Cisco :: LMS 4.1 No Group Selector Available In Best Practices

Feb 1, 2012

with LMS 4.1 Reporting in several areas it is possible with selecting devices to use 'Group Selector' (e.g. Syslog Severity Level Summary Report).Group Selector dynamically chooses devices in selected Group at Report runtime to get the latest devices.Not all Reports in LMS 4.1 provide this Group Selector, e.g. Best Practices Deviations/Discrepancies.Is that a bug? As DCR changes often (add/delete) we urgently need to dynamically perform reports to latest DCR-Population.

View 1 Replies


ADVERTISEMENT

Cisco :: LMS 4.0 - Empty Device Selector?

Oct 9, 2011

Allthough we see all our devices in Inventory Portlets, we cant access devices via device selector neither in CM, RME, DFM ...OGSserver is running?

View 2 Replies View Related

Cisco :: Export Device List To Selector Broken On LMS 4.2?

May 14, 2013

This feature is not working on our LMS installation. I have tried different browsers but is always giving the same error. It seems to be Java related.

View 0 Replies View Related

Cisco Wireless :: 3602Es Best Practices - Antenna Placement

Nov 8, 2012

We have 3 3602Es connected to a 2504 WLC. I was wondering for best practices for antenna placement. They are all mounted on the side of a wall, near the ceiling (above everyone's head).   

View 10 Replies View Related

Cisco Wireless :: 4400 - LAN Controller (WLC) Configuration Best Practices

May 19, 2013

I'm looking for a document that states the best practices for WLC configurations (Management/Security/AP's..etc). I can currently only find the following document:URL
 
But this document has last been updated in 2008, in a few days that's almost 5 years ago, and we all know how quickly technology is evolving. 10Gb wireless is around the corner, with 1GB starting to go production now. This document also mentions the 4400 (which is end of life).

View 1 Replies View Related

Cisco Wireless :: 5508 Multiple WLC In Same Location Best Practices

Jun 1, 2011

We have 2 5508 WLC's on site (5508-1 & 5508-2) and at the completion of this project we will have around 150 access points. We are also using WCS.  5508-1 is set as the primary/master controller.  5508-2 is the secondary controller, serves as backup if/when 5508-1 fails. All LAPs connect to 5508-1 by default, so 5508-2 is basically sitting there doing nothing.  Is this the best way to take advantage of the resources that are available?  Would wireless clients see improved performance if the access points were split between the two controllers?  If we do split LAPs between the controllers should I make sure that all of the LAPs on a particular floor are connected to the same controller or does that matter?

View 7 Replies View Related

Cisco Firewall :: Best Practices For ASA 5510 Device Monitoring

Jan 10, 2012

What are considered the best practices for monitoring ASA's--specifically the 5510 with Sec+ License.
 
My current monitoring application keeps reporting issues with outbound interface buffers being too high, but there are not any performance issues and I believe the thresholds are just set absurdly low.

View 1 Replies View Related

Cisco Wireless :: 5508 Best SSID Practices For Really Old Devices On WEP

Jul 26, 2012

setup a WEP SSID on my 5508 controllers.  THat being said, I have multiple sites with extremely old scan guns that only do 104bit wep.  I plan on locally switching this SSID and using static WEP 104bit key with MAC authentication, and then ACLing to limit my inherent security issues/exposure once someone compromises my WEP key.  [code]

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Internet Access Best Practices?

Oct 10, 2012

i am looking for the best practices when using a Cisco ASA 5505 to provide NAT and protect my inside network from the outside.
 
I have the inside security level set to 100 and the outside set to 0, want other features can be used to protect the network from the Internet, am assuming that the security levels will ensure no traffic comes from the outside to the inside unless there is a rule that allows it.
 
Would any firewall policies be required to increase the level of security?

View 1 Replies View Related

AAA/Identity/Nac :: ACSv5.3 Best Practices For Conditions Configurations

Feb 15, 2012

I want to apply an authorization profile depending of the login username used, like assign the VLAN ID, so on a lab I created 2 rules, each of them using the System:Username field and then apply the Authorization profile with the correct VLAN to the user.Which one of the following configurations will be the best practice doing this if this condition will be applied for 300 users?? In my opinion, the best practice will be using the System:UserName condition on Authorization Network Access but I want to know what you think, do you agree??

