Cisco Application :: ANM 5.2 Authentication Failure
Apr 15, 2013
I'm using the Cisco ANM 5.2 version and I'm trying to import the configurations from ACE modules of Cisco switches. The first step is to import the configuration from Cisco switch and the second one is to import the ACE module in the ANM software. I'm getting an authentication problem to import the configuration from Cisco switch and of course I cannot import the ACE as well. The switches and the ACE are using AAA authentication and I have created a specific username to authenticate and import the configurations in the ANM. If I remove the AAA configurations from the switches and ACE modules it works fine.
Is there some problem with the AAA configurations in the switches or ACE module?
View 7 Replies
ADVERTISEMENT
Jan 1, 2013
I have a following question. I configured different authentication passwords in Master and slave VRRP setup.
View 2 Replies
View Related
Oct 24, 2012
I am trying to get CiscoWorks LMS 4.0 to connect to my routers in order to back up configurations, but I am getting SSH authentication failures reported in the router logs (and archiving fails).
The credentials LMS is using is a username and password with priviledge 15: the account is established in TACACS+. I can log into the devices directly with this user account.However, I cannot TFTP from the routers to the LMS either (I get a permission denied message in the router).
LMS did manage to fetch some configs, but 90% of my devices are having this issue.
View 4 Replies
View Related
Jun 13, 2012
Error: AAA Authentication Failure for UserName:radiususername User Type: WLAN USER
I am using a window radius server. I have added my WLC 4402 as a radius client on my radius server.
I followed the instructions on the MS link : [URL]
I want to use my windows raduis authentication for WLC management login and Web-Auth for guest WLAN user login.
View 2 Replies
View Related
Dec 26, 2012
I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
Then I have change the profile XML file of my anyconnect in this way: [code]
View 1 Replies
View Related
Aug 3, 2011
I've set up several local network users (Security > Local Net Users) on the WLC (5508 running 7.0.98.0). Whenever I try to connect with one of these user accounts (I'm testing this out for now), the attempt is unsuccessful and I see an "AAA Authentication Failure for UserName: xxxxxxx User Type: WLAN USER" in the Trap Log. I thought that after trying to authenticate through a RADIUS server, the local user database would be polled and then a user account in that database would be able to authenticate.
View 1 Replies
View Related
Aug 24, 2011
I've my ACS linked with AD to give administration access to few network devices and I've created an access policy to link my AD groups with those network devices and command sets.
Unfortunately I found I can use any user from my AD to login to my devices. Only LOGIN, the authorization definition is restricting the command set for those users.
How can I restrict the LOGIN to an specific AD group?
View 2 Replies
View Related
Jul 31, 2012
I have a Cisco Small bussiness RV120w and I setup the radius server , WPA2 Enterprise with a windows 2008 NPS radius server . The big problem is that the authentication fails .This is the error that I see in event viewer / server roles / Network policy and access services: reason-code 49 "The connection attempt did not match any connection request policy".The radius key is matching between the server and the client . The radius server is reachable and I don't find any routing issues .Does anybody tested this router with this type of wireless security?
View 3 Replies
View Related
Nov 22, 2011
we have ACS 4.2 and 2851 router with IOS 15.0(1)M4. There is authentication failure with error no 254. Is there any compatibilty issue with 15.0(1)M4 IOS
View 1 Replies
View Related
Jan 22, 2013
I have Ace 4710 version A4.1.1 and I am experiencing interesting problem with GUI and SSH reachability. I am unable to connect to management vlan3000. Interesting is that I can ping from ACE to network but unable to ping or SSH or HTTPS to ACE. Everything seems good. ARP is ok, switch is OK, line is up, protocol is up. Management is enabled for icmp, https, ssh to any.
When I do show interface I noticed line Config download failures : 9.
Hardware type is VLAN MAC address is 00:1e:68:1e:bc:db Virtual MAC address is 00:0b:fc:fe:1b:01 Mode : routed IP address is 10.168.0.18 netmask is 255.255.255.128 FT status is active Description:Management VLAN MTU: 1500 bytes Last cleared: never Last Changed: Mon Jan 21 16:48:54 2013 No of transitions: 5 Alias IP address not set Peer IP address is 10.168.0.19 Peer IP netmask is 255.255.255.128 Assigned on the physical port, up on the
[Code] ....
View 7 Replies
View Related
Jan 29, 2013
I have been noticing in my trap logs that there are an excessive amount of Client Association/Authentication Failures. I cannot figure out why. I have a Cisco 5508 WLC with 81 AP's (1131ag, 1142abgn, 1262N) models. The wireless devices are on a Windows Domain and use 802.1x EAP authentication, authenticating the user and computer info with a RADIUS Server. I look at the logs and all it can tell me is Reason:Unspecified ReasonCode:1. I read that the Reason Code is due to "Client associated but no longer authorized" but to be honest I am not sure what that means.
View 9 Replies
View Related
Jul 25, 2012
I have a question about ACS RADIUS authentication with Alteon 3408 L4 Switch.
