I am trying to get CiscoWorks LMS 4.0 to connect to my routers in order to back up configurations, but I am getting SSH authentication failures reported in the router logs (and archiving fails).
The credentials LMS is using is a username and password with priviledge 15: the account is established in TACACS+. I can log into the devices directly with this user account.However, I cannot TFTP from the routers to the LMS either (I get a permission denied message in the router).
LMS did manage to fetch some configs, but 90% of my devices are having this issue.
I'm trying to get user authentication backed off to ACS 5.1, I've got it working but not the way I'd like. This is using the TACACS settings not ACS mode.I've created a local user in CW and assigned it to the correct roles, then created a user in ACS with the same name and a different password and this works fine.My question is can I set the roles on the TACACS server using a shell profile/custom attributes. All the documentation I can find is for ACS v4?
I'm using the Cisco ANM 5.2 version and I'm trying to import the configurations from ACE modules of Cisco switches. The first step is to import the configuration from Cisco switch and the second one is to import the ACE module in the ANM software. I'm getting an authentication problem to import the configuration from Cisco switch and of course I cannot import the ACE as well. The switches and the ACE are using AAA authentication and I have created a specific username to authenticate and import the configurations in the ANM. If I remove the AAA configurations from the switches and ACE modules it works fine.
Is there some problem with the AAA configurations in the switches or ACE module?
I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
Then I have change the profile XML file of my anyconnect in this way: [code]
I've set up several local network users (Security > Local Net Users) on the WLC (5508 running 7.0.98.0). Whenever I try to connect with one of these user accounts (I'm testing this out for now), the attempt is unsuccessful and I see an "AAA Authentication Failure for UserName: xxxxxxx User Type: WLAN USER" in the Trap Log. I thought that after trying to authenticate through a RADIUS server, the local user database would be polled and then a user account in that database would be able to authenticate.
I've my ACS linked with AD to give administration access to few network devices and I've created an access policy to link my AD groups with those network devices and command sets.
Unfortunately I found I can use any user from my AD to login to my devices. Only LOGIN, the authorization definition is restricting the command set for those users.
How can I restrict the LOGIN to an specific AD group?
I have a Cisco Small bussiness RV120w and I setup the radius server , WPA2 Enterprise with a windows 2008 NPS radius server . The big problem is that the authentication fails .This is the error that I see in event viewer / server roles / Network policy and access services: reason-code 49 "The connection attempt did not match any connection request policy".The radius key is matching between the server and the client . The radius server is reachable and I don't find any routing issues .Does anybody tested this router with this type of wireless security?
we have ACS 4.2 and 2851 router with IOS 15.0(1)M4. There is authentication failure with error no 254. Is there any compatibilty issue with 15.0(1)M4 IOS
I have been noticing in my trap logs that there are an excessive amount of Client Association/Authentication Failures. I cannot figure out why. I have a Cisco 5508 WLC with 81 AP's (1131ag, 1142abgn, 1262N) models. The wireless devices are on a Windows Domain and use 802.1x EAP authentication, authenticating the user and computer info with a RADIUS Server. I look at the logs and all it can tell me is Reason:Unspecified ReasonCode:1. I read that the Reason Code is due to "Client associated but no longer authorized" but to be honest I am not sure what that means.
I have a question about ACS RADIUS authentication with Alteon 3408 L4 Switch.
I configured a ACS 4.2.1(build 15 patch 4) software for windows on Windows Server 2008 Server STD.TACACS authentication with CISCO product was successfully passed.but RADIUS (IETF) authentication with NORTEL 3408 Switch was failed. ACS Authentication Failure Code was a " ACS password invalid "
I read the post that RADIUS VSA is needed in my environment.but i can not search any sample Nortel VSA dictionary configuration. Need Notel specific VSA configuration.
Is there a way to configure an email notification for a specific authentication failure? Specifically, I'd like to see if I can have an email notifcation sent to me when failure reason is "13017 Received TACACS+ packet from unknown Network Device or AAA Client".
Just installed 2 E4200v2's for a customer today. Was very optimistic because they worked great in my lab, both for my Win7 laptop a MacBook. And after installing 1 on-site and testing w/ my laptop, it worked fine.BUT problems arose when I installed both at the same time (I don't think I ever did this in the lab) and then I tested some computers. Every computer that I tested (except mine of course), cannot authenticate correctly using the WPA2 password.