View 0 Replies View Related

Cisco VPN :: ASA 8.4 LDAP Group To ASA Group Policy Mapping?

Jul 31, 2012

I try to map LDAP Group to ASA Group policy following documentation:
 
[URL] 
 
This is a config for ASA 8.0. I would have expected it to work on 8.4 as well but I do run into problems. The mapping as shown in LDAP Debug and ASA Log will actually happen but it is overwritten by the "GPnoAccess" Group Policy configured locally in the Tunnel Group. From earlier works with RADIUS I would have expected the user specific Attribute to be "stronger"?
ASA Log:
 
AAA retrieved user specific group policy (correct Policy) for user = XXX
AAA retrieved default group policy (GPnoAccess) for user = XXX

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - How To Associate Identity Group With AD Group

May 1, 2012

how to associate an AD group - which i have defined in users and identity stores/external identity stores/Active Directory/Directory attributes to associate with the relevant identity groups - Users and identity stores/identity groups Is there an example of this being done somewhere as i am having problems understanding how to do this from the user guide.All i want to do is associate identity groups with ad groups.

View 3 Replies View Related

Cisco VPN :: AES 256 Which DH Group?

Jan 7, 2012

I have been using aes 256 with dh group 2 and pfs group 2 for my site to site vpn tunnels.Now I am considering modifying the dh groups both for p1 and pfs to group 5 or keep it group 2.Is this a must to have dh group 5 with aes 256 or having dh group 2 with aes 256 is also common ?

View 1 Replies View Related

Cisco :: How To Add 4404 To Group

May 23, 2011

We have two 4404's and WCS. The 4404's are almost maxed out. We have an addition 4404 which we would like to add to the group of 4404's

View 1 Replies View Related

Cisco AAA/Identity/Nac :: VPN Group Authorization With ACS 5.2

Apr 26, 2011

I'm trying to set a VPN connection to a router using group authorization with the ACS 5.2 but cannot make it work. I configured everything based on the procedure used for ACS 4.2. I created a user that corresponds to the group name, used the password cisco and used all the requiered Cisco AV pairs in an authorization profile. (Based on document: [URL]
 
While testing with ACS 4.2 this works fine, I can see that the ACS returns the group attibutes correctly (here is a debug output)
 
Apr  9 16:16:59.256: RADIUS: Received from id 1645/22 192.168.1.212:1645, Access-Accept, len 203Apr  9 16:16:59.256: RADIUS:  authenticator 02 07 F5 E6 46 78 73 CA - 46 6D 47 90 FE 92 38 9AApr  9 16:16:59.256: RADIUS:  Vendor, Cisco       [26]  30  Apr  9

[Code].....

View 4 Replies View Related

Cisco VPN :: ASA 7.2(2) - No Translation Group Found?

Aug 1, 2010

My remote VPN clients aren't able to do anything network wise once they have connected to the VPN.  The ASA keeps coming up with "no translation group found" in the log. 

Result of the command: "show running"
 
: Saved:ASA Version 7.2(2) !hostname ciscoasadomain-name office.propertyfinder.comenable password ######## encryptednamesdns-guard!interface GigabitEthernet0/0 description Office Network Interface nameif Office-LAN security-level 100 ip address 10.121.10.4 255.255.255.0 ospf cost 10!interface GigabitEthernet0/1 description 4Mbps BTNet Internet Connection nameif Internet-Primary security-level 0 ip address 213.121.253.33 255.255.255.248 ospf cost 10!interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address!interface GigabitEthernet0/3 description Office Wireless Interface nameif Office-Wireless security-level 10 ip address 172.16.0.1 255.255.255.0 ospf cost 10!interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ospf cost 10 management-only!passwd 2KFQnbNIdI.2KYOU encryptedboot system disk0:/asa722-k8.binftp mode passivedns domain-lookup Office-LANdns server-group DefaultDNS name-server 10.121.10.20 name-server 10.121.10.21 domain-name

[code]....

