Cisco Application :: Switch Is Not Able To Authenticate Itself To ACS 1121
Jul 30, 2011
The user "shreedhar" is getting authenticated locally and not through TACACS+ (Cisco ACS 1121 appliance running ACS 5.1).
In the switch, after entering credentials, the switch says, "Authentication failed - login using local mode". (Not the exact message but close enough!).
In ACS 5.1 -> Monitoring and Reports->Dashboard->My Favorite Reports->Authentications-TACACS+, I am getting the following error, "13011 Invalid TACACS+ request packet - possibly mismatched Shared Secrets".
Configuration in switch is as follows:
feature tacacs+
username admin password 5 $1$joEvYokP$5wZ1mtpBlxuoKMEWbFzRY1 role network-adminusername shreedhar password 5 $1$x8u5N4IR$NbVcY1u6CuoXYkMgXs60l/ role network-admin
tacacs-server key 7 "Ti!23456"ip tacacs source-interface loopback0acacs-server test username demo password demo123 idle-time 3 tacacs-server timeout 10tacacs-server deadtime 5tacacs-server host 192.168.31.11 key 7
[code]....
Is #the encrypted TACACS+ shared secret key from switch not being decrypted by ACS 5.1 as it requires a clear-text password? Could it be the reason for the above error?
View 1 Replies
ADVERTISEMENT
Apr 14, 2013
We have had an active ACS unit for many years now, and we've added a second one, both are 1121 Appliances. The newer one came with 5.4, so we upgraded the older one to 5.4.
We setup replication between the two, with the newer one primary and the older one secondary. Problem is, windows based clients are unable to authenticate to the older ACS appliance. The only problem we can see is that it indicates that adclient is not running, under Monitoring & Troubleshooting, ACS Health Instance Summary.
So... been trying to figure out how to correct this, yet have been hard pressed to find a knowledgebase article that works. So far, Cisco hasn't added my smartNet on the new box so I can get some support?
View 6 Replies
View Related
May 29, 2013
We upgraded a CSACS-1121 from ACS 5.2 to ACS 5.4 with CLI Application upgrade ACS_5.4.0.46.0a.tar.gz FTP After ACS reboot, services never start... After 15 hours, we always get same message:
ACS/admin# show application status acs
Application initializing...
Status is not yet available.
Please check again in a minute.
We installed patch 5-4-0-46-2.tar.gpg but we got same issue for 2 hours ...What could I do?
View 4 Replies
View Related
Nov 4, 2012
In a cluster of redundant ACE-4710, version A5(1.2), the graphical Device Manager on the primary ACE cannot authenticate users. An error message is displayed :The strange thing is that the standby ACE Device Manager work correctly. Moreover, both ACE are perfectly synchronized :
CH01AC03/P-115-A# sh ft group summary
FT Group : 14
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 200
[code]....
View 2 Replies
View Related
Apr 29, 2012
I'm doing some testing with ACS server on my windows box and I can't seem to get a barebone radius authentication to work with ACS internal users. I tested the same configuration with TACACS and it works fine, so there's something missing or misconfigured in my setup.
I have a cisco 3550 switch that I want users to login using their ACS username/password.
SW1
username cisco password 0 cisco
username admin password 0 admin
[Code].....
View 2 Replies
View Related
Sep 12, 2007
Trying to authenticate a Wireless 1242 AP to a switch port with Dot1x enabled. It seems like the switch can't get the mac or doesn't ever start authentication for the port when I plug in an ap. The ap is configured to pull dhcp on start for fa 0, however never gets an address, even though the port should fail into guest network after auth fails.Any thoughts,, a debug only shows this...
*Mar 1 00:19:27.127: %IF-3-VLAN_NOT_CONFIGURED: Received dot1Q VLAN tagged packet on interface which does not have VLAN configured.
View 3 Replies
View Related
May 2, 2012
I have a cisco nexus 7000 switch and a cisco ACS 5.2. I would like to setup the switch to be able to authenticate users with tacacs+ using RSA secureid tokens when they try to logon to the switch.
View 1 Replies
View Related
May 23, 2011
I had meeting with security auditor for a customer, he told me that i need to enable SSL3 on content switch as his scanning found that all network is working on SSL2.I could not understand his view and then when i found the content switch documentation, it is mentioned that SSL3 is default enable on content switch."By default, the SSL version is SSL version 3 and TLS version 1. The SSL module sends a ClientHello that has an SSL version 3 header with the ClientHello message set to TLS version 1." Do i have to do some kind of configuration to enable SSL3 or its enable by default ?
