Cisco :: Setting Up NTP Authentication
Oct 13, 2011Just a sanity check, but setting up NTP authetication on our switches to sync with our Core first, then our NTP server that the Core syncs to second.
View 3 Replies
ADVERTISEMENT
Cisco AAA/Identity/Nac :: Setting Up ACS 5.2 TACACS Authentication With JUNOS?
Aug 6, 2012I have ACS 5.2 and JUNOS 10.6.x I setup 2 classes eng-class and ops-class with read/write and read-only permission here is my configuration on JUNOS
set system login class eng-class idle-timeout 15
set system login class eng-class permissions all
set system login user engineer full-name “Regional-Engineering”
set system login user engineer uid 2001
set system login user engineer class eng-class
set system login user engineer authentication plain-text-password xxxxxxx
[code]....
I have 2 separate Authorization policies for engineer and operator group.Result,
1. engineering group is working fine.
2. the operator group its not working im unable to login to device under this group "authentication failed" but on the ACS logs its successfully authenticated.
3. Web authentication is not also working for bot group.
Cisco :: 2504 LDAP Setting Up To Accept Authentication Based On Device
Aug 19, 2012How can I setup the WLC to accept authentication based on the device itself and not a user?
View 7 Replies View RelatedCisco :: 802.1x For LAN Authentication?
Jun 27, 2012how many of you use 802.1x for authenticating users on a wired LAN. We have a new site which supports a ton of users and before implementing an RA VPN solution for them I was thinking about using 802.1x to ensure they've got proper credentials before they're put on the production VLAN.
View 11 Replies View RelatedCisco :: Authentication Proxy In ACS 4.0?
Feb 2, 2011how can I config Auth-proxy In ACS 4.0 in ACS 3.3 we can Add this in the Interface , but I can't see any thing for Add Auth-proxy in This menu
View 2 Replies View RelatedCisco :: Proxy Authentication On IOS?
May 20, 2011Currently working on Proxy Authentication on a catalyst 3750GCisco's documentation says that I can customize my own web pages for the login, success, failure, and expire web pages. However, I am having a difficult time finding a template to build upon.
View 8 Replies View RelatedCisco :: Mac Authentication By IAS In WAP4410N
Feb 20, 2012I have a access point model WAP4410N , I want to configure for mac authentication by using MS IAS , but when I set MY SSID to radius in wireless connection control and try to connect to that SSID by a laptop I didn't get any logs in my IAS. My methods for radius mac authentication is correct or not ?
View 1 Replies View RelatedCisco AAA/Identity/Nac :: Web-authentication Using ASA And ACS 5.1
Feb 2, 2012In order to restrict access to websites on our internal network, would we be able to put an ASA in front of the web server and force users to authenticate through the ASA and, once authenticated, allow only port 80 or 443 traffic for that use? The ASA would query the ACS 5.1 server for authentication/authorization using AD as the identity store. Is this even possible with TACACS?
View 1 Replies View RelatedCisco AAA/Identity/Nac :: MAC OS-X And Authentication Via ACS 5.2?
Apr 1, 2012My customer has a large installed base of MACs, all connected via controller-based (5508) WLAN. He wants to grant access to the network based on the device's mac addresses and move the WLAN-clients to a specific VLAN.I added all devices with their mac addresses to the ACS internal identity store for hosts.According to the following message the client sends the user-login credentials (chegger) within the RADIUS-request instead of the clients mac address and of course it has to fail. After many configuration changes, I ended up always with the same result.
View 2 Replies View RelatedCisco :: ACS 5.2 EAP-TLS Machine Authentication
Feb 21, 2012I have set up an ACS (5.2) to do EAP-TLS Machine and User Authentication.I am getting intermittent results with the machine authentication using the same laptop as a test client.When the machine authentication succeeds the RADIUS name shows as host/xxx-yyy.When the machine authentication fails the RADIUS name shows as xxx-yyy without the host/.
View 9 Replies View RelatedCisco WAN :: 881 To Be Able To Pass On PPP Authentication
Feb 26, 2012I need to order a CISCO881, only CISCO881-K9 is available.I checked everywhere, still not sure if it is enough for me. We used to buy Sec-K9.I've got an adsl modem in bridgemode in the front. As only 1 IP provided by ISP, I need 881 to be able to pass on the PPP authentication.I also need the router to have vpn server function.Could CISCO881-K9 do this or not?
