Cisco Works Integration with MARS

Can cisco works be integrated with MARS. I mean cisco works is acting as a syslog server for some switches. Can mars pull the records from Cisco Works and use it for its co-relation

As Michael pointed out, configuring two syslog destinations on your switch is possible, and allows the switch to send to both CiscoWorks and CS-MARS simultaneously.  This affords the safety that should one system be down, the other system will continue to receive syslog events from the switches.  Should you not wish to configure two logging destinations on your switch, you could configure your switches to send their syslogs to CS-MARS and configure CS-MARS to relay the received syslog messages to CiscoWorks.  This options is outlined in the CS-MARS user guide:
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgOver.html#wpmkr181270
Scott

Similar Messages

  • CISCO IVR integration with Phoenix

    I have phoenix application which is based on ISO 8583.
    I have to integrate Contact-Center IVR solution with it.
    I wanted to know, if such an itnegration was ever developed earlier and is it provided by CISCO or by 3rd party?
    You can get more information about Phoenix from http://www.phoenix-interactive.com/.
    Thanks

    I know this already.
    The problem is specifically about integration with Phoenix.
    If you have or anyone who has some knowledge on the Phoenix side of integration as well.
    What CISCO is offering, I know that.
    But I want to know, if any real work for this integration has already been done.

  • Cisco ISE integration with third-party firewalls

    Can Cisco ISE be integrated with a third-party firewall (such as Checkpoint), to provide authentication/authorization services to remote VPN user devices (based on device MAC address)?
    The remote user would establish a VPN connection to a third-party firewall, based on a username/password authentication, but the user would only be allowed to send/receive traffic to the internal network if the MAC address of the device being used was authorized by Cisco ISE.
    Thank you in advance.

    Rui,
    I do not think the vpn client sends the ip address in a called-station-id, that might be the public ip address that the client is initiating the request from. If you have an existing radius server or can run a packet capture you should be able to verify that.
    If the client does send the mac address in the radius packet then you can create a custom condition that can be used to check the mac address along with the username to allow it access to the session. However in VPN deployments there is no concept of profiling since 802.1x deployments usually include the client's mac address.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • ACS and Cisco works integration

    I have authenticated cisco works with ACS as cwadmin. I am not able to view the device added through tacacs+ authentication. But the device is searchable through ip address in chasis view and am able to configure it. Please suggest a method to view the device in device management and device centre.

    I have reinstalled cisco works and again added devices in acs mode. it works now. Thank you. But now the problem is it doesnot list in campus manger, or vlan port assignment. can i know any configuration is required for this?

  • Cisco ISG Integration with AAA & Policy Server

    Hi,
    We are integrating Cisco ISG (IOS XE - ASR1001) with AAA and Policy Server.   we have below to specific service provider requirement.
    1. TAL  - Transparent Automatic Subsriber for Range of IP or Pool of IP  - how we add such identifier in Policy/Control Maps as attibute handshake with AAA
    2. Different QoS Enforcement to Single User based on Day and Night Time.. what logic should be used??
    Note: The Subscribers are from wired network and DHCP controlled.
    Please help, Thanx in advance...
    Bhavesh

