Cisco Switching/Routing :: Configuring ACE-4710 With Tacacs 3.1?
Jun 10, 2013We think we have configured the ACE and Tacacs properly as we auth, but are not able to enter into configuration mode.
ACE-4710 A4(2.3)
ADVERTISEMENT
Cisco AAA/Identity/Nac :: Configuring WLC 4402 TACACS+ Authentication Using ACS 5.0
Aug 22, 2009We added AAA client in the Cisco ACS 5.0 for WLC 4402 (TACACS+ Authentication) and configured WLC 4402 to use TACACS+ authentication for the management access. We can't get this work for some reasons.
Other Cisco routers and switches all worked fine with TACACS+ authentication. This is a TACACS debug output from the WLC;
Sun Aug 23 16:19:06 2009: tplus response: type=1 seq_no=2 session_id=f59bbf0b length=15 encrypted=0
Sun Aug 23 16:19:06 2009: TPLUS_AUTHEN_STATUS_GETPASS
[Code].....
Cisco Switching/Routing :: Catalyst 3750 With Tacacs And Vrf
May 13, 2012There is a requirement to configure tacacs and radius on catalyst 3750X (version 15.0) where two vrf exist.Is therer a solution to configure "tacacs-server,host x.x.x.x vrf yyy" ?? I know it is possible to configure under the "aaa group server radius xxx" the command "ip vrf forwarding yyy".Is there anything else for the tacacs-server and radius-server command?
View 2 Replies View RelatedCisco Switching/Routing :: 6500 - Tacacs Authentication?
Feb 17, 2012All ip's and any identifying numbers have been change to protect.
I have a 6500 series switch that for some reason will not authenticate to the tacacs server. When you try, you get a password authentication failure. However, it will let you use the configured username and secret to log in thru ssh. And the enable secret to get into privileged mode. Tacacs key is correct, btw.we will call the server vlan 300 and the admin vlan 400.the tacacs source interface is in vlan 400 and the tacacs server is in vlan 300.
I can ping the tacacs server via the switch, but when i use the source cmd with the ip address of the admin interface vlan, ping will not work. I changed the tactics source interface to vlan 300 (the server vlan) and authentication with the tacacs server works fine. ip routing is turned on. There are entries for both the server vlan subnet and the ad-min vlan subnet in the routing table. There are only standard access-lists, and none of them are blocking packets from getting to the tacacs server via the admin vlan.
I could just leave the source interface on the int vlan for the servers, but I would like to find out why this isn't working. I have 1 other 6500 switch on a different network that is configured exactly the same (except for ip's, keys, and vlans) and am not having any issues with that LAN. I also have 6 other 3700 switches on the network that Im having an issue with, and none of them are having issues with authentication.
Cisco Switching/Routing :: Nexus 5000 Tacacs
Oct 8, 2012I have a little problem. My customer is using TACP-PLUS ALPHA (F4.0.3.alpha.v9). Well, the same user than have access to another Cisco equipment, with user test1 by sample, can configure anything in the equipment. But in the nexus 5000, el command "show user-account" indicate just the "network-operator" role. Well, I patch this situation with the next commands:
aaa authorization config-commands default group TACSERVER local
aaa authorization commands default group TACSERVER local
Well, when I do a telnet into the nexus, I can shut the interfaces, config and anything. But, when I ingress by console, I can not to configure the interfaces.I understand that the Nexus 5000 the Tacacs configuration is global for VTY and Console (different in the Cisco equipment Routers by sample).
Cisco Switching/Routing :: How To Configure Nexus 5548 TACACS+
Dec 12, 2011I am working for an Air Force client and am adding a handful of 5548s into their network. My question is how Tacacs+ is configured. My hands are tied in regards to testing in an operational environment so I want to ensure the configs are correct prior to deployment/maintenance window and avoid any remote issues.
I have read the "Cisco Press - TACACS+" config guide and it was somewhat vague in regards to operational deployment.
