Configure AAA with ANM, ACS and ACE

Similar Messages

• Configuring AAA Authorization on ACS 4.1

  Hi,
  Can anybody provide me links to any good documentation on how to configure AAA Authorization using Command Shell on the ACS 4.1 ? I would be really grateful if someone one can point me few links.
  Thanks,
  Meet

  Hi
  I would try looking at this link:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080088893.shtml
  This describes how to plan, design and build shell cmd auth config in ACS.
  Darran

• AAA with Secure ACS

  How do i configure ACS so that when a user telnets to a switch/router and they pass credentials...they are authenticated and dropped straight into enable mode and dont have to enter an enable password. Im using a windows external user database.
  TIA

  Hi Shaun,
  A double post deserves a double answer.
  You could have found that one yourself, but here is the URL:
  http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml#t2
  To find it, I did a search with the following attributes: "privileged mode radius ACS"
  Regards,
  Leo

• Configuration issue with SP 2013 and SSRS 2012

  Hi
  I have installed sql server 2013, SP 2013 and PS 2013 in same server. Getting error when i try to configure
  Reporting services Integration
  and path is Central admin -> General application settings --> Reporting services Integration --> 
  provided url for Report Server Web Service URL (copied url from Report manager URL in Reporting services configuration manage and verified URL working fine)
  Error:
  Failed to establish connection with report server. Verify the server URL is correct or review ULS logs for more 
  information. Product area: SQL Server Reporting Services, Category: Configuration Pages
  USL Logs
  Failed to retrieve RS configuration information: System.Net.WebException: The request failed with HTTP status 404: 
  Not Found.     at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, 
  WebResponse response, Stream responseStream, Boolean asyncCall)     at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)     at Microsoft.SqlServer.ReportingServices2010.ReportingService2010.GetReportServerConfigInfo(Boolean
  ScaleOut)
   at Microsoft.ReportingServices.SharePoint.UI.RSIntegrationSettings.GetReportServerConfigInfo(IList`1& configInfos)              
  Did i missed out any steps
  Regards
  Santosh

  Hi Santosh,
  I think the Reporting Services integration works with SQL Server 2008/2008 R2. When the SQL Server 2012 is installed, there is an option to install Reporting Services - SharePoint bits. Details can be found here:
  http://msdn.microsoft.com/en-gb/library/jj219068(v=sql.110).aspx
  Once the Reporting Services components have been installed you should be able to configure the SQL Server Reporting Service Application and use the Reporting Services content types in your SharePoint libraries
  Hope this helps
  Paul

• Multiple vlans configuration issue with RV016 router and SG 300-10MP witch

  Hi,
  I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
  Router (RV016 10/100 16-Port VPN Router) as gateway mode:
  IP : 172.16.0.1/24
  DHCP Server :
  IP : 172.16.0.2/24 GW: 172.16.0.1
  2 subnets :
  172.16.1.0/24 GW: 172.16.1.1 to serve vlan 1
  172.16.2.0/24 GW:172.16.2.1 to serve vlan 2
  Switch (SG 300-10MP 10-Port Gigabit PoE Managed Switch) as layer 3 mode:
  IP 172.16.0.254 (vlan 8 default)
  Vlan 1 : 172.16.1.1
  Vlan 2 : 172.16.2.1
  1 device connected on each vlan
  a workstation on the vlan 1
  a laptop on the vlan 2
  In this scenario (see the attached pdf file) the DHCP server is connected on a router, hosts on vlans dont receive any IP address.
  But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.
  I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration ?
  I hope the explanations are clear enough and my English too
  Any help will be highly appreciated,
  Zoubeir

  Hi Eric, the small business group doesn't support the ASA config, but  I can help with the switch.
  A couple things I notice in your description-
  48 port (192.168.1.254) and the other 24P (192.168.1.253)  we have a  second vlan 20 set up on the 24P switch (192.168.2.253)  we have ports  1-12 set for vlan20 (untagged and trunk), the remaining ports on on the  default vlan 1.
  The connection between the switches, is it 1u, 2t?
  The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.
  We have the 24p and 48p switches connect using GE1 and GE1.  We are unable to ping a device on vlan 20 ( on the 24p switch
  The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.
  We have a static route set on the 24p switch (0.0.0.0 192.168.1.0). 
  Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.
  -Tom
  Please rate helpful posts

