Cisco :: Integrating LMS 3.2.1 With ACS 5.1 In AAA Mode?
Mar 11, 2012
I am using Cisco LMS 3.2.1 with ACS 5.1, actually, i want to integrate my Cisco Work with ACS 5.1 in AAA mode i already setting up the AAA mode to Cisco ACS, when i apply the configuration, i got failed as image attached.
What should i do to resolve the problem ? i have configure the ACS in Network Devices and AAA Client, i have added the Cisco Work Address to ACS, but i got the same error.
Besides, would you like to give me some explanation about the function of AAA mode Setup on Cisco Work,
is it used for User Authentication to logging in to Cisco LMS, or is it used for discovery process (Credential Information) when we want to add some devices into Cisco LMS ?
View 3 Replies
ADVERTISEMENT
Jan 6, 2011
Trying the config as depicted in the WCS 7 config guide? I have tried today to integrate WCS 7 with ACS 5.1 and got a partial success. I have created a unique Shell Profile that invokes for the WCS only which contains 1 role (role0=Root) and 73 task entries (as copied from the WCS group pages) and I can log in to WCS with the new account, but some things I dont appear to have priviledges for, such as Reports. Is there any way to debug which task WCS thinks I dont have to do this?
View 8 Replies
View Related
Jan 4, 2012
I am trying to populate the LMS 4.1 components to ACS.
View 2 Replies
View Related
Aug 13, 2012
I need to integrate a 2504 WLC with a windows 2003 LDAP server for extented authentication, is there any guides available for this ?
View 1 Replies
View Related
Mar 10, 2012
I am using ACE30 having s/w version: 4.2. I am using ACS 5.2
I have used the below commands to add ACE with ACS for AAA.
tacacs-server key 7 "nacs0wvd!q"
tacacs-server host 96.86.76.66 key 7 "nacs0wvd!q"
tacacs-server host 96.86.76.67 key 7 "nacs0wvd!q"
[Code].....
I am getting authenticated by ACS, but the problem is authorization is not happening. In ACS, i have just added the device IP using TACACS+.
View 0 Replies
View Related
Jan 2, 2013
I have 3 Cisco AP 1140 at my customer (Service Industry) place, so they requenst us to provide Hotspot solution to them for managing the Internet connection for limiting to their Customers over the account system. Let me know how i can integrate hotspot BOX with Cisco AP.
View 3 Replies
View Related
Nov 11, 2012
We have a WLC 4404 with about 85 1121 and 1241 APs. - I just added 6 new 3501E with Antennas, and configured the a new SSID, but non of my clients can connect to any of the 3501s. One solution from a tech was to update the NIC drivers. I verified that all test clients are 802.11N and sometimes they find the 3501 but often they switch to another of the older and weaker 1121 or 1241s. On one test I had a 3501 just outside his room and his client nic was picking up a weak signal 2 floors up, then it would go to one 1 floor down. eventually we could get it to feed of the nearest 3501 but it would go back to another 1121 or 1241 soon thereafter,.
View 5 Replies
View Related
Feb 2, 2012
I know nothing about Tablets (iPad or Android) or their operating system. My wife is interested in getting a iPad 2 or Android tablet.
I have a home WiFi network based on two laptops and a desktop. They are all running Windows OS. I also have 3 external drives and two printers USB wired into the main desktop.
I have two questions:
1) Will I be able to integrate an iPad/Android tablet into the Windows home network so as to be able to access the .jpg photographs on the desktop drives?
2) Will the tablet be able to output work to the printer attached to the Windows Desktop?
View 3 Replies
View Related
Nov 20, 2011
I have a single production 5510 with 2 contexts. Now I want to integrate the secondary failover unit. My question is: How much configuration needs to be done on the secondary firewall? How much of the configuration will be sync'd from the primary to the secondary when the secondary is connected?
For example, do I need to add the following on the secondary or will it be sync'd from the primary?
admin-context NAME
context NAME
allocate-interface Ethernet0/0.14
[Code].....
View 3 Replies
View Related
Dec 17, 2012
We have an existing network with a Catalyst 4510 core switch and departmental 3560 switches connected via fiber. Due to company restructure we can no longer afford to buy new 3560's when anything goes wrong so this week I purchased an SG200-26 which I'm trying to get onto the network.