    Dear Bhavesh,
         Try with this it is working & tested policy for TAL & ISG ASR 1001.
    QoS will be work with Radius request & will apply on online user with diffrent plan.
    class-map type traffic match-any PPPOE
    match access-group output name PPPOE-out
    match access-group input name PPPOE-in
    class-map type control match-any TAL
    match source-ip-address 30.30.30.0 255.255.255.0
    class-map type control match-all IP_UNAUTH_COND
    match timer IP_UNAUTH_TIMER
    match authen-status unauthenticated
    class-map type control match-all PPPOE-CON
    match media ether
    match authen-status unauthenticated
    match protocol ppp
    policy-map type control PPPOE-USR
    class type control always event timed-policy-expiry
      10 service disconnect
    class type control always event account-logoff
      10 service disconnect delay 2
    class type control always event quota-depleted
      10 set-param drop-traffic TRUE
    class type control always event session-start
      10 authenticate aaa list PPP-USR
    class type control always event service-start
      20 service-policy type service identifier service-name
    class type control always event service-stop
      1 service-policy type service unapply identifier service-name
    policy-map type control TAL_IP_POLICY_RULE
    class type control IP_UNAUTH_COND event timed-policy-expiry
      10 service disconnect
    class type control TAL event account-logoff
      10 service disconnect delay 5
    class type control TAL event session-start
    30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
      50 set-timer IP_UNAUTH_TIMER 5
    class type control TAL event session-restart
      30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
      50 set-timer IP_UNAUTH_TIMER 5
    class type control TAL event quota-depleted
      10 set-param drop-traffic TRUE
    class type control TAL event service-start
      10 service-policy type service identifier service-name
    bba-group pppoe global
    virtual-template 1
    interface GigabitEthernet0/0/0
    ip address 10.10.10.2 255.255.255.0
    no ip proxy-arp
    negotiation auto
    interface GigabitEthernet0/0/1
    ip address 30.30.30.1 255.255.255.0
    negotiation auto
    pppoe enable group global
    service-policy type control TAL_IP_POLICY_RULE
    ip subscriber routed
      initiator unclassified ip-address
    interface GigabitEthernet0/0/2
    ip address 172.16.1.1 255.255.255.0
    negotiation auto
    interface GigabitEthernet0/0/3
    no ip address
    shutdown
    negotiation auto
    interface GigabitEthernet0/2/0
    no ip address
    shutdown
    negotiation auto
    interface GigabitEthernet0/2/1
    no ip address
    shutdown
    negotiation auto
    interface GigabitEthernet0/2/2
    no ip address
    shutdown
    negotiation auto
    interface GigabitEthernet0/2/3
    no ip address
    shutdown
    negotiation auto
    interface GigabitEthernet0
    vrf forwarding Mgmt-intf
    no ip address
    shutdown
    negotiation auto
    interface Virtual-Template1
    ip dhcp relay information trusted
    ip unnumbered GigabitEthernet0/0/1
    ip helper-address 10.10.10.1
    timeout absolute 43200 0
    peer default ip address dhcp
    ppp mtu adaptive
    ppp authentication pap
    ppp authorization PPP-USR
    service-policy type control PPPOE-USR
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    ip route 0.0.0.0 0.0.0.0 172.16.1.2
    ip access-list extended DROP-in
    deny   ip any any
    ip access-list extended DROP-out
    deny   ip any any
    ip access-list extended PPPOE-in
    permit ip any any
    ip access-list extended PPPOE-out
    permit ip any any
    vishal lumbhani

  • Cisco MSE3310 integration with WCS configuration procedures

    Dears,
    Kindly I have a Cisco WCS configured now I brought Cisco MSE3310 and I need to configure it for IPS, so please can you support me with configuration procedures for the configuration specially for the IPS and how is it will work.
    Thanks for your support,

    http://www.cisco.com/en/US/docs/wireless/mse/3350/6.0/CAS/configuration/guide/msecg_ch2_CAS.html

  • Cisco ISE integration with AD fails

    Cisco ISE Ver: 1.1.2.145
    Windows : Win 2003 Server
    I am attempting to integrate ISE with AD, but ISE won't join AD and joining attempts fails, though I am able to add same domain as external LDAP identity store ?
    1.user used to join the domain has admin permission on AD
    2. ISE resolved the domain correctly
    3.There is a firewall inbetween ISE (192.168.100.10) & AD (172.16.100.1), but all the traffic are permited.
    4. No NATing taking place, Firewall is forwarding all trafic between ISE & AD
    Can't really understand why AD connection fails
    From ISE Interface - Detailed Test Connection
    Adinfo (CentrifyDC 4.5.0-357)
    Host Diagnostics
      Uname: Linux Iseadn 2.6.18-274.17.1.el5PAE #1 SMP Wed Jan 4 22:49:48 EST 2012 I686
      OS: Linux
      Version: 2.6.18-274.17.1.el5PAE
      Number Of CPUs: 1
    IP Diagnostics
      Local Host Name: Iseadn
      Local IP Address: 192.168.100.10
      FQDN Host Name:iseadn.gnet.cp
    Domain Diagnostics
      Domain: Gnet.cp
      Subnet Site: Default-first-site-name
        DNS Query For: _ldap._tcp.gnet.cp
        Found SRV Records:
          Gnet.cp:389
      Testing Active Directory Connectivity:
        Domain Controller: Gnet.cp
          Ldap:      389/tcp - Good
          Ldap:      389/udp - Good
          Smb:       445/tcp - Good
          Kdc:        88/tcp - Good
          Kpasswd:   464/tcp - Good
          Ntp:       123/udp - Good
      Domain Controller: Gnet.cp:389
        Domain Controller Type: Windows 2003
        Domain Name:            GNET.CP
        IsGlobalCatalogReady:   TRUE
        DomainFunctionality:           2 = (DS_BEHAVIOR_WIN2003)
        ForestFunctionality:           0 = (DS_BEHAVIOR_WIN2000)
        DomainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
      Forest Name: GNET.CP
        DNS Query For: _gc._tcp.GNET.CP
      Testing Active Directory Connectivity:
      Forest Name: GNET.CP
    Kerberos Error: Rc=-1765328377 SASL Bind To Ldap/[email protected] - GSSAPI Mechanism With Kerberos Error  : Server Not Found In Kerberos Database
    Computer Account Diagnostics
      Not Joined To Any Domain
    System Diagnostic
      Not Joined To Any Domain
    Centrify DirectControl Status
      Not Joined To Any Domain
    Licensed Features: Enabled
    SELinux Status:                 Disabled
    Amavis1.1.0
    Ccs1.0.0
    Clamav1.1.0
    Dcc1.1.0
    Dnsmasq1.1.1
    Evolution1.1.0
    Ipsec1.4.0
    Iscsid1.0.0
    Milter1.0.0
    Mozilla1.1.0
    Mplayer1.1.0
    Nagios1.1.0
    Oddjob1.0.1
    Pcscd1.0.0
    Postgrey1.1.0
    Prelude1.0.0
    Pyzor1.1.0
    Qemu1.1.2
    Razor1.1.0
    Ricci1.0.0
    Smartmon1.1.0
    Spamassassin1.9.0
    Virt1.0.0
    Zosremote1.0.0
    From Ad-agent log

