I have problem with subnet based groups in Cisco Prime LMS 4.1.
Admin > System > Group Management > Device
I've been following examples made in this article with no luck:[URL]
Quote:
Understanding Subnet Based Groups #
The Subnet based groups use the following name format:
#
Subnet -- Subnet Mask.
How would I go about configuring RADIUS based AAA for remote access VPN users? I have an OSX RADIUS server and an ASA 5510
(I want to keep console and SSH using LOCAL, so I keep this: "aaa authentication ssh console LOCAL", right?)What does the rest of the config look like to get RADIUS based AAA for remote access VPN users?
I can't find any information that the AP1231G-A-K9 AP is supported in a 5508 Controller Based environment with Prime NCS.Could one of the experts confirm or deny?
View 1 Replies View RelatedHow to configure dynamic VLANs (IP subnet-based) using Nortel JDM? My company is now using port based VLAN and it wastes a lot of time reconfiguring the port to its VLAN everytime their devices moved from one place to another place. So I think using IP subnet-based VLAN might solve the problem?
View 1 Replies View RelatedI created some User Defined Groups in LMS 4.1, now I want to apply certain fault notification groups to Event Sets.
Unfortunately the Groups I configured are not in the Group Selector of the Fault Notification Group: Admin > Network > Notification and Action Settings > Fault Notification Group
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
I'm currently running CiscoWorks LMS 4.0.1 on Windows 2003 under VMware and just got upgrade licensing for Prime Infrastructure 1.2. I am assuming that I will need to upgrade the current server to Prime LMS 4.2 in order to ensure that data migration to Prime Infrastructure goes well. I am planning to follow Cisco's recommendation to run Prime LMS and Prime Infrastructure in parallel for a time and migrate individual functions.
My real question is about Syslog handling. All of the managed devices are currently sending Syslog data to LMS. As a last step in the migration, is it possible to change the IP address of the Prime Infrastructure server to replace the Prime LMS server so that the Prime Infrastructure server will just start getting all the Syslog data, or do I need to go change hundreds of managed devices to point to a new address?
What is the relation between: cisco NCScisco Prime LMSCisco Prime infrastructure.As i orderd a Cisco Prime infrastructure from a Cisco Partner and what i got is :
x2 cisco NCS appliances
x1 DVD cisco prime infrastructure
x1 DVD Cisco prime 4.2
How do I...add a dos based computer to a network running windows 2003
View 1 Replies View RelatedWhat I am trying to do is I have one switch with say a 10.1.9.1 sub-net I need to have one of the ports to be trucked with two vlans one for DSL and the other for a local connection with the sub-net of 10.1.5.1 both of the sub-nets are configured in the core as 9 and 5 so I have port 0 set up as a trunk and it is set up as ge-0/0/0.0 vlan_5, vlan_192 on the 10.1.9.1 subnet switch. The DSL is working but the local is not pulling a 10.1.5.1 IP and has no connectivity. Everything looks as if it is configured correctly but still the DSl is working but not the Local connection.
View 2 Replies View RelatedWhere are the AP groups in PI 1.3 ?The documentation in PI 1.3 states
Step 1 Choose Configure > Controller Template Launch Pad.
Step 2 Click AP Groups or choose WLAN > AP Groups from the left sidebar menu.
AP groups in the controller itself shows the applied template names, but there are no templates?
I have Cisco LMS 4.0, I have a few tasks which are scheduler every friday and they failed last week. This morning I would like to restart them but I cannon see the devices in my Groups.Under Inventory -> Manage Device State -> User Definied Groups -> I can see my groups but they are empty!I restarted the server and crmdmgtd service but it's not better.
View 5 Replies View RelatedI've run into an annoying issue with my ACS 5.2 install. I can no longer add directory groups in the AD settings, the ACS comes back with "The item you are trying to delete is referenced by other items.You must remove all references to this item before it can be deleted." but I am not deleting any group, just adding.
Could probably be cleared with removing the AD setup completely, which for obvious reasons is not something I want to do.
I has got a 8 system(Say Node1, Node2,.....,Node7,Node8) in my LAN Network.i Want a Group a 8 System's in Such a way that Node 2 Should Ping with Node1,Node3 Node4, But not with Node 5,Node 6,Node 7,Node 8.
View 2 Replies View RelatedWe are running two ACS appliances but we cannot figure out how we can add a user into 2 differents groups.Here's the context :We have a company A which is having devices, this company uses Group A.then we have a company B which is having devices, this company uses Group B.But the admin has to manage the devices for both companies A & B.We don't want to mix devices from company A with company B.Is there a way to add the user into both groups A & B.