View 3 Replies
View Related
May 23, 2011
When we do self diagnostic test for WAE connected to the 6500 switch i get warning as below. Due to this alert there is no major acceleration benfits by the WAAS
Test WARN [tfo] WARN ASYMMETRIC Asymmetric routing is seen in the device Action: Check router's network configuration and WCCP redirection on the router.usevwa1#
6509 switches has only L2 capability and does not do WCCP redirection. The WCCP re-direction is done by 2821 routers.Is there any command which needs to be given in 6500 switch to solve the issue
View 1 Replies
View Related
Jun 13, 2011
We have a legacy client/server application, an OCR system. The server runs on Windows 2003 R2. We have client machines running happily on Windows XP.We have for a while had problems with getting the clients to run on Windows 7. Some machines wouldn't work, others worked intermittently, one worked consistently. By a process of elimination I discovered that the one working consitently was on a desk where we had put a small 8 port 3Com gigabit switch on the desk to give us more network ports. If I move this switch to any other desk to one of the non-working clients and connect them using the same uplink but going through the desktop switch they start working.The XP clients work fine using any of the network switches. None of the 100+ devices on our network (desktops, laptops, VoIP phones, printers etc) are showing any other signs of network issues, only this OCR application. The application was last updated in 2004, so was not designed for Vista or 7, essentially the vendor is no longer updating it, but say that as far as they are aware it works with Windows 7.why adding a 3Com 3c1670800B switch between the client and the rest of the network should make the application work with Windows 7. Whilst I have a workaround for the problem I'm uneasy that I don't understand the root cause, and if I was to press ahead and move the client machines to Win7, the whole system depends on a single piece of kit that's now discontinued and I only have one of. It all seems pretty counter-intuitive to me that an application should be sensitive to low level network hardware.
View 7 Replies
View Related
Jan 12, 2013
i have configure new ACE 30 module on top of 6500 core switch , the issues am facing whenver i want to access to https://ACE_IP and after i enter the user name and the password , it's forwared me to the follwoing page: is there anything should i configure to avoid this page ?
View 1 Replies
View Related
Jun 2, 2011
In change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway.Issue is while connecting specific application like team viewer in which application tried to send keepalive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
View 1 Replies
View Related
Nov 12, 2012
In change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway. [code]
Issue is while connecting specific application like team viewer in which application tried to send keep alive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
View 33 Replies
View Related
Mar 27, 2013
I have 2 pair of 11501 switches and 1 pair of 11503 switches on 3 sites(LA, China, Taiwan).Each site has a pair of 1105x switch running as redundancy between them and is a standalone which will not interact with others.Recently a series of interfaces(ports) down happened to every active 1150x switches without any reason and log.Especially today, it happened to active switches at 5:39 AM meanwhile on 3 sites.
View 3 Replies
View Related
May 31, 2013
It's impossible to use acs 5.2 recovery DVD to cisco 1121 acs 5.1?
View 7 Replies
View Related
May 1, 2012
I wonder if you can migrate the cisco ap 1121 by WCS, could not find any specific documentation.
View 3 Replies
View Related
May 15, 2011
integrated the Cisco ACS 1121 with 5.1 and AD and been able to use multiple policies to permit or deny access to different NDG? I am able to authenticate agains AD but I am having an issue with getting the policies to use the user memberOf attribute to set access levels.
View 1 Replies
View Related
Jul 1, 2012
How to know the Red Hat OS version in the ACS 1121 appliance?
View 1 Replies
View Related
Jan 6, 2012
It has been more than a year since a customer bought a Cisco ACS 1121. It was unpacked then and the PAK is lost, no where to be found. Is there any way to retrive the lost PAK ?
View 19 Replies
View Related
Jun 7, 2013
I have a clarification related with ACS 1121. Client needs a solution for ACS feature, instead of investing on ISE Base, is there any model exists as ACS appliance only. I believe ACS 1121 is going to be EOS and it says SNS 3415 is the replacement model .
What I am confused is , It is an ISE as well as ACS and there is separate licensing for ISE (as base and advanced). What should i do , if i need to select SNS 3415 as ACS appliance ? is it built in or should i need to add anything extra ?
View 3 Replies
View Related
May 2, 2011
Newly shipped cisco ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ? .
