We currently have 2 ACS servers ruining version 4.2. These are non-Cisco servers. How do I go about moving/rebuilding this on new and non-Cisco hardware?
View 2 Replies
I have three pier to pier computers (two Win 7, one XP). I have a new server on the way (HP Mediasmart EX495 with Window Home Server). What is the best way to gather all the files from the three machines and move them to the server and eliminate dedundancy? Is there an efficient and recommended procedure, or should I just block out a few days and hunker down for the big task...
View 4 Replies View RelatedI have redirected the IE Favorites folder to our network but I need a script to copy the Favorites to the new location.
View 2 Replies View RelatedWe have downloaded everything we need to (so i thought) now we are unable to connect to the internet, however we are told we need some type of ethernet driver i have downloaded one but it says we need to connect to the internet which is what we are unable to do.
View 1 Replies View RelatedWhat process I need to follow to rebuild my failover unit? I've had to turn it off because it seems that both the primary and secondary were thinking they should both be the active unit. I'm not sure why. But in turning off the failover, I had internet access again. So I think I want to rebuild the secondary unit's configuration. Do I need to turn off failover from the primary unit first? Disconnect the secondary unit, console into it and remove the configuration (command to remove from flash?)? Rebuild the interfaces..all interfaces or just STATE between the units? Just trying to get a list of the process
View 1 Replies View Relatedwe Bough new mcs server in order to install ACS 4.1,now acs is running on normal PC and its fully configured , so now i want to back up the acs database and the configuration file in order to install it in the new server so how to do that
View 4 Replies View RelatedI need to patch our ACS server to 4.2.0.124.17 from 4.2.0.124.6. My question is, do I need to apply the same patch to our remote agents? Cisco's documentation only states that both the ACS and the Remote Agents need to be 4.2.0.
View 1 Replies View RelatedI am wanting to generate a signing request for an ACS 5.3 box to send to a Microsoft CA. Is there anyone out there using a MS CA for eap-tls?
View 1 Replies View RelatedI'wont to upgade my ACS server 5.0.0.21 to 5.1 . I wont to use Active Directory . it's seem that in my curent version AD is not supported !
View 12 Replies View RelatedI am looking for any PDF, recomendation, link for best approach for secondary ACS as resiliency.
View 4 Replies View RelatedWe have enabled EAP-TLS authentication for our wireless LAN end user in our network setup , And we have defined certificate on our old acs server 3.3 from a third party CA . I want to use the same certifcate which is being used in 3.3 ,how i can copy that certficate from 3.3 and get it installed on new acs 4.2 .
View 7 Replies View RelatedQuestion on this, is 5.2 backwards compatible with 4.2 appliance? If not, what is needed to bring the 4.2 appliance up to 5.2 and will the VMWare version work for the second system with the appliance as primary? Years ago I had 2 of them and replication worked flawlessly, but we had to take the one unit offline for another project and have never replaced it.
View 3 Replies View RelatedWant to transfer email and email folders to a disk. I have Windows Vista on my computer and I use Comcast for an internet server.
View 2 Replies View RelatedIf i want to send a packet from one host to another host through a router, how will the packet be sent? I mean what are the stages that a packet can reach to the destination.
View 6 Replies View RelatedHow can I move the screen to the right because it is missing me a part so how can I do it?
View 1 Replies View RelatedCan I move my lynksys router to a new compuer and keep all the settings and MAC addresses that are set up or do I have to reset it and start all over again? I'm also installing a new modem.
View 2 Replies View RelatedI'm upgrading ASA firewalls from a 5510 (running 8.2.2 code) to a 5515-X (running 8.6.1 code). What is the best way to move the existing config to the new firewall? Can I simply copy it?
View 2 Replies View RelatedI have two ssid's on my 1130ag each with different security when I use wep I can get my email on my droid. When i connect to the second ssid and use wpk I can get to the in the Internet but my email will not move in Exchange.
View 3 Replies View Relatedim trying to move the config from an 3750 to 3750 PoE but without using the PoE options.I have allready download the config with tftp and upload it to the 3750 PoE. Now the new config is stored on the PoE switch but some of the old setting are still there. Not sure why, i think the config only overwrite the settings which are in the conf file and the setting which are not in the conf file but enabled on it will stay on the switch.After the upload of the config file I deleted all the config I do not need by hand.They are some settings i can't delete and I don't know why, this are the sittings:
1. each fastethernet port has this option: "no cdp enabled" this entry was no availble on the old switch, is the any possiblity to remove this entry?
2. the same for "no mls qos rewrite ip dscp"
3 and for this one "vlan internal allocation policy ascending"
I'm trying to move some configurations over to an ASA5510 and some of the commands are a bit different than I'm used to (worked on old pix before)
I've configured the following on the device:
Outside interface: 65.66.64.34/28
DMZ : 65.66.64.49/28
Inside : 10.2.3.3/26
===========================
The current firewall has the below configured on it (old Juniper)
10.2.3.0/24 gateway 10.2.3.15 **10.2.3.15 is the IP for 3750 switch on the inside LAN**
10.0.0.0/24 gateway 10.2.3.4 **10.12.175.4 internal vpn- will remove later but thats a different discussion**
0 0 gateway 65.66.64.33 **to internet
10.0.1.0 gateway 10.2.3.2 **10.2.3.2 represents mpls traffic
[code]...
The current set up for this network has an mpls router and a vpn concentrator as part of the network my aim currently is to replace the juniper with an asa5510 the changing of the vpn tunnels will be for a different time:
work station ===> switch (3750) DG to =====> MPLS (vendor owned and managed) ====> non mpls traffic ====> vpn concentrator ===>firewall ===> router
The above will need acls to go with the routes, which I should manage ok just want to make sure the routing is configured properly
configure AAA (Radius server, access list) There are two devices An access point and cisco 881w. It is necessary to set up authentication through a radius server. You can configure detailed how to do this?
