Cisco ACS 4.2.1(15) AND wind 7 DHCP issues

Hi All,
          I am having issue with wirelss client using win 7 over  802.1x using MS-PEAP. The ACS server shows that client are authenticate,but client can't get IP address from the DHCP server(from multiple subnets and subnets are berely use, so there are enough IPs for all the clients). BTW not all clients are having issue. I kow this was a bug with XP and there was a fix for it. Can't find anything on Microsoft site which acknowledge the issue, but I don't thinks that is an ACS issue either.
Has anyone in the forums had or having this issue? If so, can you please share the solution.
Thanks,
Jean Paul.---

Hi Surenda,
                   Thanks for your reply. Nop, there is no WLC yet, but the WLC will be installed shortly.
Thanks,
Jean Paul

Similar Messages

  • Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

    does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
    ciscoISE/admin(config)# snmp-server ?
      community  Set community string
      contact    Text for mib object sysContact
      host       Specify hosts to receive SNMP notifications
      location   Text for mib object sysLocation
    ciscoISE/admin(config)# snmp-server
    Ciscoacs/admin(config)# snmp-server ?
      community  Set community string
      contact    Text for mib object sysContact
      host       Specify hosts to receive SNMP notifications
      location   Text for mib object sysLocation
    Ciscoacs/admin(config)# snmp-server

    No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
     http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

  • ACS with patch L 6 and Name column issue

    Has anyone experienced the following?
    My customer has used the migrate tool to migrate users from the ACS 4.2 to 5.3. He has also applied the patch level 6. However under the Identity Groups listed names (the Name column)- from some - to half of the name is missing [e.g lets say the name contains the following information: “Dimension Data”], after migrating only “Dimensi” to be seen.  He then removed the Patch Level 6 and reapplied with no success. Any advice or do I need to run to the TAC ••J
    Thanks a lot
    Lancellot Wendel

    Hi Tarik,
    thanks for the reply,
    with reg to the question
    "If you remove patch 6 and then migrate, does it work?"
    No it did not work either, well I guess I have to open a TAC case for this.
    thanks in advnace
    regards,
    lancellot

  • Cisco ACS config file

    Hi all,
    I have a cisco ACS V.4.0 server and want to get the config file. How can I get the CLI command prompt ? Or, Any where I can get the config file ?
    Thanks
    Leung Che Man

    You can always take ACS backup from the GUI by going to System Configuration >>  Click ACS Backup >> enter the FTP information >> Backup now.
    Performing a Manual ACS Backup
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/sba.html#wp222516
    Once you connected to ACS via CLI the default username and password if not changed would be
    user= Administrator
    Pass= setup
    Establishing a Serial Console Connection
    http://cisco.biz/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/appliance/instalap.html#wpxref17544
    Backing Up ACS Data From the Serial Console
    http://cisco.biz/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/appliance/admap.html#wp1057928
    Regds,
    JK
    Do rate helpful posts-

  • VPN client and Cisco ACS

    hi,
    I'm trying to setup a VPN solution, connecting to a 800 series router and authenticating off a Cisco ACS tacacs server.
    I've basically followed the suggested config at http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a00800a393b.shtml and the setup works fine if I use local authentication, but as soon as I switch to using TACACS the client authentication fails.
    Debugging tacacs on the router i can see the requests being sent to the server, and the replies coming back - the login detail are definitely correct so I'm guessing that TACACS isn't authorising me to use VPN or IPSEC or something. But there is nothing in the ACS logs to suggest why I'm not getting through - no failed attempts are shown.
    Any ideas?

    here is some debug from the router:
    Feb 24 12:28:58.973 UTC: TPLUS: processing authentication start request id 129
    Feb 24 12:28:58.973 UTC: TPLUS: Authentication start packet created for 129(vpngroup)
    Feb 24 12:28:58.973 UTC: TPLUS: Using server 10.10.10.10
    Feb 24 12:28:58.973 UTC: TPLUS(00000081)/0/NB_WAIT/823A9F04: Started 5 sec timeout
    Feb 24 12:28:58.989 UTC: TPLUS(00000081)/0/NB_WAIT: socket event 2
    Feb 24 12:28:58.989 UTC: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Feb 24 12:28:58.989 UTC: T+: session_id 1729330768 (0x67137E50), dlen 16 (0x10)
    Feb 24 12:28:58.989 UTC: T+: type:AUTHEN/START, priv_lvl:1 action:LOGIN ascii
    Feb 24 12:28:58.989 UTC: T+: svc:LOGIN user_len:8 port_len:0 (0x0) raddr_len:0 (0x0) data_len:0
    Feb 24 12:28:58.989 UTC: T+: user: vpntest
    Feb 24 12:28:58.989 UTC: T+: port:
    Feb 24 12:28:58.989 UTC: T+: rem_addr:
    Feb 24 12:28:58.989 UTC: T+: data:
    Feb 24 12:28:58.989 UTC: T+: End Packet
    Feb 24 12:28:58.989 UTC: TPLUS(00000081)/0/NB_WAIT: wrote entire 28 bytes request
    Feb 24 12:28:58.993 UTC: TPLUS(00000081)/0/READ: socket event 1
    Feb 24 12:28:58.993 UTC: TPLUS(00000081)/0/READ: Would block while reading
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/READ: socket event 1
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/READ: read entire 12 header bytes (expect 16 bytes data)
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/READ: socket event 1
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/READ: read entire 28 bytes response
    Feb 24 12:28:59.009 UTC: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Feb 24 12:28:59.009 UTC: T+: session_id 1729330768 (0x67137E50), dlen 16 (0x10)
    Feb 24 12:28:59.009 UTC: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
    Feb 24 12:28:59.009 UTC: T+: msg: Password:
    Feb 24 12:28:59.009 UTC: T+: data:
    Feb 24 12:28:59.009 UTC: T+: End Packet
    s9990-cr#
    Feb 24 12:28:59.009 UTC: TPLUS(00000081)/0/823A9F04: Processing the reply packet
    Feb 24 12:28:59.009 UTC: TPLUS: Received authen response status GET_PASSWORD (8)
    "AUTHEN/REPLY status:5" is a permanent fail according to the TACACS RFC
    In the VPN Client log it say "User does not provide any authentication data"
    So to summarise:
    -Same ACS server\router\username combination works fine for telnet access.
    -VPN works fine with local authentication.
    -No login failures showing in the ACS logs.

  • Cisco ACS 4.2.1.15 for Windows and Network Access Profiles

    We are attempting to configure ACS 4.2.1.15 on Windows Server 2008 Member Server. Initially I only have the need to authenticate Network Admins for device administration and authenticate Windows AD groups using PEAP authentication. The general problem that I am having is that if I configure a Cisco 1200 Access Point  for PEAP and also setup The Access Point for Radius authentication pointed to the ACS server it always maps to the the first Network Access Profile and rather than it trying the second it will error sayiing some condition is not met depending on what changes I make. Can someone tell me what the criteria that is used to determine what NAP is used? According to the manual if all 4 criteria are not met then the Profile will not apply.
    I am using one ACS group that is mapped to an AD group for Wireless Access and a Second ACS group mapped to an AD group that includes the Net Admins. This group mapping appers to be working as the user group name seems to mapped correctly in the logs.  In short I have tried only configuring the Wireless NAP to only Allow EAP authentication using PEAP EAP-MSCHAPv2 and the Netadmins profile to include all protocols. Bascially what happens is if I have the Wireless NAP first it works fine for PEAP authentication on Wireless but if I try to administer the access point and provide credentials I get a message in the failed log that the authentication profile is not allowed in this Network Access Profile. Why does this not just go onto the next Network Access profile?
    I am familiar with version 3.2 but it does not seem to work the same.
    Any help would be appreciated on what I am missing.
    Thanks

    Hi Surenda,
                       Thanks for your reply. Nop, there is no WLC yet, but the WLC will be installed shortly.
    Thanks,
    Jean Paul

  • RSA SecurID and Cisco ACS integration for user(s) with enable mode

    I thought I had this problem figured out but I guess not.
    I have a Cisco 2621 router with IOS 12.2(15)T17. Behind the
    router is a Gentoo linux, RSA SecurID 6.1 and Cisco ACS 3.2.
    I use tacacs+ authentication for logging into the Cisco router
    such as telnet and ssh. In the ACS I use "external user databases"
    for authentication which proxy the request from the ACS over
    to the RSA SecurID Server. I installed RSA Agents with
    sdconf.rec file on the Cisco ACS server. I renamed "user group 1"
    to be "RSA_SecurID" group. In the "External user databases" and
    "database configurations" I assign SecurID to this "RSA_SecurID"
    group.
    Everything is working fine. In the "User Setup" I can see dynamic
    user test1, test2,...testn listed in there as "dynamic users". In
    other words, I can telnet into the router with my two-factor
    SecurID.
    The problem is that if test1 wants to go into "enable" mode with
    SecurID login, I have to go into "test1" user setting and select
    "TACACS+Enable Password" and choose "Use external database password".
    After that, test1 can go into enable mode with his/her SecurID
    credential.
    Well, this works fine if I have a few users. The problem is that
    I have about 100 users that I need to do this. The solution is
    clearly not scalable. Is there a setting from group level that
    I can do this?
    Any ACS "experts" want to help me out here? Thanks.

    That is not what I want. I want user "test1" to be able to do this:
    C
    Username: test1
    Enter PASSCODE:
    C2960>en
    Enter PASSCODE:
    C2960#
    In other words, test1 user has to type in his/her RSA token password to get
    into exec mode. After that, he/she has to use the RSA token password to
    get into enable mode. Each user can get into "enable" mode with his/her
    RSA token mode.
    The way you descripbed, it seemed like anyone in this group can go directly
    into enable mode without password. This is not what I have in mind.
    Any other ideas? Thanks.

  • Integration of Cisco ACS SE 4.2 and RSA SecurID Token Server

    Hi,
    I would be very appreciated if anyone can share their experience. Thanks in advance.
    Issue:
    I am trying to configure the ACE SE 4.2 to authenticate using RSA SecurID Token Server.
    Problems encountered:
    Authentication failed. In the failed logged attempt the error "External Database not operational" was next to the login name.
    In the auth.log, there was "External DB [SecurID.dll]: aceclnt.dll callback returned error [23]".
    Questions:
    1. Please kindly advise how I should resolve this problem.
    2. Also, is there any successful message once ACS get the sdconf.rec? Will the "Purge Node Secret" button be enabled?
    Troubleshooting steps I have done:
    Below is the steps I took to setup the external DB.
    1. Verified sdconf.rec is not a garbage file using the Test authentication function in RSA client.
    2. FTP sdconf.rec in the external database configuration. (Had used Wireshark and confirm file transfered successfully.)
    2. Defined unknown user policy to check RSA SecurID Token Server to authenticate.
    Thank you.

    I have NO experience with ACS SE 4.2 and
    RSA SecurID Token Server BUT I have
    experiences with Cisco ACS 4.1 running on
    Windows 2003 SP2 Enterprise Edition and
    RSA SecurID Token Server.
    All the troubleshoot you've done is correct.
    In Windows 2003 running Cisco ACS, you can
    install the test authentication RSA client
    and that you can verify that the setup
    is correct (by verifying that the sdconf.rec
    is not corrupted).
    One thing I can think of is that when you
    setup the ACS SE box, under external
    database, configure unknown user policy,
    did you check it to tell how to define users
    when they are not found in the ACS internal
    database. Did you select RSA SecurID token
    server?
    Other than that, from what I understand,
    you've done everything correctly.

  • Integration Of Cisco ACS and MS Active Directory !!!

    Hi all,
    We have and Cisco ACS v4.2 on a Cisco Appliance, and we need to integrate it with Active Directory. Can you help me??
    Thanks for your help
    Regards!!!
    Rafael Turriago

    Hi,
    If you have ACS SE and you want to integrate with MS AD, then you need to install Cisco ACS Remote Agent on a PC that belongs to the domain.
    The ACS SE does not "speak" directly to the DCs, but rather to the ACS Remote Agent.
    The Remote Agent is the application responsible to exchange data with the DCs.
    You can find detailed information in the config guide:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp353636.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Cisco ACS Server Tacacs Based on LDAP AND Source IP Possible???

    Hi All,
    I have used Cisco ACS tacacs for authentication based on Active Directory. Is it possible to use Active Directory as a criteria for authentication AND source IP?
    For example, if someone wants to log in to a certain device... they must have correct credentials AND their IP must be sourcing from the acceptable subnet range.
    Thanks!

    I see your point. This will depend if the user's IP is provided in the authentication request, if this information is provided then you can use the feature called "End Station Filter". This feature is used as a Condition in the Access Policy to deny or allow access. Below are the steps:
    1. Create a End Station Filter, here configure the user's IP
    2. Customize your Conditions under Access Policies/Authorization to use End Station Filter
    3. Define your rule with the required result

  • Juniper SSG and Cisco ACS v5.x Configuration

    I searched for a long time unsuccessfully trying to find a resolution to my SSG320M and Cisco ACS v5.x TACACS dilemma.  I finally got it working in my network, so I'm posting the resolution here in case anyone else is looking.
    Configure the Juniper (CLI)
      1. Add the Cisco ACS and TACACS+ configuration
         set auth-server CiscoACSv5 id 1
         set auth-server CiscoACSv5 server-name 192.168.1.100
         set auth-server CiscoACSv5 account-type admin
         set auth-server CiscoACSv5 type tacacs
         set auth-server CiscoACSv5 tacacs secret CiscoACSv5
         set auth-server CiscoACSv5 tacacs port 49
         set admin auth server CiscoACSv5
         set admin auth remote primary
         set admin auth remote root
         set admin privilege get-external
    Configure the Cisco ACS v5.x (GUI)
      1. Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles
            Create the Juniper Shell Profile.
            Click the [Create] button at the bottom of the page
                    Select the General tab
                            Name:    Juniper
                            Description:  Custom Attributes for Juniper SSG320M
                    Select the Custom Attributes tab
                        Add the vsys attribute:
                            Attribute:                vsys
                            Requirement:       Manadatory
                            Value:                    root
                            Click the [Add^] button above the Attribute field
                        Add the privilege attribute:
                            Attribute:                privilege
                            Requirement:       Manadatory
                            Value:                    root
                                    Note: you can also use 'read-write' but then local admin doesn't work correctly
                            Click the [Add^] button above the Attribute field
                    Click the [Submit] button at the bottom of the page
    2. Navigate to Access Policies > Access Services > Default Device Admin > Authorization
            Create the Juniper Authorization Policy and filter by Device IP Address.
            Click the [Customize] button at the bottom Right of the page
                    Under Customize Conditions, select Device IP Address from the left window
                            Click the [>] button to add it
                    Click the [OK] button to close the window
                    Click the [Create] button at the bottom of the page to create a new rule
                            Under General, name the new rule Juniper, and ensure it is Enabled
                            Under Conditions, check the box next to Device IP Address
                                    Enter the ip address of the Juniper (192.168.1.100)
                            Under Results, click the [Select] button next to the Shell Profile field
                                    Select 'Juniper' and click the [OK] button
                            Under Results, click the [Select] button below the Command Sets (if used) field
                                    Select 'Permit All' and ensure all other boxes are UNCHECKED
                            Click the [OK] button to close the window
                    Click the [OK] button at the bottom of the page to close the window
                    Check the box next to the Juniper policy, then move the policy to the top of the list
                    Click the [Save Changes] button at the bottom of the page
    3.  Login to the Juniper CLI and GUI, and attempt to change something to verify privilege level.

    Cisco Prime LMS is not designed to manage appliances like the ACS. ACS is not on the LMS supported device list and I would doubt that it would be as LMS's functions are mostly not applicable to the appliance or software running on it.
    You can use ACS as an authentication source for LMS, but authorization is still role-based according to the local accounts on the LMS server.

  • ACE 4700 and Cisco ACS aaa authentication

    ACE version Software
    loader: Version 0.95
    system: Version A1(7b) [build 3.0(0)A1(7b)
    Cisco ACS version 4.0.1
    I am trying to authenticate admin users with AAA authentication for ACE management.
    This is what I've done:
    ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
    warning: numeric key will not be encrypted
    ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
    ACE-lab/Admin(config-tacacs+)# server ?
    <A.B.C.D> TACACS+ server name
    ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
    can not find the TACACS+ server
    specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
    ACE-lab/Admin(config-tacacs+)#
    Why am I getting this error? I have full
    connectivity between the ACE and the ACS
    server. Furthermore, the ACS server
    works fine with other Cisco IOS devices.
    Please help. Thanks.

    Thanks. Now I have another problem. I CAN
    log into the ACE via tacacs+ account(s).
    However, I get error when I try going into
    configuration mode:
    ACE-lab login: ngx1
    Password:
    Cisco Application Control Software (ACSW)
    TAC support: http://www.cisco.com/tac
    Copyright (c) 1985-2007 by Cisco Systems, Inc. All rights reserved.
    The copyrights to certain works contained herein are owned by
    other third parties and are used and distributed under license.
    Some parts of this software are covered under the GNU Public
    License. A copy of the license is available at
    http://www.gnu.org/licenses/gpl.html.
    ACE-lab/Admin# conf t
    ^
    % invalid command detected at '^' marker.
    ACE-lab/Admin#
    The ngx1 account can access other Cisco
    routers/switches just fine and can go into
    enable mode just fine. Only issue on the ACE.
    Any ideas? Thanks.

  • Cisco ACS 4.2 and Radius authentication?

    Hi,
    I have a Cisco ACS 4.2 installed and using it to authenticate users that log on to switches using TACACS+, when I use local password database, everything is working. But if i try to use external database authentication using a windows 2008 radius server, I have problem that I can only use PAP, not CHAP. Anyone who know if it's possible to use CHAP with external radius authentication?

    To access network devices for administrative purpose, we have only three methods available :
    [1] Telnet : Which uses PAP authentication protocol between client and the NAS device. So the communication between Client and NAS is unencrypted,  and when this information flows from NAS to IAS server gets encrypted using the shared secret key configured on device/IAS server.
    [2] SSH : Which uses  public-key cryptography for encrypting information between client and the NAS device, i.e, information sent between client 
    and NAS is fully secure. And the communication between NAS and IAS is encrypted using shared secret same as above. Good point on SSH side is that commincation channel is secure all the time.Again the authentication type would remain same that is PAP.
    [3] Console:Which is also the same it will not allow to use MSCHAP as there is no need to secure it as you laptop is connected directly to the NAS and then if you are using TACACS it will encrypt the payload .
    Summarizing, we cannot use CHAP, MS-CHAP, MS-CHAP V2 for communication between client and NAS device or administrative access.
    And the most secure way to administer a  device is to use SSH.
    Rgds, Jatin
    Do rate helpful post~

  • Cisco ACS 5.2 (esx 4 vm) and Monitoring and Reports failure

    I am evaling the Cisco ACS 5.2 Virtual Appliance on ESX4 and everything is working fine except for the "Monitoring and Reports" no matter what browser I try, it just keeps loading new tabs of the welcome screen, in the case of some browser versions it does this and does not stop.
    I have tried the following browsers on Win7 Pro: IE 8, Firefox 4, Firefox 3, Chrome 12.
    I have tried the following browsers on MacOS 10.6: FireFox 4, Safari 5.0.5
    In Safari 5.0.5 it calls up one new window, but doesn't load anything in the right hand frame.
    This is a fresh install, with an eval license. I am rather annoyed that it doesn't work out of the box, especially when there was not documentation that mentioned that anything needed to be setup for this to work after initial install, unless I missed something.
    I installed the VM with the base 5.0.26 ISO and then applied patches 5.0.26-1 through 5.0.26-5.
    Can anyone provide any help on this?

    I am evaling the Cisco ACS 5.2 Virtual Appliance on ESX4 and everything is working fine except for the "Monitoring and Reports" no matter what browser I try, it just keeps loading new tabs of the welcome screen, in the case of some browser versions it does this and does not stop.
    I have tried the following browsers on Win7 Pro: IE 8, Firefox 4, Firefox 3, Chrome 12.
    I have tried the following browsers on MacOS 10.6: FireFox 4, Safari 5.0.5
    In Safari 5.0.5 it calls up one new window, but doesn't load anything in the right hand frame.
    This is a fresh install, with an eval license. I am rather annoyed that it doesn't work out of the box, especially when there was not documentation that mentioned that anything needed to be setup for this to work after initial install, unless I missed something.
    I installed the VM with the base 5.0.26 ISO and then applied patches 5.0.26-1 through 5.0.26-5.
    Can anyone provide any help on this?

  • Integrating Cisco ACS and Cisco NAC Manager - Downloadable ACL

    Hi There
    I have Cisco NAC setup in my environment. These are all working fine. The users will get themselves authenticated via Cisco NAC Manager. The Cisco NAC Manager talks to the Cisco ACS for the user database portion. These are all working fine. I would like to enable Downloadable ACL. I have tried using the CISCO-AV-PAIR method and creating a downloadable ACL entry in Shared Components, but nothing works. It's either I'm doing it wrongly or this setup of mine doesn't support downloadable ACL? Please kindly advice.
    Regards,
    Ram
    +6-012-2918870

    Hi,
    That is not possible.
    You cannot push ACLs into the NAC manager.
    If you are doing Radius authentication from NAC manager, what you can do is to create Roles on the NAC manager, and on those roles you define traffic policies.
    Using Radius attributes you can then map users to Roles.
    Please take a look into this:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_auth.html#wp1158789.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Maybe you are looking for

  • CTO Error while doing a Recovery

    I tried doing a system recovery that with the help of the recovery discs provided by HP. I have a windows 8 laptop and I received a set of 4DVDs, 3 of them are for the OS and 1 is for drivers. Everytime after going through the long process of recover

  • Using Webutil(CLIENT_GET_FILE_NAME) without result

    Hi all, I used Webutil(CLIENT_GET_FILE_NAME function) in developement platform(IDS) on WINDOWS and it worked fine.Now i'm migatring on IAS/LINUX, the same feature don't produce any result and any error occurs.Here's messages i receive in Jinitiator c

  • ABAP OO data fetch logic

    Hi Experts,                  I have normal report with dat fetch logic. I need to convert my normal code logic to OO abap logic using classes & methods.. Exp:       select knumh kotabnr vakey datab datbi knuma_bo              from konh              i

  • Sample code on sdn.

    Hi, Is there a place on sdn where I can go and look at sample codes and other ABAP stuff... Tushar.

  • Firmware Update N80ie

    I have an N80 i.e. NO BRAND product code 0551547 (ITALY) Fw: v. 4.0707.0.7 im looking for a new version on Nokia software update but he say:sorry no update are available! BUT other person with n80i.e. with ONLY different product code can update to 5.