ACS 1121 (5.4) Username Prefix/Suffix Stripping

Hi.
Is it possible to strip the suffix from a username to authenticate against an active directory in ACS 5.4? I can find this when using an external proxy service, but not for network access.
Thanks.

Hey
Username suffix/prefix stripping is possible when using:
LDAP
Radius Identity server
External Proxy
With AD, the option is unavailable.
Self proxy + AD is a workaround but that has some limitations and is a complex configuration.
Rate if Useful :)
Sharing knowledge makes you Immortal.
Regards,
Ed

Similar Messages

  • ACS 1121 to ISE migration

    Hello ALL,
    we have ACS 1121 and are planning to migrate to ISE let me know if its possible if yes what are the license  i need to buy

    Existing NAC and ACS customers with active support contracts on older appliances are entitled to all of the ISE appliance migration SKUs. Given all the potential appliances migration options (NAC 3140 to ISE 3395, ACS 1120 to ISE 3315, NAC 3310 to ISE VM, etc) PMBU decided to not put any restriction on which migration appliances SKUs customers can use. PMBU is not offering credit for older hardware because the focus is on reduced Base or free Advanced migration licenses.

  • ACS 1121 appliance downgrade to 4.2.0.124

    Hi All ,
              Newly shipped cisco  ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ??? .
    My ACS BOM details
    CSACS-1121-K9
    ACS 1121 Appliance With  5.1 SW And Base license
    CON-SAS-51SWK 
    SW APP SUPP Config Option: ACS 5.1 SW Loaded On 1121

    Hi,
    ACS 1121 does not support ACS 4.2. So a downgrade is not possible.
    Hope this helps.
    Regards,
    Anisha
    P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

  • ACS 1121 with v5.0 PAK lost

    It has been more than a year since a customer bought a Cisco ACS 1121. It was unpacked then and the PAK is lost, no where to be found.
    Is there any way to retrive the lost PAK ??? Help needed much.

    You need to send an email to [email protected] with the following information:
    Cisco Sales Order Number
    SAS contract
    You can obtain your software license at this site: http://www.cisco.com/go/license. Once you arrive at this site, you will need to enter in your Cisco.com user ID and your password to access this site. You will also need to enter in your Product Authorization Key (PAK).
    Regards,
    Jatin
    Do rate helpful posts-

  • ACS 1121 Patch10

    I have an issue with applying a patch to an ACS 1121 appliance running version 5.2.0.26. I have 5 units that needed updating and the first one is the unit with the problem. The subsequent ones updated with no issues.
    When I do a show version the 5.2.0.26.10 does not show. When I try to do a reinstall I get back patch all ready exists. When I try to do an uninstall I get back patch does not exist.
    Is there a command can wipe out patch 10, so I can start over? The CLI factory-reset only wipes the web configuration not the running-config or IOS.
    Thank you,
    John

    I have seen the issue come over the aliase before and so am sharing that previous answer:
    We can easily rename the Patch file name and wait the for the process to complete using the new filename. For example:
    - If trying the following drops the error:
    ACS01/admin# acs patch install 5-2-0-26-10.tar.gpg repository Test
    Patch '5-2-0-26-10' is already installed.
    % Error: Failure to open / validate the patch
    - Rename the patch filename and try again. you can rename it to something like: patch_5-2-0-26-10.tar.gpg
    ACS01/admin# acs patch install patch_5-2-0-26-10.tar.gpg repository Test

  • ACS 1121 Gigabit 0 not working

    Hi,
    I have an ACS 1121 appliance newly shipped and the gigabit 0 interface worked initially but after reload it didn't anymore.
    Any hints?
    Regards

    Hi k abillama,
    Make sure you have connected to port 6 because port 2 and 5 are the (Blocked) Gigabit Ethernet.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_hw_ins.pdf
    As you said that it worked initially but stop working after reload, it could be a hardware issue as well if the conneciton has been made as per document mentioned.
    thanks,
    Vinay

  • Cisco ACS 1121 server configuration

    Hi,
    Anyone can tell me how to configure LAN teaming in Cisco ACS 1121. My requirement is to have virtual IP in the server with two physical IPs in the available 2 interface in the server.
    Regards,
    Haja Shajahan.M

    Currently Gig 0 is supported. Gig 1 is blocked. Check this link ((Blocked) Gigabit Ethernet 1).
    http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/csacs_hw_ins.html#wp1119105
    Paps

