I want to reinstall the MSE image that was sent to me by Cisco TAC Team, however when I try to reinstall the MSE Application, however when I try to install it, the CD boots and show me the Red Hat enterprise image, then sends me black screen with the message "Kernel alive, Kernel direct mapping tables up to 480000000 @ 8000-1b000" and it stay there.
View 2 Replies
I have an MSE 3355 running 7.4.100.0, Cisco Prime Infrastructure 1.3.0.20 and 6 wism2 running 7.4.100.0. MSE was correctly added to Prime and assigned to maps and controllers. Context Aware Service is Enabled and Up and I have a permanent license installed with a limit of 3000 elements. The appliance is not able to perform client or rogue tracking. This is what I see under Services->Mobility Services Engines->Context Aware Service->General:
Version7.4.0.38 Operational StatusUpNumber of Tracked Wireless Clients0Number of Tracked Tags0Number of Tracked Rogue APs0Number of Tracked Rogue Clients0Number of Tracked Interferers0Number of Tracked Wired Clients0Total Elements Tracked0Tracked Elements (Wireless Clients, Rogue APs, Rogue Clients, Interferers and Wired Clients) Limit3000Tracked Tags Limit 3000
After I initial MSE with the wizard. MSE take so long to start the service (more than 1 hour) with "Starting MSE Platform, waiting to check the status"Then I decide to reboot the appliance, after that MSE shows the message "Traceback (most recent call last) File "/usr/sbin/yum-updatesd", line 40, in ?import gaminImportError: No module named gaming.
View 7 Replies View RelatedJust purchased a 3355 and installed, followed the set up no problems, added to WCS. Then WCS says no longer able to be reached.
Unable to ping, have to keep running the setup./opt/mse/setup/setup.sh seems, like the settings are not being kept.
Tried /opt/mse/setup/setup.log and sasys I have no permission, this is when logged in as root.
I'm looking for documentation on the Enterprise mesh solution based on 7.0 MR1...In this release e.g 802.11n APs are supported and clean air for the client radio etc...The current Cisco Mesh Access Points, Design and Deployment Guide is based on the previous 7.0 release.Apart from the configuration guide I can't find any additional guides.
View 1 Replies View RelatedWe want to deploy NAC for 500-600 users across WAN. We are planning for L3-OOB-Real Gateway central deployment Solution.We are having two NAC Server (3355) two NAC manger (3355) at HQ and 6 NAC Server(3315) at branch. We deployed NAC under VRF.How we can deploy NAC over WAN without NAC Server, need step by step configuration under VRF.
View 1 Replies View RelatedI am setting up six ISE 3355 appliances 3 in one datacenter 3 in another. They have just installed a new server farm infrastructure using Nexus 5596 and Nexus 2248TP top of rack switches.I have been looking for documentation on how to do NIC teaming on the 3355 or some way to connect Gig0 to FEX101 and Gig1 to FEX102. Or do I just setup a port channel using LaCP between the two different FEX groups?
View 1 Replies View RelatedI have a cisco ISE 3355 and WLC 5508 and microsoft Active Directory 2008. I joind the ISE to the ADe successfully and I can see all groups on the AD, also I integrated the ISE with the WLC. my problem is when I created the Authentication policy on the ISE and joined to the AP by the PC nothing applied to the PC.
WLC version 7.4
ISE version 1.1.1.268
I currently work for an enterprise that want to deploy wireless network (6AP for now) and I'm the one who will manage and install it.I had initially planed to deploy Ubiquiti network because I've heard lot of good thing about them. But they did not wait me and bought (crappy?) HP access point (MSM410)
What do you think about HP wireless network ? They did not yet buy the access point controller and I'm not sure they want to buy one.I can't find any review on the HP solutions it looks like no one is using it.
Do you recommend me to continue with the HP solution and buy a HP controller or go with Ubiquiti and rebuy the access points (no so much expensive in comparison with the price of the HP controller alone)
I have to reset/recover admin-CLI password. I had posed the question in [URL]Now as per the CLI-admin password recovery procedure at [URL] I have inserted DVD in the hardware appliance, but I don't see any prompt with these options:
"Welcome to Cisco Identity Services Engine - ISE 3355
#
To boot from hard disk press <Enter>
#
Available boot options: "
I just see login prompt ( and of course, I cannot login because I don't know the password). I am using serial console connection to the appliance.