This is a legacy network which I didn't setup so my Cisco skills are somewhat limited (another reason for the SG200's hopefully), anyway have been looking at the configs on the existing switches and trying to match settings in the SG200 setup however not getting anywhere! I have the config from the dead switch so I can show what needs to be achieved, any experience in downgrading environment in a similar way?
View 7 Replies
View Related
Mar 7, 2012
I've just started a new job after a couple of years not touching cisco gear and been pitched in... My new employer has a network that's Juniper based. We've inherited a load of Cisco switches as part of the deal for hosting matches during the Rugby world cup (plus a load of Aruba wireless gear that promises to be my very own special millstone, but that's bye the bye.)
My task is to hang these catalyst 2960's onto our existing infrastructure via fibre connections.
On the Juniper switch, there are four vlans being pushed to the port the cisco's hooked into: Code...
View 7 Replies
View Related
Nov 1, 2011
Here is the scenario: A mid-sized IP based camera network (150 cameras, 1 management server, several client workstations, and several recording servers) has been implemented on a stand-alone LAN utilizing a class C configuration and is set up as a windows domain. The user now wants to add the ability for workstations on the existing class B network to connect (with client software) to the management server on camera network, network is controlled by enterprise sized domain (Think county). Access is controlled by camera system client software credentials. Here are my questions:
1) What is the best way to do this and what hardware is required? I thought about just adding a NIC to the management server but am concerned about the 2 different domains playing well together. Would a router be best? What do I need to consider as far as setting up firewall and/or gateway?
2) What considerations do I need to take into account regarding the camera network not taking bogging down existing user network?
3) The workstations on the camera network are not as “locked down” as they are on the user network (again, think county network security). Will I be creating a security hazard and if so, how can I prevent this?
View 4 Replies
View Related
Sep 16, 2012
I got an ASA 5510 system currently in single context mode, with CSC SSM installed. Single ISP uplink to internet, no VPN. And now customer would like add another ISP uplink, without invest another box for HA.What come across my mind is make the current box into multi context. There's some area i need to concern and also need yours perspective on it.
Question 1: For making the firewall into multi context, am i need to do it from scratch, issue mode multiple command. Then rebuilt the current production config into one of the context, then another context meant for the new IPS uplink, and one admin context?
Question 2: For CSC -SSM licensing requirement, model ASA 5510 with security plus license is able to support 2 context. So if i split my firewall like what i mention in question, what exactly number of context do i own (admin, context A, context B)?
Question 3: For CSC-SSM module in multi context mode, so the management port of CSC SSM must attach at admin context?
Question 4: After configured all the policy and traffic to scan, how exactly i should do in order apply this policy to the interface? Should i only enable at admin context, then firewall service-policy rules, and apply it global, OR should i also do the same action on context A and Context B?
View 3 Replies
View Related
Mar 4, 2012
We have recently converted 1 Cisco Lightweight AP 1041 to Autonomous mode for site-survey purposes. We now want to convert it back to lightweight mode.
View 1 Replies
View Related
Mar 12, 2013
I received the following info from Cisco's TAC and wanted to inquire further before I start reconfiguring the switch:
In a redundant Sup-6E setup, the following configuration is supported :
- 1 TenGig uplink on Active Sup and 1 TenGig uplink on Standby Sup
- 1 TenGig uplink on Active Sup and 2 Gig uplinks on Standby Sup
- 2 Gig uplinks on Active Sup and 1 TenGig uplink on Standby Sup
- 2 Gig uplink on Active Sup and 2 Gig uplinks on Standby Sup
If you invoke shared backplane mode, the following configuration can also be supported:
- 2 TenGig uplinks(blocking) on Active Sup and 2 TenGig uplinks on Standby Sup
- 2 TenGig uplink(blocking) on Active Sup and 4 Gig uplinks on Standby Sup
- 4 Gig uplinks on Active Sup and 2 TenGig uplinks(blocking) on Standby Sup
- 4 Gig uplink on Active Sup and 4 Gig uplinks on Standby Sup
Here's the command and information about the "shared-backplane" mode :- [URL]
Currently, we have 2 SUP 6-Es(Module 5 - Active and Module 6 - Stand-by) setup in a redundent mode. I am planning on changing the redundent mode to the shared backplane mode so I can use 2 TenGig converters to uplink 2 access-switches. We purchased 2 TenGig converters and here is how I am planning on using them:
1- One will be used to uplink to two 3750 switches(stacked)
2- One will be used to uplink to a 2960 using a Gig SFP
My questions are:
1- Do I have to install the 2 TenGig converters(4-Gig Uplinks) in the same Module? Or can I use one one in module 5 and the second one in module 6?