    Hi Jallaluddin
    I work for Centrify Support and saw your posting. Here our analysis on checking the adlogs.txt.zip:
    Server not found in Kerberos database" (reference base/adbind.cpp:495 rc: -1765328377)
    That error is likely coming from the KDC - meaning there is some problem with server side SPNs
    We need the following:
    1) A network trace.
    2) adcheck output.
    3) adinfo --support output
    4) Run dcdiag or netdiag on the server side.
    Also we partner with Cisco and so would it possible to work with your partners and I am pretty sure they have seen this before with DC issues etc. Can you please work with them and see?. TIA
    Best Regards
    Raghu Srinivasan

  • Cisco ISE integration with SMS passcode Device

    HI Experts,
    i have a scenario where the requirement is to integrate the ISE device with SMSpasscode device which will trigger the OTP to the mobile devices 
    Currently i have my authentication configured to work with the AD 
    When my VPN users connects  its authenticates against AD and the users get the access . 
    Now as per the new requirement once the user is authenticate against AD ,  the user should be prompted for the OTP password send to the users  using SMS passcode device 
    Anyone had worked on similar requirement please help me to resolve the issue .
    Thanks in advance 
    Angus

    Hi all
    I am working exactly for a month on this topic with no success.
    I need to integrate VASCO OTP solution. But VASCO do not support any external authentication backend for virtual/SMS token. Only passcode or local authentication.
    I need to implement an external authentication against LDAP somewhere...
    Gunnar, do CISCO clearly says it is not able to participate to such setup?
    So, my need would be to be able to insert in the flow an authentication in ISE against the LDAP.
    The flow is:
    WebApplication send login+password (LDAP) to ISE
    ISE checks the credentials and if it is OK forward the request to VASCO
    VASCO does not check for password but generate the OTP and send it via SMS
    VASCO replies with a access-challenge
    ISE forward the challenge to Web Application
    WebApplication send login+OTP response to ISE
    ISE forward to VASCO
    VASCO checks for OTP and replies to ISE with accept
    ISE forward to Web Application
    User is logged in...
    All the flow is working if the user enters a passcode
    I would like to implement a Identity source sequences where the user is checked again all the entries not the first match
    First LDAP then VASCO...

  • Cisco WCS integration with SNMP based monitoring

    I am looking for a solution to integrate Cisco WCS with any SNMP based monitoring solution.  My requirement is below,
    - Alerts for Access points up/down should be picked up by an alerting system in its console through SNMP.
    - I dont want all access points to be monitored, but only a critical group.
    Currently all access points are configured on LWAP mode under a wireless controller.  Can i configure APs individually for SNMP and get it monitored through the 3rd party monitoring tool.
    Can anyone please guide me to find a solution for this.

    http://www.cisco.com/en/US/docs/wireless/mse/3350/6.0/CAS/configuration/guide/msecg_ch2_CAS.html

  • Cisco CME integration with NICE recorder

    Hi Team,
    Please let me know if we can integrate Cisco CME with NICE recorder. If yes, please share the steps involved in configuration on CME side and NICE.
    Warm Regards,
    Dinesh Rathi