Is Cisco WCS mandatory when deploying an outdoor enterprise mesh solution?If I am goin to use the 1552E purely as an outdoor access point ,do I really need the Cisco WCS?
View 2 Replies View RelatedWe have 3 x WAP4410N at new office setup in Singapore. Customer asked us to setup those 3 AP to make client auth against an ACS 4.2 sitting in US office. All the user notebooks were joined to Windows domain in US office, before sent out to Singapore office. We configured APs with WPA2 Enterprise Mixed mode and entered radius server address and secrects correctly. Logging from ACS shows that users are authenticated successfully but, on the user notebooks, authentication never seems successful and keeps authenticating.
View 10 Replies View RelatedWe have a WAP4410N wireless ap configured for WPA2-Enterprise. Initially everything works. Issue the user the proper certificate and they sign on correctly but once they disconnect and try to reconnect later it get stuck on "Validating Identity". The request never get to RADIUS server (no success/failure log entry, no radius traffic). Once I reboot the access point everyone can connect again but as soon as they disconnect the problem happen again.We testing other security settings (WPA-ENT, RADIUS(!), WPA2-Personal etc) and no problems. With older firmware have the same issue.Operating system: XP SP3, RADIUS server: IAS. Firmware: 2.0.1.0
View 2 Replies View RelatedSo I have been tasked with setting up WPA2-Enterprise on the network. Right now for testing I have a single Cisco 1240AP, and a test Windows Domain. The Windows domain is at 2003 functional level, but has been extended to have the Wireless policies, and we have a 2008 DC in the test network also.
Is there any definitive guide to setting up a WPA2-Enterprise wireless network? Most of what I find is mostly client side. I am trying to get the Group Policy setup to push down to the client machines.
I have configured 3355 NAC appliances in HA pair everything is running fine.But not able to Login through GUI (Virtual IP) which is used during the configuration of HA pair.
View 1 Replies View RelatedWhat is the procedure for web admin password recovery for nac server applicance 3355?
View 14 Replies View RelatedI'm used to seeing DWDM and muxes being used in the service provider world, but when and why would an enterprise want to use this kind of gear?The two basically lets you combine streams of signaling from many different physical sources into one media, but can't a VLAN trunk or a routed link, for example, do the same? Sure, they all operate at different layers of the OSI model, but in all cases you're still getting separate streams of data from Point A, putting it all on one wire, and sending it to Point B.
View 8 Replies View RelatedNot sure if this belongs here on in a different section. We are in the process of purchasing a new ACS 5.x appliance. I would like to take a look at implementing WPA2 Enterprise with our Cisco APs.
View 4 Replies View RelatedI have tried everything including removing the system, changing the network settings, using cmd.exe, ect. they all say access denied and theres no possible way to get around this.
View 2 Replies View RelatedI want to create a network with a bunch of routers and switches to be used as a test network for company employees to remotely login and learn networking.I don't want this network to interfere with the rest of the network in any way.I am basically trying to create a stub network or a passive network!!
View 4 Replies View RelatedI have a Win2008 server set up as a radius server (192.168.32.71) and a stand alone AP (192.168.201.9) [code]
View 3 Replies View RelatedOPTEMAN: 3 routers connected via a private subnet (/29) over the OPTEMAN: Site A, Site B, and HQ. Site A is a 3560 that is the gateway for two subnets: siteA1 and siteA2. SiteB is a 2621, and HQ is a 6509 w/ MFSC.
HQ also connects to 4 other sites via MPLS: SiteC, SiteD, SiteE, and Site F.
HQ has the server subnet, Internet connection, and connection to other services via MPLS.
I have basic EIGRP setup on HQ, SiteA, and SiteB. So far only siteA and HQ are updating each other. Not sure why. I am looking for the best practice example of how I should setup my enterprise EIGRP. I currently use static routes between the sites. I would prefer to be able to setup EIGRP in parallel, the remove the static routes.
