I have a problem when doing this report. If I do a device credentials report on a user defined group (40 devices) 11 of these devices fails to connect via SSH. I can make an SSH connection to all 11 devices from the CiscoWorks server, but 11 devices still fails on the report
Device Name Read Community Read Write Community SSH
1. 149.212.XXX.164 Ok Ok Failed to connect.
2. 149.212.XXX.153 Ok Ok Failed to connect.
3. 149.212.XXX.152 Ok Ok Failed to connect.
4. 149.212.XXX.151 Ok Ok Failed to connect.
5. 149.212.XXX.150 Ok Ok Failed to connect.
when running Credential Verification Report, I get following notification: "None of the devices have credential verification data".I have made different Default Device Credential sets that I'm using when I add devices to LMS. I could not see wether this is bug in LMS 4.1 or if I have to do this a different way?
i get for all devices telnet credential failed in my credential verification report. I exported the device from the Device Manager into a csv file to verify the correct passwords.The export shows the correct values in
I need to edit device information for multiple devices using feature Edit Credentials. I'm not able to overwrite all device credentials using a new set.
I try to export a Detailed Device Report to a CSV. It failes:
<HTML><META HTTP-EQUIV="content-type" CONTENT="text/html;charset=utf-8"> <H1>HTTP Status 500 - </H1><HR SIZE=1 noShade> <P><B>type</B> Exception report</P><P><B>message</B> <U></U></P><P><B>description</B> <U>The server encountered an internal error () that prevented it from fulfilling this request.</U></P><P><B>exception</B>
[code].....
Exporting to PDF works OK.CW is running on Windows server. RME is 4.3.1
I am trying to install a digi cert on a 7921 and I get the message on import of "certificate verification failed".as there does not seem to be much documentation with the above error message.
My Dell Laptop is connected to Wildbue via LAN connection to Broadband. January or February I connected Belkin Router to obtain Wi-Fi access for other laptops, Cell and PS3, Everything seemed to be working fine. I tried to disconnect the Dell in order to use it via Wi-Fi. This caused problems when my sons laptop lost connection. My guess was that it was actually routed through the Dell via network. Anyway, as I was working to network all correctly. My sons friend decided that he couldn't wait for internet and forced another laptop to login to internet. In the process, it appeared that he changed by router password so that I could not access it. Being a beginner when it comes to network connections, etc., I spent alot of time trying to correct the Belkin Router. I finally disconnected the router and attempted to remove all detail on my Dell. I am sure that my adapter information is not completely accurate. Or so it appears. Note that I do have LAN internet connection and I can search for wireless access. If necessary, I will reinstall the Belkin Router since it is my understanding that it is needed for Wi-Fi access to my internet provider connected via Broadband modem.
I am sure that there will be corrections. I am sure that there is more that will need to be done in order to provide access to other laptops and cells. At this time, I am getting internet on my main laptop that is connected via LAN connection. However, I am having problems understanding adapters for wireless connects.
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:Documents and SettingsPenis>IPCONFIG/ALL Windows IP Configuration
I recently installed and configured the Prime LMS 4.1 Soft Appliance. After discovering the devices on the network I ran a credential verification check on everything. All of my devices passed accept for the Nexus 7010s and Nexus 5020s -- these show up in the failed device report with a BLANK value for SSH and "Did Not Try" under Enable by SSH. I have verified SSH is enabled and accessible outside of Prime, and that there are no access lists preventing access. All other tests pass for these devices.
I've also visited the troubleshooting workflow section for these devices, and when I test the connectivity, SSHv2 passes.
I've downloaded all of the updates available for the device packages and have tried other credentials. All other aspects seem to be working properly.
Recieved this unit from an individual who has very little knowledge (like myself) with the 800 series.
I'm having issues just getting into this device, when I power it on and console into the unit i am presented with an "Access Verification" prompt that requires credentials that I do not have/know.
At some point (not sure how) I managed to get to a "yourname#" prompt at which point I configured using this document here and created a username and password and some other basic settings, I saved the config and did a reload and it takes me right back to that "Access Verification" prompt.
Sould I be using the CCPE to gain access to this device instead? Is there a way to recover that "Access Verification" username and pass? How did I ever get to that "yourname#" prompt?
