Is a CA/CS required to deploy 802.1x? Google searches is confusing me with multiple answers. Im currently trying to test without a CA/CS and im having no luck.
Lab
2008 R2 DC
2008 R2 NPS
Juniper EX4200
User Win 7 PC
This is for a wired connection
I work for a small company and we just brought in a Juniper EX4200 switch so that we are able to test our SFP's and XFP's. I went through the EZSetup process however when I try to re-connect afterwards it just tells me that my subnet for the switch is different then the PC. I have tried assigning a static IP but that is not working for me either
View 8 Replies View RelatedI need to create a trunk between a Cisco 3560 and a Juniper EX4200I am perfectly happy with the the Cisco side and want to only allow 1 vlan across the trunk, which I was going to configure on the 3560 side. Any experience on trunking to a Juniper Ex4200.Looking at the Juniper side it looks like I just set the port as a L2 uplink.
View 3 Replies View RelatedI have a lot of problems with the connection between our Cisco 2950 and Juniper EX4200.We got two different types of connection, two swtiches with LAG (LACP) and three switches with standard Trunk (STP).
The Problem:If i connect a new switch to the EX4200, both LAG-interfaces goes down with the following message in the cisco-log:
%PM-4-ERR_DISABLE: channel-misconfig error detected on Po1, putting Gi0/1 in err-disable state
: %PM-4-ERR_DISABLE: channel-misconfig error detected on Po1, putting Gi0/2 in err-disable state
This does not always happen, maybe 20-40% of the times i connect a new swtich or move a switch from a port to another.This happens reglardless if i have the EX4500 connected or not.
Currently we have a CISCO 3020 VPN Concentrator to terminate Lan-to-Lan tunnels and have our mobile workers connect via CISCO VPN client (300 users-employees and contractors-). Since this device is coming to an EOL this year we purchased a CISCO 5520 (below are the current licenses on it)
The licensing seems rather complicated, therefore this is my question:
- What VPN solution do you recommend for our users and contractors? it is my understanding the CISCO VPN client does not work with ASA 5500 series devices
- Is there a license needed to deploy VPN solutions for our remote users(employees/contractors)?
The client is interested to deploy 2x new ACS 5.x and interested to setup split deployment between two ACS in two separate locations for load sharing, and configuration replication. At the same the client want an ability to make configuration changes on both ACS servers. According to Cisco ACS 5.x deployment notes all
Configurations must me make to a primary ACS servers and secondary servers will obtain configuration from the primary server which defeat the client requirements of the ability and capability to make changes to both server.
Question:
If I deploy two ACS servers in two different location as an independent servers, can I still replicate information between two servers? I know ACS 4.2 I can do replication between two servers.
deploying a large wireless network (about 14 access points) spread across 9 buildings that are in relative close proximity to each other. I have included a picture with a rough scale (it's editable, so feel free to play around with it). Anyways, here is the basic idea. I do basic IT consulting for small businesses and some friends of mine work for an apartment complex in my local area. They came to me with this idea of deploying a wireless network on the campus to provide their tenants with "free" basic wireless internet. Basic meaning, not intended to be a replacement for a private connection. But suitable for basic web browsing, school work (I live in a university town), and email. So I got to scratching my head and quickly realized that I need to dome some learning and refresh on my skills.
View 4 Replies View RelatedWe want to deploy NAC for 500-600 users across WAN. We are planning for L3-OOB-Real Gateway central deployment Solution.We are having two NAC Server (3355) two NAC manger (3355) at HQ and 6 NAC Server(3315) at branch. We deployed NAC under VRF.How we can deploy NAC over WAN without NAC Server, need step by step configuration under VRF.
View 1 Replies View RelatedI'm looking to deploy the Cisco 881 3G routers for a few mobile assets. The assets will use WIFI / WIMAX as their primary communications via the Ethernet interface and roll over to a 3G cellular connection when traveling outside of the WIFI / WI MAX coverage area. The WIFI / WI MAX network will solely be for the corporate network and will not required any VPN tunnels. When outside of the WIFI / WI MAX network, the asset will use the 3G cellular network via an IPSEC VPN tunnel.