My basic NX-OS configs are as follows:
- feature tacacs+- tacacs-server key 7 "002A52xxxxxxxxxxxxxxxx8"- tacacs-server host 128.xx.xx.xx timeout 10- tacacs-server host 128.xx.xx.xx timeout 10- tacacs-server directed-request
When I try to set the following command string, aaa authentication login default group tacacs+ local, the NX-OS asks me the input a "server group name". There are no server groups configured. Do I need them? Can I get by without configuring a group name because the client probably will not.
The Cisco IOS devices are configured with normal aaa authentication/authorization parameters. Also, do the VTY ports default to sshv2 and the correct tacacs+ parameters with the "transport input ssh" command (not available)?
Cisco Switching/Routing :: ASR 1002 Enable TACACS On This Router
Feb 12, 2013We have CISCO ASR 1002 router on our DC, I want to enable TACACS on this router.what is the usage of key, we need a separate key for every device? or. [code]
View 9 Replies View RelatedCisco Application :: ACE 4710 - Configuring NTLM Authentication
Jun 10, 2012We are deploying a Microsoft Exchange 2010 server environment, which will have a ACE 4710 front end. What we are finding is that if a server goes down, a client will need to re-authenticate to a new server. The server team has informed me that if they use Microsoft SLB this does not happen. They have also mentioned that we are getting basic authentication, rather than NTLM. As a result I have read several posts/articles which mention forcing NTLM on the ACE, but none go into real detail.
A couple of official Cisco documents point to having the Exchange Server, and Client both set to use NTLM. So on the server you do not need to select MAPI encryption. I am told this is not an option here, because a multitude of clients are supported, from Outlook 2003, through to 2010.
Cisco Switching/Routing :: Catalyst 3750X Is Caching Tacacs Password?
May 17, 2012the following information before:
Switch: WS-C3750X-48P (Stack with 2 Members)
IOS: 12.2(58)SE2
Lic: IPBASEK9
uptime: rebooted this night
[code]....
Since i added another Member to the Stack, i'm facing the following problem:When i login with my tacacs user account, i will not be asked for the password.The same thing is for the tacacs account of my colleague, after entering the username he is logged in.It seems for me, that the passwords are cached only for this Switch.
Cisco Switching/Routing :: Configure Tacacs Authentication For Http In 2960
Oct 13, 2011I am trying configure tacacs authentication for http in Cisco 2960 with IOS 15.0.1.SE. [code] But the device is not authenticating. It ask the credentials (user and pass) but not authenticates.
View 7 Replies View RelatedCisco Switching/Routing :: 888 - Multiple Tacacs Groups For Different Interfaces On A Router
Feb 24, 2013i have a question about multiple TACACS Groups. I want to archive the following:
A Cisco 888 is managed by me and a Provider Support Team. Since we both want to access our own TACACS Server, i want to create two TACACS Groups. Is it possible to me, to bind a Tacacs Group to one Interface, and the second TACACS Group to another ? Means that our stuff is connecting to the LAN Interface FastEthernet0 that is applied to the SVI in V LAN 1.
The service technicians from the Provider are connecting to the external Interface or through a possible Lo. (another IP). I do not want to mix our 2 TACACS+ Server and theirs together in one Group. So have anybody tried this before ?
Cisco Application :: ACE 4710 - Configuring Backend Server Monitoring?
Apr 6, 2013Currently running an ACE 4710, which is handling all of our inbound SSL connections and then forwarding requests thru to backend web servers. This all works fine.
My question is this..Right now we are not load balancing any of the backen web servers. But I now have a requirement that should a web server crash or become unavailable I need to redirect that backend connection to another web server.
Scenario is more like I have 2 web servers both serving same content, but I want one server to take all the connections unless it fails, at that point have all the connections forwarded to 2nd server.Is there a way to setup the load balancing where the 1st server gets all the connections until a failure happens ?
Cisco Switching/Routing :: Nexus 7K Shows Continuous Tacacs Error Message?
Dec 10, 2012I have Nexus 7K installations in 2 locations. Both of them have multiple VDCs. In default VDC there are continous tacacs error message though tacacs is not configured. The requests are from various public IPs where thsi VDC is not exposed to Internet at all. What would be t he cause of it?
%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user root from 195.2.219.2
2012 Dec 11 16:25:28 IDC-FBDTB-AMR2-CN7K-01 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user nagios from 67.78.206.226
- sshd[25797]
2012 Dec 11 16:25:34 IDC-FBDTB-AMR2-CN7K-01 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user nagios from 67.78.206.226
- sshd[25799]
[code]....
Cisco Application :: Configuring Load Balancer (ACE 4710) - Unable To Ping VIP
May 13, 2013I have trouble with new installation LB ACE 4710 for Oracle application load balance. Problem: Unable to PING VIP - 10.11.10.55 / 24
Below are the simple configuration parameters:
1. ACE 4710 is connected with Cisco 3560 Switch - L2 Trunk (Channel Group)
2. Cisco 3560 Switch is connected with Cisco 6500 Switch (Core) also L2 Trunk
3. There are 3 Vlans,(255, 310, and 370), Vlan 255 is management Vlan
4. Real Servers and Virtual IP are part of Vlan 310
- VIP - 10.11.10.55
- Real Server1 - 10.11.10.46
- Real Server2 - 10.11.10.47
5. Gateway is 10.11.10.1 (vlan 310), 10.11.70.1 (Vlan 370)
Cisco Switching/Routing :: 6500 - TACACS Doesn't Work Via Telnet / Works Via Console
Apr 18, 2013I have a pair of OLD Cat6500's running CatOS:
WS-C6509 Software, Version NmpSW: 7.6(16)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Dec 22 2005, 16:37:19
System Bootstrap Version: 7.1(1)
System Boot Image File is 'bootflash:cat6000-sup2k8.7-6-16.bin'
System Configuration register is 0x2
I know these are no longer supported, but I have to ready them for migration. Recently a problem began with these switches. What happens is that when I telnet to them, I cannot authenitcate via TACACS. This works fine for all our other IOS equipment, just not for these 2 switches. The error is:" % Error in authentication" and then I get kicked back to the login prompt.
The odd thing is that when I connect to the switch via the console port, I can authenticate fine with TACACS.
CMS> /c 14
[Code].....
Cisco Switching/Routing :: Catalyst 3750X Is Caching Tacacs Password Or Not Asking For Password
Aug 8, 2012the following information before:
Switch: WS-C3750X-48P (Stack with 2 Members)
IOS: 12.2(58)SE2
Lic: IPBASEK9
[Code]....
Since i added another Member to the Stack, i'm facing the following problem: When i login with my tacacs user account, i will not be asked for the password. The same thing is for the tacacs account of my colleague, after entering the username he is logged in. It seems for me, that the passwords are cached only for this Switch.
Cisco Switching/Routing :: Configuring Intervlan Routing Between 2801 And HP Switches?
Aug 5, 2012I'm trying to configure intervlan routing between a cisco 2801 router and HP/Amer switches. Using int fa0/1 and subinterfaces I was sure I had it configured correctly, but I cannot ping the default gateways when I place a host in a particular vlan. Below is what I have configured.
HP switch - port 9 connects to fa0/1 on 2801
ip default-gateway 10.1.100.1
trunk 9 Trk1 trunk
trunk 10 Trk2 trunk - to another switch
[code].....
Cisco Switching/Routing :: Configuring PBR On 300 Series
Jun 1, 2013Configuring an application using routing mode on cisco ace clients ---asa--3750--cisco ace--- servers behind vip,visa card transaction servers.i am able to setup a vip on ace using routing mode on ACE,as the servers need to see the client ip ,so we are not performing SNAT,this part is working fine,when a request comes from the client ,it goes to the vip and to one of the backend servers ,and the request will be forwaded back to the ace ,as the default gateway on the servers is pointing to the server vlan on ace.but if the transaction from the servers need to go to the visa card transaction servers ,how can we achieve this ,and after fetching the data from visa servers,does the reply will be fwd to the ACE or ASAs directly.
View 1 Replies View RelatedCisco Switching/Routing :: 891 - Configuring FTP On Port 990?
May 25, 2012I currently have a Cisco 891 running with a FTP running on port 21. I currently have the NAT from external IP to and internal IP 192.168.12.6 for port 21. And the firewall allowing that traffic through and client software is working fine. However I need this FTP to be running on port 990 and anytime I change the NAT and the firewall, the external FTP clients connect but then drop when recieving the directory listing.
View 10 Replies View RelatedCisco Switching/Routing :: Configuring Qos In 2960?
Feb 21, 2013I have IP phones connected to 2960 i want to segregate traffic traffic comming from IP phones which has a COS value of 5 and want to allocate a band width of 200 MBPS for those traffic .
Can any one share sample QOS configuration for achiving this in 2960 ?
Cisco Switching/Routing :: 6500 - Configuring VSS With Two Sup2T?
Aug 4, 2012I'm configuring VSS with two Sup2T but the Sup2T of the standby not coming active
View 6 Replies View RelatedCisco Switching/Routing :: Configuring VPC On The Nexus 3048
May 22, 2013I'm looking for some input on configuring vPC on the Nexus 3048.I know that it's supported to use 1G interfaces for the vPC Peer-Link, but using 2x1G for the Peer-Link would make the Peer-Link a bottle-neck if the 10G ports are used in a vPC. What about using 2x10G ports for the Peer-Link and using the remaining 10G ports in one, or potentially two vPCs. Should that work or is it in any way not recommended? The reason I'm asking is that the 10G ports are called "Uplink" ports in the data sheets for the 3048.
We are planning to connect some servers to the 3048s using vPC with each server connected by 4x1G interface (2x1G for each switch), and then we want to connect a Netapp storage system with two controllers using 2x10G each (the controllers are active/passive, so you can think of it as two separate systems). We would connect controller A with vPC 1x10G to each switch, and controller B in the same way with vPC 1x10G to each switch.
Cisco Switching/Routing :: EtherChannel - Configuring On 4500?
Feb 28, 2012I am about to configure 4 Gig ports for EtherChannel. I've been reading about EtherChannel and it seems easy enough to configure. I have a host (server)which I am going to connect to these 4 - gig ports. This is new for me and would like some feedback for those that have used EtherChannel on their layer 2 switches. The gig ports will be an access port with VLAN XX.
View 6 Replies View RelatedCisco Switching/Routing :: Configuring 1841 With ISP And Static IPs?
Sep 12, 2012We upgrade our Internet service in our India office which required a new router. The local vendor suggested an 1841, so that is what we have. It has two fastethernet ports on it.
The ISP (Airtel) provided the following IP address information:
Public WAN IP : 122.181.23.200/30
WAN IP : 122.181.23.202SUBNET MASK : 255.255.255.252GATEWAY : 122.181.23.201Pri DNS : 125.22.47.125Sec DNS : 202.56.250.5
[Code]......
Cisco Switching/Routing :: Configuring OSPFv2 On A Nexus 5K Switches
Nov 8, 2012Configuring OSPFv2 on a Nexus 5K switches, after configuring area 0 or area 10 it shows as 0.0.0.0 or 0.0.0.10 instead, I'm planning to uplink a couple of ASAs with OSPF enabled, just wondering if the area format showing will be a problem, is this how is supposed to look in the Nexus 5K? and will the 5K be able to form adjacensies with other non-Nexus devices that have area 0 and 10?
View 5 Replies View RelatedCisco Switching/Routing :: Configuring Ssh Access To 887vaW Embedded AP?
May 17, 2012i got some problem configuring my cisco 887VAW internet access point.I want to be able to manage it thru ssh console with the service-module wlan-ap0 session mode. And i want to access thru http but it's not working too I show you my config
This is my config :
Current configuration : 3281 bytes
!
! Last configuration change at 21:43:11 UTC Fri May 18 2012 by jon
! NVRAM config last updated at 21:46:05 UTC Fri May 18 2012 by jon
! NVRAM config last updated at 21:46:05 UTC Fri May 18 2012 by jon
version 15.1
[code]....
Cisco Switching/Routing :: Configuring Radius On 2950G Switch With IOS 12.1?
Jul 20, 2011getting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1. I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands. Doing a debug radius says that the radius server is not defined.
View 5 Replies View RelatedCisco Switching/Routing :: Configuring 4507R For LACP And Trunking?
Apr 3, 2008We're trying to configure our Cisco 4507 (Supervisor Engine IV) to allow a new Dell server with a pair of Broadcom 5708 GigE NIC's to aggregate its NIC's to give us a 2gbps link to the switch.
So far we seem to have got the team and LACP up and enabled, but the adaptor that the Broadcom Admin Util creates for the team is only showing a 1gbps connection where I would have expected it to show as 2gbps.
The individual NICs show as connected at 1gbps. We're not Cisco experts so are struggling on how to get the 2 NICs to aggregate.
On the server side we've done nothing other than create a team using 802.3ad LINk Aggregation using LACP.
This is what I think the relevent output from "sho conf" is, more available if needed.
version 12.2
boot system flash bootflash:cat4000-i9s-mz.122-18.EW1.bin
!
interface Port-channel2
[Code].....
Cisco Switching/Routing :: 4507 Getting Error While Configuring A Switch
Nov 8, 2011I have a 4507 cisco switch loaded with two sup-modules.. [code]
View 5 Replies View RelatedCisco Switching/Routing :: Configuring EtherSwitch Module On A C2911 ISR G2?
Jun 12, 2013We just received a new C2911 G2 ISR and have been trying to configure the EtherSwitch SM-ES2-24-P module on it. Through the router console, I tried assigning an IP address to the router Gi1/1 interface which I assume is the link to the Etherswitch module but all I'm getting is "IP addresses may not be configured on L2 links" - as per the docs, I should be able to assign an IP address on that "logical" interface link. Any other way for me to configure the ports on that switch module?
View 5 Replies View RelatedCisco Switching/Routing :: Configuring Management Of SVI / Nexus 5548?
Aug 15, 2012I want to configure management for some Nexus 5548's?I wanted to manage the switches via an SVI. I have read the following document which gives details about the Management SVI but doesn't answer all questions.[URL]I am not running any layer 3 functionality on the switch, no layer3 license (which it mentions in the above link) Will I still be able to create a management SVI. I know I will need to enable the feature 'interface-vlan' to setup a Management SVI, does that require a license?
View 6 Replies View RelatedCisco Switching/Routing :: NEXUS 5500 NX-OS Configuring SNMPv3
Jan 16, 2012IOS we used for limiting access for a group we used configuration of snmp-server views like following
snmp-server group backupgroup v3 priv read backupview write backupview access 20 snmp-server view backupview ccCopyTable included could not find out how to achive this config in NX-OS on Nexus5500
Cisco Switching/Routing :: Configuring MWAM With Sup720-3B In 6506-E?
Nov 29, 2011problem to configure MWAM. I have installed MWAM module in 6506-E slot 2 with sup720-3B. After installing MWAM the Status is PwrDown. I tried to turn on the power but its not happening. MWAM is installed in slot 2 and here is the result of show module 2 My Sup720-eB IOS image is s72033-advipservicesk9_wan-mz.122-33.SXJ1.bin
6506-E#show module 2
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
2 3 MWAM Module WS-SVC-MWAM-1 SAD081203GK
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
2 0003.feae.bb8c to 0003.feae.bb93 3.0 Unknown Unknown PwrDown
Mod Online Diag Status
---- -------------------
2 Not Applicable