2- Will changing the redundant mode to the shared backplane mode require rebooting the switch or disrupt the funtionality of the other linecards?
View 2 Replies
View Related
Feb 26, 2013
How can we know that 6500 and 7600 series switch and router are running in native mode or in hybrid mode.
View 2 Replies
View Related
Feb 19, 2013
I am not able to connect to any webpages in normal mode, even after restarting i still have the same problem [However it works in safe mode with networking]. The network connections show that it is connected and the signal strength is excellent. I then have to keep restarting the laptop like 3 to 4 times and it works. Its kind of frustrating to keep doing this all the time and besides i am scared by restarting the laptop so many time can harm it.
View 1 Replies
View Related
Feb 28, 2012
i got a Dir-655 router and Dell 1501 wireless -N mini PCI card (802.11 bgn compliant). Router was set to mix mode but my desktop Dell XP8300 can connect only till G mode.
1) I search on web and some said that i need to set my router to N mode only for my desktop to connect to N mode. IS THIS SOLUTION CORRECT??
2) Another issue was my sis got other old brand latop which can only connect to B mode, if i set to N mode only, she won't be able to connect it right?
View 14 Replies
View Related
Jul 13, 2012
At the moment I have my home network (192.168.0.0/24) like as below (all connect using straight cables): [code] My Cisco lab equipment are in the basement all connecting to an access server which at the moment is plugged into Switch3-dumb (along with a printer & NAS).What I'm thinking is to replace the Switch3-dumb with a 3550 I'll be picking up later this week.Then using this to do as the Switch3-dumb did maybe by creating a native 'vlan 192' & putting it into a gig interface which will connect to the network using the straight cable, also putting the printer & NAS into the same vlan.This will hopefully still give me connectivity throughout.Then when required I'll like to use the 3550 with the rest of my Cisco equipment for setting up different labs (segmenting them from the home network by using different vlans etc.One of my reasons to implement the 3550 into the home network is to be able to play about on a regular basis (port monitor, traffic stats, etc).
View 2 Replies
View Related
Feb 6, 2012
I have 2 Cisco 877 routers and I need one set to bridge mode and one is gateway internet? How do I do?
(LAN)
ADSL <---------------->877 <----------------> 877 Gateway <-----------> Clients
View 3 Replies
View Related
May 13, 2011
I find it hard to understand tunnel and transport mode, the differences between them, and NAT. Ok so I have this scenario: Site2site VPN with 2 Cisco routers.
View 8 Replies
View Related
May 7, 2012
I am unable to set VTP mode on my layer 3 switch on GNS3. Below is the snapshot of show version output ? Can you see anything wrong with the IOS image?
View 3 Replies
View Related
Mar 26, 2011
if the 7600-SIP-200 supported in VSS mode or not ?
I have configured to Cisco Catalyst 6513 as VSS, both of them have the 7600-SIP-200 module, before converting them to VSS I was able to work with the 7600-SIP-200 module, but after I did convert them to VSS, both modules didn't work.
here is the show module output, after VSS conversion:
VSS1#show module Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ ----------- 1 0 4-subslot SPA Interface Processor-200 7600-SIP-200 JAE14500GMT 7 5 Supervisor Engine 720 10GE
[Code].....
View 1 Replies
View Related
Jan 8, 2013
I have Cisco ASR 1002, code XE 3.4.1 doing site-2-site VPN with an ASA managed by another company that I have no control over running 8.3 (I think).the site-2-site vpn is very easy straight forward as follows.
View 4 Replies
View Related
Oct 2, 2012
My customer has two SW6500 on VSS mode connected via VSL. Anyone connected WLC5508 with SW6500 VSS using LAG feature ?I wish to connect one uplink from LAG to the first switch and the second uplink to the other. The two switches are considered like one logical software.I have already read the best practice from CISCO when we connect a 5508 to a switch regarding the port-channel but nothing regarding VSS and VSL link.
View 3 Replies
View Related
Dec 21, 2011
I am in the process of configuring Network Access Protection and just found out you can apply user based ACLs in the Network Policy. Will this work with a Cisco AP1242 in Autonomous mode? I saw some configuration guides for configuring User ACLs using the wireless controllers but not just Radius.
