users whose status is manually disabled don not have difficulty in authenticating and access managing nework devices. that makes me wonder what is the difference between status enabled and disabled?
View 44 RepliesWe currently have a distributed PR and DR ACS 5.3 setup, set up with tacacs devices and one radius device.The radius device is used Opnet's AppResponse Xpert Admin. We are trying to intergrate AppResponse Xpert Admin with ACS.
The GUI for AppResponse Xpert Admin is asking for the radius server ip address - i.e our ACS , radius port - i.e 1812 and "secret" - I'm guessing this means the shared secret of the actual ACS itself (not the shared secret used by network devices) .
On our ACS 4.2 systems we have a field for a shared secret regarding the ACS server itself (to authorise replication?).
Using the search function for "Shared Secret" in pdf "User Guide for Cisco Secure Access Conrol System 5.3" has only found references to setting one for network devices and not a field for the ACS itself.Is a ACS server shared secret still relevant for the ACS 5.x system?
between fields in import template file (add or update) for internal users is no column for expiration date ([URL]). This field is not defined also for export file.
My question is: (How) is it possible import new users (or update existing) into internal db with expiration date field?
Environment :AP 2602, WLC 5508 V7.4, ISE 1.1.2, Prime Infras 1.2
For a specific SSID, we use MAC address as 1 of the conditions to authorize access only for the company-owned mobiles (smartphones and tablets), the other condition being, for the mobile, to present a valid AD user/password;this way, the so-called BYODs are rejected since this is the rule within this company ;The difficulty with this approach is the fact that there is no way in ISE Identities Endpoints nor Groups to associate a user-friendly name to the MAC address of the mobiles, which makes very tedious some actions such as a search in the ISE authentication Log based on the MAC address value itself;the question is just to know if it is planned to add a new field in Identities Endpoints definition that would allow to associate a user-friendly name to a MAC address, for future ISE versions,
I have a number of users who are failing wireless authentication. Using the troubleshooter i notice that its show message that Active Directory servers are not available. Under the Identity stores when i check on the connection status it shows disconnected. When i click on Test connection it shows successful. This ACS is a secondary. It has happened before and i removed it from the ACS cluster, rebooted it and rejoined it. Ran test connection and it showed "CONNECTED". Now it keeps showing disconnected.
View 6 Replies View RelatedAccording to traces collected in mt ACS SE 4.2, it would seem that the underlying software does not support the RADIUS Status-Server request. Is this request type is supported in version 5.*?
View 2 Replies View RelatedI have a very unusual issue with my installation of ISE on my VMWare ESXi 5.0 environment. but whenever I issue the command "show application statuse ise" I get the following output:
ISE Database listener is running, PID: 13675
ISE Database is running, number of processes: 27
ISE Application Server is running, PID: 15163
ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory
ISE M&T Session Database is not running.
ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory
ISE M&T Log Collector is running, PID: 15379
ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory
ISE M&T Log Processor is running, PID: 15457
ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory
ISE M&T Alert Process is running, PID: 15296
I know that very few people have their wireless controllers on version 7.4.100. But has any one noticed that the NAT IP address field in the management interface configuration menu is missing?, although it is mentioned as being present in the WLC 7.4 configuration guide. This would definitely affect Office-Extend.
View 4 Replies View RelatedI'm running VPN SSL on an asa 5520 (V8.2.5) with LDAP authentication and everything works fine but now the AD people changed name in the groups and they added a " " "blank" in one of the fields so when I configured the group I get an error.
for example:
map-value memberOf CN=VPN_SSL_ABC,OU=External,OU=XXX,DC=ext,DC=local ABCPolicy
but this does not:
map-value memberOf CN=VPN_SSL_ABC,OU=External Group,OU=XXX,DC=ext,DC=local ABCPolicy
Is there any way to insert a space in the OU field?
The URL field in the web access log has a length of 70 characters. Is there any way to increase is[INFO] Mon Jun 13 21:30:30 2011 Website1234567890012345678900123456789001234567890012345678900123456789001234567890 accessed from 192.168.xx.xx
View 2 Replies View RelatedI have upgraded my new WLC to version 7.0.98.218. I noticed the N/A for the Field recovery version. On my old 4402 it is called the Emergency Image Version, and it is 5.2.157.0
How do i get a recovery version on the WLC?
I have added all of the devices to DCR and they show up with their hostname value in all of the device trees except for the fault manager views. In all of the fault manager views the hostname is not being used for the Devie Name field, rather the IP address is being used.
View 6 Replies View Relatedi need to add a lot of mac addresses in mac addr filter table. many routers do not allow me to add a note for each mac address. that makes management a bit difficult.
eg.
field 1, field 2, enable
xx:xx:xx:xx:xx:xx , peter pc, y
xx:xx:xx:xx:xx:xx, mary pc, n
Geting this message, having low performance and overrun errors Apr 29 13:45:59 pix-servidores %PIX-4-500004: Invalid transport field for protocol=TCP, from 188.120.243.238/80 to 174.56.110.0/0
View 3 Replies View RelatedI would like to know if there is a way I can use an XML file to pre-fill the connect field of the Anyconnect client version 3.0. In the past, I have been able to use an XML file to pre-fill information in the NAC agent so I could push it out to clients who didn't have administrator rights to their box. I was wondering if there is a similar method to do this with the Anyconnect client.
View 1 Replies View RelatedIs the 5512 able to be field upgraded to a 5515 and so on through 5555? I.E. Can I add ram and other hardware to make the boxes more powerful as my requirements increase? I was hoping this would have been a new feature with the ngen firewalls.
View 3 Replies View RelatedDoes anyone know of some off the shelf (commercially available) software that will set the DSCP field to something other than 0? Im looking to do some network testing using any off the shelf software, voip, games, whatever. I have already setup a traffic generator but my testing needs to encounter a more real life scenario. I have already tried many games, skype, gchat, etc. but nothing sets the DSCP field to anything other than 0.
View 4 Replies View RelatedI did not know the username and password for my DI-524 so I wanted to do a reset...used a paper clip and held the reset button for ten seconds, unplugged it, powered it up, and as per online instructions tried to type in 192.168.0.1 to access the username and password field so that I could enter "admin" and blank password. Here's where my lack of knowledge comes in. I am working off a MacBook with no Ethernet connection, just wifi. Is what I am trying to do even possible? Or does the computer I configure the router with have to be hardwired to the Internet while I do it?
View 1 Replies View RelatedI use SNMP and I dont have access to a router to test.Can the SNMP Trap to: Field in the SMNP section be configured for multiple IP addresses.?
View 1 Replies View RelatedI am begining to work to apply Qos on switchs (C2960 & C6500), and I still have a doubt about the necessity to consider the cos value. I indeed want to apply Qos for ToIP, Video, perhaps create a scavenger class, ans in all cases, I classify my packets with TCP/UDPB port and mark them with DSCP. So is it really necessary to study all the DSCP/CoS mapping problematics ? Is it not possible to make the configurations only on the base of the DSCP field?
View 3 Replies View RelatedRegion : Germany
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : V1
ISP : Kabel Deutschland
the firmware offers 3 different dyndns services. But opendns is not included, also there is no free field to choose protocol, server, password and network. Will this be updated in further firmwares?
On my Switch (3750), i have a host connected. Checked the interface status and it shows as "connected". However, when i tried checking the MAC connected to that interface, its not showingI have my Switch (3750) connected to a Router (3845). On the Switch, i have a printer connected in an interface. I am seeing the Printer's MAC associated with the switch port. However, when i checked the ARP table; no entry seen for the Printer's MAC. What are the possible reasons for this? We have several same kind of devices connected to network and they are fine.
View 5 Replies View RelatedI do terminal monitor on my 4500 switch.I can't see the status of the interface ( when it become up or down)What is the problem? I need to add a command?
View 3 Replies View RelatedI want to use 1841 router for implementation in one project but I could not find out from where I can get End of Sale, End of Life and End of Support details for this router, any links so that I can dig out Cisco is maintaining these details at some of its portal but where.
View 10 Replies View Relatedrequesting information via SNMP from my two stacked C3750X, running IOS 12.2(55)RE5. The stack is up and running and everything is just fine. There are three PowerSupplies installed with a PowerStack, also running like expectet.My problem ist to get the status-information about the chassis-fans. I couldn't find any information about the OID and the search results only in some non-useful information about the MIBs from Cisco which delivers only three information about installed fans (and fan-containers), so I guess these are the information about the fans included within the powersupply?! The chassis-fans are installed and the LEDs are green for all four fan-mounts, up and running.
View 4 Replies View Relatedi have a router 1841 series and LMS send me amessage telling me the VPN AIM is not working on thsi device and i want to check the status of this VPN card
View 1 Replies View Relatedrecently my internet connection shows the status i mentioned.in cmd ,typed Ipconfig/all and all ip are 0.0.0.0, I Tried to renew the ip by ipconfig /renew it tells THE RPC SERVER IS UNAVAILABLE.and also tried to start DHCP CLIENT in services.msc and got ERROR 1068 : the depency service or group failed to start.
View 14 Replies View RelatedI updated the firmware of my DIR601 to 1.02NA, it now only show NA under status for WAN, even though its connected (PPPoE). It worked with 1.01NA. I tried rebooting the router but no effect
View 1 Replies View RelatedI would like to find out what the status is of the Cisco 7204 VXR and 7206 VXR routers?I understand they are EOLife and EOSale.Are they also EOSupport? we planning to upgrade 3 of them in our environment and management requires feedback around this.We thinking of going the ASR1000 route..
View 15 Replies View RelatedI think change to c7206xvr G2's. Because I have got 2 GB active traffics. I will buy c7600 router. But I saw c7600 routers since 2001 for the referance guide. When is it c7600 router end of life time?How do I chose equipment?
View 7 Replies View RelatedWe have a Cisco ASA 5520 in HA (Active - Standby). We monitor the CPU,Memory Utilization and Active Session via SNMP polling.And SNMP trap for linkup ,linkdown and Cold start.Our requirement is to monitor the HA status and whenever there is a change in the HA - Failover we have to get a snmp trap.What are the configuration need to be done on the cisco asa.
View 3 Replies View RelatedWe configured sa520 load balance with 2 isp 2mb+2mb how to check the status of the load balance on sa 520 .
View 1 Replies View RelatedI have cisco router 887VA.Question is when i connect that WAN port ( eth0) with any switch or laptop/pc i do not see the port in up state. What can be the reason.I have done "no shutdown " on interface level and there is no configuration on interface except the IP address , but it show " up down "state even the port is connected to some device. ( Is the port is faulty or some other reason).As per my concept it should show up state when we connect to some device ( Like router / switch / laptop).
View 6 Replies View Related