How to treat your enterprise network in terms of security? Do you firewall between sites? Between subnets? I've been a little gung-ho with packet filtering, and the more the network is growing the harder is becoming to make that scalable and manageable. It's looking like a pretty good idea to just open up access to/from all my sites. I'm going to continue locking down user areas where we can't necessarily trust the boxes, but all our server subnets I think can be opened up to unfettered access.
View 4 Replies View RelatedI want to change the SSID on all my APs without it affecting the connected devicesThe users should possible not be affected with the connecttion to the wifi networkHow can I go about it?
View 3 Replies View Relatedif any of you are controlling iPhones within your organizations. I was hoping to use JUNOS Pulse licenses on my SA700 to control things, but all they offer for iOS devices is SSL VPN. I can do remote wipes with activesync, but I'm worried about cloud backups of corporate data on mobileme, and setting and enforcing security policies in a scalable way. I know I can manually deploy XML config from the iPhone configuration utility, but that's a bit of a PITA for remote devices (ie other countries) that I'llnever have physical access to.
View 11 Replies View Relatedwe need to use Nexus technology over 6500 based VSS in entreprise ?
View 1 Replies View RelatedI have a Cisco 2811 running Advance Enterprise v 15.1-2. I've just configured it using ccp for internet access (on 2 lines) and a firewall. The configuration is pretty much all default and I used the ccp wizard to create a 'medium-secure' firewall. I have 2 blocks of public IP addresses for my internal network and for the DMZ. The 2800 is configured as follows:
- 2 x default routes. one to each dialer.
- 6 zone pairs as follows:
- ccp-zp-self-out (seems to mostly work... I can ping any IP address from a console but not a hostname)
- ccp-zp-in-out (works fine, both interfaces seem to be in use)
- ccp-zp-in-dmz
- which by default set to ccp-permit-dmzservice
- which inspects ccp-dmz-traffic
- which matches group dmz_traffic and has a class map dmz-traffic
- cnc-zp-dmz-out which is set to ccp-inspect. (my own zone pair to allow systems in the DMZ zone to see the internet. This works fine.)
- ccp-zp-out-dmz (works fine. I can see my web server from any system outside my own network)
- ccp-zp-out-self (which, I guess allows anything permitted to get to the 2811)
Internet works from within the DMZ and in-zone. The outside can access my dmz servers. The inside can access most things on the outside using the firewall rules.
1) Although I have the zones set up to allow the same access from in->dmz as I do from out->dmz and out->dmz seems to work, I cannot seem to access anything in the dmz from the inside.
2) When setting up the firewall I ticked the box for 'allow PPTP clients to make connections from the inside' (or something like that). I cannot seem to make a PPTP connection from my workstation.
I have scoured the internet for guides, looked through these forums & the cisco configuration guides and experimented all day but still cannot figure this out.Do I need a special route between the inside and dmz? I have seem references to static routes on ASA firewalls but the command 'static (inside,dmz)...' does not work on a 2800 series router.
Recently bought a laptop HP Pavilion DM4 with Windows 7 home premium 64 bit for use in a college wireless environment. The school insists on WPA2 Enterprise connection, which is supposedly the recommended Microsoft security protocol for Win 7. I have all the correct settings, such that I can routinely connect to the wireless network but on this model HP I consistently get speeds way under 10kbs, while if I use EXACT same settings on a different Lenovo, Dell, or other models of HP get speeds of over 5MG. Yes 500x faster.Of course HP wanted to blame the network, but after sending 2 technicians to visit on campus, they agreed it was their hardware, so they sent a replacement unit. Unfortunately, the replacement unit has the EXACT same problem. BTW the problem computers do connect flawlessly to other wifi networks at full speed, just not the WPA2 Enterprise network.
View 1 Replies View Relatedif i have just DCNM-N7K-K9 (DCNM for LAN Enterprise License for one Nexus 7000 Chassis) installed on a server, i can manage all nexus switches like 5k and 2k??