    Hi Anas,
    If the panasonic prtocol is H323 will be no problem the CME dial peer will configure as below:-
    dial-peer voice 121 voip
    translation-profile outgoing prefix
    destination-pattern x..
    session target ipv4:192.x.x.x
    dtmf-relay h245-alphanumeric h245-signal
    but if the panasonic protocol is SIP the configuration on CME will be as below:-
    voice service voip
    ip address trusted list
      ipv4 0.0.0.0 0.0.0.0
    allow-connections h323 to h323
    allow-connections h323 to sip
    allow-connections sip to h323
    allow-connections sip to sip
    supplementary-service h450.12
    no supplementary-service sip moved-temporarily
    no supplementary-service sip refer
    sip
      registrar server expires max 250 min 200
      no call service stop
    dial-peer voice 2000 voip
    destination-pattern y...
    session protocol sipv2
    session target ipv4:172.x.x.x
    dtmf-relay sip-notify
    codec g711ulaw
    no vad
    So please can you advise for the above if the two options are right or not??
    Thanks

  • CISCO IPCC integration with TTY

    Hi every one,
    How can we integrate TTY devices to IPCC environment.
    what are all the supported devices and softwares required
    Thaks in advance
    yugi.

    if your TTY attaches to one of the IP phones currently
    on the Cisco SW \ HW Compatibility Guide matrix, the IP phone and the
    TTY should function fine.  If it is utilizing a device that is not on
    the Compatibility guide, then it is not supported. Here is the URL link to the Cisco SW \ HW Compatibility Guide, which
    lists all the supported HW and SW.  Just navigate to your current CRS
    version for info.
    http://www.cisco.com/en/US/products/sw/custcosw/ps1846/products_device_s
    upport_tables_list.html
    Thanks,
    Karthik

  • Cisco Works LMS 3.1 Integration with ACS v5.2

    Hello Experts,
    our customer has a working integration with the Cisco Works LMS 3.1 and an ACS v3.3 as it is described in this document:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html
    Now we are changing the old ACS Servers to the new ACS v5.2 platform. Is it possible to integrate the LMS to the new ACS Server? We want to use a granular user access restriction for SuperAdmins, Hotline Users an so on...
    Thanks,
    Florian

    Hi Florian,
    actually the ACS 5.2 is not supported in CS 3.2
    here is a list of the supported ACS servers under LMS 3.1
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.2/user/guide/admin.html#wp865998

  • What SAP-modules can be SAP HR integrated with?

    Hi to all!
    I have a following question:  What SAP-modules can be SAP HR integrated with? What HR objects and business processes could be involved in integration. What are the main advantages of this kind of integration.

    The best advantage of SAP HCM is that we have Integration with other Modules
    as per as SAP HCM i worked integration with FICO , SD 
    Business objects form FICO side will be Cost Center
    and there are many Advantages with the integrations with other modules

  • Facing issue in integrating with Cisco ISE

    We are trying to integrate our product(Cisco Prime Infrastructure) with Cisco ISE for Authentication and Authorizations. We already support PAP/CHAP, and not trying to add support for EAP-TLS.
    Currently during our integration, facing TLS payload errors. We are using jradius library for talk to Cisco ISE for authentication and facing the below TLS error in ISE logs. Tried with Cisco ISE 1.2 and 1.3 versions.
    Event                                    5400 Authentication failed         
    Failure Reason                  11500 Invalid or unexpected EAP payload received        
    DetailedInfo                      TLS packet parsing failed: total accumulated size plus this last fragment size is greater than expected total TLS message size
    Any pointers to resolve this problem or any other free java based client library instead of jradius which is tried out successfully with Cisco ISE would also be great.
    Regards
    Chandrakumar

    DECLARE
    CURSOR s_cur
    IS
    SELECT eno FROM emp;
    TYPE fetch_array IS TABLE OF s_cur%ROWTYPE;
    s_array fetch_array;
    BEGIN
    OPEN s_cur;
    FETCH s_cur
    BULK COLLECT INTO s_array;
    CLOSE s_cur;
    FORALL i IN 1 .. s_array.COUNT
    INSERT INTO (select eno from emp_temp)
    VALUES s_array (i);
    END;
    Its working, but not understood the concept.
    INSERT INTO  (select eno from emp_temp)
    VALUES s_array (i);
    How it works?