My ACS BOM details
CSACS-1121-K9
ACS 1121 Appliance With 5.1 SW And Base license
[code]....
View 2 Replies
View Related
Mar 27, 2011
how to configure LAN teaming in Cisco ACS 1121. My requirement is to have virtual IP in the server with two physical IPs in the available 2 interface in the server.
View 1 Replies
View Related
Mar 26, 2012
I am trying to add ACS 1121 (ver 5.3) to monitoring and seems that MIB are missing. Need MIB for this device which I can use in monitoring tool.
View 1 Replies
View Related
Nov 28, 2010
I have a problem upgrading an appliance CSACS 1121 from version 5.1 to 5.2 because restore DVD has image of 5.1 not 5.2 and in cisco.com appears only two files 5.2-0-26-1.tar.gpg and ACS_v5.2.0.26.iso, the first image is a patch and the second I'm not sure if is image for version 5.2, in case if appropriate which would be the correct commands to perform the upgrade using CLI.
View 4 Replies
View Related
Aug 13, 2012
I have 5 installations of ACS appliances (ACS 1121 running ACS 5.3). Is there a way to monitor them via SNMP? The AD client keeps dying on one of them, and even with the newest patch it's not up. Also, i want to monitor them up/down, CPU, memory... basic network monitoring to make sure my devices are healthy.
Any one know if that can be configured? I figured i'd ask here before opening a TAC.
View 2 Replies
View Related
Aug 11, 2011
Is it possible to have Dual NIC on ACS v5.2 such as teaming or any else??
I am thinking of connecting the two NIC on the CSACS-1121-K9 appliance to two switches on the same network, but wondering if it will be possible or not.
View 1 Replies
View Related
Jun 3, 2012
I have an issue with applying a patch to an ACS 1121 appliance running version 5.2.0.26. I have 5 units that needed updating and the first one is the unit with the problem. The subsequent ones updated with no issues.
When I do a show version the 5.2.0.26.10 does not show. When I try to do a reinstall I get back patch all ready exists. When I try to do an uninstall I get back patch does not exist.
Is there a command can wipe out patch 10, so I can start over? The CLI factory-reset only wipes the web configuration not the running-config or IOS.
View 7 Replies
View Related
May 29, 2013
My customer has an ACS 1121 version 5.4. Now we want to install a secondary ACS 1121.
View 2 Replies
View Related
Mar 18, 2013
We are currently running a ACS 1113 with version 4.2 software. We are going to replace the 1113 ACS with two 1121 ACS.
View 1 Replies
View Related
Nov 11, 2012
We have a WLC 4404 with about 85 1121 and 1241 APs. - I just added 6 new 3501E with Antennas, and configured the a new SSID, but non of my clients can connect to any of the 3501s. One solution from a tech was to update the NIC drivers. I verified that all test clients are 802.11N and sometimes they find the 3501 but often they switch to another of the older and weaker 1121 or 1241s. On one test I had a 3501 just outside his room and his client nic was picking up a weak signal 2 floors up, then it would go to one 1 floor down. eventually we could get it to feed of the nearest 3501 but it would go back to another 1121 or 1241 soon thereafter,.
View 5 Replies
View Related
Oct 31, 2012
Im installing & configuring a new ACS 1121. Ive updated to version 5.3 with patch:This temporarily solves my Active Directory problem but i still would like to have the NTP server pointing to the same reference as the Active Directory.
View 1 Replies
View Related
Jan 4, 2012
Iam having trouble to conect my 1121-AG AP`s to my 4404 WLC.
My WLC version is 7.0.116.0.
I can see he AP is getting an IP address from the controller(internal DHCP). But from some reason they can`t connect to the WLC. I have tried many things such as:
1)reset to default settings
2) move the AP to Autonumos mode and back to LWAPP mode -- didnt work.
1 of my AP 1121AG is working properly.
View 11 Replies
View Related
May 7, 2012
I have a 1121 autonomous AP which I switched to the lightweight mode by copying the LWAPP ios to its flash and issuing the command boot system flash IOS_file_Name. After that I was unable to associate the AP to my wireless controller because it was continiously rebooting. Unfortunately this AP does not have a console port so I can access the debug and see what is happening. And I was not able to switch it back to the autonmous mode becaus the AP won't accept the Autonomous mode IOS anymore.
View 2 Replies
View Related