View 1 Replies View RelatedCisco AAA/Identity/Nac :: EAP-TLS Authentication With ACS 5.2
Jun 13, 2012I have question on EAP-TLS with ACS 5.2. If I would like to implement the EAP-TLS with Microsoft CA, how will the machine and user authentication take place? Understand that the cert are required on both client and server end, but is this certificate ties to the machine or ties to individual user?
If ties to user, and I have a shared PC which login by few users, is that mean every user account will have their own certificates?
And every individual user will have to manually get the cert from CA? is there any other method as my environment has more than 3000 PCs.
And also if it ties to user, all user can get their cert from CA with their AD login name and password, if they bring in their own device and try to get the cert from CA, they will be able to successfully install the cert into their device right?
Cisco :: 877 - SMTP Authentication
Dec 17, 2010I'm using a router 877 at home and i really need to check out what this router do during the day. So some time ago i configured it using some eem actions and sending to me email, without any problems. Yesterday I changed my internet provider and now i need to use smtp autheticantion to send emails.
I read about how to authenticate, like username:password@host and also made a fast search here, without solve my problem. I need to put as username the email of the provider like: mouse@host.com:mypassword@smtpserveraddress.com. So, i want to know if someone had the same problem and solved it. Of course i couldn't use @ two times or eem would think that host.com is my smtp server! And right now is going in this way!
My IOS version is 15.1(2)T2, eem version is 3.1.
Cisco :: NTP Authentication On 3750
Oct 31, 2011Trying to apply NTP authentication to 3750 switches (layer-2 WS-C3750-24P switches) but they don't wont to work. Applying the same config to any router or 4500/6500 chassis, and NTP authenticates straight away. NTP without authentication works fine on 3750s as well...
ntp authentication-key 1 md5 <key>
ntp authenticate
ntp trusted-key 1
ntp server 10.200.11.200 key 1
Is there additional config required for 3750s? This is across different IOS versions, so doesn't look like a bug..
Cisco VPN :: 851 - AAA Authentication - Not Configured
Jan 18, 2012I have cisco 851 using ccp to configure EASY VPN
I click on TEST VPN SERVER then click start the status shows successfull
when I tried to connect a client I get mm_no_state
When I reviewed the report from the test I found
AAA authentication : Not configured
My AAA
aaa new-model
!
!
aaa authentication login tgcsusers local
aaa authorization network tgcsvpn local(code)
Cisco VPN :: SSL VPN Authentication Using Radius ASA 8.4
Apr 25, 2011I am running ASA version 8.4(1), and anyconnect version 3.0.1047. My SSL VPN works fine, but i run into an issue with one user . his account did not work , and everytime users logged in it got this message "VPN Server could not parse request".
I found the problem after getting a user information meaning his username and password. His password had "&" as one of the special characters. when we change it to something that does not have that , it works just fine.
We are using microsoft NPS server as radius. but when i run a test within CLI it works just fine, only when anyconnect asks to authenticate it fails.
Cisco :: Getting CWLMS 3.2 And ACS 5.2 Authentication?
Aug 26, 2011before i have problem, i installed CWLMS3.2 and ACS 4.2 and everything is ok, but after upgrade, ACS 4.2 to ACS 5.2, CWLMS can't authenticate to devices and get their configuration. i checked everything include creadential, and i debuged aaa authentication and tacacs on devices. it seems devices can not get username from CWLMS. also i run putty on CWLMS server and try to telnet to devices with ACS username nad password, and the result, there is no problem, and i can telnet to device with ACS username and password without any problem.
the below text is the output of debug on devices when CWLMS try to archive configuration:
R#
Aug 27 05:10:11.571: AAA/BIND(00000064): Bind i/f
Aug 27 05:10:11.571: AAA/AUTHEN/LOGIN (00000064): Pick method list 'CACS'
Aug 27 05:10:11.575: TPLUS: Queuing AAA Authentication request 100 for processing
Aug 27 05:10:11.575: TPLUS: processing authentication start request id 100
Aug 27 05:10:11.575: TPLUS: Authentication start packet created for 100()
[code]...
