802.1x Auth-Fail VLAN --- XP does not recognize

Similar Messages

• 802.1x Auth-Fail VLAN and Guest-VLan not available

  Hi Pros,
  Having an issue with an 881 I have recently acquired. I'm wanting to setup a Virtual Office scenario. Everything is working fine except for 802.1x...
  I can get the 881 to authenticate things connected to it, but I don't have the options of guest-vlan or auth-fail vlan.
  Idea is if the users takes the router home and someone, either accidentally or on pupose, connects an unauthorized Laptop, they stay off the Corp network but can get to the internet still.
  I found this link on Cisco's site:
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/deployment_guide_c07_458259_ns855_Networking_Solutions_White_Paper.html
  That link shows them configuring a guest vlan right on the fa0-3 ports of an 881W. I dont have that option on mine. I can only configure 802.1x on the vlan interface. I have 802.1x working, for things that connect to vlan1, but I would like to have a "fallback" setup.
  EZVPN_Remote(config-if)#int fa1
  EZVPN_Remote(config-if)#dot
  EZVPN_Remote(config-if)#dot1?
  dot1q
  EZVPN_Remote(config-if)#dot1
  EZVPN_Remote(config-if)#int vlan1
  EZVPN_Remote(config-if)#dot1x ?
    default           Configure Dot1x with default values for this port
    host-mode         Set the Host mode for 802.1x on this interface
    max-reauth-req    Max No.of Reauthentication Attempts
    max-req           Max No.of Retries
    pae               Set 802.1x interface pae type
    port-control      set the port-control value
    reauthentication  Enable or Disable Reauthentication for this port
    timeout           Various Timeouts
  Any thoughts why I'm seeing this behavior? Feature-set? IOS Version?
  EZVPN_Remote#sh ver
  Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(2)T4, )
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Compiled Tue 12-Jul-11 21:02 by prod_rel_team
  ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
  EZVPN_Remote uptime is 6 hours, 1 minute
  System returned to ROM by reload at 14:53:21 UTC Thu Oct 13 2011
  System restarted at 14:52:47 UTC Thu Oct 13 2011
  System image file is "flash:c880data-universalk9-mz.151-2.T4.bin"
  Last reload type: Normal Reload
  Last reload reason: Reload Command
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memor.
  Processor board ID FTX153482GK
  5 FastEthernet interfaces
  1 Virtual Private Network (VPN) Module
  256K bytes of non-volatile configuration memory.
  126000K bytes of ATA CompactFlash (Read/Write)
  License Info:
  License UDI:
  Device#   PID                   SN
  *0        CISCO881-SEC-K9       xxxxxxxx
  License Information for 'c880-data'
      License Level: advipservices   Type: Permanent
      Next reboot license Level: advipservices
  Thanks in advance!

  Shamless bump...

• Auth-fail VLAN vs Guest VLAN

  Hi All,
  What criteria is used to determine whether to use the auth-fail VLAN or the guest VLAN?
  What if a non-802.1x client connects to the port, say a Vendor.... 802.1x doesn't occur, so does it then transition to guest vlan?
  What if a vendor brings in an 802.1x capable PC and connects it... the auth fails, but I'd want the vendor to go into the guest VLAN anyway, Could I give them a temporary username / PW maybe to authenticate with? hmmm...
  Thanks in advance.

  Hello,
       The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the
       user or machine authentication.  The Auth-Fail VLAN will be invoked after a number of failures
       not after the first authentication failure.  This is a configurable value.
       The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.
       You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want
       users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).
  --Jesse

• Auth-fail vlan won't support re-authentication

  We're using ACS 1113 Appliance with ACS version 4.1.4.13. via the RADIUS attributes, clients are re-authenticated every 16 hours. The machine cache is set to 12 hours. This means that, if the user doesn't log off within 16 hours, he will be denied network access because of Machine Access Restriction (which is normal).
  The problem is, at this point, the SSC client keeps trying and trying to authenticate. It never stops trying until the user logs off or reboots (sometimes this can takes days to weeks (f.e. on vacation). This results in a log entry, every 4 seconds (because of timeout tx-period settings), for every user that is in the MAR. Now you can imagine that, in an environment with 4000 users that the loggings become unusable because of the enormous amount of (unnecessary) failed attempts logs.
  I've tried the following dot1x attributes on the switchport but they don't seem to work:
  dot1x max-req 3
  dot1x max-reauth-req 3
  I was hoping they would stop the authentication attempts after 3 unsuccesfull tries, but it doesn't help.
  Then I thought I found a solution: the auth-fail vlan. Then we have only 3 logs before the port falls into auth-fail, which is much better.
  But, once he is into the auth-fail vlan, he never gets out! I tought that, if the user logs off, the network connection is closed, so at that point the machine authentication would be triggered. But he just stays in the auth-fail vlan until rebooted or the cable is removed. Isn't there any way to trigger the authentication when the user is logged off?