  • Replacement of ACS 1121

        Hi Folks,
         I have a clarification related with ACS 1121. Client needs a solution for ACS feature, instead of investing on ISE Base, is there any model exists as ACS appliance only. I beleive ACS 1121 is going to be EOS and it says SNS 3415 is the replacement model .
    What I am confused is , It is an ISE as well as ACS and there is separate licensing for ISE (as base and advanced). What should i do , if i need to select SNS 3415 as ACS appliance ? is it built in or should i need to add anything extra ?
    Appreciate your kind help and support .
    REgards,
    SID                   

    End-of-Sale Date of 1121 : February 26, 2013
    The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.
    Last Date of Support: HW : August 31, 2018
    The last date to receive applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions. After this date, all support services for the product are unavailable, and the product becomes obsolete.
    for more information:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/eol__C51-726880.html
    The licence will be different for both ACS 5.x and ISE 1.x. When ordering a Secure Network Server, the customer has the flexibility to install the Cisco Identity Services Engine (ISE), Network Admission Control (NAC), or Access Control System (ACS) security applications.
    The Cisco Secure Network Server is based on the Cisco UCS C220 Rack Server and is configured specifically to support the Cisco Identity Services Engine (ISE), Network Admission Control (NAC), and Access Control System (ACS) security applications. The Secure Network Server supports these applications in two versions. The Cisco Secure Network Server 3415 is designed for small and medium-sized deployments.
    The new Cisco 3415 Secure Access Control System appliance, based on the Cisco UCS C220 M3 platform. Cisco Secure ACS 5.4 will support the Cisco 3415 and 1121 Secure Access Control System appliances. Yes, this box will eventually replace the 1121.
    For more info
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/data_sheet_c78-715717.html
    Jatin Katyal
    - Do rate helpful posts -

  • Red Hat OS version in the ACS 1121

                    Does anyone happen to know the Red Hat OS version in the ACS 1121 appliance?

    I don't have an ACS1121 handy but I believe the ADE-OS appliances have a common base.
    Here the output from one running Cisco Prime LMS 4.2.1 (the latest version of that product):
    [*****/root-ade ~]# cat /proc/version
    Linux version 2.6.18-238.1.1.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-50)) #1 SMP Tue Jan 4 13:32:19 EST 2011

  • ACS v3.2 Default Username and Password

    Dear All,
    Do you know what is the default login username and password for ACS v3.2?
    Besides, If I forget the password, is there any password recovery procedure for ACS?
    Thanks.
    C.K.

    Here is a document which describes how to recover lost administrator credentials on the Cisco Secure Access Control Server Solution Engine.
    http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_password_recovery09186a00801ece5f.shtml

  • ACS user unknown though username in Server

                All, Im facing very strange issue with my TACACS authentication. Normaly i connect my DC via SSL Anyconnect VPN then access all the Network devices, but since last week when i try to connect ASA i couldnt log in. I have user name in ACS server and the password authentication would redirect to RSA server. I can access other devices using my TACACS username and RSA passcode, but not only the ASA box. As rest of my team member can still access the ASA with their userid and passcode i dont think any issue in ASA box.
    The error log message in ACS server is ACS user unknown.       

    To me it seems the shared secret being used on ASA to communicate with tacacs is mis-matched and that's a reason you  are getting "ACS user unknown". This should be a problem all users who are trying to do ssh on ASA and authenticating against tacacs server. Why share-secret could be an issue because the shared secret being used to encrypt the packet is not same while decryption and that's why we are seeing unknown username.
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • ACS 1121 error 5411 EAP session timed out w/Peap Wireless logins

    I am having issues that came up in the last month where all of my wireless client devices (using 4400 WLC and AC 1121 Appliance w/Active Directory integration) using PEAP MSCHAP2 are being prompted multiple times one after another for their userid/password. 
    This is very intermitant with clients sometimes being able to authenticate on the first try and later in the day getting prompted 20 times for authentication before it works.  This affects all brands of laptops/tablets/smartphones and other devices. 
    My ACS log files show an error of 5411 EAP session timed out. 
    I have had a TAC case open for over a month but they still haven't found a solution.
    Has anyone run into this and have any thoughts?  I have already increased my timeout on the controller from the default 2 seconds to 8 seconds but the delay between prompts asking for authentication credentials on clients is less than a second.
    What do you think? 
    Jim

    We are running 5.2.0.26.11 on the ACS engine and 7.0.240.0 on the WLC's.  The certificate on the ACS was expired, but for over a year without issues prior to about a month ago (our clients do have the verify certificate box unchecked).  I did renew the certificate on the ACS (self signed, just told it to renew) but that didn't help. 
    The only thing the clients get are multiple prompts for authentication usually a second or 2 apart even though my timeout on the WLC is set to 8 seconds.  A debug on the WLC shows the following.  Any ideas on what could be the issue? 
    (Cisco Controller) >*dot1xMsgTask: Jun 18 11:07:16.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 8)
    *osapiBsnTimer: Jun 18 11:07:17.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:17.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:17.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 9)
    *osapiBsnTimer: Jun 18 11:07:18.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:18.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:18.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 10)
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy AP LOCP - mode:0 slotId:1, apMac 0x0:1c:b1:6:ee:a0
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy WLAN LOCP EssIndex:2 aid:1 ssid:NPT-SECURE
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x0 protocol2:0x1 statuscode 0, reasoncode 99, status 3
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy CCX LOCP 4
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy e2e LOCP 0x1
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jun 18 11:07:19.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:19.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:19.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 11)
    *osapiBsnTimer: Jun 18 11:07:20.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:20.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:20.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 12)
    *osapiBsnTimer: Jun 18 11:07:21.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:21.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:21.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 13)
    *osapiBsnTimer: Jun 18 11:07:22.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:22.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:22.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 14)
    *osapiBsnTimer: Jun 18 11:07:23.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:23.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:23.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 15)
    *osapiBsnTimer: Jun 18 11:07:24.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:24.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:24.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 16)
    *osapiBsnTimer: Jun 18 11:07:25.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:25.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:25.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 17)
    *osapiBsnTimer: Jun 18 11:07:26.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:26.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:26.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 18)
    *osapiBsnTimer: Jun 18 11:07:27.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:27.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:27.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 19)
    *osapiBsnTimer: Jun 18 11:07:28.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:28.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:28.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 20)
    *osapiBsnTimer: Jun 18 11:07:29.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:29.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:29.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 21)
    *dot1xMsgTask: Jun 18 11:07:29.318: 00:27:10:c9:91:2c Reached Max EAP-Identity Request retries (21) for STA 00:27:10:c9:91:2c
    *dot1xMsgTask: Jun 18 11:07:29.318: 00:27:10:c9:91:2c Sent Deauthenticate to mobile on BSSID 00:1c:b1:06:ee:a0 slot 1(caller 1x_auth_pae.c:3121)
    *dot1xMsgTask: Jun 18 11:07:29.319: 00:27:10:c9:91:2c Scheduling deletion of Mobile Station:  (callerId: 6) in 10 seconds
    *dot1xMsgTask: Jun 18 11:07:29.319: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Disconnected state
    *dot1xMsgTask: Jun 18 11:07:29.319: 00:27:10:c9:91:2c Not sending EAP-Failure for STA 00:27:10:c9:91:2c
    *spamReceiveTask: Jun 18 11:07:29.979: 00:27:10:c9:91:2c Received Idle-Timeout from AP 00:1d:71:0a:de:70, slot 1 for STA 00:27:10:c9:91:2c
    *spamReceiveTask: Jun 18 11:07:29.979: 00:27:10:c9:91:2c Warning, ignore the DELETE_MOBILE_PAYLOAD from AP: 00:1d:71:0a:de:70, slot 1. STA connecting AP: 00:1c:b1:06:ee:a0, slot 1
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Association received from mobile on AP 00:1d:71:0a:de:70
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1633)
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Applying site-specific IPv6 override for station 00:27:10:c9:91:2c - vapId 2, site 'none', interface 'management'
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Applying IPv6 Interface Policy for station 00:27:10:c9:91:2c - vlan 0, interface id 0, interface 'management'
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Processing RSN IE type 48, length 22 for mobile 00:27:10:c9:91:2c
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Received RSN IE with 0 PMKIDs from mobile 00:27:10:c9:91:2c
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [00:1c:b1:06:ee:a0]
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Updated location for station old AP 00:1c:b1:06:ee:a0-1, new AP 00:1d:71:0a:de:70-1
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 00:1d:71:0a:de:70 vapId 2 apVapId 2for this client
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:1d:71:0a:de:70 vapId 2 apVapId 2
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:27:10:c9:91:2c on AP 00:1d:71:0a:de:70 from Associated to Associated
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c Stopping deletion of Mobile Station: (callerId: 48)
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c Sending Assoc Response to station on BSSID 00:1d:71:0a:de:70 (status 0) ApVapId 2 Slot 1
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c apfProcessAssocReq (apf_80211.c:5276) Changing state for mobile 00:27:10:c9:91:2c on AP 00:1d:71:0a:de:70 from Associated to Associated
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c Disable re-auth, use PMK lifetime.
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c Station 00:27:10:c9:91:2c setting dot1x reauth timeout = 0
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c Stopping reauth timeout for 00:27:10:c9:91:2c
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 1)
    *osapiBsnTimer: Jun 18 11:07:31.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:31.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:31.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 2)
    *osapiBsnTimer: Jun 18 11:07:32.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:32.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:32.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 3)
    *osapiBsnTimer: Jun 18 11:07:33.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:33.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:33.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 4)
    *apfLbsTask: Jun 18 11:07:34.318: 00:27:10:c9:91:2c Copy AP LOCP - mode:0 slotId:1, apMac 0x0:1d:71:a:de:70
    *apfLbsTask: Jun 18 11:07:34.319: 00:27:10:c9:91:2c Copy WLAN LOCP EssIndex:2 aid:1 ssid:NPT-SECURE
    *apfLbsTask: Jun 18 11:07:34.319: 00:27:10:c9:91:2c Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jun 18 11:07:34.319: 00:27:10:c9:91:2c Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x0 protocol2:0x1 statuscode 0, reasoncode 99, status 3
    *apfLbsTask: Jun 18 11:07:34.320: 00:27:10:c9:91:2c Copy CCX LOCP 4
    *apfLbsTask: Jun 18 11:07:34.320: 00:27:10:c9:91:2c Copy e2e LOCP 0x1
    *apfLbsTask: Jun 18 11:07:34.320: 00:27:10:c9:91:2c Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jun 18 11:07:34.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:34.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:34.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 5)
    *osapiBsnTimer: Jun 18 11:07:35.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:35.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:35.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 6)
    *osapiBsnTimer: Jun 18 11:07:36.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:36.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:36.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 7)
    *osapiBsnTimer: Jun 18 11:07:37.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:37.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:37.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 8)
    *osapiBsnTimer: Jun 18 11:07:38.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:38.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:38.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 9)
    *osapiBsnTimer: Jun 18 11:07:39.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:39.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state

  • Auto-mapping (prefix/suffix)

    Hi,
    how can i change the suffix when i dont define a field mapping. Per
    default you add an "x" to the Object Attribute and try to find the field
    in the DB. I dont want to have that "x" added to the end.
    Thanks. (i really read the docs, but couldnt find it)

    You can either specify the column/table name in the metadata:
    http://www.solarmetric.com/Software/Documentation/2.4.3/docs/ref_guide_meta_field.html
    or you can subclass a DBDictionary's methods to do what you like. I
    recommend looking and subclassing/editing one of the DBDictionary
    implementations we ship with, as we also provide the source to them.
    http://www.solarmetric.com/Software/Documentation/2.4.3/docs/javadoc/com/solarmetric/kodo/impl/jdbc/schema/DBDictionary.html
    Marc wrote:
    Hi,
    how can i change the suffix when i dont define a field mapping. Per
    default you add an "x" to the Object Attribute and try to find the field
    in the DB. I dont want to have that "x" added to the end.
    Thanks. (i really read the docs, but couldnt find it)
    Stephen Kim
    [email protected]
    SolarMetric, Inc.
    http://www.solarmetric.com

  • Can the ACS 1121 5.2 act as a syslog server?

    Hello all,
     Can the ACS 5.2 act as syslog server to Cisco catalyst switches and nexus switches??
    Thanks in advance for any help with this!

    Hi ,
    So far PI can only show Severity 0 ,1 and 2 syslogs under Operate > Alarms & Events >syslogs
    If you are not able to see them also then try to restrat the PI services (ncs stop and ncs start ) and check the issue again
    Thanks-
    Afroz
    ****Ratings Encourages Contributors ****

  • Cisco ACS 1121 version 5.3 - Logging

    Hi There
    I'm new to Cisco ACS 5.X. From what I have read, the Cisco ACS can act as a Logging Server. Does this mean, all the syslog messages from all the other ACS and network devices can be stored by ACS? I'm a bit confused on this part.
    Lastly, I understand that Cisco ACS has many or maybe 2 instances? When do we use these instance? What is this instance?
    Regards,
    Ram

    In the distributed deployment, you should specify one acs server as the Logcollector. All other servers send logs to the Logcollecter.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/logging.html
    In distributed deployment, each acs server is one instance. So you have one primary instance and multiple secondary instances.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/introd.html#wp1058054
    Sent from Cisco Technical Support iPad App

Maybe you are looking for