Cisco VPN :: LDAP Authentication On ASA 8.2(1)
Oct 29, 2011i am facing an issue while trying to configure LDAP integration on Cisco ASA firewall. The requirement is allow the remote access VPN to specific group defined on AD. When i checked the debug logs " debug ldap 255" , it shows that the authenication is sucessfull with the LDAP server , but the ldap attribute is not getting mapped and because of this reason , the tunnel-group default group policy of "NOACCESS" is getting applied ( vpn simultanous set to zero) that results zero connection.
I confirmed this by changing the value of NOACCESS from zero to one and found that the VPN is getting connected
The name of user account is testvendor that belongs to the group of Test-vendor.
The configuration and debug output is shown below.
SHOW RUN
ldap attribute-map ABC-VENDOR
map-name memberOf Group-Policy
[Code]....
Cisco Switches :: ESW 520 802.1x Re Authentication
Sep 13, 2012I have problem with ESW 520, on 802.1x authentication. The problem is when host authenticates successfully it works about couple of minutes, after it truest too authenticate again but it lags. On network interface it shows notification that if Failed authentication. On ACS I see only one authentication attempt which is successful. This problem is happening on Win7 and Win XP. If I unplug and plug cable it authenticates successfully, but then about couple of minutes it again lags. Switch sees port as authenticated. On Win7 event viewer I have following error:
Reason: 0x70004
Reason Text: The network stopped answering authentication requests
Error Code: 0x0
If I connect same hosts on Catalyst 2960 switch, they work successfully.
Cisco AAA/Identity/Nac :: AD Authentication In ACS 5.3
Jan 22, 2012I have a new ACS 5.3 installation which I have joined to our AD Domain and added the directory groups into. I have also added all our devices into ACS and their groups etc but I am still only able to authenticate on the our switches with an internal ACS account, when I try with an external AD account the log shows the following error "Subject not found in the applicable identity Store (s)"
View 1 Replies View RelatedCisco :: 802.1x ACS 4.1 Authentication Required
Jul 9, 2012I will attempt to explain the history of our wireless controller configurations as best I can. We are currently using a 4400 controller running 7.x software which authenticates to and ACS 4.1 appliance. All of this was set up prior to my arrival on the job and the previous engineers had already left with no documentation in place so I'm trying to piece it together. The ACS is setup to map to AD for specific groups.
In the controller we have an SSID called triton which is our corporate SSID that all internal users connect to. Three different interfaces have been defined, a general one for most users and two others( lets call them INT1 and INT2) that place users on separate ip networks. The reason for this is those ip networks can reach certain services that are not allowed for general users. ACS maps those users upon authentication to the Vlans associated with those separate ip networks.
Problem 1. When I first took this job, users could not map drives or any services because only user authentication was taking place..After some troubleshooting and realization that ACS was authenticating, placing the "Domain Computers" group as an ACS group mapping fixed that issue, allowing the computers to authenticate prior and therefore execute the login script
Problem 2. Recently it has come to my attention that some of the users on one of the other interfaces (INT1 and INT2) that should be placed in the vlans associated with their AD group mapping are not. Upon further investigation it was discovered that the reason they are not is that the authentication is not correct. When the computer first authenticates before the user logs on its shows in ACS as host/xxxxx.yyyy.org where the user authentication shows as xxxxx/username . So some of the computers never change from authenticating as a host to a user and the ip address ends up in the wrong vlan.
Cisco :: Chap Authentication Not Working
Apr 3, 2012im having trauble when using chap as authentication for my two routers, i dont know whether my configuration is wrong or not.Is theres anything wrong with the configuration ??note : both routers are c2961
View 11 Replies View RelatedCisco :: Radius Authentication Time
Aug 6, 2012Any software to measure Authentication time between client and Radius serverr.
View 8 Replies View RelatedCisco :: VRRP Authentication Failure
Jan 1, 2013I have a following question. I configured different authentication passwords in Master and slave VRRP setup.
View 2 Replies View RelatedCisco :: CHAP Authentication / One-Way Hash
Jun 17, 2012How the one-way hash is generated given the challenge number and shared secret password?It's just that I was reading Cisco 3 chapter 7, and it doesn't explicitly outline how the one-way hash is actually generated, it simply states that it is generated given the challenge number (randomly generated for every challenge message) and the shared secret password.