I have added the Vendor Specific Attribute of "Cisco-AV-Pair with two values of
-priv-lvl=15
-ip:inacl#10=deny icmp any any
I would expect all traffic to be denied when the user logs in due to the explict deny at the end of an ACL but I am not seeing that so I was unsure if Per-User ACLs work on standalone AP1240s.
I could add another rule to allow other traffic but I just want to see if the ACL would apply on a per-user/per-session bassis on the AP1200.
View 7 Replies
View Related
Mar 2, 2013
I have cisco pix 520 Firewall and I forgot my firewall password but now I want to reset so I have to get into monitor mode but when I press escape key my firewall is not get into monitor mode. so now how can I get into monitor mode or Are there any Other way to reset the firewall....
View 4 Replies
View Related
Mar 16, 2011
How to configure NAT on a 5510 Firewall.
View 2 Replies
View Related
Aug 25, 2012
In the LAN side configured one Interface VLAN and Configure IP address on that and add the AP’s to the VLAN .. and on the WAN ADSL its p2p with Qtel bridge mode ..
from the Access Point I am able to reach 172.31.30.30 which is the router far interface . BUT still not able to reach the ISP side 172.31.30.29 .
Router Config
no ip routing
bridge irb
bridge 1 protocol ieee
bridge 1 route ip(code)
View 4 Replies
View Related
Nov 11, 2012
I am experiencing a problem that when I telnet a router ip.It prompts for username and password.After entering username and password the router enter into exec mode with > prompt.But when trying to enter in privilege exec mode by typing en or enable it gives error:
"Translating "en" %unknown command or computer name.or unable to find computer address".
This problem started on removing easy vpn configuration which include aaa new model configurations. The router is in production environment and have remote and console access.
View 11 Replies
View Related
Apr 18, 2011
I'm a Cisco newbie and I'm in the following situation:
1>The router (867) must connect to my ISP in 1483 bridged (2684 bridged) mode, LLC, VPI/VCI 0/35
2>WAN IP will be assigned by ISP (DHCP)
3>No username and password required to establish the connection
4>MAC-Cloning is advised, not required
5>Firewall behind 867, WAN IP should be assigned to WAN interface firewall, connection established by 867
6>867 router will be used as a switch, so no NAT required. NAT will be setup on the firewall
7>Connection type: Analog (annex A)
The required setup can be fixed by configuring the 867 in half-bridged mode, but I don't no how and I don't know exactly how to config the 867 in bridged mode.
First, it's even hard to setup a good bridged config.
version 15.1no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryptionservice sequence-numbers!hostname router1!boot-start-markerboot-end-marker!logging buffered 51200logging console criticalenable secret 5 ****!no aaa new-modelmemory-size iomem 10clock timezone GMT 1clock summer-time GMT date Mar 30 2010 1:00 Oct 26 2035 1:59!!no ip source-route!ip cefno ip bootp serverno ip domain lookupip domain name domain.local!!!!username admin privilege 15 secret 5 ***!!ip tcp synwait-time 10ip ssh time-out 60ip ssh authentication-retries 2!!!!!!!interface ATM0 no ip address no atm ilmi-keepalive!interface ATM0.1 point-to-point pvc
[code].....
View 10 Replies
View Related
Mar 19, 2012
N5K will be running on Layer 2 mode. vPC configured between N5K and N2K Servers are part of Vlan 10, 20, 30 and Juniper SRX firewall is the gateway for all the servers. SRK firewall is Active/Standby mode.
Questions are
1) Is there any non-vPC link required between N5K in this scenario?
2) N5K will pass in/out traffic to juniper SRX firewall durining SRX failover as well as normal operation
View 9 Replies
View Related
May 7, 2012
I have a KASDA KD318MI ADSL Router. But it doesn't have wireless capabilities so I use an another router, which is aforementioned DIR 635. When I configure it as DHCP and connect to internet manually, from my desktop connection, its ok.
But when I try to make a PPPoE connection on D-link, it won't connect. I am no expert on routers, but I am trying to learn. I tried everything. Factory reset, updating firmware, then factory reset.
[INFO] Sat Jan 31 10:41:52 2004 Discovering PPPoE servers for INTERNET PPPoE Session
[INFO] Sat Jan 31 10:41:52 2004 Trying to establish INTERNET PPPoE connection
[INFO] Sat Jan 31 10:41:42 2004 Log viewed by IP address 192.168.0.30
[Code].....
View 12 Replies
View Related