  • Ask the Expert: C-Series Integration with Cisco Unified Computing System Manager

    Welcome to the Cisco Support Community Ask the Expert conversation. This conversation is an opportunity to learn and ask questions about Cisco C-Series Integration with Cisco Unified Computing System® Manager (Cisco UCS® Manager) with Cisco experts Vishal Mehta and Manuel Velasco.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (Cisco IMC). When a C-Series rack-mount server is integrated with Cisco UCS Manager, the IMC no longer manages the server. Instead you will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager command-line interface (CLI).
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management. The following are the connectivity modes:
    Dual-wire management (shared LAN On Motherboard [LOM]): Shared LOM ports on the rack server are used exclusively for carrying management traffic.A separate cable connected to one of the ports on the Payment Card Industry Express (PCIe) card carries the data traffic.
    SingleConnect (Sideband): Using Network Controller Sideband Interface (NC-SI), the Cisco UCS Virtual Interface Card 1225 (VIC1225) connects one cable that can carry both data and management traffic.
    Direct Connect Mode: Cisco UCS Manager Version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    Vishal Mehta is a customer support engineer for Cisco’s Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching and service provider.
    Manuel Velasco is a customer support engineer for Cisco’s Data Center Server Virtualization TAC team based in San Jose, California.  He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco UCS, Cisco Nexus 1000V, and virtualization.  Manuel holds a master’s degree in electrical engineering from California Polytechnic State University (Cal Poly) and CCNA® and VMware VCP certifications. Remember to use the rating system to let Vishal and Manuel know if you have received an adequate response. 
    Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation in the Data Center, under subcommunity, Unified Computing, shortly after the event. This event lasts through May 23, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

    Hello Sebastian,
    The different modes of connecting C-Series with UCSM come into play depending on the type of infrastructure you already have along with C-Series and NIC model.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (CIMC) .
    Powerful features provided by Cisco UCS Manager can be leveraged to manage C-Series server by integrating  C-Series Rack-Mount Server with UCSM.
    This not only gives you rich-feature set but also one management plane to operate UCS-B Series Chassis and UCS-C Series Rack Server.
    You will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager CLI.
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management.
    The following are the connectivity modes:
    •  Dual-wire Management (Shared LOM):
    Shared LAN on Motherboard (LOM) ports on the rack server are used exclusively for carrying management traffic. A separate cable connected to one of the ports on the PCIe card carries the data traffic. Using two separate cables for managing data traffic and management traffic is also referred to as dual-wire management.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0100.html
    This mode is recommended when you have C-Server which does not  have or cannot support VIC 1225 card (such C-200 server)
    •  SingleConnect (Sideband):
    Using Network Controller Sideband Interface (NC-SI), Cisco UCS VIC1225 Virtual Interface Card (VIC) connects one cable that can carry both data traffic and management traffic.
    This feature is referred to as SingleConnect.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_011.html
    This most recommended Integration model when using FEX and VIC 1225 card
    •  Direct Connect Mode:
    Cisco UCS Manager release version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    This mode will eliminate the need for FEX module as Servers are directly plugged into the base ports of Fabric Interconnect
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0110.html
    Please let us know if you need more information. Thank you!
    Thanks,
    Vishal

Maybe you are looking for

  • IPod Classic refuses to sync Audiobooks

    My iPod and iTunes now refuse to sync Audiobooks. Problem occurred when I bought a new book on iTunes. Refused to sync it. As I've experimented I've discovered that it refuses to sync any of my audiobook library except 1 book. So far, I've tried: 1)A

  • Runtime error in Universal Worklist in portal

    Hi! An error occurs when I open the page Universal Worklist - Administration under System Administration > System Configuration > Universal Worklist & Workflow. The error message is: Portal runtime error. An exception occurred while processing your r

  • How to handle german characters in case of Outbound JMS interface

    HI all,        I am doing an interface which is an outbound JMS interface where the message from MQ and uploading it to a file server. The message contains german characters, JMS adapter while converting the message from binary format to XI message f

  • I NEED DOCUMENTATION ABOUT DEVELOPER 6

    I NEED TO KNOW WHERE CAN I FIND DOCUMENTATION ABOUT FORMS 6 AND REPORTS

  • Error when importing artifacts using LCM from 11.1.2.2 to 11.1.2.2

    Hello Gurus, I am having issues when perform an LCM import to a different server. Following is what I get Could not read zip file EPMLCM-37015: Cannot Zip. Warning in migrating artifact, "/Configuration/Properties/Application Definition". EPMLCM-3703