  Check if the "Default connection timeout" and "Default Association Timeout" values are configured properly in the client policy. Also check for the "max start" value in the connection settings for 802.1x. http://www.cisco.com/en/US/docs/wireless/wlan_adapter/secure_client/5.1/administration/guide/C2_SetupSSC.html#wp1056892

• "Apple Mobile Device" failed to start. itunes does not recognize my iPhone4.

  I decided it was time to resync the music on my iPhone since its been months. I begin the sync and after a minute or so, my iTunes suddenly does not recognize my iPhone and freezes. I honestly have no idea what happened but was undaunted.
  OS is MS Windows 7 Home Premium 64 bit SP1
  Now, after trying:   
  - updating to iTunes 10.6.3, which stops installing after a popup saying "Service 'Apple Mobile Device' (Apple Mobile Device) failed to start. Verify that you have sufficient privileges to start system services. With the options Abort Retry or Ignore. Retry does nothing. Ignore allows iTunes to install but it doesn't recognize my phone still which is all I care to use iTunes for.
  - uninstalling all iTunes, Apple, Quicktime, and Bonjour software, which was difficult to do since you have to follow a particular order or else they wont actually uninstall.
  - performing a registry clean using CC Cleaner
  - wiping my compter's apple related Temp files in app data..
  - restarting with a clean boot... updating all drivers.. updating windows..
  I am becoming quite daunted.
  I have done essentially every single thing I could find that might resolve this error. I restarted and tried again (this is the third or maybe four time) and it still will not install.
  I cannot get any third party software to recognize the phone either since I need that Apple Mobile Device. I could always sync my library with Spotify but that's cumbersome and makes me not like my beautiful iPhone.
  Any help would be AMAZING. I've run out of ideas.

  The link above is bad... that account has been suspended.
  Just an FYI, I'm running Windows 7 Professional 64-bit and had just downloaded Itunes 10.7 for this platform.
  Please know that I have NEVER plugged any Apple device into this great computer.
  I have the new Iphone 5 READY to plugin and in ANTICIPATION of installing that phone; I first wanted to start by installing Itunes without any hardware potentially messing up the works.
  I have the exact same problem as reported here and in about 100 places here at Apple.  Please note this system has never seen ANY of these apple applications including quicktime, Itunes, Bonjour, or anything else from Apple for that matter.
  So basically, I'm stuck.  I've read the articles at about 20 sites now and it looks like this is a SEVERE and widespread problem; however, I have yet to find a "real" solution.
  Any advise would be greatly appreciated.  I'm an IT/Telecom Expert and it took me 3 hours to get the Iphone 5 setup and working properly (mainly because of the screen not working sideways for 95% of the configuration options and being forced to fat finger settings) including everything working with Icloud hosted contacts, facebook, a few networks and getting my gmail out of the way (of Icloud and facebook) and finally getting everything rocking, only to hit the wall when it came to Itunes.  Kind of a drag if you ask me.  (I'm thinking the Samsung Galaxy III that I returned to get this thing might have been less grief; but I guess we'll see).
  Anyone with a real fix, please reply!  I could use the help BEFORE I try to plug this phone into my computer!
  Thanks!

• HT1751 My win8 pc hard drive failed.  After the hard drive was replaced, I copied iTunes Media backupfiles from external hard drive (Karen's Replicator was used).  ITunes does not recognize the back up files - help! (it does show cloud & recently burned m

  My win8 pc hard drive failed.  After the hard drive was replaced, I copied iTunes Media backupfiles from external hard drive (Karen's Replicator backup software was used).  ITunes does not recognize these back up files even though the location is the same as cloud & recently burned music that does show- help!  The backup files consist of 34,000+ songs; almost all burned from my own CD collection.  I do have most of the songs on an ipod classic but hesitate to try to restore from that.  Can someone tell me how to get these 34,000 songs to show up in iTunes?  Thanks!!