View 1 Replies View RelatedAAA/Identity/Nac :: Cisco ACS 5.1 And RSA Authentication Manager 6.1?
Apr 18, 2010We got recently a Cisco Secure ACS 1120 and i upgraded the Appliance to 5.1 from 5.0 with all your support
Now I need to integrate Cisco ACS 5.1 with RSA Authentication Manager 6.1 . I Successfully Downloaded config file from RSA ACE Server and exported into ACS 1120.
I also Added ACS as a NetOS Agent in the RSA Server , during the process i found few warnings . The ACE Server is not able to Resolve the IP Address to NAme ( DOes it Necessary ?? ).
I havent created any secret Key file for communication between ACS and RSA and encryption i used is DES.
Now when I log into ACS and search for Devices in the Identity Store Sequences i am not able to Look for RSA Token Sever .
AAA/Identity/Nac :: IPS / IDS Authentication With Cisco Radius ACS 5.2
Nov 22, 2011I have been trying to get our IPS (ASA-SSM-10 and 4260) to authenticate with Cisco Radius ACS 5.2 and they are not working. However, I was able to get them working with Microsoft Radius. Below is the logs from the IPS:
evStatus: eventId=1321566464942057375 vendor=Cisco originator: hostId: NACAIRVIDLAB1 appName: authentication appInstanceId: 350 time: 2011/11/23 17:50:38 2011/11/23 09:50:38 GMT-08:00 controlTransaction:
[Code].....
Cisco :: Wism 6.0.196.0 / Web Authentication With Android?
Nov 11, 2012web authentication when using Android devices. I've been testing it and it seems to be caused by certificates (as it has been said in others discussions). With https disabled in the WLC (Wism 6.0.196.0), the portal authentications loads, but no with https. In addition, another issue I've detected is the DNS resolution of my controller by 1.1.1.1 when redirection takes place. With https enabled, DNS resolution and redirection works fine, so I don't think DNS server misconfiguration is the cause of the problem.I've only been able to see the portal with https disabled and entering manually 1.1.1.1/login.html
View 13 Replies View RelatedCisco AAA/Identity/Nac :: Re-authentication In End Points Using ISE 1.1
Dec 13, 2012If laptop/desktop goes on sleep mode or keep connected with interface configured for 802.1X for more than 12 hours it does not work or not connect to Exchange server, Cisco ISE console, office communicator..for re authentication i need to restart PC/ Laptop or unplug and replug lan cable from it!but before restarting i am able to ping all DNS, DHCP, OCS, everything..[code]
View 6 Replies View RelatedCisco VPN :: ASA 5510 VPN User Authentication
Apr 5, 2011We are changing our old Pix 515e this weekend and for brand new ASA 5510.With this new installation, I would like to implement the Radius authentication for remote vpn user. Changing the firewall of the company has many impact and for the first phase the user will keep authenticating locally but I need that in phase 2, they will be authenticated via a radius server.Is there a way to configure both authentication for remote vpn user?
All user will be authenticated locally except the member of the IT Department who will be authenticated by the radius server for testing.I have remote vpn users around the world so I do not want these users to be blocked by the testing of the radius authentication. What I want is that users in group1 will be authenticated locally on the ASA and users in group2 will be authenticated by the radius. When testing will be done, all users will be transfer to the radius authentication gradually.
Cisco AAA/Identity/Nac :: Two Factor Authentication On ACS 4.x / 5.x
Mar 9, 2011I would like to konw does Cisco ACS 4.x / 5.x natively support Two factor authenication, but not act as a Radius Proxy?
View 1 Replies View RelatedCisco AAA/Identity/Nac :: Limit AD Authentication With ACS 5.3
Feb 23, 2012I need to limit to some AD groups, authentication with ACS 5.3.For example, i need that only users os somedomain.com/users/test1 are authenticatet via ACS --> ADS.
View 1 Replies View RelatedCisco Firewall :: SSH Authentication In PIX 515E?
Sep 5, 2012I have a PIX 515 Ewhich does authentication for SSH via RADIUS protocol and fails over to the local database if radius server goes offline. But when the radius server comes back online, authentication still takes place through LOCAL and not the radius server. Following are the commands:
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
[Code].....