View 3 Replies View RelatedI'm having problems settting up a Guest NAC server to authenticate administrative users against a ACS 5.x server. In the ACS RADIUS Authentication log, I can see the user authentication is successful.In the AAA Diagnostics log, I can see the following warning:An Access-Request MUST contain either a NAS-IP-Address or a NAS-Identifier or both; Continue processing.
View 2 Replies View RelatedHow to convert a 3140 CAM to a CAS ? if so what software / licensing would be required and is there a documented process
View 1 Replies View RelatedWe are using ACS 5.3 with two servers in a distributed solution.All logs are collected on primary server so when this server fails all logs are lost.How can I enable log on secondary server also?
View 2 Replies View RelatedI have a cisco ACS 4.0 build 27 on windows 2003 server . My site was working fine when i was having a AD on 2003 server . Recently i have migrated my AD servers is 2008 .
After the migration the ACS is not authenticating the users . Now i have made a server with 2003 and made the site working . I need a solution to make it work using 2008 server is there any compatiblity issue between ACS 4.0 and 2008 server .
I setup one acs v5.3 in one server in NYC and another acs v5.3 in SJC.I want to make the acs.nyc as primary and acs.sjc as the secondary, how do i setup it up?
View 1 Replies View RelatedI'm currently working on ACS 5.1 to use it as AAA server for Netscout NGenius.I followed a guide for ACS 4.2 and tried to replicate the configuration settings in ACS 5.1.
- created a host profile on network devices and AAA clients having the same shared key with NGenius
- added three (3) NGenius required attributes in system administration > configuration > identity > internal users
- added attribute values to Internal User database
- created an access policy:
* identity pointing to Internal Users
- edit serverprivate.properties in NGenius server to match the requirements
I would like to have NGenius authenticate via ACS 5.1, but as of the moment there is an error message that I receive:
Unicentified error, Code=16510, Details: AV pairs do not match NGenius format ::<insert tacacs username here>, Severity 1, Code: 16510.
When I tried to import the file, there are two lines there, One is Certificate file, the other is for "Private Key File".
My question for you is, is this the private key of CA? My understanding has always been that the private key stays in CA only, not going to any other devices.
I have deployed 7 appliances 5.2.0.26.4 CSACS-1121-K9 whose 6 are performing AAA authentications while the last one is is the primary and is the master for configuration and log collector.
Since this morning, I cannot access anymore the view where I can see all Radius authentication for today. I obtain the following message:The server workspace storage for on demand transient reports is full, please try again later or contact administrator to increase on demand transient report storage capacity?
Moreover, if I generate other report, I have the message:18002: iPortal generate report failed.I could find some information which makes references to a Cisco bug CSCtb98071, as below:
Launching a shared report in the ACS 5.1 Monitoring and Report Viewer displays an iportal error for a particular scenario.
#Symptom: You will see the following iportal error message when you launch a shared report:
#iPortal generate report failed.
#
#Conditions: This error occurs when you add a report to a group in the interactive viewer and save it as a shared report.
#Workaround: Avoid using the option Add Group from the interactive viewer for hyperlinked column entries when you save the report as shared
However, I am not adding any report to any group, so I don't understand why this error appears and how to solve it.
I had a working server running ISE version 1.1.0.665 but someone in the build room decided to pull the power out of the server rather than shutting it down correctly. I have booted the server back up however the web management page was not accessable. I have checked the server status and the end result is the Application Server in the "still initializing" stage. I have left the server for several hours and the status has not changed.
I know people have previously run into this issue but no one has posted any resolution or confirmed that a rebuild is the only solution. I have tried to create an on-demand backup but it seems to fail when attempting to provide the credentials (which are correct) for the FTP server.
getting a Cisco WLC to work with MS NPS server? We've done it before albeit with differnt code versions.
I have a Cisco 5508 WLC running 7.0.116.0 code hosting a WLAN configured for WPA2 with 802.1x for authentication. I have two Windows NPS servers configured as the RADIUS servers for EAP-TLS authentication. Via debug info on the WLC I can see the 802.1x handshake take place with the wireless client and the WLC as well as a successful transmission of an Authentication Packet from the WLC to one of the RADIUS servers. However on the WLC I see repeated RADIUS server x.x.x.x:1812 deactivated in global list and on the NPS server I'm seeing event log errors indicating "The Network Policy Server discarded the request for a user" along with the pertinent auth request info that I would expect the NPS server to receive from the WLC. Based on the WLC debug info I'm never actually getting to the EAP-TLS certificate authentication part. It seems the NPS servers don't like the format of the initial RADIUS authentication request coming from the WLC and so don't respond whcih in turn casues to WLC to switch to the other NPS server which produces the same issue.
I'm having issue with tacacs server(ACS 4.2), did the following test from the router:
Router1#test aaa group tacacs+ cisco cisco legacyAttempting authentication test to server-group tacacs+ using tacacs+No authoritative response from any server.I can ping the ACS server from this router though.
1 ) : Is it possible to do authentication with one ACS server while authorization with another ACS? Use case is if the user authenticated to one ACS server and then switch loses the connectivity to this ACS. Now command authorization requests will go to another ACS server since switch is not able to communicate to the 1st ACS.
2): How can the local database sync be acheived in distributed ACS deployments?
3): Are the accounting records are sync between different ACS? In other words can accounting be centeralised with ACS4.2
