I´ve a little problem with the aaa authentication over RADIUS with a Cisco 3560G-48PS - IOS 12.2(58)SE2. When I try to log in to the Switch per Telnet, it didn`t works and my windows domain account is locked. Here the aaa config:
aaa new-model
aaa authentication login default local group radius
aaa authorization config-commands
[Code].....
We created some local account for this switch but we unable to login when the TACACS Server down.
3750 Switch
aaa group server tacacs+ ACS
server x.x.x.x
server x.x.x.x
ip vrf forwarding Mgmt
ip tacacs source-interface GigabitEthernet0
[code]....
We are using mac authentication, it is working fine on all of the other 3560's except this new one.
Mac address shows up completely different (very long hex, doesnt even look like a mac address) on ACS compared to what its showing on the switch in the mac address table.
Im stumped, config matches every other 3560 in the building, has something changed in the v2 software compared to the older 3560's ?
My configuration:
radius-server host 10.138.44.57 auth-port 1645 acct-port 1646 key 7 ******
!
aaa new-model
!
aaa authentication dot1x default group radius local
[code]....
I have a 3560-X switch and want to access it through GUI. what image I need to download and steps to use GUI(Just like ASDM for ASA 5500 series Firewall).
View 1 Replies View RelatedI'm using a radius server to authenticate ssh when connecting to my company's switches (a 3560 + several 2960s).
Everywhere I've looked claims that using the line 'transport input ssh' in my switch config should disable telnet access and allow ssh only. But after changing 'transport input ssh telnet' to 'transport input ssh' I can still connect to all of the switches from telnet. I can't block telnet with ACLs either because my company uses a telnet based terminal client to do most of their work.
I don't have much experience with radius. How do I stop telnet connections when using radius to authenticate?
I can't seem to find out what this means. Every 6 months or so, my 7204 locks up. I can't even get to it via the console port and I must reboot to access it. I noticed this alarm in my logs.( ASSERT CRITICAL PO1/0 Threshold Cross Alarm - B3) I've looked on-line but can't pinpoint it's meaning. Looks like a flapping interface but might be something else.
View 6 Replies View RelatedTo start off, I work for a small business where we do not have an IT department
One of our users changed his domain to a workgroup (made us rethink who has admin access on all our PC's) thinking that it would somehow fix the problem he was having with not being able to print anything to a network printer. Well, this promptly called for a restart and upon restarting would not allow him to log back into the user account.
This all makes sense to me as to why it will not let him log-in using credentials that he is no longer a part of due to security restrictions. But my question is how do i recover the account? In other words, how do I go about rejoining that user account to the domain that everyone is located on.
If all new user accounts are defaulted to join the domain, how come its not just as easy to move a user from a workgroup back to that domain?
Also, the machine is running Windows XP. It's critical that I get the old user account set back up because it was used for Outlook e-mail as well as several important documents/spreadsheets. I know that none of these files are lost as I can still navigate to them through the Local Disk. But really I would like to get the old user account working instead of having to copy/paste all the old content to a new user account in order to hopefully retain all old settings and configurations. tl;dr A user on our domain moved his user account to a workgroup and now is unable to login or access his user account. How do I move the user account back to the domain?
We have a Cisco ACS 5.2 deployment (appliance). It has an existing integration with Active Directory. We utilize this with RADIUS to authenticate our wireless users and TACACS for managing our network equipment.The RADIUS reports are useful for other teams (outside my own) to be able to troubleshoot password and account lockouts (everyone forgets to change the password on their phone).I would like to allow this team and other access to view the RADIUS authentications report.
View 2 Replies View RelatedWe had a power outage that kicked off our server and our network switch (2008R2, Cisco2960), before we could get it back up, a user was able to log into his laptop.
The user used the domain login - not the local machine account - he obviously wasn't able to access any shared resources, but how did he log in with a domain account, when the server and switch were both off?
my yahoo password not working
View 1 Replies View RelatedAny detailed knowledge about Cisco ACS 5.1 and Windows AD interaction? I wonder why does Cisco ACS domain account must have permission to create/delete domain objects. This fact does really surprided me, because to my mind Cisco ACS only reads domain structure, and does not make any changes.
View 3 Replies View Relatedeach time i type my email and password a red message appears telling me that the account domain is reserved
View 1 Replies View RelatedI've set up a ACS 5.1 Server an want to use it with our LDAP System. Therefor, I'm trying to login to a Cisco 1841 by using my LDAP Account, but it dosent work. The ACS seems not to know that it should use LDAP, because I get,"22056 Subject not found in applicable identity stores"LDAP is configured as Identitiy Store, the bind test works successfully and I created a sequence, where LDAP is at first position. What goes wron?? (TATACS for loal ACS Users works)
View 3 Replies View RelatedI can not access my hotmail account through msn.com, nor can I login to msn messenger as before. I get error message as follows:The requested URL /login.srf was not found on this server.Apache/2.0.59 (Unix) DAV/2 PHP/4.4.5 Server at [URL]Port 80
View 1 Replies View Relatedcant sigh into yahoo account e-mails
View 1 Replies View RelatedWe are using ASA5520 as our VPN concentrator and has configured IPSec authentication using digital certificates with Microsoft CA for the remote access VPN. The AAA server used for remote user authentication is Windows Active Directory. Screenshot of the AAA configuration is attached. The problem we face is that the "Login DN" account (marked in red box in the screenshot) is frequently getting locked out in the active directory. I have confirmed that the password is the same on both ends and the account is not used any where else.