I'm trying to troubleshoot a problem with mpls fast reroute. The primary (protected) link is between PE-PE and the backup link is PE-P-PE. The IGP I'm using is OSPF. When there is a issue with the primary link and debug mpls tra tunnels signalling there is a message "LSP-TUNNEL-SIG: TunnelX [237]: re-route path verification failed (protected) [Can't use link x.x.x.x on node x.x.x.x]". After 30 seconds (without ospf tuning) the SPF is recalcalated, but that's not the point From the show mpls tra tunnels tu1013 (the backup one)everything looks ok:
Status:Admin: up Oper: up Path: valid Signalling: connected From show mpls tra fast-reroute database everything is ok, the status is Ready I'm using 7206VXR, Version 12.4(24)T3
I have a 6509E switch with dual 6Kw power supply that is logging "Power supply 1 input has changed. Power capacity adjusted to 2671.20W" then will bounce back to normal at random times from 1sec to 10sec. Is there a command to check what each input level of the power supply to try to identify possibly which source is causing the problem? The power supply input lights remains green while this is occuring.
We plan to use machine certificates on our notebooks with Windows Vista. Our authenticating server is Cisco ACS 5.1. To access the wireless network we want to use the machine certificate of the notebook and a verification of the corresponding computer account in the Active Directory. What authentication method is the best to check the machine certificate and if in the Active Directory exist the enabled corresponding computer account ? How to configure the ACS and the notebook to use it like described ?
Network newbie need to verify all necessary services and protocols on a new WS-C6509-E are turned on. This layer 3 switch will be used to connect to servers.
I seem to get conflicting information on using the Management port as a regular routed interface on the ASA5510..The management interface can be used for the traffic that passes through the firewall as well. The Security Plus License for the ASA 5510 is required in order to use the management0/0 port as a regular interface. With a base license on the 5510, the management0/0 port cannot be used as a regular interface.
I believe that I saw another post that mentioned it was part of the standard IOS if you had a later version.
I recently tried to deploy an ACS appliance with version 5.2 installed on it for a customer.
After setting up the WLC to use the ACS as a radius server, and successfully testing connection from the ACS to the AD, I get an error message " 12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate" anytime a client tries to connect to the network.
This is surprising because I had already generated a certficate for the ACS from a CA and binded the CA signed certificate with the ACS, I also specified the CA in the client machine's wireless properties and checked the "validate certificate" button.
When I tried to connect using the internal identity store, the client was successfully authenticated without any certificate issues.
I am setting up a new ASA. Actually it's an old 5510, but this is a new temporary install until the one we ordered comes in. Everything is working except for SSH. I have SSH open on the inside and outside interfaces and I get a prompt when I try to SSH to it from either the inside or outside. But after I put in my username and password it tells me that my credentials are invalid. I am using a local username/password, not AAA and it accepts that username and password for the console. Console and telnet (password only) both work so I can get in to make changes. When I debug SSH, the error states that my username and password are incorrect. But this happens even when I create a new, simple username/password to test. I've even gone so far as to copy/paste the username and password into the login window just to be safe (making sure I don't copy spaces, etc). Below is a copy of the SSH Debug output followed by a sanitized copy of the config. I have AAA configured for remote VPN users, but not for access to the ASA. Also, this problem existed before I created the AAA settings for the VPN users. Also, I have zeroized and regenerated the RSA keys a couple of times to no avail. [code]
I am trying to copy a setup from a Nortel IAX100 where the carrier provides two ATM PVC's over ADSL - one for voice (VoIP) and one for data (IP). Relevant lines from the backup of the IAX's configuration include the following for the PPP authentication over the voice circuit:
The null username and password for the PPP connection have me a bit stumped. Does the PPP connection not use any authenetication at all? (Is that possible/likely? How could I deubg it?) Or does does the IAX100 supply a chap/pap response with null credentails? (If so, how would I duplicate that using an instruction to a dialer interface?I am configuring an 877 with 12.4T and advanced IP services.
