Cisco WAN :: Enable IS-IS HMAC-MD5 Authentication?
Feb 24, 2013
We would like to enable IS-IS HMAC-MD5 authentication on an production network for LSP authentication including LSP, CSNP and PSNP. The problem is that when we are applying the command "authentication mode md5" under the isis process there is authentications failure and the router loses all routes from routing table. Is there any way to enable authentication without the router losing the routing or to "delay" the authentication until all routers are configured.
key chain IS-IS
key 1
key-string xxx
[Code]....
View 3 Replies
ADVERTISEMENT
Feb 8, 2012
how to Config the ACS 4.2 server runs in TACACS + mode (users accounts configured the ACS) mode to authenticate enable mode password on the asa using the same AD account?
View 10 Replies
View Related
Jan 12, 2012
We have ASA configured in multi context mode, with software 8.4(2) configured for AAA Configuration is admin context as follows:
aaa-server TAC protocol tacacs+
aaa-server TAC (management) host 10.162.2.201
key *****
aaa authentication enable console TAC LOCAL
aaa authentication http console TAC LOCAL
aaa authentication serial console TAC LOCAL
aaa authentication ssh console TAC LOCAL
Because of multiple context, after logging in we enter System context. Console port authentication is working fine except access to privileged mode while connecting over console port. After issuing "enable" command ASA accepts only configured enable secret in system context and changes user ID to enable_15, so we are unable to do user-level command authorization and accounting.It seems that ASA in system context is not aware of any AAA configuration, and there isn't any command to configure AAA in system context.Is there any way to configure enable authentication over AAA in system context?
View 3 Replies
View Related
Jul 4, 2012
It´s possible to enable unconditional machine authentication in ACS 5.3.
View 1 Replies
View Related
Jul 15, 2011
I've got a weird problem that I can't figure out. I've de-authorized the switch in the RADIUS server to force an ERROR status to test the backup entries in the AAA authentication method list. However, after I do that and try to log in (through ssh), it just prompts me for my username's password and not the enable password. Here's the debug output:
1d02h: RADIUS: Marking server xxx.xxx.xxx.xxx:1812,1813 dead
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No valid server found. Trying any viable server
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No response for id 10
[code]...
View 14 Replies
View Related
Mar 17, 2012
I've got a strange problem here. In the office, my OEAP 600 can join WLC if there is no MAC authentication. When i enable MAC authentication at WLC, AP will fail to register. However, I try it at home and it works with both MAC authentication enable or disable. I suspect it is because of firewall in my office, but there shouldn't have any different in discovery and joining procedure for AP with MAC authentication enable or disable.
View 18 Replies
View Related
Sep 11, 2012
Can we enable ssh on 3500 /3600 APs along with use radius for login authentication? idea here is to that ssh will provide another method to access the AP for troubleshooting purposes.I know with autonomous mode APs this should not be an issue but not sure with lightweight APs.
View 2 Replies
View Related
Dec 5, 2012
I successfully authenticate through ACS to my Identity Store, but only get dropped into a non-enable prompt: ciscoasa> How can I get an Authenticated user directly into enable mode?
View 3 Replies
View Related
Feb 18, 2013
What's the least expensive way to enable Guest Network authentication in a network with WLC 4404 controllers and no WCS? Management would like guests to register with a valid email address and enter a 'password du jour' to keep unauthenticated users from chewing up bandwith with automatic connections.
View 4 Replies
View Related
Nov 23, 2011
How to enable GUI for a Cisco 1841?
View 4 Replies
View Related
Nov 23, 2011
How to enable GUI for a Cisco 1841?
View 1 Replies
View Related
Sep 12, 2011
configuring AAA on 1841 router, initially it authenticates me well using my TACAS+ login. but though i have configured enable password in router, router directly puts me in privilage mod without asking enable password .
my configs for AAA as below
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 0 ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting commands 1 ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
View 8 Replies
View Related
Apr 16, 2011
Im using WCS v7.0, I want wcs to send me an email when an AP goes down. Is it possible to do it on wcs? If so, how?
View 1 Replies
View Related
Sep 25, 2012
I have a Cisco 5508 controller and am considering using LAG. Can I enable LAG but only use 2-4 of the 8 available ports on the 5508? I am asking because currently I don't have enough ports on my 3750G switch to accomidate all 8 ports on the 5508.
View 2 Replies
View Related
Mar 31, 2013
I was trying to upgrade IOS on my 3500XL series switch (24 port) Before doing this I connected my switch and deleted all the configs and flash. When I reconnect my switch this is the error message I am getting.
View 7 Replies
View Related
Feb 18, 2012
i wanna ask a question regarding automatic startup on lms 4.1, i have installed my LMS 4.1 on esxi 4.x . but recently my server sometimes down because the electricity problem. and when my friend push the power button to start the server, the LMS is not automatically active. is it possible to make it automatically active soon after my server power up ?
View 3 Replies
View Related
Nov 17, 2012
I have several PIX 501's and one of them is extremely slow accessing network resources and does not have Internet access. I would like to use split tunnel and have them access the Internet throught their DSL connection and any traffic for network resources sent over the VPN. How can I improve the speed and set up split tunnel via the command line? I dont have the PDM software so I guess I will need to do all the configuration via the command line. Below is the configuration:
PIX Version 6.3(1)interface ethernet0 autointerface ethernet1 100fullnameif ethernet0 outside security0nameif ethernet1 inside security100enable password k4HlcGX2lC1ypFOm encryptedpasswd y5Nu/Nt1/5dK8Iuf encryptedhostname
[Code].....
View 1 Replies
View Related
Jan 3, 2012
I just bought an additional router for my network and I'm in the process of setting it up.I have however hit a snag with enabling ssh on the device. It is a cisco router 2811 running IOS 15.0 (refer below to my attempts)
View 3 Replies
View Related
Mar 23, 2011
How to enable the VPN-3DES-AES and another ASA Box.Mate's license (VPN-3DES-AES Enabled) is not compatible with my license (VPN-3DES-AES Disabled). Failover will be disabled.The license on secondary is not compatible for secondary ASA for the failover. [code]
View 2 Replies
View Related
May 20, 2009
I am trying to enable IP SLA on a Cisco 4948 switch (running 'cat4500-ipbasek9-mz.122-46.SG.bin') to test CiscoWorks IPM using this swtich as a source device. But I can't run the command "ip sla monitor" on this switch. It just has "ip sla responder". Is it possible to configura IP SLA on this source switch? Or can I do it only on routers?
View 6 Replies
View Related
Feb 20, 2012
it is possible to enable Xauth on pix. I have read multiple threads about using the following cmds:
username test123password testing privilege 2
aaa-server LOCAL protocol local
crypto map mycrypto client authentication LOCAL
However the f/w wont let me add the crypto map cmd, just comes back with the following:
PIX(config)# c.rypto map mycryptomap client authenication LOCAL
Usage: [ show ] crypto { ca | dynamic-map | ipsec | isakmp | map | sa } ...
show crypto engine [verify]
[ show | clear ] crypto interface [counters]
I also tried the following, but they dont work and I am not sure if they are meant for Xauth since I was under the impression that it had to be enabled globally.
PIX(config)# vpngroup test authentication-server LOCAL
Protocol "local" is not supported for authentication of remote users of a h/w client
PIX(config)# vpngroup test user-authentication
[code]....
View 3 Replies
View Related
Nov 12, 2012
i would like to know how to set the following on cisco ws-c2960-24 ttl:
1. SSH CLI
2.PORT SECURITY REMOVAL: Limits MAC@per port with no shutdown
3.Set port to protect
4.Set RSTP
5. Finally how do i set up TFTP Server from windows server 2008
View 5 Replies
View Related
Nov 23, 2011
i have a switch 2960 24TC-L with c2960-lanbasek9-mz.150-1.SE.bin and SSH v1 enabled.When i try to enable SSH v2 the swith tell me that i have to create a crypto key rsa. I generated the crypto key rsa with 1024 bits and when i try to enable the SSH v2 i receive the same message.
View 10 Replies
View Related
Jan 17, 2012
I have a problem with 9971 phone its works perfect inside network but I cant figureout how to enable VPN on this phone.Also cant found any VPN menu on phone configuration.
View 2 Replies
View Related
Jan 29, 2013
I am trying to block clients based on MAC addresses connecting to our Wireless Guest network.
My scenario is: We have 2 interfaces (corporate and a guest). Users are connecting to our guest network after they have automatically connected to our corporate network and logged into Windows. When they realise that things are not quite working in the way they want (access to servers etc...), they reboot and then find they cannot logon to the laptop at all. This is because the laptop has automatically rejoined the guest network and has no access to AD. I then have to locally logon to the laptop and remove the guest network.
It’s starting to become a bit of a pain as we are an educational establishment and... well... you would wouldn’t you
Hardware: WLC5508, Software Version 7.3
So far I’ve tried enabling MAC Filtering under “Security -> AAA -> MAC Filtering”, but found out that it’s a white list. The opposite of what I’m trying to achieve, but I like the fact you can link it to a specific interface.
I’m just looking at the “Disabled Clients” again under “Security -> AAA ->”, but think this is more a total ban as I cannot see a method at attaching it to an individual interface. I'm kindda stuck and my good old friend Google is not yielding great results.
I’m not by any means a wireless expert, so there is probably a better method. I would prefer to use the controller as a way of achieving this, but if you think I’m wasting my time and should be looking at a Windows Group Policy method then I’ll go with that?
View 3 Replies
View Related
Mar 19, 2013
it seems there is no option for flexconnect registered AP's to work with external accounting server.I am using zeroshell server to authenticate with the radius server,which works perfectly!but there is no option under flexconnect security group to specify accounting server.is there a way to redierct AP to a local acoouting+authentication radius ?
View 5 Replies
View Related
Aug 15, 2012
May I know how to configure for remote accessing ASA 5525 via ssh?I have issued the following commands
ssh 10.60.0.0 255.255.0.0 outside
ssh 10.60.0.0 255.255.0.0 dmz
ssh 10.60.0.0 255.255.0.0 inside
ssh timeout 5
but I am not able to access ASA via ssh. Do I need to add any other command
View 20 Replies
View Related
May 19, 2012
I have more than 20 SF 300-24P 10/100 Managed Switch switches deployed and running in my office network. All these switches have web configuration utility enabled. We would like to enable telnet too. But for this I know I have to visit site to site, connect the switch manually with a laptop and enable telnet option. I am looking for how can I enable telnet in these switches using web-based switch configuration utility.
View 3 Replies
View Related
May 1, 2012
i have a requirement to enable pbr in vrf interface of a 4948 switch. but as i browse the internet, it is quite impossible to do that. is there any alternative way / feature to get the same result as pbr does? which is to reroute the specific vrf traffic to another interface based on source and destination ip address?
View 1 Replies
View Related
Apr 17, 2012
I've got a 6509-E in the lab at the moment for some pre-deployment testing, however I don't seem to be able to enable MPLS on a select interface.
router#conf t
router(config)# interface gi1/48
router(config-if)#mpls ip
router(config)#
As you can see after I enter the "MPLS IP" command it simply backs out of interface level configuration back to global exec, and naturally the MPLS command doesn't show in configuration for that interface.
I'm running a SUP720-3BXL with WS-X6748-GE-TX line cards with the DFC upgrade (WS-F6700-3BXL).
The IOS is: s72033-adventerprisek9_wan-mz.122-33.SXI2a.bin
View 4 Replies
View Related
Jun 4, 2011
I have created internal user on internal identiy store --> users with password & enable password , Similarly i have enabled max privilige level 15 under policy elements , authorisation & permission ,Device administration , shell profile .But i am unable to login into device using enable password , I am finding following error on my logg report
Failuire reason : 13029 Requested privilige level is too high .
View 3 Replies
View Related
Feb 1, 2012
I've setup the following AP1041N configuration, but for the life of me - the radio will not enable.
++
sho conf
Using 3234 out of 32768 bytes
!
[Code]....
View 10 Replies
View Related
Mar 27, 2013
How can I enable Console port in 7206 vxr with NPE-G2 card installed, I need to use console from NPE G2 card.
The device turns on and status is also UP and I can also telnet to the device but I am not able to access the device through console port...
View 1 Replies
View Related