  This diagram shows how a typical iTunes library ought to be set out (click on it to enlarge)
  The red outline highlights the media folder and its contents, the various subfolders are only created if that kind of content is in your library. The right-hand side shows the files that should be found in the iTunes library folder; sentinel is normally hidden so may not be visible. The core of your iTunes library is the file iTunes Library.itl, you need to restore this, the other library files and the Album Artwork folder, as well as the media folder, to restore your library.
  tt2

• AP Group VLAN "Feelgood" does not exists on controller.

  Hi,
  While appling tenplates from WCS, i getting status report error message AP Group VLAN "Feelgood" does not exists on controller.
  I have double  checked the perticular AP group WLAN is created & mapped to the correct interface in the controller. This is not first AP group created on the controller, other AP groups are working on the same controller.
  Is there any Bug?
  Thanks

  Typically you still need to make sure that the country codes are indeed configured on the WLC. Thing can change when you upgrade code as standards might of changed and regulations also. If your AP's are functional, then you should be okay and I wouldn't worry too much about it, but if after the upgrade, the WLC complains about country code stuff, then you just need to verify that the AP's country code is defined on the WLC. May times the AP will not join and if it does join, the radios might be disabled or in a down status.
  Sent from Cisco Technical Support iPad App

• Template interpretation failed. Template does not exist.

  Hi Gurus,
  We are configuring SRM 7.0 ( SPS06) with ECC6 ( Ehp4) without Portal, but when I go to Webbrowser ( SiCF..BBPSTART service) and click on any function like Shop...the gives error 'Template interpretation failed. Template does not exist. " ....after going throug some threads we  added ~GENERATEDYNPRO' with value '1'u2026.in Service BBPSC02..etc...then system shows SAP GUI screen in the web Browser for Shop function for example...
  Since in the Config Guide. for SRM 7.0..To configure the portal-independent navigation frame...we need to define below steps..
  1. RFC connection of type H (HTTP) to the SAP ERP back-end system under SM59
  2.Enter the HTTP connection defined above, but without the suffix, in the Customizing activity Define System Landscape in the System Alias for POWL Navigation field. Enter, for example, SAP_ERP.
  3.Activate the Internet Communication Framework (ICF) service /sap/bc/nwbc/srm in transaction HTTP Service Hierarchy Maintenance (SICF). Use this service to start NetWeaver Business Client (NWBC) for HTML.......which is not defined yet....
  Can anyone please confirm me..whether I'm right or anything need to be corrected ...
  Thank you in advance.
  Regards
  Naren

  Thanks.
  Now I am able to see SRM web browser Screen w/O Portal ...its really nice compare to SRM5.0
  As per Config guide It happned after doing below steps .....
  SAP Supplier Relationship Management (SAP SRM) supports various flexible deployment variants.
  Note
  You can use the flexible deployment variants in SAP Supplier Relationship Management 7.0 (SAP
  SRM 7.0) on SAP enhancement package 1 for SAP NetWeaver 7.0 SPS06.
  3.1 Portal-Independent Navigation Frame and Inbox
  3.1.1 Portal-Independent Navigation Frame Configuration
  Using the Portal-independent navigation frame, you can use SAP Supplier Relationship Management
  (SAP SRM) applications without using SAP NetWeaver Portal.
  Procedure
  To configure the portal-independent navigation frame, proceed as follows:
  1.     In Customizing for SAP Supplier Relationship Management, define the following settings:
  n Activate the Portal-independent navigation frame in Customizing for SAP Supplier
  Relationship Management under SRM Server Technical Basic Settings Portal-Independent
  Navigation Frame Activate/Deactivate Portal-Independent Navigation Frame .
  n Define an RFC connection of type H (HTTP) to the SAP ERP back-end system under SRM
  Server Technical Basic Settings Define RFC Destinations , or use transaction SM59. The name of
  the connection must end with one of the following character sequences:
  l For a non-secure connection, use_HTTP.
  Example: SAP_ERP_HTTP.
  l For a secure connection, use _HTTPS.
  Example: SAP_ERP_HTTPS.
  n Enter the HTTP connection defined above, but without the suffix, in the Customizing activity
  Define System Landscape in the System Alias for POWL Navigation field. Enter, for example, SAP_ERP.
  n Activate the Internet Communication Framework (ICF) service /sap/bc/nwbc/srm in
  transaction HTTP Service Hierarchy Maintenance (SICF). Use this service to start NetWeaver Business
  Client (NWBC) for HTML.
  Thnaks

• HT2822 What is the better Connection on Apple TV v2, Ethernet or Wifi 802.11n???? does not support with ethernet gigabit?

  What is the better Connection on Apple TV v2, Ethernet or Wifi 802.11n????
  Does not support with ethernet gigabit?

  If you have stable wifi with good connectivity it should work fine - in reality many people struggle with wifi.
  I was plagued by interference issues with wifi whenever the microwave was used and would always use ethernet now as my first preference for stability.
  As the house is not wired for ethernet several years ago I tried mains powerline network adapters that are made by many companies.
  I use these from Devolo currently:
  http://www.devolo.co.uk/consumer/81_dlan-500-avmini_starter-kit_product-pictures _8.html?l=en
  They are excellent and you can create a wired network in minutes without running long lengths of cable.
  As with wifi they never achieve the highest rated speeds and are dependent on the wiring quality but are more than adequate for HD streaming to multiple AppleTVs.
  Many other manufacturers produce these eg Belkin, Netgear etc as well as lesser known brands.
  AC

• VBA Outlook Email Failing: "Outlook does not recognize one or more names"

  I use VBA code to send emails from within Microsoft Project 2010 Standard to notify task owners of task status.  This code has been working fine until the last couple of weeks.  Now I get the error "Outlook does not recognize one or more names". 
  The VBA code sends email to each addressees internet address.  I am referencing the Microsoft Outlook 14.0 Object Library.
  I deleted the "suggested contacts" entries in my address book to no avail. 
  Below is the key snipit of code I am using.  I get the error when the ".Send" line is executed.
  When I check OutMail.To, .CC, etc everything looks fine.
  Any suggestions would be greatly appreciated.
  Dim OutApp As Object
      Dim OutMail As Object
      Set OutApp = CreateObject("Outlook.Application")
      Set OutMail = OutApp.CreateItem(0)
      On Error GoTo BadOutlookMail
     ' Change the mail address and subject in the macro before you run it.
      With OutMail
          .To = vTo
          .CC = vCC
          .BCC = vBCC
          .Subject = strSubject
          .Body = strBodyText
      End With

  Hi,
  I'm glad to hear your problem has been resolved by yourself, I hope this thread will hope other users who may come up against the same problem.
  Thank you for sharing your experience here with us.
  Regards,
  Melon Chen
  TechNet Community Support

• Firefox 3.6.8 does not recognize subsequent mouseclicks - window loses focus

  After updating to firefox 3.6.8 on my macbook pro (OS X 10.4.11) Firefox fails to recognize subsequent mouse clicks. You can access the page initially, but then it seems to lose focus and become unresponsive to mouse clicks until you do something to break the cycle (clicking on desktop, minimizing and resizing window, etc). I reinstalled Adobe Flash update using full installer, since others have suggested that as a possible cause, but no joy. The browser window still does not recognize mouseclicks after an initially successful page load. You can tab to the next window (for example, if you want to enter something in search) but you cannot CLICK to enter the search window, nor can you click on links on the page, etc. It is totally unresponsive.
  == This happened ==
  Every time Firefox opened
  == I updated Firefox to the version just before 3.6.8 -- then I updated to 3.6.8 to see if that fixed it -- it's still broken

  This started happening to me yesterday. All plugins are disabled, didn't help. All plugins uninstalled, didn't help. Downgraded to SP3, didn't help. I've also noticed this happen in Thunderbird, though it seems OK now.
  Sadly I've had to start using IE8 :(

• Apple TV does not recognize my Apple account username (email) and password, but ITunes, my iPad and iPhone does.  I have rest my password three times, same results. Also, ATV says my computer is not authorized, but I-Tunes says it is.

  Apple TV does not recognize my Apple account username (email) and password, but iTunes, my iPad and iPhone does.  I have rest my password three times, same results.
  ATV says my computer is not authorized, but i-Tunes says it is.
  I have i-Tunes open on my computer and have entered i-Tunes store, ATV says it can't access the store.  Both on the same network!
  I am so frustrated with this system!  All these problems with Apple TV are not the end but the beginning.
  In i-Tunes, songs are lost when they have not been moved. I lose whole albums I have ripped from CDs to iTunes
  An audiobook book in two files are in the library but only one file is recognized by iTunes when I try to play it or transfer it to my iPhone

  I Am having the same issue. Ie on the password issue.
  I Am using a Macpro though.
  i Have had no issues with the setup until recently.
  However I think the hard drive is starting to fail as it keeps on losing the wireless connection and gas been stuttering a lot on playback.

• Macbook Pro does not recognize ZTE MF823 modem device.

  After connecting it to USB it does not show me the new device, looks like the system does not recognize it.
  I have OS X 10.7.5
  I bought it to use the fast (LTE) intenet in ISP and help desk told me that system restore might help... :/ but i don't like this "might help solution"
  I am using other USB modem and it runs on the same USB port, so it's not the port.
  Modem works without a problem on Windows XP.
  I tried this one:
  https://discussions.apple.com/message/15713182#15713182
  but no luck...
  any ideas?

  I have found an error in kernel.log:
  Jan 17 20:32:43 MacBook-Pro kernel[0]: USBMSC Identifier (non-unique): MF8230ZTED010000 0x19d2 0x1225 0xf070
  Jan 17 20:32:44 MacBook-Pro kernel[0]: ### ZTEUSBMassStorageFilter::iSerialNumber:MF8230ZTED010000 ###
  Jan 17 20:32:44 MacBook-Pro kernel[0]: ### ZTEUSBMassStorageFilter::cDeviceConfiguration:(1:1),SendA1:1 ###
  Jan 17 20:32:49 MacBook-Pro kernel[0]: ### ZTEUSBMassStorageFilter::Terminated! ###
  Jan 17 20:32:49 MacBook-Pro kernel[0]: USBMSC Identifier (non-unique): MF8230ZTED000000 0x19d2 0x1403 0xf070
  Jan 17 20:32:50 MacBook-Pro kernel[0]: 0       ff AppleUSBCDCACMControl: configureACM - ACM Control interface has vendor specific protocol
  Jan 17 20:32:50 MacBook-Pro kernel[0]: 0        0 AppleUSBCDCACMControl: start - configureACM failed
  Jan 17 20:32:51 MacBook-Pro kernel[0]: AppleUSBCDCACMData: Version number - 4.1.22, Input buffers 8, Output buffers 16
  Jan 17 20:32:52 MacBook-Pro kernel[0]: AppleUSBCDC: Version number - 4.1.22
  but i cannot  find the way to solve it...
  any ideas?

• Itunes does not recognize any of my devices

  I connect my iPhone or iPad(s) and Itunes does not recognize they are there. I have Itunes latest version. My last backup I was able to do was back in January. I tried to delete and reload itunes and that does not help. My computer recognizes my devices are connected and I can back up my photots. Just Itunes fails to recognize they are connected. ALL my devices have the latest software.

  Hello SCorky,
  The following article provides steps that can help get your devices back into iTunes.
  iOS: Device not recognized in iTunes for Windows
  http://support.apple.com/kb/TS1538
  Cheers,
  Allen

• Offline File | Zero KB CRW's | "Photoshop does not recognize this file"

  The first symptom was when I got the dialogue "The file named "CRW_0004.CRW" is offline or missing. I located the file using spotlight only to get a "Could not complete your request because Photoshop does not recognize this type of file." when trying to open it in photoshop. Upon closer inspection I found that the CRW file was 0KB. I searched for 0 KB CRW & CR2 files to find thousands of files. Heart sinks.
  I recently started using lightroom to import and organize all my files. Now it seems something has gone gravely wrong. Any ideas?
  Intel iMac 2core
  OSX 10.5.7
  LR 2.4
  Camera Raw 5.4

  …and just before I ran the utility I did an export and got a warning that 18 files were offline or missing and 1.file doesn't exist. But once I tried to Right Click>> show in finder and went through the relocate dialogue LR immediatly found the file. Reattempt to export files from "Photos that failed to export" folder went flalessly.