For the Mac's they get the error "The wi-fi network... requires a WPA2 password" then after entering the *correct* pswd, it says "Invalid password". They're a Mac shop, but I did try one other Win laptop and that also had a problem, and the error was something like "security mismatch" although I was rushed and didn't write it down.
I upgraded the LMS 4.0 with LMS 4.0.1 but now the events are removed of Fault View. The equipments than I am monitoring are: ME-3600, ME-3800 and ASR 9000. This is a configuration problem or I have to update something else?
I am running CiscoWorks LMS 4.0.1 since 6 months and I wanted to generate today a report about the interface utilization on 2 Cisco switches (Catalyst 3750G). The corresponding job is created, it runs and then i get "succeeded with info" in the "Run Status" column. When I want to click then on the "View Report" link, I get the following error: "Could not generate the report. Either data is not available for the specified duration or the report job failed."
I tried the same procedure with 2 other switches but I have got the same result.
A while back we were looking into upgrading our SUN/Oracle server to better service our CiscoWorks. Our vendor (partnered Cisco Vendor) told us that Cisco was developing an appliance like WCS and CNR that runs Redhat for CiscoWorks.Does any one have any info on this or could this be a rumor?
We do not run Windows devices on any of our network enterprise and this would be so cool!
Oracle is getting to be a clone of Windows..in our opinion
If this is true, I will happy to sit and wait for it.
We now run LMS 4.0 on a SUN/Oracle T2000 and it seems to be bottlenecking.
When trying to start CiscoWorks Daemon Manager i get the following message:"The CiscoWorks Daemon Manager service on local computer started and the stoped. Some services stop automatically if they are not in use by other services or programs."I have tring starting the service from DOS also and get,E:Program FilesCSCOpxsetupsupport>net start crmdmgtdThe CiscoWorks Daemon Manager service is starting.The CiscoWorks Daemon Manager service could not be started. The service did not report an error. More help is available by typing NET HELPMSG 3534.
I am trying to use Ciscoworks LMS3.2 with RME 4.3.1. to upgrade many, many Cat3750x stacks we have laying around. The problem I am having is that Ciscoworks downloads the new image to the Stack’s master switch only and not to all switches. When I reload the stack after the download, any switch could become the master. I already set up the priority to always have the same master, but the process is unreliable and more than once I ended up with another switch as a master. In any case if the master is not the switch with the new image, the stack will keep the old image as their running image and the switch with the newer image has problems joining the stack (after a while it downgrades and become stable)I know how to do it manually, but I was hoping Ciscoworks would be able to do this for me. It would make my life much easier.
I upgraded CiscoWorks LMS from 3.0 to 3.2 today. Everything worked prior to the upgrade.The upgrade was successful, with no errors, and all services started. check everything and I see no problem. The system creates the file MDCSupportInformation.zip me clean without any content.I add the installation log file;And tell them that after upgrading to 3.2, you carge the following patches:
I set up RME several years ago on our Ciscoworks several running LMS 3.2 to notify us on any BGP flaps via email notification.I noticed the last couple maintenance period where we had perform Circuit work with our ISP's. We haven't received any emails....I verified those routers are configured to send notifications in the Device Selector and even checked the router logs.
004161: Nov 20 05:04:52 EST: %BGP-5-ADJCHANGE: neighbor X.X.X.X Down BGP Notification sent 004162: Nov 20 05:04:52 EST: %BGP-3-NOTIFICATION: sent to neighbor X.X.X.X 4/0 (hold time expired) 0 bytes
The syslog collector status appears to be normal.....
I'm using CiscoWorks LMS 4.0.1 and I need to activate a remote syslog collector.Installation occur without errors and the test subscription is fine but syslog reports are always empty!These two servers need to communicate through a firewall.I'm not able to define a correct rule, a "permit ip any any" does not work also!
I'm installing CiscoWorks LMS 4.0 on a server running Windows 2008 R2 Standard Ed, 64 bit. I'm using the patch to run the setup program. Now I'm upgrading to 4.0.1 without using the patch.
i am currently trying to use LMS 3.2 Compliance management to verify and alter our access port configurations for 802.1x. Below is our current configuration