View 13 Replies View Related

Cisco :: 7510 AP Group Not Working As Well

Sep 27, 2012

I Have an issue about AP Group.On my scenario, I have one Flex WLC 7510 using software version 7.0.220, And all APs are 1131.I have some sites with H-Reap, where H-Reap is configured properly.The Access Points are set with AP Group. AP Group is configured properly too. Each AP Group was configured for one site and was configured 2 SSIDs in each AP Group. All sites has 2 differents SSIDs.During some basic tests, in one site with 9 APs, I saw:

1. When the Access Points are registred on WLC, all APs are working fine. All APs has its 2 SSID added on slot 0 (radio 0)

2. If I disable the link between WLC and Access Points, 7 Access Points delete SSIDs on your AP Groups and replace it with 16 SSIDs (SSIDs on Default Group configured on WLC)

View 1 Replies View Related

Cisco Firewall :: SSH Key Exchange DH Group 14?

May 29, 2013

I am trying to issue command "ssh key-exchange group dhgroup14" on several of my ASA firewalls.  The key-exchange command is failing on 3 of 4 ASA firewalls.  According to Cisco documentation, this command was introducted in 8.4.  My ASA's are running version 8.6.1.10, 9.1.1.8, 9.1.1.10 and 9.1.2.  The command is available only with 9.1.2.
 
Example from one my ASA.
 
lbjinetfw# show version | in Version
Cisco Adaptive Security Appliance Software Version 8.6(1)10
Device Manager Version 7.1(2)
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
lbjinetfw# config t
lbjinetfw(config)# ssh

[code]....

View 3 Replies View Related

Cisco :: LMS 4.0 - Job Scheduling And Device Group

Jan 24, 2012

I scheduled a periodic job (for example the compliance check job) on week basis and I specified one user's device group for this job (for example the branch_routers group). All is working, but when new devices are added to this group (the branch_routers group), the scheduled job is not provided for these new devices. Is it the default behaviour? Can I change it?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Implementing Group NAR For ACS 4.2?

May 22, 2012

I have a problem implementing a NAR for a specific device group. I am running Cisco ACS 4.2 and it works fine for all the other stuff I do but this issue is perplexing me a bit.
 
I have a device group with Juniper devices in it and I authenticate using RADIUS (Juniper) as the radius setting. I have a Administration user group set up.
 
I placed a NAR into the group "Per Group Defined Network Access Restrictions" specific to the device group with * for port and address
 
I placed this group into both the Define IP-Based as well as the Define CLI/DNIS-based section.
 
No matter what I do I keep getting authenticated.
 
When I go to the passed authentications page I see my login and the group-name is identified correctly and the network device group is identified correctly too. The filter says "no filters activated". So how can I get this NAR to kick in? I would like to restrict one device group from a ACS user group.

View 12 Replies View Related

Cisco :: SSID To AD Group Mappings In ACS 5.3

May 31, 2012

I am trying to implement PEAP authentication with ACS 5.3. I have two SSID's with peap authentication and i have two groups in AD. I need to map one ssid with one group and another SSID with the other group.

View 3 Replies View Related

Cisco VPN :: RVS4000 VPN Any IP Remote Group?

Feb 8, 2012

I have Cisco RVS4000 and Linksys Befsx41.I can make a VPN connection when bought are in Static ip-address.RVS in static ip and Linksys in ISP changing ipconnection is not made.
 
Here is some log:
 
Feb 9 20:48:17 - [VPN Log]: "xxxxx"[1] xxx.xxx.xxx.185 #4: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
Feb 9 20:48:17 - [VPN Log]: "xxxxx"[1] xxx.xxx.xxx.185 #4: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
Feb 9 20:48:17 - [VPN Log]: "xxxxx"[1] xxx.xxx.xxx.185 #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

[code]....

View 1 Replies View Related

Cisco :: How To Assign Group Roles Via ACS 5.3

Oct 10, 2012

I'm currently using a LMS 4.2.x System and an ACS 5.3 System.
 