View 5 Replies View RelatedIs it possible on an Cisco Router to build WebVPN groups ? I want build one group for users with grand access rights.
--> Connect with anyconnect or Web Portal and have access to all Servers on 10.0.0.0 Network.
And another group for users with limited access priveleges.
--> Connect with anyconnect or Web Portal and can access only Server 10.0.0.10 Port XXXX and Server 10.0.0.20 on Port XXXX
Info: i have an 881GW Router.
Have a setup for Cisco LMS3.2.1 which is a recent upgrade, also RME 4.3.2 and CM 5.2.2. Is it possible for the DFM to generate alerts such as email notification to user defined group (subnet grouped). These alerts should be critical in in nature.
View 1 Replies View RelatedI have a new deployment of 44 3502i AP's in 3 buildings at one of my campus'.The 5508 wlc is running latest 7.0.116.0 code.I have some users who take their work with them as they go from location to location on this campus.They need to be able to smoothly switch from AP to AP without having to reauthenticate each time the next AP takes over in the handoff.On the ssid in question we run 802.1x back to 1 auth server; there is no failover auth server.All APs are in one AP Group.My thought is to add all 44 of the APs to one HREAP Group.
View 4 Replies View RelatedI have seen some discussion in the forums regarding user defined groups being empty in LMS 4.0 but not 4.1. I am having this issue in 4.1. Under User Defined groups, I have created 2 logical groups named "Physical Location" and "Switches". These do not contain any actual devices, they are just containers for other groups. Under the Physical Location logical group I have created 2 other groups, Acuna and Hampton. Under the Switches group I have also created 2 groups, HDM and HHC. The criterion for the Physical Location group is based on the first 3 characters of the hostname:
Device.System.Name startswith "hdm"
The criterion for the Switches group is based on the value of a user defined field, Admin_responsibility:
Device.Admin_responsibility equals "HDM"
The Physical Location groups work - the Switches group does not. Both the HDM and the HHC group should contain several devices. The HDM group contains 2, the HHC contains none. If I edit the groups and click "next" until I get to step 3, Membership: Edit, the "objects matching criteria" list is fully populated - it contains the devices that it should contain. However, after I click "Finish" and go to Inventory => Add / Import / Manage Devices there is no change in group membership - the HDM group contains 2 devices and the HHC group contains none.
I am trying to setup Fault Monitoring on LMS 4.0. When I try to create a Fault Notification Group no devices are listed. They appear to be listed in all other places so I am at a loss as to explain why they are not appearing.
View 7 Replies View Related1) Is it possible for 2 WLCs installed in seperate data centres with L3 seperation to be joined in a mobility group? We will have aps in the branch offices split between controllers so we want to make sure roaming work ok. Also all guest access should be anchored to data centre 2.
2) in flexconnect local switching mode, do I need to create flexconnect groups if I'm only using radius servers in the data centre with no requirement to use local radius as a backup?
I am trying to configure multiple dsl-groups on a HWIC-4SDHSL-E module and the option does not exist. According to the Cisco documentation I should be able to do this, but I only get pairs as an option.
1921(config-controller)#dsl-group ? pairs Link number <cr>
[URL]
This is what I am trying to do which I have done before on the 1841.
dsl-group 0 pairs 0, 1
shdsl annex A-B
shdsl rate 4096
[Code].....
configured 2 EzVPN groups using a 2811 router, i am trying to do this but is not working i have another VPN working thru EzVPN but if i try to configure another group for another EzVPN client is not working and the problem is that the debug crypto isakmp say that Apr 3 08:45:25.802: ISAKMP:(1309): phase 2 SA policy not acceptable!
How is that possible? in my understand the EzVPN server will inject the the IKE (phase 1) and IPSec (Phase 2) parameters for the client and that's they dont need to negotiate nothing, is important to say that the EzVPN client is an ASA5505 with onlu DES encryption enabled, 3DES and AES are not available due to licensing reasons.
I have seen similar references to this issue, but no concrete solutions. My new ACS appears to join my domain with little or no issues, however, when I go to list the groups nothing is ever listed.Running ACS as a vm.I have set the ntp server on the ACS server to match my domain.I can ping all domain controllers/DNS servers.nslookup resolves hostnames of my domain controllers
***Update***
I verified that a computer account for my ACS is in fact being created, however, I am receiving some Kerberos errors on my DC with the FSMO roles:
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 26
Date: 8/5/2011
Time: 3:07:46 PM
User: N/A
Computer: <MY DC>
Description:While processing an AS request for target service krbtgt, the account <ACS SERVER> did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes were 17. The accounts available etypes were 23 -133 -128 3 1.