View 1 Replies View RelatedMy current version IOS is cat4500e-ipbase-mz.122-53.SG5.bin. I just got a new version cat4500e-entservicesk9-mz.122-53.SG5.bin.I put the new version in bootflash: directory and tried various methods of starting the IOS up to run the new version but it always started in the original ipbase version. My start-config shows:
boot-start-marker
boot system flash bootflash:cat4500e-entservices9l-mz.122-53.SG5.bin
boot-end-marker
and I even deleted the ipbase version in the bootflash: directoy so then my switch would not even boot up at all and hung in rommon. In rommon I tried
boot bootflash:cat4500e-entservicesk9-mz.122-53.SG5.bin
and the result I got back was
File has bad file magic number: 0x0
So I had to point the switch to my tftp server and boot back into a back up copy of ipbase. how I can get my new IOS version to work? I understand I might have to download it again but I just got it so I am skeptical it is a bad file. [URL] as a procedure guide and I do notice some of those commands/steps do not work on my 4900m switch.
What would happened if a force a cat4500-entservicesk9-mz.122-54.SG on a SUP-II-Plus+TS? Considering that:
- The same IP base file tha is used on a SUP-II-Plus+TS is used uma a SUP-V
- The file size os the ent services IOS is just a bit bigger the ip base IOS.
- Especially the EIGRP were supported on the SUP-II-Plus+TS pior the 12.2-25
We need full support to EIGRP(or OSPF) because of the H.A that are been implemented and need to test it...
I have Users Connected via IPSec vpn using asa 5510 to my enterprise network,but i have seen that the user stay connected while he sleeping , now i need to tear down the tunnel if the inactivity is 15 mts,i mean if the user idle for 15 mts with any thing automatically disconnect him after 10 15 mts
View 5 Replies View RelatedI am working in an enterprise LAN environment. We have about 100 switches, mostly 3560 and 3750's. This is a typical Cisco network, yet it's flat. No routing on the access layers. The core switch does do the routing. We use an third party vendor network monitoring tool, and we use Secure CRT to remote into devices.
Here's the problem. There was a device we stumbled into that had not been put into our monitoring software. It has the same IOS as our other devices. All I can say is that it's the same version and type. Each device has a management v LAN. And each device has it's own management IP. An ACL exists to prevent unauthorized SSH access into the devices, yet allows the management v LAN scope to get in.
So, here's the problem...we can't SSH into our problem mystery device, let's call it Switch X. Switch X has an IP of 10.10.100.150. Now, I can be logged into it's up link device, let's call it switch B. Switch B has an IP of 10.10.100.130. The ACL allows all devices from 10.10.100.0/24 to SSH. Our PC's at our desk are also in the same management V LAN. SSH version 2 is on the configs, and the domain names are the same on these two devices.
So, let's be clear. From my desktop, I can connect to any device on my network EXCEPT switch X. When I try to connect using SSH, port 22...it just sits there until it times out. I can do the same thing to any other switch, and connect just fine. We are using TACACS+ and RADIUS as well, and they are up and running just fine. The configs on Switch X like I said are the same for switch B, except it's IP address of course. While logged into switch B, I can do a CDP neighbor and see switch X connected via trunk link. Both sides are running dot1q encapsulation, and both are in trunk mode. I can ping switch X from switch B. When I try to SSH from B to X..I get timeout with no connection.
So, I hiked over to the building where switch X is located. I consoled into the switch. I confirmed that the ACL is the same as the ACL for switch B. It is set up to allow the management v lan inbound on the VTY 0 - 15. Yes, it's access-class (name) in on both vty 0 4 and 5 15. It also is set up for transport ssh in and transport ssh out.
I rechecked the domain name on Switch X; it was correct. I also did a crypto key and regenerated the crypto key. SSH v2 came up. Again, while in Switch X, I can do a CDP neighbor and see switch B. But I cannot SSH from switch X to Switch B, or any other devices that I tried. Now, we did find a config error with VTP; the VTP domain name was different. But VTP has nothing to do with SSH. Just to placate my co-workers, I went ahead and renamed the VTP domain name (it's running transparent mode). After I regenerated the crypto key, I saved everything of course. I then reloaded the switch. When all came back up, I still could not SSH
This is a 3560 switch, and it is trunk to a 3750.