I solved the problem to authenticate the LMS WebGUI login to the ACS Server. But, I can't not find any document, which descripes how I can assing the group roles via ACS.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 And AD Group Mapping?

Apr 7, 2011

We have ACS 4.2 and has been integrated with AD. Now, a new user group has been added in AD but we are not able to see that new AD group in ACS to do the mapping. We have refreshed the sgent in ACS and also have restarted the ACS agent in AD. But still we rae not able to fetch the new AD group in ACS in group mapping.any way to fetch the new group in ACS from AD.

View 1 Replies View Related

Cisco :: LMS 4.0 User Defined Group

Aug 3, 2011

I'am a novice with LMS 4.0.I create 4 device group in Group Management, I restarted my server and since this reboot, I haven't any device in my groups. I would like to use the archive synchronization but I can't see my device in my groups.

View 6 Replies View Related

Get Rid Of Group Policy?

Feb 18, 2011

dell 3000 xl os 149gb I set up a home office. to try to transfer files to my new one.oce i found out you can't do it. there was a group policy in place.how do i get rid of it. it's interfering with a lot of stuff, including my firewall. had to buy another.

View 3 Replies View Related

Cisco :: WLC5500 Mobility Group Fail-over

Mar 22, 2012

I have a Question i am testing  mobility group with Failover for redundend connection between 2 Cisco 5500 Wlc.On both the controllers i got the mobility working And both the controllers have the same version.And configuration. But when i unplug the main controller the access-Points don't convers to the second one .The just keep on creaming can't find the main controllerAlso with this thus the second wlc need to have the same.Interface ip address like management.

View 8 Replies View Related

Cisco Switching/Routing :: 887 No Ip Access-group

Jul 15, 2012

i am not able to apply an access-list to FastEthernet 0 as the ip access-group is not supported in Interface mode but only in interface vlan mode.How can I stop traffic into the LAN network?

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Group Mapping Based On (G-CRP-SEC-ENG)

Apr 30, 2012

I am configuring a new ACS 5.3 system. Part of the rules is that I want to match the users specific AD group membership, and match appropriatly to an identity group.What i'm trying to do is say that if the user is a member of the AD Group (G-CRP-SEC-ENG) then associate them with the Identity Group SEC-ENG. The under the access service, authorization portion, i assign shell profiles and command sets based on Identity Group.It seems that the ACS server will not match the AD Group for the user, and it will match the Default of teh Group Mapping portion of the policy every time.
 
I tried several configuration choices from : AD1:ExternalGroups contains any <string showing in AD>, AD1:memberOf <group>.Is there something special i need to do in the Group Mapping Policy to get it to match and active directory group and result in assigning the host to an Identity Group?

View 7 Replies View Related

Cisco :: How Many 5508wlc Be Added To Mobility Group

Jun 23, 2011

How many WLCs 5508 can you add to the mobility group?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 - Network Group Authentication

Apr 25, 2011

I'm sure it can be done just haven't been able to find it.  I'm running ACS 4.2 and have 2 network groups, one is wireless where I have a WLC and the other is the default where vpn users authenticate with their tokens.  Is there a way to have the Wireless network group authenticate using AD and the other group use RSA?  I can't find the switch or switches I need. 

View 1 Replies View Related

Cisco VPN :: IPSEC VPN Group Authorization ASA 5520

Feb 15, 2011

Options a user may reside in Austin, TX and I want the user to utilize the local proxy (i.e. texasproxy:8080). We currently only require the user to enter the RSA passcode and username to authentication (RSA/AD username are identical). Is there a way to have the user authenticate via RSA and have the user's AD group membership (TX) assign the user the specific IE proxy settings? We are utilizing an ASA 5520 on 8.2, but we are willing to upgrade to newer IOS or even consider anyconnect to resolve this issue.

View 2 Replies View Related

Cisco :: Customizable Trunk Port Group In LMS 4.0?

Jul 19, 2011

How can I add devices onto the customizable group1?  I am trying to creat a group of trunk ports and monitor just the up/down.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved