I have 2 ASA 5520 (v. 8.21) in a active/standby fail over configuration.
VPN users are autenticated against the MS-AD through LDAP. For the most part this works well. Occasionally I'm having problems with new users in the AD. If I run a test I keep getting "User was not found". This can happen days after the account was created still. In some cases it never seems to work. The accounts I create exists on the same OU level as all the other accounts that are working.
I have a customer who is going to deploy a WLC HA AP SSO setup. I have recommended them to have 4 Gigabit SFP modules in each WLC5508.The customer now asks if it is possible to only have one or two SFP modules in the standby unit ? As he says it is properly not going to go in service one time within the next five years if he is unlucky.
I have 25 APs 1141 located in ten floor building and connected to WLC 5508 ver 126.96.36.199. After upgrade from wcl 188.8.131.52 few clients start to complain that there are affected by periodic disconnection from wirreless network. It happens twice an hour. In WLC log I noticed some errors on almost every AP:AP with MAC: c4:0a:yy:yy:zz:xx(AP1) radio 0: Associated Clients falls below max limit number:200. Failure Cause:Clear Maximum Client Limit Reached in WLAN..What does it exactly mean? I have no limit per WLAN (it is set to 0), but in WLC 7.4 i must put some limit for numbers of clients per AP and the max is 200. It is not possible that i have 200 users connected to one AP as in 10 floors there are like 150 users maybe. Number of all connected clients right now is 120.
Few days ago in my wireless infrastrucer i deploy Cisco ACS 5.0 with Active directory integration. My wireless users are login through web authentication process. The authentication process is passed by AD & its working fine. But i want to do a work on my ACS 5.0 that a user cannot login simultaneously multiple device at a time.
Any actual limit on the number of IPSEC SAs that can be negotiated on the crypto module of a 3900 series G2 router? When I issue the command on a 2900 G2,This implies the 2900 series can handle 1800 IPSEC tunnels with an SA used for each direction. All of the documentation and support requests have stated that the crypto module is better than the AIM module in the older series routers but I have been unable to get a concrete answer to the limit.
I have a hub and spoke network with over 100 remote sites that connect to me via ipsec vpn. One of these locations, the only one using FIOS coincidently, is initiating 200+ tunnels back to my side which is causing saturation issues on my DS3. (I can post config if requested), and how can I limit the number of active tunnels it's establishing?
I want to limit the concurrent login my users can have. I have downloaded and installed Limit Login from Microsoft and followed the directions to a T. However, when users login it doesn't do anything. The scripts don't run (I have them listed in the logon and logoff scripts for users in the default domain policy). The scripts are stored in a share that everyone has read access to. What am I doing wrong? I have installed and uninstalled a million times following the MS directions included with the software to the letter, but it won't work. At one time I had it working and then we had some network problems with profiles and it got messed up in that process. Now I'm trying to get it back, but can't. Even uninstalling and reinstalling.
This is a feature that I have researched for by looking at ISRs G2 data sheets and cisco.com website.The number of users that can be supported or the recommended number of users per router chassis/model is not mentioned anywhere.However this is mentioned in the Cisco 880 ISR data sheet. What are the number of users that can be supported or the recommended number of users on Cisco 1900/2900/3900 ISRs?
I say the answer is ten. That means ten hosts can be behind the firewall and hit the internet. The eleventh doesn't get to go out. I'm being told by a coworker that the "10" in the part number refers to the number of IPsec VPN peers.
I say if you want an unlimited number of users on the inside to be able to get to the internet, you need the ASA5505-SEC-BUN-K9
I have a question regarding the number of computers connecting to a single wireless router. I want my internet connection at home to be used only by my laptop. I have my connection secured by password and etc, but I was wondering if there is a setting I can use to control the number of computers connected to a wireless router?
I am considering deploying several of these for our church to provide internet access. When reading the manual, I found on the last few pages that the device only supports a max of 63 users at a time. Is that correct? If so, any way to add more ?
Im using AIR-LAP1142N-N-K9 access points (it supports b/g/n). Somestimes the AP has up to 80 users connect to it.SOme recommends the AP should have between 25-35 users max.Any one know the recommend maximum number of users connect to a AP? And how can you tell the traffic going through the AP is congested?
we have TACACS+ based AAA on our network equipment, authenticating against internal user database on a network of ACS 5.3s.What I want is to limit certain AAA users (namely automated tools) to be only permitted to authenticate from a list of known IPs.I can do this for authorization, easily, that isn't a problem. The problem is to only accept authentication attempts coming from certain IPs and ignore the rest. My problem is, as it is currently, the automated tools are prone to a sort of a DoS attack - if I attempt logging in to any device using the tool's user account and a wrong password, I can get the account disabled in five tries.
I want to ignore all authentication attempts, unless they are coming from well known source IPs.Ex: netmon user is the user for a tool running on server 10.20.30.40. If I try to log in from my own laptop with user netmon, it should fail, and the attempt ignored. Currently after five (or whatever is configured) failed attempts, the user will be disabled. Oly attempts from 10.20.30.40 should be considered for user netmon.I can't use ACLs on the devices, as I want other users to be able to log in from other IPs.
Is it possible to limit what users are able to do and view in the webconsole of a WLC 5508 via ACS. I have ACS setup to restrict what commands can be run depending on user on the CLI however when they log into the webconsole they can access everything?
I've got an HP Microserver, running server 2008 R2 foundation, and I'm using it for file sharing. All files are in a single folder with subfolders, and located in drive C.
The problem is that the server limits the number of LAN connections to it to 31. I've already changed the max. number of connections to the maximum, but doesn't seem to work. Network discovery and file sharing are on, firewall is off, full access rights for everyone.
The error I get when trying to access the shared folder is: 'Microsoft Windows Network: No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept'
I used the following commands to limit users on my wireless network (WLC 5500) and a Nexus 7000. The previous cisco doc only covers the 6500 and some commands have changed. Tested and working except the PIR gives an error, post up if you know why, otherwise enjoy!
Note Wireless Network assumed to be 172.21.0.0/16.Note This will limit each wireless user to 1 MbpsNote The PIR (Peak Infomation rate, also know as burst) is ignored in following commands, unknown at this time why.Create ACLs:
ip access-list acl-wireless-downstream 10 permit ip any 172.21.0.0/16 ip access-list acl-wireless-upstream 10 permit ip 172.21.0.0/16 any class-map type qos match-all class-wireless-upstream match access-group name acl-wireless-upstreamclass-map type qos match-all class-wireless-downstream match access-group name acl-wireless-downstreampolicy-map type qos police-wireless-upstream class class-wireless-upstream police cir 1 mbps bc 200 ms pir 1536 kbps be 200 ms conform transmit exceed drop violate droppolicy-map type qos police-wireless-downstream class class-wireless-downstream police cir 1 mbps bc 200 ms pir 1536 kbps be 200 ms conform transmit exceed drop violate drop
1.Apply police-wireless-upstream on the incoming port from the controller.
interface port-channel130 description *** LAG for WLC1 *** switchport mode trunk switchport trunk allowed vlan 80,130,255,600 service-policy type qos input police-wireless-upstream
2.Apply policy-wireless-downstream on the uplink LAN/WAN ports.
interface port-channel101 description *** L3 Port Channel to Core VDC *** no switchport service-policy type qos input police-wireless-downstream ip address 10.70.10.18/30 ip router eigrp 10
Is it possible for the wlc (5500) block wireless users attempting to login to the network more than 3 times?I have several devices trying to connect to the network automatically using rhe old password, after 3 attempts the account will lock out! Im running peap mschapv2 with radius and active directory.
I have some tunnels which terminate to my home router. I'm allowing the other ends of the tunnels to use my voice setup. I need to prepend *67 to all called numbers which don't originate from my house. I don't want people calling my home number based on the caller-id number they see when someone across one of the tunnels calls.
So if 5008 calls 212-333-4444 I want it sent to my provider as *672123334444. If 5001 calls a number, I don't want it touched. Can I do this? I can use IOS or CUCM here.
I´m currently looking for a document that specify how many MAC addresses can be stored and authenticated via an ACS (1120)? I prefer to use the internal identity store over AD or LDAP for MAB authentication for 802.1X project. I would like to know what is the impact on the ACS? CPU/MEM? What is the impact on the user authentication? delay, timeout, etc.
At one of our locations we are experiencing some problems getting connected to our wireless networks.
It is possible to sit right next to an AP (AIR-LAP1131AG) and only have limited access to the network.
I have attached a snapshot from inSSID from the wireless networks in the area. All of them are broadcasted by our controller and I can´t figure out how it is possible to see SSIDs in other channels than the ones in the 2.4GHz band (11-14)?
I have a cisco ACS 4.0 build 27 on windows 2003 server . My site was working fine when i was having a AD on 2003 server . Recently i have migrated my AD servers is 2008 .
After the migration the ACS is not authenticating the users . Now i have made a server with 2003 and made the site working . I need a solution to make it work using 2008 server is there any compatiblity issue between ACS 4.0 and 2008 server .