I configured a ACS 4.2.1(build 15 patch 4) software for windows on Windows Server 2008 Server STD.TACACS authentication with CISCO product was successfully passed.but RADIUS (IETF) authentication with NORTEL 3408 Switch was failed. ACS Authentication Failure Code was a " ACS password invalid "
I read the post that RADIUS VSA is needed in my environment.but i can not search any sample Nortel VSA dictionary configuration. Need Notel specific VSA configuration.
View 4 Replies
View Related
Nov 12, 2012
I have a ACE4710 setup to load balance a couple of web servers. The real servers all show as inservice as do the propbes and serverfarms/virtual servers. If I ping the Virtuual server ip address I get a reply but it I try to access VIP via telnet or web browser. I get a connection could not be open error on the client.The question is how do i determine where the error is comming from so far I can not tell if the client is getting through the acl or not.I have used the trouble shooting guide and nothing has worked to determine the cause so far. show service-policy int479 detail does not show an increase in the hit count when I try to connect.show stats conn does not show an increase in failed or timed out connections when i try to connect. [code]
View 3 Replies
View Related
Jun 23, 2011
recently when i run the commit vip redundancy script, i encountered the following error. This script has never failed in the past. Upon checking the backup CSS, i did notice that my most recent changes were actually synced. The following is the debug i have captured while running the script.
active-lb# script play commit_vip_redundancy "local 167.168.165.10 remote 167.168.165.9 -a -d" active-lb# Checking available disk space on systems ... Checking the disk space locally before continuing with the script. Verifying that another local session is not running the script. Creating script/vipr_config_sync_lock file. Verifying app and redundancy configs ... Verifying that app session is up with backup switch. Making sure app session is up. Seconds to wait before calling it quits: 60 Checking the disk space remotely before continuing with the script. Checking local and remote switch versions ... Storing the running code versions of the local and remote switch. Storing the local switch's version. Retrieving the remote switch's version. Checking remote version for 4.0 Checking if switch is BACKUP for any virtual routers and if the state is 'No Service'. Checking vip redundancy state.... Checking if backup switch is Master for any VRIDs. If it is, either a local
[code].....
View 1 Replies
View Related
May 14, 2011
Is there a way to configure an email notification for a specific authentication failure? Specifically, I'd like to see if I can have an email notifcation sent to me when failure reason is "13017 Received TACACS+ packet from unknown Network Device or AAA Client".
View 1 Replies
View Related
May 3, 2012
Just installed 2 E4200v2's for a customer today. Was very optimistic because they worked great in my lab, both for my Win7 laptop a MacBook. And after installing 1 on-site and testing w/ my laptop, it worked fine.BUT problems arose when I installed both at the same time (I don't think I ever did this in the lab) and then I tested some computers. Every computer that I tested (except mine of course), cannot authenticate correctly using the WPA2 password.
For the Mac's they get the error "The wi-fi network... requires a WPA2 password" then after entering the *correct* pswd, it says "Invalid password". They're a Mac shop, but I did try one other Win laptop and that also had a problem, and the error was something like "security mismatch" although I was rushed and didn't write it down.
View 2 Replies
View Related
Jul 17, 2012
whether Cisco GSS 4492R supports NTP authentication. GSS Software version : 4.1.0.0.28
View 1 Replies
View Related
Jun 10, 2012
We are deploying a Microsoft Exchange 2010 server environment, which will have a ACE 4710 front end. What we are finding is that if a server goes down, a client will need to re-authenticate to a new server. The server team has informed me that if they use Microsoft SLB this does not happen. They have also mentioned that we are getting basic authentication, rather than NTLM. As a result I have read several posts/articles which mention forcing NTLM on the ACE, but none go into real detail.
A couple of official Cisco documents point to having the Exchange Server, and Client both set to use NTLM. So on the server you do not need to select MAPI encryption. I am told this is not an option here, because a multitude of clients are supported, from Outlook 2003, through to 2010.
View 1 Replies
View Related
Nov 5, 2009
Is it possible to deploy the CSS11501 in one arm design to loadbalance the authentication traffic Radius across CSACS servers which is on UDP 1645 or 1812 port, is it required to configure the NAT or not, if yes how can define the shared secret in the CSS. also tell me how to configure the keepalive for udp traffic in this scenario other then default icmp keep alive
View 2 Replies
View Related
Dec 3, 2012
Everytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
If I run show download info, I get:
context : context1
Interface Download-status
--------------------------------------------------------------
187 In Progress
199 Pending
Regex download optimization status : Couldn't get status[TNRPC Timed out]
It eventually seems to complete, but it takes a very, very long time. We are running Version A2(3.5) [build 3.0(0)A2(3.5)].
View 2 Replies
View Related
Mar 27, 2013
Report run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.
View 6 Replies
View Related
Apr 3, 2012
I am taking an introduction class to CCNA and we are focusing on the Application Layer,and I'm having some difficulty in understanding what is an Application Layer Service. Is the Application Layer Service the same as Application Layer Software?
View 3 Replies
View Related
Jan 10, 2012
I know that CW Common Services 3.3 does not work with pre-defined roles on ACS AAA. So I followed these forums and enabled non-ACS AAA and selected TACACS+. I have a single rule that is matching in my ACS (after looking at the audit trail):
Authentication Details
Status:
Passed
[Code]....
As you may have noticed even though it is matching an access service that allows Priv15. That doesn't seem to be passing through as you can see on top I am only receiving Priv 1. What can I do to properly pass through the access service profile?
View 2 Replies
View Related
Jul 16, 2011
In our company we are using Ciscoworks LMS3.0.( DFM 3.0.1, RME 4.1.1.) In DFM, every day at 8:00 PM we receive alarm authorization failure on Core switch ( source is cisco works server IP).
View 6 Replies
View Related
Jan 27, 2013
Whenever I try to open multiple sites, I will get a DNS lookup failure. Whenever I torrent something, websites give me a DNS lookup failure. Watch Youtube and open anoter site, DNS lookup failure. It seems that when I try to use too much internet I crash something... which doesn't make any sense because this problem has only come up recently. The only thing that I can think of is that I was messing around with the DNS to be able to connect to the American Netflix (I'm Canadian). I was using a site called "ZenOK" I believe, which gives you a server to connect to, and then a week later tells you it's no longer free (which they didn't mention in the signup)... so I removed the DNS number in my internet protocols, but I still get American Netflix.
View 14 Replies
View Related
Jul 12, 2011
we cant create EoX and PSIRT reports For Job-Log please see attached 1007.1.log.Patch lms40x-win-CSCto46927-0 has been installed already.CCO-Credentials + Proxy-settings in LMS must be oK, because we are able to auto download device packages for instance.
View 4 Replies
View Related
Nov 23, 2011
We have several unknown devices within our inventory. When running an inventory report the message I get back is "No Credentials available".
For inventory checks is it just SNMP that is used or is it the standard credentials that are needed ?
I am planning to edit the credentials for the single device manually to see if this makes a difference. Our integration is with ACS and we have a machine account with admin priveleges.
Device Verification for the device states "Device Not reachable" for SNMP and SSH. There are no drops on any of our firewalls but snmpwalk does work from the command prompt from the LMS server.
Are there any further checks I can make for these 2 messages:
* "No Credentials available". * "Device Not reachable"
View 2 Replies
View Related
Apr 19, 2012
I manage a small business with 10 computers running off my network. They are all connected to the internet through a RV016. We recently created a new website and purchased a new domain through In Motion Hosting. I have a randomly reoccuring issue, usually in the morning, that seems to resolve itself after a couple hours on it's own. I have dealt with tech support from In Motion Hosting and my ISP who have both come to the determination that the problem lies within my gateway.
When I attempt to log on to my companies website [URL] my browser is unable to locate the webpage. Also, if I try to access the website for In Motion Hosting [URL] or to access our webmail [URL]I am unable to do so because the DNS lookup failed. I can view any other web page on the internet without a problem. I can not ping or tracert either website successfully, however when I called In Motion Hosting and got the IP addresses for the two I was able to ping and tracert them without a problem.
As I said the problem happens randomly and seems to resolve itself within 2-8 hours. However we are unable to access our email during these "blackouts" which is becoming a huge problem.
Is there a setting within the RV016 that might be causing this to happen?
View 6 Replies
View Related
Jan 15, 2013
I have Samsung Tablet Windows 8 32-bit I installed VPN Client Version 5.0.07.0410 successfully installed, but I cant connect through the profile always got Driver failure 440.
View 3 Replies
View Related
Nov 14, 2011
Some times the ISP side interface remains up with a failure of internet. At those situation how we can efficiently track the ISP failure from asa 5510
View 2 Replies
View Related
Feb 20, 2012
After I upgrading all device packages, inventory collection failure to complete. All devices stuck on pending state and at the end of the job all devices are under not attempted and job result description ses " Timed out. Make shure that ICServer is running". I made sure that ICServer is running.
LMS runs on windows 2008 R2 server
View 10 Replies
View Related
Feb 20, 2011
I'm trying to upgrade a 3750-24TS from c3750-ipservices-mz.122-25.SEE2 to a more recent image. On the first pass, I got
Error: There is insufficient space in flash: to install the requiredError: image. Clean up some old images, and try again.
So I used the delete /recursive flash:image-dir-name to clean out the old files, but I'm still getting the same message after doing this. What's the problem? Now I have a switch with no IOS and need to at least get something on there.
Switch#sh verCisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Fri 28-Jul-06 08:46 by yenanhImage text-base: 0x00003000, data-base: 0x010CE290ROM: Bootstrap program is C3750 boot loaderBOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)Switch uptime is 1 hour,(code)
View 16 Replies
View Related
Mar 25, 2013
I recently bought a Cisco WAP 321 for my company, but when i connect it to the network, the switch on which I connect crashes, and I lose all connectivity to the network, (internet also). i have to unplug the WAP321 and wait for a few minutes to be able to use the network again.
I'm currently using a small 8 port switch, There are usually 3 or 4 users connected on it. When I try connecting the WAP321 on another switch, only connected to 1 computer, it seems to be working : I can access the configuration page, and make some modifications.
View 1 Replies
View Related
