA on my switch ports.Also I'd like to assign a different VLAN to different MAB devices by RADIUS user attribute, in order to differentiate vlan for printers, clocks and so on. Any document for ACS 4.0?

View 1 Replies View Related

Cisco :: AIR-LAP1131AG - Limited Access When Authenticated

Oct 8, 2011

At one of our locations we are experiencing some problems getting connected to our wireless networks.
 
It is possible to sit right next to an AP (AIR-LAP1131AG) and only have limited access to the network.
 
I have attached a snapshot from inSSID from the wireless networks in the area. All of them are broadcasted by our controller and I can´t figure out how it is possible to see SSIDs in other channels than the ones in the 2.4GHz band (11-14)?

View 1 Replies View Related

Cisco :: SNMP Web Authenticated Users Wlc 5508?

Apr 4, 2013

I am using web authentication with my Wlc 5508 and I would like to check all users currently connected (ip, login used, MAC address, ...) with SNMP.
 
I am using an external web server and my client are authenticated with ldap.
 
I know I can receive these information with traps, but I would like to create a short program which will check all users when I click on a button.

View 2 Replies View Related

Cisco Firewall :: 5525 Authenticated User Access

Oct 31, 2012

We've just replaced our Fortinet Firewalls with 5525's but are struggling to get a feature working that worked great on the Fortinet firewall.All our users use a proxy for internet access that's configured in IE but from time to time some users need to remove this proxy and go directly out to the internet, with the Fortinet devices we created a rule right at the bottom of the inside access out rule that had it authenticate users via TACACS which worked a treat and could be used from PC or laptop. We want to do a similar thing on the 5525 and I thought the Authenticated user would give me this access but I don't seem to be able to get it to work. I've got the AD side of it working fine the ASA can pull user and groups from AD but I'm struggling to get this working for a user.

View 3 Replies View Related

Cisco :: Clients That Are Not Authenticated Taking IP Addresses - WLC 5508

Feb 21, 2012

I work on a college campus that has thousands of students a day accessing our wireless network.  We have broadcast SSID that the students use to connect to the internet.  The students usually have more than one WiFi enable device on them and their laptops and phones both take an IP address, but they are only using the laptop to authenticate while the phone is associted, but not authenticated.  In the meantime, I have several thousand IPs being used by their phones/iPods etc.  Is there a way to revoke the DHCP lease if the client does not authenticate within a specified time frame (i.e. 10 minutes)?

View 3 Replies View Related

Cisco :: WLC5508 Limit Number Of Users Authenticated With One Login

Feb 28, 2012

Is it possible to configure WLC so that only one user can connect to wireless network at a time with one login? We have WLC5508 (7.2.103.0) web authentication with LDAP  (Active Directory).

View 2 Replies View Related

Cisco Wireless :: 7.0.220 / Apple Clients Authenticated But Show No Username In WLC

Aug 1, 2012

Running 7.0.220. There are several 'unknown' users every day reported in WCS. Investigating the connections on the WLC I find the clients are in a run state and passing traffic but there is no username listed on the client detail. (hence the unknown on WCS)
 
(mcm-189jsoc-wlc1) >show client detail 60:c5:47:07:b6:5a
Client MAC Address............................... 60:c5:47:07:b6:5a
Client Username ................................. N/A
AP MAC Address................................... 00:1e:13:42:16:a0
AP Name.......................................... mcm-208dorm-wap1

[code].....
 
Clients in this state are usually Apple products. From initial investigation it looks like the do authenticate with the ACS. r debugs to run, or fixes on the WLC? Perhaps there's a bug on this behavior?

View 11 Replies View Related

Cisco :: Authenticated Guest Access Of Apple Devices WLC4400

Apr 26, 2011

On my wireless network, I am running guest access that I want to have as authenticated. If I enable WLAN, security, layer 3 web policy, when an iPAD / iPhone connects, they get directed to the Web Auth splash page, on where they must enter username & password. My users do not want to be directed to this page everytime they login - just select the SSID and connect - is there a way of authenticating guests via a WLC4400 without going through the splash page everytime?

View 6 Replies View Related

Cisco Routers :: RV042 - VPN Error / Connection Refuses (Not Authenticated)

Sep 4, 2011

At this moment I'm trying to connect 2 router rv042 and i received the following error  message
 
(g2gips0) #23: ERROR: asynchronous network error report on eth1 for message to 190.199.164.144 port 500, complainant 190.199.164.144: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
 
in the other router i don't see any error . what would be the problem.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: 3750x / Dynamic VLAN Assignment For Wired Campus Network

Nov 23, 2012

I`m working on Dynamic Vlan Assigmenton the basis of end user authenticatedwhoc are part of specific AD Group in c ampus enviorment.Objective: Need to assign the vlan on switch port on the basis of authenticated users OU Group in Active Directory. Eg: There are 2 OU groups in AD, Sales and Administration. Authenticated user in Sales group should get Vlan 10 and user in Admininstration Group shoudl get Vlan 20.
 
Components:
 
Cisco 3750x/Cisco 4500
ACS Version 5.2
Microsoft AD

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved