ACS support for ACE Module

Does ACS for Windows 3.3 support AAA for the ACE module?

I don't think that is correct. I am still
having issues with ACE and ACS. See below:
ACE version Software
loader: Version 0.95
system: Version A1(7b) [build 3.0(0)A1(7b)
Cisco ACS version 4.0.1
I am trying to authenticate admin users with AAA authentication for ACE management.
This is what I've done:
ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
warning: numeric key will not be encrypted
ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
ACE-lab/Admin(config-tacacs+)# server ?
TACACS+ server name
ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
can not find the TACACS+ server
specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
ACE-lab/Admin(config-tacacs+)#

Similar Messages

  • [UDP fast age support for ACE Module]

    Hello,
    I'm testing 2 ACE modules running A3.0.0 for DNS load balancing (UDP). We're testing this by using a DNS query generator that (always) seems to use the same UDP source port when originating these queries. At the moment, the ACE module is hardly doing any load-balancing.
    It looks to me like, that because of this, the ACE believes it's the same session (connection) and doesn't really load-balance, so I started looking for a solution and found the fast-age udp feature. But, it seems this is not supported on my ACE modules. Can any one offer another solution and/or look at my config and see if there is another way to achieve load balancing in a testing environment when using a tool like the one I described?
    (I put it that way because i believe in real life since queries come from different IP addresses and randomized udp ports, the ACE module will be just fine).
    Thanks in advance!
    c.

    Hi Carlos,
    Correct. The 3.0(0) is really misleading. You need to start with the "A" - so you really have 1.6.3a installed.
    The "show version" for V2 is slightly better -
    system: Version A2(1.2) [build 3.0(0)A2(1.2)
    Cathy

  • [svn:cairngorm3:] 16403: Added runtime support for latest module library ( LazyModuleLoadPolicyTag).

    Revision: 16403
    Revision: 16403
    Author:   [email protected]
    Date:     2010-06-02 12:47:11 -0700 (Wed, 02 Jun 2010)
    Log Message:
    Added runtime support for latest module library (LazyModuleLoadPolicyTag).
    Modified Paths:
        cairngorm3/trunk/libraries/Module/src/com/adobe/cairngorm/CairngormModuleXMLSupport.as
        cairngorm3/trunk/libraries/ModuleTest/src/CairngormModuleLibRuntimeSample.mxml
        cairngorm3/trunk/libraries/ModuleTest/src/runtimeContext.xml

    Bing,
    I think one thing you might want to do is to post your code on the Web somewhere. Maybe you can open a Weblog and post this there.
    http://www.jroller.com will let you open a blog for free we'll love to see more customers of JDeveloper opening weblogs and sharing their experience over the Web.

  • Inventory collection fails for ACE module (RME 4.3.1)

    I am trying to collect the inventory and ultimately the configurations for my ace modules.  When i try to do an inventory collection I get the error
    Device sensed, but collection failed
    Anybody have any ideas?
    Chris

    Post your IC_Server.log.
    Please support CSC Helps Haiti
    https://supportforums.cisco.com/docs/DOC-8895
    https://supportforums.cisco.com

  • Monitor TPS value for Ace Module

    Hi Everyone,
    I recently installed the license ACE-SSL-05K-K9  on ACE10 with multicontext solution.
    The license provides 5000 Maximum number of SSL transactions per second (TPS).
    The customer would like to track this to find out the correct size and in the case of services https upgrade licenses.
    Can I do it so through particular output or it's necessary monitoring with snmp service? In the second case, can you tell me the oid string to use?
    In case the module should receive a higher number of connections to that provided by the license, what's the issue for new https connections?
    Regards
    Dino

    Hello Dino!
    You can go into the Admin-Context and use sh resource usage all. Watch out for the ssl-connections rate. But I dont know the OID for this. But you can look into Cisco's MIB browser.
    Cheers,
    Marko

  • Visio stencil for ace module

    I've been searching but i can't find the visio stencil for the ACE-10 or ACE-20 module.
    Can anyone point me in the right direction or is this stencil yet to be made ?

    I don't think they are available yet. I needed them a few months ago, couldn't find them, and ended up making my own.
    In case you need it, here's a link to the stencils Cisco provides.
    http://www.cisco.com/en/US/products/prod_visio_icon_list.html

  • What are all Browsers supported for irecruitment module

    Hi Guru's,
    We are using R12.0.7 oracle application version. I wanted to find out what are the browsers it's supports.
    For example:
    Mozilla Firefox 3 and till which higher version it will support?
    Internet Explorer (IE) 7 and which higher versions?
    Safari 3.1.2 and any higher version ?
    Chrome 5 and any higher version ?
    Please let me know if any one have idea about this versions.
    Regards,
    Joshna.

    We are using R12.0.7 oracle application version. I wanted to find out what are the browsers it's supports.
    For example:
    Mozilla Firefox 3 and till which higher version it will support?
    Internet Explorer (IE) 7 and which higher versions?
    Safari 3.1.2 and any higher version ?
    Chrome 5 and any higher version ?
    Please let me know if any one have idea about this versions.Please see this link:
    http://search.oracle.com/search/search?search.timezone=420&search_startnum=1&search_endnum=10&num=10&search_dupid=&exttimeout=false&actProfId=0&q=389422.1+weblog%3AstevenChan&group=Blogs&sw=t&search_p_main_operator=all&search_p_atname=&adn=&search_p_op=equals&search_p_val=&search_p_atname=&adn=&search_p_op=equals&search_p_val=
    Thanks,
    Hussein

  • ACE module support for IPv6 ?

    what is the latest on IPv6 support for ACE module? I saw something saying 2HCY10, but that's where we are now. Any documentation pointers to current compatability and or roadmap are greatly appreciated.
    thanks
    Bob O.

    As mklemovitch described in the following thread, IPv6 will be
    supported on ACE30 module but not in the initial release.
    There is no plan for ACE20 module.
    https://supportforums.cisco.com/message/3192517#3192517
    I'm not sure but maybe around Q3 CY11 or later.
    I cannot see the documentation regarding this feature on CCO.
    I would suggest to contact your account team for details.
    Regards,
    Yuji

  • Ace module in bridged mode with client nat

    Could someone confirm whatever a NAT is supported for ACE-20 module, please?
    Let me to explain technical details.
    I do need to convert working CSM(SLB) config to ACE configuration and I am not quite sure
    if the configuration below is correct. ACE module should be configured in bridge mode with two
    vlans - vlan 36 (client) and vlan 436 (server) - bridged with interface bvi 36.
    NAT on ACE configurad as "nat dynamic 1025 vlan 436" into corresponding
    "policy-map type loadbalance"
    Could you check two parts of configs and advise me if the ACE config is
    properly converted from CSM and will be working in the same way (especialy for NAT).
    Thank you in advance.
    CSM config
    =======
    vlan 36 client
      ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0
      gateway 10.36.3.1
    vlan 436 server
      ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0
    natpool WEB-MAIL 10.36.3.100 10.36.3.100 netmask 255.255.255.0
    sticky 30 netmask 255.255.255.255 address source timeout 60
    probe SHAREPOINT tcp
      interval 30
      failed 120
      open 3
      port 80
    probe WEBMAIL-443 tcp
      interval 5
      failed 60
      open 2
      port 443
    serverfarm WEBMAIL-443
      nat server
      nat client WEB-MAIL
      predictor leastconns
      real 10.36.3.101 443
       inservice
      real 10.36.3.102 443
       inservice
      probe WEBMAIL-443
    serverfarm WEBMAIL-80
      nat server
      nat client WEB-MAIL
      predictor leastconns
      real 10.36.3.101 80
       inservice
      real 10.36.3.102 80
       inservice
      probe SHAREPOINT
    vserver WEBMAIL-443
      virtual 10.36.3.100 tcp https
      serverfarm WEBMAIL-443
      sticky 60 group 30
      replicate csrp sticky
      replicate csrp connection
      persistent rebalance
      inservice
    vserver WEBMAIL-80
      virtual 10.36.3.100 tcp www
      serverfarm WEBMAIL-80
      replicate csrp connection
      persistent rebalance
      inservice
    ACE config
    =======
    probe tcp WEBMAIL-443
      interval 5
      open 2
      passdetect interval 60
      port 443
    probe tcp SHAREPOINT
      interval 30
      open 3
      passdetect interval 120
      port 80
    serverfarm host WEBMAIL-443
      predictor leastconns
      probe WEBMAIL-443
      rserver 10-36-3-101 443
        inservice
      rserver 10-36-3-102 443
        inservice
    serverfarm host WEBMAIL-80
      predictor leastconns
      probe SHAREPOINT
      rserver 10-36-3-101 80
        inservice
      rserver 10-36-3-102 80
        inservice
    class-map match-all WEBMAIL-80
      match virtual-address 10.36.3.100 tcp eq www
    class-map match-all WEBMAIL-443
      match virtual-address 10.36.3.100 tcp eq https
    sticky ip-netmask 255.255.255.255 address source 30
      serverfarm WEBMAIL-443
      replicate sticky
      timeout 60
    policy-map type loadbalance first-match WEBMAIL-80
      class class-default
        serverfarm WEBMAIL-80
        nat dynamic 1025 vlan 436 serverfarm primary
    policy-map type loadbalance first-match WEBMAIL-443
      class class-default
        sticky-serverfarm 30
        nat dynamic 1025 vlan 436 serverfarm primary
    parameter-map type http HTTP_ADV_OPT
      persistence-rebalance
    policy-map multi-match IFVLAN36-POLICY
    class WEBMAIL-80
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-80
        loadbalance vip inservice
        loadbalance vip icmp-reply active
      class WEBMAIL-443
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-443
        loadbalance vip inservice
        loadbalance vip icmp-reply active
    interface vlan 36
      bridge-group 36
      service-policy input IFVLAN36-POLICY
      mac-sticky enable
      no shutdown
    interface vlan 436
      bridge-group 36
      nat-pool 1025 10.36.3.100 10.36.3.100 netmask 255.255.255.0
      no shutdown
    interface bvi 36
      ip address 10.36.3.3 255.255.255.0
      peer ip address 10.36.3.4 255.255.255.0
      no shutdown

    Hello F.Makarenko-
      You will want to use PAT while you do nat, so change the natpool configuration to this:
       nat-pool 1025 10.36.3.100 10.36.3.100 netmask 255.255.255.0 pat
      You also need to apply the nat like this:
    policy-map multi-match IFVLAN36-POLICY
    class WEBMAIL-80
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-80
        loadbalance vip inservice
        loadbalance vip icmp-reply active
        nat dynamic 1025 vlan 436
      class WEBMAIL-443
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-443
        loadbalance vip inservice
        loadbalance vip icmp-reply active
        nat dynamic 1025 vlan 436
    If you are going to build out a lot of classes, you can instead do source nat like this:
    policy-map multi-match IFVLAN36-POLICY
    class WEBMAIL-80
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-80
        loadbalance vip inservice
        loadbalance vip icmp-reply active
    class WEBMAIL-443
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-443
        loadbalance vip inservice
        loadbalance vip icmp-reply active
    class class-default
        nat dynamic 1025 vlan 436
    Regards,
    Chris Higgins

  • How to Virtual IP configuration in ACE module?

    Hi,
    I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module.
    I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.
    Can anybody please post the steps/commands to perform this activity? An early response would be appreciated.
    Regards,
    Rachit.

    Hi Rachit,
    Here is a basic configuration example:
    access-list Allow_Access line 10 extended permit ip any any
    rserver host test
      ip address 10.198.16.98
      inservice
    rserver host test2
      ip address 10.198.16.93
      inservice
    serverfarm host test
      rserver test 80
        inservice
      rserver test2 80
        inservice
    sticky http-cookie test group2
      cookie insert
      serverfarm test
    class-map match-all VIP
      2 match virtual-address 10.198.16.122 tcp eq www
      policy-map type loadbalance first-match test
      class class-default
        sticky-serverfarm group1
    policy-map multi-match clients
      class VIP
        loadbalance vip inservice
        loadbalance policy test
        loadbalance vip icmp-reply active
        nat dynamic 1 vlan 112
    interface vlan 112
      ip address 10.198.16.91 255.255.255.192
      access-group input Allow_Access
      nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat
      service-policy input NSS_MGMT
      service-policy input clients
      no shutdown
    ip route 0.0.0.0 0.0.0.0 10.198.16.65
    Here is the configuration guide:
    http://tools.cisco.com/squish/101AD
    Cesar R

  • ACE Module Radius with ACS 4.2

    Hi,
    I am able to authenticate to my ACE modules via Radius, but when I login it does not give my Admin rights. Does anyone have a fix for this? My ACS admin has been working with TAC since last week to no avail.
    John...

    You have to use a custom AV pair on TACACS server under user setup to make it work. ACE uses RBAC (role based Access Control) and for that you have to pass the context and User Role from Tacacs server to ACE to make it work.If there is no RBAC info is pushed from Tacacs server and user just get authenticated then the default role assigned by ACE is Network-Monitor.
    Following steps (On tacacs server) will make it work
    1. Select your user
    2. goto tacas+ settings
    3. Select " shell (exec)" checkbox
    4. Select "custom attributes" checkbox
    5. Type your context and role information in custom attrib box, using following format
    shell:*
    for e.g (if context name is Admin, domain is default-domain and you want to assign role "Admin" to this user )
    shell:Admin*Admin default-domain
    Hope it helps
    Syed

  • SSL initiation for SMPP on ACE module

    Hi Community,
    we have a new requirement to enable a connection to a server with SMPP protocol wrapped inside a SSL channel for transport over internet. Can any one suggest if the ACE module support to do SSL initiation to secure standard SMPP (3.4) servers?
    Kind regards

    Hi,
    ACE does support SSL initiation. Please visit the below link for details. Ace also supports SSL termination and End-to-End SSL.
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/ssl/guide/initiate.html
    Regards,
    Kanwal

  • ACE Module support loadbalance rmi, ajp, jms, etc?

    Hello,
    Do you know if ACE Module support balance the follow protocols:
    1. rmis
    2. ajp
    3. jms
    4. IIOP
    5. CORBA
    6. IIOPS
    I know that ACE module support http, https and tcp/udp port.
    Best Regards

    Hi Alvaro,
    There are no specific handlers in ACE for the protocols listed. RMI over IIOP and majority of CORBA implementations are TCP socket based and typically require persistent (Sticky) assignments to real servers if load-balanced, so generic ACE loadbalancing predictors, probes and sticky features should suffice. If you need to do a deeper inspection you can use the Generic Protocol Parsing, and custom Probe (TCL) capabilities to track content of interest. Same applies for JMS and AJP, although there are different transports for these prototocls (i.e. JMS over HTTP) which may change configuration requirements.
    In general, since these protocols are used for stateful application integration, long running transactions, messaging, and data access...and they are very sensitive to object namespace/target references you should detail individual use case requirements and applicability of external application delivery controller based load balancing (i.e. using ACE).
    Let me know if this helps or if you need more detail. Thanks. -George

  • When will ANM support ACE module A2(3.0)?

    Hello,
    We are using ANM 2.2 to manage our ACE modules running A2(2.2). I would like to upgrade our ACE modules to version A2(3.0). It was released on 12/Oct/2009 but ANM 2.2 still does not support it (although it does support A2(1.6a) which was published on 20/Oct/2009, after A2(3.0)). And 2.2 seems to be the latest version of ANM.
    When can we expect ANM to officially support ACE module A2(3.0)?
    Regards,
    Marc.

    anm 3.0 will support ACE A2(3.0).
    The current schedule date for next anm release is jan 2010.
    Gilles.

  • [svn] 1307: modules: added support for automatically adding " use namespace X", depending on the -target-player value

    Revision: 1307
    Author: [email protected]
    Date: 2008-04-18 16:28:33 -0700 (Fri, 18 Apr 2008)
    Log Message:
    modules: added support for automatically adding "use namespace X", depending on the -target-player value
    * similar to how we add "use namespace AS3"
    * symmetric with ASC's -use feature, however we don't have equivalent commandline support yet
    Bugs: n/a
    QA: Nothing in particular, except for testing the new functionality of -target-player (email me about this)
    Doc: Maybe: If we doc about "use namespace AS3" being added to all Flex compiles, we may want to talk about this.
    Reviewers: Pete and Erik
    Modified Paths:
    flex/sdk/trunk/frameworks/flex-config.xml
    flex/sdk/trunk/lib/asc.jar
    flex/sdk/trunk/modules/asc/src/java/macromedia/asc/embedding/BatchCompiler.java
    flex/sdk/trunk/modules/asc/src/java/macromedia/asc/embedding/Compiler.java
    flex/sdk/trunk/modules/asc/src/java/macromedia/asc/embedding/ScriptCompiler.java
    flex/sdk/trunk/modules/asc/src/java/macromedia/asc/parser/Parser.java
    flex/sdk/trunk/modules/asc/src/java/macromedia/asc/util/Context.java
    flex/sdk/trunk/modules/asc/src/java/macromedia/asc/util/ContextStatics.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/SymbolTable.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/as3/MetaDataParser.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/common/Configuration.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/common/DefaultsConfigurator.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/css/StyleDef.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/css/StyleModule.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/css/StylesContainer.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/InterfaceCompiler.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/reflect/TypeTable.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/rep/AtEmbed.java
    flex/sdk/trunk/modules/swfutils/src/java/flash/swf/tools/SwfxPrinter.java

    Thanks for your attention.
    In the above logs, higher resolutions seems to be detected on both screens, hence my surprise :
    [ 391.631] (II) intel(0): Printing probed modes for output LVDS1
    [ 391.631] (II) intel(0): Modeline "1600x900"x60.0 110.00 1600 1664 1706 2010 900 903 906 912 -hsync -vsync (54.7 kHz eP)
    [ 391.897] (II) intel(0): Printing probed modes for output HDMI1
    [ 391.897] (II) intel(0): Modeline "1680x1050"x59.9 119.00 1680 1728 1760 1840 1050 1053 1059 1080 +hsync -vsync (64.7 kHz eP)
    If it can help here is also my current xrandr output (after having called it manually to use the preferred resolution of each screen)
    itanguy ~ $ xrandr
    Screen 0: minimum 320 x 200, current 1680 x 1050, maximum 8192 x 8192
    LVDS1 connected 1600x900+0+0 (normal left inverted right x axis y axis) 309mm x 174mm
    1600x900 60.0*+ 40.0
    1024x768 60.0
    800x600 60.3 56.2
    640x480 59.9
    VGA1 disconnected (normal left inverted right x axis y axis)
    HDMI1 connected 1680x1050+0+0 (normal left inverted right x axis y axis) 434mm x 270mm
    1680x1050 59.9*+
    1280x1024 75.0 60.0
    1152x864 75.0
    1024x768 75.1 60.0
    800x600 75.0 60.3
    640x480 75.0 60.0
    720x400 70.1
    DP1 disconnected (normal left inverted right x axis y axis)
    HDMI2 disconnected (normal left inverted right x axis y axis)
    HDMI3 disconnected (normal left inverted right x axis y axis)
    DP2 disconnected (normal left inverted right x axis y axis)
    DP3 disconnected (normal left inverted right x axis y axis)
    If needed, I may reboot and provide xrandr output after boot (it will be 1024x768), or could other logs help you ? Please ask...

Maybe you are looking for

  • Are ID templates "live" such that changes can be updated across multiple documents?

    SCENARIO:  I have a document (DOC_A) ... from which I make a template (TEMP_T) ... from which I make fa second document (DOC_B).   [A --> T --> B] After working on DOC_B for a few weeks, I find I have made some really nice changes (paragraph and font

  • Need help SELECT wiht  INNER JOIN

    Hi, I need the the entire record of the MVKE with the same vkorg as in the table YMMARKET. Why has the bellow Join syntex error. Thank you   SELECT *     FROM MVKE     INNER JOIN YMMARKET_CODE ON mvkevkorg = ymmarket_codevkorg     WHERE matnr = p_mat

  • Operation number count from er_src on x86?

    Hello all, according to several reports and manuals it should be possible to get the number of load, store, calc operations in, for example, innermost loops from the compiler comments. This is done by using er_src after compilation with -g -xO4 etc.

  • Photoshop Save /File size estimate

    Hi I have a very silly issue that I am sure Ive either unset or has a simple solution. I am using Windows 64 bit photoshop cs5 When I go to file save as and specify JPEG as the file format. The file size estimate does not show anything. I can leave i

  • Using mac mail 3.6 on leopard OS to connect to exchange server 2010?

    Is there a way to connect to a 2010 exchange server using mac mail 3.6 on leopard OS? I have the server name but cannot figure out how to send mail using the smtp outgoing sever?