The NTP server configured for the VPN concentrator is the Active Directory itself but no accounts are configured (not required) for updating the time service in the concentrator.
We set up our new Linksys last night but when the password was written down there is no distinction between upper and lower case letters - I can't login to an account page or do anything and I needed a password for a visiting friend.
View 1 Replies View RelatedI am running the Startup Wizard from my browser as I do not have a Console Access for a brand new CISCO ASA and I am stucked with the User? Password ? I tried many combination and nothing worked.
View 1 Replies View RelatedI have put my pc in work group from domain then it has restart then 1 user has displayed name is what is my pc name,but when i click on it, it become log off again, after so many try i haven't login. there is no any option for switch user.there is only option for shutdown,sleep & restart.
View 2 Replies View Relateduser can't login into domain with right credentials in active directory
View 6 Replies View RelatedI have RADIUS servers configured to authenticate administrative users and authorize them at a low level. This is working well. I also have a local level-15 user in case all of my RADIUS servers time out and someone needs to change something. This also works well. The issue I'm having is that a low-level user can log on using the RADIUS severs, then issue the "login" command and enter the local level-15 user's credentials and then operate at level 15.
I do not want the local account to work at all, except in the case that all RADIUS servers are unavailable. What I've described above works around this. How to disable the "login" command or force it to try RADIUS servers first? This is for ASA 8.2
Im trying to configure a 7204 for radius login authentication, although the router is also configured with radius for VPN access. How can I configure it for both using 2 different raidus servers? the login via radius is working fine on another router, although that one is not doing VPN access so there's no conflict.
My config:
aaa group server radius RADIUS_AUTH server x.x.3.11 auth-port 1645 acct-port 1646
aaa authentication login networkaccess group radius local
[Code]....
For some reason, this does not work. I cannot access the router and authenticate via x.x.3.11 radius server. I think there's a conflict between the VPN and the login authentication but im unsure how to resolve this.
'm able to setup my 3750e switch to login through a radius server with my company user id and password but would like to be able to set it up that when I log in it drops me on the enable prompt. Right now I have to type >en.Then the enable password.
View 1 Replies View RelatedCan we enable ssh on 3500 /3600 APs along with use radius for login authentication? idea here is to that ssh will provide another method to access the AP for troubleshooting purposes.I know with autonomous mode APs this should not be an issue but not sure with lightweight APs.
View 2 Replies View RelatedI'm unable to login Switch.......getting following error...I have tried this commands on other 3560 that worked...when I enter user name & password re logging authentication failed error occurs .........This is remote site Switch.
[code]...
setting up VRF-lite on redundant 6509-E chassis to account for chassis failure? Let's say I have 2x 6509-Es configured with HSRP for 2 vlans, ServerA and ServerB. So
6509-A#
!
interface Vlan10
description ServerA VLAN
ip address 10.10.10.2 255.255.255.0
ip flow ingress
standby 1 ip 10.10.10.1
standby 1 priority 105
[code].....
I now need to create an environment where the Server VLANs can be provided for two customers and they need to be wholly separate. On 6509-A, I make VRF CustomerA and VRF CustomerB and I assign Vlan10 to VRF CustomerA and Vlan20 to CustomerB. Do I create the SAME VRFs on 6509-B with the same logic?
lets you catalyst 3560 & 2960 remote login with a secure protocol
View 4 Replies View RelatedI have two switches 6509 one switch is confire with VTP domain ABC Other switch is configure with ABZ, At present the switch is configure with the L3 interface and one fiber cable is connected between two switches.I want to remove L3 configuration wants to make L2 etherchannel and wants to ceraeate Loop back will assing same ip both side.The OSPF is configure both side , i will not do any changes in the OSPF as L3 ip is advertise in OSPF.
View 1 Replies View RelatedIn the following scenario, how will the 2950/2960/2960S series behave:
- VTP server/domain configured on a 6509
- A access switch (2960) currently configured in transparent mode with all VLAN it requires
Will the switch drop any traffick if we change it from transparent to client mode if the VTP server has the exact same vlans defined as the access switch had when it was in transparent mode?
I can't find anywhere whether it is possible to create a vPC domain with 2 Nexus 5548UP switches, where only 1 Nexus 5548UP has a L3 daughter card.
View 3 Replies View RelatedI am trying to join a Cisco Catalyst 3560X-24T-L to an existing VTP domain, my question is what configurations should I do to this switch?I have already gave it a hostname, setup passwords, enabled telnet, created a management address on port g0/24.I would like it to be on VLAN 13, is this done from my server switch, or done on the new switch?
View 10 Replies View RelatedA Cisco 3560V2 was bought to complete a project at my company. I noticed the IPBase IOS Image was installed. I was unable to configure RADIUS. I upgraded the IOS to the Latest Release of the IPServices IOS Image. I still dont have the capabilities of configuring RADIUS.
View 4 Replies View Related