How to upgrade from LMS 3.0 December 2007 update to LMS 3.1 or LMS 3.2. The problem is the large number of C2960S-24TS-L switches that my organization has and cannot managed them.. I tried to upgrade devices through Software Center but always Ciscoworks informs me with the following message."Error while downloading package information from [URL] for the selected products. See the log file for details". Also i can not run EOL/EOS inventory report. The message is " INVREP0102: Cisco.com user credentials are invalid. Enter correct credentials." I check my credentials and is right. The server has access to www through proxy without any restrictions. In the past I've already updated devices through the software center. Also in the past i ve run EOS/EOL inventory reports.The LMS 3.0 December 2007 has the following products LMS3.0.116 May 2008
i'm having some trouble pushing CLI templates to controllers in my lab. i get an invalid credentials error but it is random. sometimes i can push the template fine but 30 seconds later if i push the same template it will fail with error. several minutes later try it again and it fails. i have verified the credentials by reconfiguring them consistantly accrosss the devices but if the credentials were actually wrong it should fail every time, not intermittently. there are also 2 controllers i am testing this against and it is also random which controller fails. on the instances where i don't get the credential error my CLI template fully executes without error.
i am using WCS 7.0.230.0 on WIN2K and two 4400 controllers running 7.0.230.0.both controllers are configured with SNMPv3 and SSH. telnet and lower versions of SNMP are disabled.
We have a building with 6 Cisco Airnet 1140 connected to a Cisco 2100 WLC, all tied into a nice Central Certificate server and a Win2008 NPS/Radius server on a Win2008 AD. Our trusted PC wireless access is fine, with domain laptops with certificates authenticating with DHCP all round the building. We use GP to apply settings to an AD integrated Proxy server for internet access.
The problem I now have is with guest access...
We are an education establishment, so students could turn up with anything from a laptop to an iPad to an Android phone, which immediately rules out using proxy PAC files to configure the proxy.
What I really want is a method of using the radius to verify the guest user against their existing AD user account, which I believe is possible. The one snag we have is in order to avoid the user having to configure the Internet proxy we would have to switch it to a transparent mode, which immediately restricts our ability to report on AD username, we would only have an IP address to report on, which is next to useless!
We've looked at a Gateway product (Astaro), which integrates the Filtering onto the Gateway, but the downside is that you have to use their APs, so we would be replicating existing work, whilst also managing two filters.
I'm trying to configure WLAN authentication on my WCS to prompt users about their credentials.I'm using a Windows 2008 NPS as Radius server but I can also use a Cisco ACS 3.3 if needed.With each setup I tried, the credentials are sent automatically to the Radius server using the Windows user session credentials.How can I force the WCS to ask for a username and password before sending them to the Radius Server ?
To enable our receptionits to print a guest user ticket on a small A8 ticket printer I'm looking for a way to adjust the layout and formatting of the guest account credentials page.
I have searched through the javascript and css files but with no success.
I have been reading article url....wp1430161 and I am trying to get my head around the type of port authentication Methods & Modes I am going to require for a Proof of Concept using a Cisco ISE as the Authentication Server.
The switchport will have a single IP Phone in a Voice VLAN and then a Single host in a Data VLAN. Reading this article, I think I should be configuring "802.1x" authentication method using "Single Host" Mode.
However will that support a Downloadable ACL dependent on the user credentials? And will it allow a restricted ACL to be downloaded if authentication of the Machine or the User fails.? I dont really want to create & manage Guest & Remediation VLANs with thier respective ACLs on every switch in my enterprise, including our remote branch offices.
I have ACS4 and i am planning to upgrade to ACS5.I would like to have such a rules:I have user1, one ASA device which is VPN concentrator for remote users.ASA have two different tunnel-groups: one which allow for logging via certificate (with mandatory pki authorization thru ACS) with disabled Xauth,and second tunnel-group with allow login thru typical Xauth with authorization thru ACS which users external database (RSA Tokens).So i have one user1 which can login thru VPN using RSA tokencode or certificate.For example: on phone user1 uses certificate, and on PC station the same user1 uses token password.For tunnel-group with pki authorization ASA checks username in ACS and in typical scenario login="CN from certificate" and password="CN from certificate". So we would need "two credentials" for the user - one for pki authorization, and second one external database (RSA token).Is such scenatio possible under ACS 5 ? where one user uses different credentials based on tunnel-group usage ?
Does WLC 5508 has capability to create login credentials with specific time of validity? Could it be used in hotel set-up to provide prepaid access account to guest?
I'm new to CiscoWorks and I inherited the system in my new job. We are running LMS 3.2 and I want to run a report to see what versions of IOS that are running on the network.
Unable to run Eos/EoL report, I get error that my cisco.com credential are not valid, I verified my credential and they work fine. I'm running RME4.3.2 on Solaris 10.
I have cisco acs 5.3 appliance. Issue is, when i view tacacs accounting it only shows 100 pages of records. So first kindly tell me if this is the limitation of acs 5.3 to only show 100 pages. Secondly if i want to export the report of last 30 days, its also not showing the last 30 days.
