Cisco works and cisco ISE

The question is whether Ciscworks 3.1 or version 4.0 supports Cisco ISE as integration for authentication

Hi,
Nope its not supported.
Thanks,
Gaganjeet

Similar Messages

Communication problem between Cisco 3560 and Cisco SG300.

Dear Support,
I have a Cisco SG300 and Cisco 3560 switches.
3560 is my Core Switch and SG300 is access switch.
From 3560 VLAN information is not passed to SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Please suggest how this issue is resolve.
Regards,
JItesh Mahajan.

Dear Aleksandra,
Below Configuration is right or wrong for 3560 and SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan remove VLAN 1
switchport native vlan 1
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Regards,
JItesh Mahajan.

Re-Paired Cisco DMM and Cisco Show & Share

Hi ...
guys ... do anyone have experience to re-paired Cisco DMM and Cisco Show & Share ? I do re-paired it, but it doesn't success. First i pair Cisco Show and Share with Cisco DMS it success, but when i pair Cisco DMM with Cisco Show and Share it doesn't success (the proccess took so long about 30 minute i do ctrl C and it says failed to install certificate from Cisco Show and Share).
Anyone have idea ?
BR

Avoid Pairing Failures
•Pairing fails when you complete these steps in the wrong order. You must use AAI on your Cisco Cisco Show and Share appliance before you use AAI on your Cisco DMM appliance. Do not reverse this order or try to use AAI simultaneously on both appliances.
•Do not use the POP option on the pairing menu. Doing so may cause Cisco Show and Share to fail. If you accidently choose the POP option, you will need to re-pair the Cisco Show and Share and DMM appliances.
Pair Your Appliances
Procedure
Step 1 From the appliance that runs Cisco Show and Share 5.2:
a. Log in as admin to the Appliance Administration Interface (AAI).
b. Choose APPLIANCE_CONTROL > PAIR APPLIANCE.
c. Choose DMM.
Warning Do not choose any other option than DMM.
d. Enter the fully-qualified domain name (FQDN) for your Cisco DMM appliance.
This is the DNS name. Do not enter an IP address.
e. Press Enter.
Your Cisco Show and Share appliance receives and successfully imports a digital certificate from your Cisco DMM appliance.
Step 2 From the appliance that runs Cisco Digital Media Manager 5.2:
a. Log in as admin to the Appliance Administration Interface (AAI).
b. Choose APPLIANCE_CONTROL > PAIR APPLIANCE.
c. Choose SHOW_AND_SHARE.
Warning Do not choose any other option than SHOW_AND_SHARE.
d. Enter the fully-qualified domain name (FQDN) for your Cisco Show and Share appliance.
This is the DNS name. Do not enter an IP address.
e. Press Enter.
Your Cisco DMM appliance receives and successfully imports a digital certificate from your Cisco Show and Share appliance.
See Cisco Link :
http://www.cisco.com/en/US/docs/video/digital_media_systems/5_x/5_2/dms/aai/administration/guide/pair.html

Difference between Cisco DCNM and CISCO Fabric Manager

Hello Everyone,
I am new to Cisco SAN and just would like to know the differences between cisco DCNM and Cisco Fabric manager and which one is latest as of now.
regards
VINAY

Hi Viany,
Fabric Manager was renamed DCNM starting at 5.2.
Fabric Manager only monitors SAN Fabrics, while DCNM 5.2 and above can monitor both SAN Fabrics and Ethernet LANs.
Regards,
David

Problem VOFR cisco 3810 and Cisco 1750

-I have a network with equipment 3810 Cisco and Cisco 1750 in topology in stars.
-The router central is a Cisco 3810 wthin a E1 connected to PBX
- other router in the network, have fxs wthin two port
- the network this working with vofr
- the problem is: from an equipment 1750 I can call to a Cisco 3810 but from an equipment 3810 I can not to a cisco 1750.
- but if I place debug in Cisco 1750 ( debug voice ccaip inout) I watch that the call this arriving
- the configurations de routers is OK
- please it can help me

---------------Debug voice ccaip inout-----------------------------------
ARBORAL-R#
ARBORAL-R#
ARBORAL-R#ter moni
ARBORAL-R#
*Mar 4 00:01:59.358: cc_api_call_setup_ind (vdbPtr=0x810920C0, callInfo={called=6250,called_oct3=0x0,calling=,calling_oct3=0x0,subscriber_type_str=Unknown,
fdest=1 peer_tag=0},callID=0x80FF6BB4)
*Mar 4 00:01:59.358: cc_api_call_setup_ind type 0 , prot 11
*Mar 4 00:01:59.362: cc_process_call_setup_ind (event=0x81093FA8) handed call to app "DEFAULT"
*Mar 4 00:01:59.362: sess_appl: ev(23=CC_EV_CALL_SETUP_IND), cid(1), disp(0)
*Mar 4 00:01:59.362: sess_appl: ev(SSA_EV_CALL_SETUP_IND), cid(1), disp(0)
*Mar 4 00:01:59.362: ccCallSetContext (callID=0x1, context=0x81074A5C)
*Mar 4 00:01:59.366: ssaCallSetupInd finalDest cllng(), clled(6250)
*Mar 4 00:01:59.366: ssaSetupPeer cid(1) peer list: tag(6250) called number (6250) tag(1) called number (6250)
*Mar 4 00:01:59.366: ssaSetupPeer rotary_dialpeer_status(1)
*Mar 4 00:01:59.366: ssaSetupPeer cid(1), destPat(6250), matched(4), prefix(), peer(81213410), peer->encapType (1)
*Mar 4 00:01:59.366: ccCallProceeding (callID=0x1, prog_ind=0x0)
*Mar 4 00:01:59.366: ccCallSetupRequest (Inbound call = 0x1, outbound peer =6250, dest=, params=0x81074A70 mode=0, *callID=0x8109F780)
*Mar 4 00:01:59.366: ccCallSetupRequest numbering_type 0x0
*Mar 4 00:01:59.366: dest pattern 6250, called 6250, digit_strip 1
*Mar 4 00:01:59.370: callingNumber=, calledNumber=6250, redirectNumber=
*Mar 4 00:01:59.370: accountNumber=, pinNumber=
*Mar 4 00:01:59.370: finalDestFlag=1, guid=06e4.bc49.8945.19b9.0000.0000.fdc3.ac59
*Mar 4 00:01:59.370: peer_tag=6250
*Mar 4 00:01:59.370: ccIFCallSetupRequestPrivate: (vdbPtr=0x81069AF4, dest=, callParams={called=6250,called_oct3=0x0, calling=,calling_oct3=0x0, subscriber_type_str=Unknown, fdest=1, voice_peer_tag=6250},mode=0x0) vdbPtr type = 6
*Mar 4 00:01:59.370: ccIFCallSetupRequestPrivate: (vdbPtr=0x81069AF4, dest=, callParams={called=6250, called_oct3 0x0,
calling=,calling_oct3 0x0,fdest=1, voice_peer_tag=6250}, mode=0x0)
*Mar 4 00:01:59.370: ccSaveDialpeerTag (callID=0x1, dialpeer_tag=
*Mar 4 00:01:59.370: ccCallSetContext (callID=0x2, context=0x810C043C)
*Mar 4 00:01:59.378: cc_api_call_proceeding(vdbPtr=0x81069AF4, callID=0x2,
prog_ind=0x0)
*Mar 4 00:01:59.378: cc_api_call_alert(vdbPtr=0x81069AF4, callID=0x2, prog_ind=0x8, sig_ind=0x1)
*Mar 4 00:01:59.378: sess_appl: ev(20=CC_EV_CALL_PROCEEDING), cid(2), disp(0)
*Mar 4 00:01:59.378: cid(2)st(SSA_CS_CALL_SETTING)ev(SSA_EV_CALL_PROCEEDING)
oldst(SSA_CS_MAPPING)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.382: -cid2(1)st2(SSA_CS_CALL_SETTING)oldst2(SSA_CS_MAPPING)
*Mar 4 00:01:59.382: ssaIgnore cid(2), st(SSA_CS_CALL_SETTING),oldst(1), ev(20)
*Mar 4 00:01:59.382: sess_appl: ev(7=CC_EV_CALL_ALERT), cid(2), disp(0)
*Mar 4 00:01:59.382: cid(2)st(SSA_CS_CALL_SETTING)ev(SSA_EV_CALL_ALERT)
oldst(SSA_CS_CALL_SETTING)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.382: -cid2(1)st2(SSA_CS_CALL_SETTING)oldst2(SSA_CS_MAPPING)
*Mar 4 00:01:59.382: ccCallAlert (callID=0x1, prog_ind=0x8, sig_ind=0x1)
*Mar 4 00:01:59.382: ccConferenceCreate (confID=0x8109F7F8, callID1=0x1, callID2=0x2, tag=0x0)
*Mar 4 00:01:59.382: cc_api_bridge_done (confID=0x1, srcIF=0x810920C0, srcCallID=0x1, dstCallID=0x2, disposition=0, tag=0x0)
*Mar 4 00:01:59.386: cc_api_bridge_done (confID=0x1, srcIF=0x81069AF4, srcCallID=0x2, dstCallID=0x1, disposition=0, tag=0x0)
*Mar 4 00:01:59.386: cc_api_caps_ind (dstVdbPtr=0x810920C0, dstCallId=0x1, srcCallId=0x2,
caps={codec=0xEBFB, fax_rate=0x7F, vad=0x3, modem=0x2
codec_bytes=0, signal_type=3})
*Mar 4 00:01:59.386: cc_api_caps_ind (Playout: mode 0, initial 56068,min 33034, max 5688)
*Mar 4 00:01:59.386: cc_api_caps_ind (dstVdbPtr=0x81069AF4, dstCallId=0x2, srcCallId=0x1,
caps={codec=0x8, fax_rate=0x2, vad=0x2, modem=0x1
codec_bytes=30, signal_type=2})
*Mar 4 00:01:59.386: cc_api_caps_ind (Playout: mode 0, initial 0,min 0, max 0)
*Mar 4 00:01:59.386: cc_api_caps_ack (dstVdbPtr=0x81069AF4, dstCallId=0x2, srcCallId=0x1,
caps={codec=0x8, fax_rate=0x2, vad=0x2, modem=0x1
codec_bytes=30, signal_type=2})
*Mar 4 00:01:59.386: cc_api_caps_ack (dstVdbPtr=0x810920C0, dstCallId=0x1, srcCallId=0x2,
caps={codec=0x8, fax_rate=0x2, vad=0x2, modem=0x1
codec_bytes=30, signal_type=2})
*Mar 4 00:01:59.390: cc_api_call_disconnected(vdbPtr=0x81069AF4, callID=0x2, cause=0xAC)
*Mar 4 00:01:59.390: sess_appl: ev(28=CC_EV_CONF_CREATE_DONE), cid(1), disp(0)
*Mar 4 00:01:59.390: cid(1)st(SSA_CS_CONFERENCING_ALERT)ev(SSA_EV_CONF_CREATE_DONE)
oldst(SSA_CS_MAPPING)cfid(1)csize(0)in(1)fDest(1)
*Mar 4 00:01:59.390: -cid2(2)st2(SSA_CS_CONFERENCING_ALERT)oldst2(SSA_CS_CALL_SETTING)
*Mar 4 00:01:59.390: sess_appl: ev(12=CC_EV_CALL_DISCONNECTED), cid(2), disp(0)
*Mar 4 00:01:59.394: cid(2)st(SSA_CS_CONFERENCED_ALERT)ev(SSA_EV_CALL_DISCONNECTED)
oldst(SSA_CS_CALL_SETTING)cfid(1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.394: -cid2(1)st2(SSA_CS_CONFERENCED_ALERT)oldst2(SSA_CS_CONFERENCING_ALERT)
*Mar 4 00:01:59.394: ssaDisconnectedAlert: redirect_numbers(0)
*Mar 4 00:01:59.394: ccConferenceDestroy (confID=0x1, tag=0x0)
*Mar 4 00:01:59.394: cc_api_bridge_drop_done (confID=0x1, srcIF=0x810920C0, srcCallID=0x1, dstCallID=0x2, disposition=0 tag=0x0)
*Mar 4 00:01:59.394: cc_api_bridge_drop_done (confID=0x1, srcIF=0x81069AF4, srcCallID=0x2, dstCallID=0x1, disposition=0 tag=0x0)
*Mar 4 00:01:59.394: sess_appl: ev(29=CC_EV_CONF_DESTROY_DONE), cid(1), disp(0)
*Mar 4 00:01:59.394: cid(1)st(SSA_CS_ALERT_DISC_CONF_DESTROYING)ev(SSA_EV_CONF_DESTROY_DONE)
oldst(SSA_CS_CONFERENCING_ALERT)cfid(1)csize(0)in(1)fDest(1)
*Mar 4 00:01:59.398: -cid2(2)st2(SSA_CS_ALERT_DISC_CONF_DESTROYING)oldst2(SSA_CS_CONFERENCED_ALERT)
*Mar 4 00:01:59.398: ssa: Disconnected cid(2) state(11) cause(0xAC)
*Mar 4 00:01:59.398: ssaCallDisconnectAlert: cid(2), peer-cid(1)
*Mar 4 00:01:59.398: ccCallDisconnect (callID=0x2, cause=0xAC tag=0x0)
*Mar 4 00:01:59.402: cc_api_call_disconnect_done(vdbPtr=0x81069AF4, callID=0x2, disp=0, tag=0x0)
*Mar 4 00:01:59.402: sess_appl: ev(13=CC_EV_CALL_DISCONNECT_DONE), cid(2), disp(0)
*Mar 4 00:01:59.402: cid(2)st(SSA_CS_ALERT_DISC_DISCONNECTING)ev(SSA_EV_CALL_DISCONNECT_DONE)
oldst(SSA_CS_CONFERENCED_ALERT)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.402: -cid2(1)st2(SSA_CS_ALERT_DISC_DISCONNECTING)oldst2(SSA_CS_ALERT_DISC_CONF_DESTROYING)
*Mar 4 00:01:59.406: ssaDisconnectDone: Rotary Retry cid(1) peer list: tag(1) called number (6250)
*Mar 4 00:01:59.406: ssaSetupPeer cid(1) peer list: tag(1) called number (6250)
*Mar 4 00:01:59.406: ssaSetupPeer rotary_dialpeer_status(2)
*Mar 4 00:01:59.406: ssaSetupPeer cid(1), destPat(6250), matched(0), prefix(), peer(81211DC4), peer->encapType (5)
*Mar 4 00:01:59.406: ccCallProceeding (callID=0x1, prog_ind=0x0)
*Mar 4 00:01:59.406: ccCallSetupRequest (Inbound call = 0x1, outbound peer =1, dest=, params=0x81074A70 mode=0, *callID=0x8109F7C0)
*Mar 4 00:01:59.406: ccCallSetupRequest numbering_type 0x0
*Mar 4 00:01:59.406: dest pattern ...., called 6250, digit_strip 0
*Mar 4 00:01:59.406: callingNumber=, calledNumber=6250, redirectNumber=
*Mar 4 00:01:59.406: accountNumber=, pinNumber=
*Mar 4 00:01:59.410: finalDestFlag=1, guid=06e4.bc49.8945.19b9.0000.0000.fdc3.ac59
*Mar 4 00:01:59.410: peer_tag=1
*Mar 4 00:01:59.410: ccIFCallSetupRequestPrivate: (vdbPtr=0x810920C0, dest=, callParams={called=6250,called_oct3=0x0, calling=,calling_oct3=0x0, subscriber_type_str=Unknown, fdest=1, voice_peer_tag=1},mode=0x0) vdbPtr type = 11
*Mar 4 00:01:59.410: ccSaveDialpeerTag (callID=0x1, dialpeer_tag=
*Mar 4 00:01:59.410: ccCallSetContext (callID=0x3, context=0x810C0D90)
*Mar 4 00:01:59.458: cc_api_call_proceeding(vdbPtr=0x810920C0, callID=0x3,
prog_ind=0x8)
*Mar 4 00:01:59.462: sess_appl: ev(20=CC_EV_CALL_PROCEEDING), cid(3), disp(0)
*Mar 4 00:01:59.462: cid(3)st(SSA_CS_CALL_SETTING)ev(SSA_EV_CALL_PROCEEDING)
oldst(SSA_CS_MAPPING)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.462: -cid2(1)st2(SSA_CS_CALL_SETTING)oldst2(SSA_CS_ALERT_DISC_CONF_DESTROYING)
*Mar 4 00:01:59.462: ssaIgnore cid(3), st(SSA_CS_CALL_SETTING),oldst(1), ev(20)
*Mar 4 00:01:59.466: cc_api_call_disconnected(vdbPtr=0x810920C0, callID=0x3, cause=0x3)
*Mar 4 00:01:59.466: sess_appl: ev(12=CC_EV_CALL_DISCONNECTED), cid(3), disp(0)
*Mar 4 00:01:59.466: cid(3)st(SSA_CS_CALL_SETTING)ev(SSA_EV_CALL_DISCONNECTED)
oldst(SSA_CS_CALL_SETTING)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.466: -cid2(1)st2(SSA_CS_CALL_SETTING)oldst2(SSA_CS_ALERT_DISC_CONF_DESTROYING)
*Mar 4 00:01:59.466: ssa: Disconnected cid(3) state(1) cause(0x3)
*Mar 4 00:01:59.470: ccCallDisconnect (callID=0x3, cause=0x3 tag=0x0)
*Mar 4 00:01:59.470: ccCallDisconnect (callID=0x1, cause=0x3 tag=0x0)
*Mar 4 00:01:59.470: cc_api_call_disconnect_done(vdbPtr=0x810920C0, callID=0x3, disp=0, tag=0x0)
*Mar 4 00:01:59.470: sess_appl: ev(13=CC_EV_CALL_DISCONNECT_DONE), cid(3), disp(0)
*Mar 4 00:01:59.474: cid(3)st(SSA_CS_DISCONNECTING)ev(SSA_EV_CALL_DISCONNECT_DONE)
oldst(SSA_CS_CALL_SETTING)cfid(-1
ARBORAL-R#
ARBORAL-R#
ARBORAL-R#

Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

Hi,
So you have N7k acting as L3 with servers connected to 4510?.
Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
This will help narrow down if issue is between server to 4510 or 4510 to N7k.
Thanks,
Nagendra

How Cisco NAC and Cisco NAC Agent works

HI,
Can anyone help in explaining in detail for Cisco NAC will work in L2 OOB mode?
Also, what is the path from the time the end user connects to the network till he gets access to the network?
Please reply soon.Its urgent.

I really do not know if you will find the answer that you are looking for. From what I remember NAP was an option that was available with the ACS via a special patch. This is only supported for vista clients if memory serves me correct.
Here is the link that will help you with the basics.
http://www.cisco.com/en/US/netsol/ns466/index.html
We do not get much case volume or exposure to the NAP solution and with ACS 5.2 and ISE around the corner it might be too late to go through this setup and then run into issues with acs 4.2 possibly hitting eol/eos.
Thanks,
Tarik

CS Mars, Cisco Works and Security Manager

If we wanted to get all three applications, do cisco bundle it into one package? Or does it have to be purchased separately?

do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?
Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.
MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).
Hope that helps.

Connectivity issues between Cisco 2901 and Cisco SG300-52

Hello,
I am having some serious connectivity issues between the hosts in my LAN.
My LAN is based on a Cisco 2901 router and a Cisco SG300-52 port switch.
The issue that has been happening is that connections between hosts on the LAN (remote desktop, extended ping, etc) is very unstable, at some point I can see a 35% lost packets on an extended ping. This happens at any time of the day and from any host.
All hosts are on the same Vlan(default Vlan) and on the same subnet. Some hosts have fixed IP addresses (servers and network equipment) and others obtain their IP address trough a DHCP reservation established on the router (reserved with the MAC address of every host).
I can provide further details if needed, because this issue is very serious and I would really appreciate any insight or support.
Many thanks in advanced.
Sair Amer
EDIT: After doing every test we could think of, we finally found the reason behind this problem.
It turns out that the switch has problems handling communications between clients at different speeds, because most of the hosts connected were working at 100 Mbps but the servers were working at 1000 Mbps (and the communication between host and servers wasn't stable).
After manually setting the speed on all ports to 100 Mbps the problems have stopped.
Many thanks for you help on this issue.

Building configuration...
Current configuration : 4123 bytes
! Last configuration change at 12:06:16 PCTime Sat Jul 19 2014 by ccp
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Foninsa
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 $1$BDbJ$HN3VP8nmywrGB55RCxPd30
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone PCTime -4 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00
no ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.151 192.168.1.255
ip dhcp pool FONINSA
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool Laptop-Sporta-Wifi
host 192.168.1.10 255.255.255.0
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-213585710
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-213585710
revocation-check none
rsakeypair TP-self-signed-213585710
crypto pki certificate chain TP-self-signed-213585710
certificate self-signed 01
30820229 30820192
quit
license udi pid CISCO2901/K9 sn
license boot module c2900 technology-package securityk9
username ccp privilege 15 password
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 190.196.21.98 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 21 190.196.21.98 21 extendable
ip nat inside source static tcp 192.168.1.3 80 190.196.21.98 80 extendable
ip nat inside source static udp 192.168.1.8 1194 190.196.21.98 1194 extendable
ip nat inside source static tcp 192.168.1.4 3389 190.196.21.98 3389 extendable
ip nat inside source static tcp 192.168.1.9 3389 190.196.21.98 10000 extendable
ip nat inside source static tcp 192.168.1.3 3389 190.196.21.98 20000 extendable
ip route 0.0.0.0 0.0.0.0 190.196.21.97
access-list 1 permit 192.168.1.0 0.0.0.255
control-plane
line con 0
password $
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 5
access-class 23 in
privilege level 15
password #
transport input telnet ssh
no scheduler allocate
end

Integrating Cisco ACS and Cisco NAC Manager - Downloadable ACL

Hi There
I have Cisco NAC setup in my environment. These are all working fine. The users will get themselves authenticated via Cisco NAC Manager. The Cisco NAC Manager talks to the Cisco ACS for the user database portion. These are all working fine. I would like to enable Downloadable ACL. I have tried using the CISCO-AV-PAIR method and creating a downloadable ACL entry in Shared Components, but nothing works. It's either I'm doing it wrongly or this setup of mine doesn't support downloadable ACL? Please kindly advice.
Regards,
Ram
+6-012-2918870

Hi,
That is not possible.
You cannot push ACLs into the NAC manager.
If you are doing Radius authentication from NAC manager, what you can do is to create Roles on the NAC manager, and on those roles you define traffic policies.
Using Radius attributes you can then map users to Roles.
Please take a look into this:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_auth.html#wp1158789.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

Configuring SYNCE/PTP on Cisco 7600 and Cisco MWR for NSN NodeB

Hi to All,
I would to ask for support on how i can establish the PTP between Cisco MWR 2941-DC and a NSN NodeB. The Cisco MWR is connected to a Cisco 7600 with SPA-2X1GE-SYNCE where the SSU/OSN clock is connected on the BITS ports. Hope you can assist me with the configurations.
Thanks,
Eugene

Dear Genedeath,
I have noticed that you posted this message since last year ..... have you ever been able to solve the case??
I had a glance to the diagram and it looks quite similar to my case.
I need to configure a Cisco MWR2941 for the very first time in order to support SyncE for packet Abis between a NSN FlexyBSC and a NSN BTS.
BTS---------------Gig x/y MWR Gig x/x-----------------------FlexyBSC
I guess the source clock would be provided by BSC...
Can you support me according to your experience ??
thanks and regards!
Mauro

Documentation of cisco::eem and cisco::lib libs

Hello Experts,
Would you be able to help me find the link to complete documentation of cisco:eem / cisco::libs libraries ?
Thank you.

Some of the available functions are documented on Cisco.com in the EEM Tcl guide (e.g., the CLI functions and the mail functions). Some of the others I mention at https://supportforums.cisco.com/docs/DOC-12757#Tcl_Packages . Between the two sources, I think you'll find everything you're looking for.

Routeur cisco 1841 and cisco SA540

I already have 1841 router and I am trying to install SA540 as firewall. Can someone help me how to configure these
two? I tried once but failed. I can connect Internet from firewall but I can not connect Internet from PC which connected to router.
If I have to tell you more information, please let me know.
Thank you.

Tahar,
How far you can get? Do you have connectivty between the SA and the 1841 Router? Is the Router able to go out to the internet? In your computer, can you see an ARP being build for the IP address of the router?
Mike

Cisco Identity Services Engine (ISE) Version 1.2: What's New in Features and Troubleshooting Options

With Ali Mohammed
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about what’s new in Cisco Identity Services Engine (ISE) Version 1.2 and to understand the new features and enhanced troubleshooting options with Cisco expert Ali Mohammed.
Cisco ISE can be deployed as an appliance or virtual machine to enforce security policy on all devices that attempt to gain access to network infrastructure. ISE 1.2 provides feature enrichment in terms of mobile device management, BYOD enhancements, and so on. It also performs noise suppression in log collection so customers have greater ability to store and analyze logs for a longer period.
Ali Mohammed is an escalation engineer with the Security Access and Mobility Product Group (SAMPG), providing support to all Cisco NAC and Cisco ISE installed base. Ali works on complicated recreations of customer issues and helps customers in resolving configuration, deployment, setup, and integration issues involving Cisco NAC and Cisco ISE products. Ali works on enhancing tools available in ISE/NAC that are required to help troubleshoot the product setup in customer environments. Ali has six and a half years of experience at Cisco and is CCIE certified in security (number 24130).
Remember to use the rating system to let Ali know if you have received an adequate response.
Because of the volume expected during this event, Ali might not be able to answer each question. Remember that you can continue the conversation on the Security community, sub-community shortly after the event. This event lasts through September 6, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

Hi Ali,
We currently have a two-node deployment running 1.1.3.124, as depicted in diagram:
http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_010.html#ID89
Question 1:
After step 1 is done, node B becomes the new primary node.
What's the license impact at that stage, when the license is mainly tied to node A, the previous primary PAN?
Step 3 says to obtain a new license that's tied to both node A & node B, as if it's implying an issue would arise, if we leave node B as the primary PAN, instead of reverting back to node A.
=========
Question 2:
When step 1 is completed, node B runs 1.2, while node A runs 1.1.3.124.
Do both nodes still function as PSN nodes, and can service end users at that point? (before we proceed to step 2)
Both nodes are behind our ACE load balancer, and I'm trying to confirm the behavior during the upgrade, to determine when to take each node out of the load balancing serverfarm, to keep the service up and avoid an outage.
===========
Question 3:
According to the upgrade guide, we're supposed to perform a config backup from PAN & MnT nodes.
Is the config backup used only when we need to rollback from 1.2 to 1.1.3, or can it be used to restore config on 1.2?
It also says to record customizations & alert settings because after the upgrade to 1.2, these settings would change, and we would need to re-configure them.
Is this correct? That's a lot of screen shots we'll need to take; is there any way to avoid this?
It says: "
Disable services such as Guest, Profiler, Device Onboarding, and so on before upgrade and enable them after upgrade. Otherwise, you must add the guest users who are lost, and devices must be profiled and onboarded again."
Exactly how do you disable services? Disable all the authorization policies?
http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_01.html#reference_4EFE5E15B9854A648C9EF18D492B9105
==================
Question 4:
The 1.1 user guide says the maximum number of nodes in a node group was 4.
The 1.2 guide now says the maximum is 10.
Is there a hard limit on how many nodes can be in a node group?
We currently don't use node group, due to the lack of multicast support on the ACE-20.
Is it a big deal not to have one?
http://www.cisco.com/en/US/customer/docs/security/ise/1.2/user_guide/ise_dis_deploy.html#wp1230118
thanks,
Kevin

Cisco Works - need to re-use a 3560, how to delete and re-add in Cisco Works

Hello. I did not see a cisco works section on the forum, forgive me if it's there and I missed it. I have removed a 3560 switch from one location and am going to rename it (same IP though) and deply it in a different department. We have cisco works sending critical and informational alerts as well as backup the configs on Sunday mornings. I think I was able to get it to stop sending alerts when I unplugged and unhooked the switch. I want to give the switch a new host name and re-deploy it. I assume it will be easier to delete and then re-add the switch to cisco works. Is the a document where I can follow steps to remove it from cisco works? I have the documentation, but it is hard to read and they don't really have an area that specifically says "remove a switch from cisco works", and I don't want to break everything for the other 55 switches that cisco works does do the alerts and backups for. I know cisco works is full of different modules, so I was wondering if there was a document or some type of help I could get for doing this. Any help would be greatly appreciated. Thanks. Mike Baker

Hi,
It sounds like a tutorial may be what you are looking for. Here is one based on LMS 3.1.
https://learningnetwork.cisco.com/docs/DOC-4031
To remove a device from DCR (Device & Credential Repository) navigate to Common Services > Device and Credentials > Device Management.
Thanks,
Nick

Cisco works and cisco ISE

Similar Messages

Maybe you are looking for