My question - is it possible fire up the VPN tunnel only when connectivity failing over to the 3G connection and not when utilizing the Ethernet interface?
Need to deploy ms office compatibility pack via a gpo to a network I work on. I've extracted the exe and have the msi and cab files which I've placed in a network share and given full control permissions to everyone (I did this after it not working a few times with modify), everyone has full control on the 2 files as well.
I've created a new gpo "software deploy" under computer configuration, software, I've assigned a new package and typed the path in the following format \servershareo12.msi. I've moved a test pc into a test ou in ad and back in group policy management I've linked the software deploy gpo to this test ou. I've ran gpupdate /force on both ends.I've restarted the test box, nothing, repeatedly, I even edited the gpo to deploy the software under user and moved a test user into this test ou, same thing, nothing. I then went back to the config above using the computer config instead of user.
is there a way for pre deploying the new ap images? We have around 500 APs and my inspection windows isnt long enough to upgrade via controller......
View 6 Replies View RelatedAttempting to upgrade from ASA 8.3.2, ASDM 6.3.4, Any Connect 2.5.1 to ASA 8.4(4)1, ASDM 6.4(9) and Any Connect 3.1.00495 using ASA 5505.
Client is Windows XP SP3 w/ IE7. Can log into the ASA web portal and starts to install via ActiveX. I get past the IE7 message bar to authorize installing the ActiveX control. I briefly see a message that says "ActiveX could not be launched" (I think. It is very fast) and then the install hangs w/ the message in the web connect dialog about the IE7 message bar. If I let the timer expire, the java install also fails. If I download the installer via the web portal, and install Any Connect via the downloaded installer, everything works fine.
Same problem w/ ASA 9.1.1, ASDM 7.1(1) and Any Connect 3.1.02026. I have added the web page address to the trusted zone, and checked all the zones for permissions to install ActiveX controls, etc. Worked w/ the older/original software when I remove the kill bit for Microsoft KB2736233. Have not installed any custom Any Connect profile to use transforms. I did see in the release notes some information on NO INSTALL ACTIVEX=0, but I think this applies to the per-install package only.
im currenly configuring a 4500X with 16 port. All sfp are 1Gig, but when I input show ip int brief, it shows that the interfaces are on 10 Gig. Does Catalyst 4500X already support the 1Gig SFP without inputting a command or do I have to configure it to activate the 1Gig interface?
View 6 Replies View RelatedI need deploy a BGP with two ISPs exchanging routes with the Internet.My company has a Switch 3550 as follow specification below
Cisco WS-C3550-48 (PowerPC) processor (revision E0) with 65526K/8192K bytes of memory.
Processor board ID CHK0629V0F1
Last reset from warm-reset
Running Layer2/3 Switching Image
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(25)SEB4, RELEASE SOFTWARE (fc1)
I Should like a tip about that switch going be support that implementation. for exemplo it has 64MB as showed above.
deploy OTV using ASR 1001 between 2 data-centers? We want to acquire HSRP localization there, but at this moment I can only see lots docs are saying how to do this on N7K, not ASR. I saw it has a FHRP filtering enabled by default when the OTV configuration is done, and also see there is a access-list created by default call otv_filter_fhrp, Im just wondering besides this IP ACL there should be MAC ACL applied?
View 3 Replies View RelatedI`d like to know if that antenna AIR-ANT24120 works with the LAP 1252 in a Mesh deploy.
View 8 Replies View RelatedI have broadband connection on a wired DSL Modem. Now I want to create a wireless networking environment at my home so to work with my laptop and WLAN enabled phone. I do not like to buy a new Wireless router.
Is is possible to deploy my existing modem/router with some extra equipments to build a wifi hotspot?
We are looking to deploy an indoor mesh deployment in an area where radar might be an issue.know that when using 1500 series APs you cannot choose UNII-1 channels even if they are deployed indoors.My question is if you can use a UNII-1 backhaul with indoor APs (3600 series for example) in an indoor mesh deployment.
View 8 Replies View RelatedI decided to switch away from my DIR-655 wireless router due to multiple issues and go with an Untangle box. Everything appears to be set up great... except when it comes to my VPN connection to work via Juniper VPN Client v. 6.5.0.15507. For some reason, the VPN connection keeps dropping every 3-5 minutes and I have to wait for it to either reconnect, or sometimes the client completely stops and I have to restart it.
View 16 Replies View RelatedI have a ASA 5520 with a functional IPSEC VPN using the Cisco VPN client. This allows my remote users (Staff) using laptops to come in from anywhere on the Internet and tunnel in. Works great.Next, we need to stand up a VPN over a Juniper SSG5 so that when we have groups working outside of our network, they can tunnel back into our network. If they were going to be coming from a known, fixed IP, or even netblock, we'd probably use Route-based setup from a Juniper SSG5 into the ASA 5520. But they may very well be coming from any IP. I am thinking this leads us to Site-to-Site VPNs- it won't be Network Client access obviously, nor will it be Clientless (browser-based).
View 9 Replies View RelatedIs there any problems expected in working with core switch of Juniper EX8208 with access switches of Nortel Baystack5520 / 380 / 425 and 325? Whether the VLAN, Multicasting, streaming, STP, SNMP, etc will work without any issues?
View 2 Replies View RelatedI'm trying to enable LAG between WLC and a Juniper switch EX-4200 but it is not working.
In the lab i managed to enable LACP between Cisco 2960 and juniper EX-4200 and works with the atached configs that i found on juniper forum. Also LACP between Cisco 2960 and WLC works with te same config, but never between the WLC and Juniper. I've tried with passive mode and slow mode, always seems that juniper is not seeing the WLC BPDUs. I tried with WLC 4402 and 5508 both with 7.0 firmware.
I have set up an ACS 5.4 box and have some test devices connected to it.Cisco and Juniper, both working fine using TACACS I can connect to both using SSH or Telnet but my problem is the J-Web Juniper GUI I can access the J-web no problem with the root account. i can not seem to get it to work, no matter what I try. Here is my shell from the ACS box And the following Juniper configuration. I have tried binding the local-user-name attribute to both the remote and remoteadmin with no luck.
version 9.6R1.13;
system {
host-name Juniper-Firewall;
authentication-order [ tacplus password ];
root-authentication {
encrypted-password "$1$1tRuy9o2$LwSPxNwe4XGNMOMIMo1pd1"; ## SECRET-DATA
[code].....
Local LAN is connected with cisco 2800 router and SRX 210 Firewall, currently all LAN segment will go to my Data Center via ISP A and all internet traffic from LAN segment will go to internet via SRX firewall, there is no relation/connection between cisco router and SRX firewall. I have separate AS no. s for both the ISP
I am having attached scenario. based on current one I would like to do following.
1. I need to use PBR at LAN Switch ( its L3 Switch) such that in normal scenario - local VLAN traffic is equally distributed on both ISP.
2. dedicated internet traffic will flow through ISP B only and if WAN link of ISP B goes down, the internet traffic will pass through ISP A.
( in normal scenario, ISP A will utilized 100 % for LAN traffic to reach it to DC but once ISP B link goes down, the b/w of ISP A will be divided to route 50% traffic for LAN segment to DC and rest 50% traffic of LAN segment to internet)
Any known issues connecting an ASA to a Juniper switch?
We have a remote site where we have an ASA 5505 installed set up running EzVPN. We do not have not have control/access to the internet connection or the internal infrastructure. We basically have an office within their building. Our ASA has one of their external IP addresses and is connected to thier Juniper switch. Our pc's/printers are patched to another Juniper switch which is uplinked to our ASA. The issue we are having is that the connection is intermittently dropping where we cannot ping the pc's/printers at the remote site through the VPN tunnel but we are still able to ping the external IP address of our remote ASA. The strange thing is that we cannot manage the ASA via SSH or ASDM using the outside interface but can ping it when this occurs. For the most part the VPN tunnel does not drop when we check the sessions at the headend although it occasionally will.
We've got a doubt about the uplink ports of this supervisor. I've read that you have to use the four ports in 10G mode or in 1G mode, but not use for example 1 port in 10G mode and 1 port in 1G mode:
But, you can read in another sentence: " Beginning with Cisco IOS Release 12.2(25)SG, you could simultaneously deploy the dual 10-Gigabit.Ethernet ports and the four Gigabit Ethernet SFP ports on the Catalyst 4503, Catalyst 4506, and Catalyst 4507R chassis." Is it posible deploy simultaneously both type of ports?
Several of my older netscreen devices only support radius authentication and I'm having trouble migrating them from ACS 4.2 to ACS 5.1. When I try to authenticate, the authentication passes in ACS but it doesn't log you into the Netscreen (you see a auth failure in the Netscreen logs). I believe that the custom attributes are not being passed from ACS to the Netscreen. The custom attribute we are trying to pass is "NS-Admin-Privilege" with type integer and a value of 2. The netscreen is setup so that the user privledges are obtained from the ACS server.
Any setup where they are using Cisco radius authentication to authenticate Netscreen devices?
I have ASA 5510 with 8.4 connected to ISG 1000, when traffic is passing the VPN tunnel is working fine, when the traffic stops, ASA will drop the packet but the VPN tunnel on ISG still up .When new traffic started from ISG side, it will drop, as the tunnel is not up on ASA side.
View 2 Replies View RelatedI am trying to authenticate on Juniper NSM express using cisco ACS 5.2. The request is arriving at the cisco ACS but i am getting the following error.RADIUS requests can only be processed by Access Services that are of type Network Access.
View 4 Replies View RelatedIn the process of migrating from ACS 4.1 to ACS 5.3. Authentication works fine, but having issues with authorization on the Juniper WXC-3400 devices. In ACS 4.1 we were passing TACACS+Shell (exec) Custom attributes Privilege level=15, which allowed a user to login with read/write privileges. In ACS 5.3 tried setting the Shell Profiles common task to 15 for both Default and Maximum (one at a time, and together), as well as setting the Custom Attributes for priv-lvl=15 (with and without Common Tasks set).
A capture shows Auth Status: 0x11 (ERROR).
i changed from ACS 4 to ACS 5.2. Everything works fine but i have authentication failed in the Radius accouting reports every time when users connect through ASA or Juniper into our network. Juniper amd ASA only send accounting informations to ACS. The users are not configured on the ACS, authentication is done via external LDAP. So my question is why do o see authentication error on ACS because Juniper and ASA only send accounting packets ?
View 2 Replies View Relatedi am setting up a LAN to LAN VPN between Cisco ASA 5520 and Juniper device. its my first time i am setting this up. What will be the peer device of my device that i need to give to the other person.. is this the outside address of my device ?
Also with the setup i have made i am getting the follwong error msg:
IKE Peer: 81.45.22.222 Type : L2L Role : responder Rekey : no State : MM_WAIT_MSG5
also i was getting Type: user intead of l2l - what does htis mean as well
We have a 3750 as core switch with critical oracle servers ( production & development ) connected to this. The goal is to have these servers behind a firewall, which is to be done by logically routing the traffic towards the device.Now, we need to connect the 3750 with two juniper srx firewall physically. The oracle server VLAN will be removed from 3750 and same layer 3 vlan will be created in the juniper firewall. How do i connect the 3750 to the two junipers. what configurations will be involved, on a logical basis.
View 11 Replies View Related