Is it possible somehow to define externally administred DNS namese in ASA 8.4 in within object groups?i know that we can use name XXX, but some idea popped up using this kind of configuration.
View 3 Replies View RelatedI have an ACS 5.1 and am trying to integrate with windows 2008 R1. The ACS has a valid AD account and indicates that its connected but when I try to list any directory groups my windows IE browser hangs?
View 2 Replies View RelatedI'm in the process of reconfiguring our DFM module have some significant network changes. I've reinitialized the modules databases and manually imported a test group of routers into DFMs device management. The devices have been found and have a known status in the device summary.When I begin the process to create a notification group for email based notifications, the notification group selection window shows no devices available. If I manually search for the devices, I am able to find them, but after selecting them, I'm given the following error:"The devices contaminated in the subscription are no longer found in the inventory"I've confirmed the devices existence in CS and RME.
View 6 Replies View RelatedI have a Cisco Flex 7500 in my datacenter and I need to connect 100 sites , each site with 2-3 APs , each side has its own network and is independent of other sites , the site only need to comunity locally and do not need to access any centralized applications.
I am trying to achieve this by Creating 100 different AP groups and assiging 2-3 AP in each groups for each branch, I will achieve WAN failover resiliency by creating flexconnect groug , the issue I am facing are as below .
1.Since all the sites has same setup , the AP and clients on all sites are in vlan 2 , so when I try to create 2 or more AP group with same vlan, it restricts me of doing so , I cannot create diffrent AP groups mapped to same Vlan .
2.If I keep the APs and Clients in the same subnet , I dont think it should be a problem , but I need your second opinion.
to give you an even better picture , look at the topology enclosed , and my question is if both STAFF and STUDENT APs are in same vlan but in 2 different broadcast domain , how would I create the AP groups.
I've configured three specific AD groups, Admin, Storage, and HelpDesk, with their own commands sets.
This seems to be working fine, but everyone can log into everything, but they can't do anything except exit.
My goal is to not allow anyone to login that is not part of the three AD groups I have specified with the respective command sets.
All the logins hit the Admin account, even though the id in AD is not in the that AD group. I have something screwed up.
how to change the order of the groups that are displayed at the SSL VPN sign in page? I am using an ASA-5520. Right now the anyconnect client group displays above the clientless SSL intranet group and I want it reversed.
View 6 Replies View RelatedDid any know that how many AP Groups can be created by one Controller? (5508) May I have 100 AP Groups?
View 3 Replies View RelatedAs we all know, MS has changed the default workgroup names in different versions of windows. Additionally, you can rename your workgroup anything you like. I have XP, Vista, and Win7 computers, a television, BluRay player, a Wii, two printers, and a NAS with two USB drives attached. All of these -except the Win7- are wired to one of two switches. I have wireless: iPad, the Win7 notebook, Nintendo DSs. I have friend, and non-friend machines (computers, tablets, and phones) that come and go that are wired or wireless. The 3 windows computers all have the same workgroup name. All of my other units do not use workgroup names. I have a router, and two unmanaged switches, and have, on occasion, a second router. The main router, which has wired, and dual band wireless (each with two named wireless networks) nets, sees everything, by name and/or MAC address. Win7 is blind, deaf, and dumb.: it shows its own workgroup name, but no other workgroup name(s) , and, consequently, no unit on these other workgroups. It will show some wired units not in a workgroups - the television, and the printers (not the Wii or NAS). It will not show the wired XP computer! No wireless units either in workgroups or not in workgroups appear. Additionally, Win7 only shows units on its wireless network, not on the other three. The wired units it does show are not on any of the wireless networks, though it lists them on its wireless network.I have left the Homegroup, and terminated the Homegroup services. I have allowed discovery, and unlimited sharing of everything on every computer on the router, and yet the Win7 unit does not share or see well at all.Why?
View 2 Replies View RelatedI of course have a home network set up. My home network is on the HomeGroup Home1051 --- I have a work PC that I want to be able to use the networked printer on HomeGroup Home1051, but it is set up under a work Domain so I can have full access to work files etc.Is it possible to somehow share the printer on my Home1051 HomeGroup with the work computer on a Domain?
View 1 Replies View Related