• Configuration scenario with wlc/acs/ad

  Hello folks
  can u please   post a configuration example witch envolve  4400 along with ACS 4.1 along with windows AD  as authentication(single sign on) , also consider the authentication method as PEAP
  thanks

  Here it is
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml

• Configuration update with Internet Connect and connection blockage

  I have been having the same sort of problems (i.e., suddenly for no apparent reason, being unable to get or maintain an internet connection). I use an internal modem and Earthlink to connect, not dsl or cable. I ran across a discrepancy concerning configuration updates between the three places that allow me to select "Connect" (1) Sys Prefs-->Network-->can select from different configs/locations (2) Internet Connect-->can select from different configs, and (3) Earthlink's Total Access-->can select from different configs/locations.
  I noticed that in Internet Connect the dots that represent my password were longer than that in Sys Prefs-->Network, but all Keychains contained the shorter, correct password. I can't change the password nor change or delete the configs in Internet Connect.
  When I created a new config/location via SysPrefs-->Network, it showed up in Total Access, but not a peep of it in Internet Connect. Have tried trashing the prefs files for Internet Connect as well as deleting almost all keys in Keychain that relate to online access. No change.
  I can now get and maintain a connection only if I connect using Network or Total Access. Any ideas on how to fix Internet Connect application?

  I don't know if I can help much, but I think elko has the right idea about repairing permissions after an update. It's good practice to use Disk Utility to verify and repair if necessary both permissions and the disk. This will sometimes resolve the problem.
  Another thing to check is all your settings for internet under system preferences. I have heard about things ending up too low in the heirarchy and not working properly for reasons that are unclear. You may be able to reconfigure it.
  It is also possible you have an airport card that is failing intermittantly. You can try running the Apple Hardware Test and see if anything shows up in the form of an error code.
  You could also try turning off the airport and seeing if you can connect by dial up using the internal modem. If you can, the problem may be with the airport. If you cannot, there is something else going on.
  One long shot might be to turn the computer off and remove both the power cord and the battery for 30 minutes or so. You will have to reset the date and time after this. But sometimes things do "reset" and start working again.
  As it happens, I have not had any problems on my iBook G4 following the latest updates, so it is likely not too common a problem. Your question has been out here for some time, and I hope someone more knowledgeable than I am will be able to suggest more things to try.
  Please post back and let us know if anything has helped.
  Good luck!

• Unable to configure Outlook with ASA firewall and IWSVA

  Dear Sir,
  We are unable to configure MS outlook in our network  which is having IWSVA proxy and cisco ASA 5510 firewall.
  snapshot of outlook error details are attached for your reference.
  In our network L3 is behind IWSVA which is behind cisco ASA 5510.
  when we change following NAt rule and ACL incoming rule it works fine
  nat (inside,outside) source static any interface unidirectional
  nat (inside,outside) source static obj_Proxy interface unidirectional
  access-list 100 extended permit ip any any
  access-list inside_access_in extended permit ip object-group Proxy_Server any
  all required ports are allowed in IWSVA also please tell me if we have to make any changes in IWSVA like mapping ports etc.
  Thanks in advance
  Regards:
  Anand Singh Dhouni

  Hello Anand,
  I already replied to you on the other post, Please mark this as answered so we can focus on one ticket and avoid duplicates.
  For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
  Any question contact me at [email protected]
  Cheers,
  Julio Carvajal Segura

• Pre-configured Linux with Oracle DB and Applications

  Does anyone know if there is a pre-configured oracle-linux stack out there that would have all the components already configured. I have seen this for other products such as sugarCRM. Its really nice to have this, since it takes the complexity and installation time out of the equation, especially if you are just trying to test or demo the software. I imagine a PeopleSoft Oracle Linux Stack, as well as one for each of the Oracle Application and Software Suites. If not, i guess i will go the more fun route of downloading and installing each package individually.

  There is package, named oracle-validated. it verifies and sets system parameters based on Oracle validated configuration recommendations for Oracle Enterprise Linux Release 4.
  [root@jch-lnx etc]# rpm -qli oracle-validated-1.0.0-8.el4
  Name : oracle-validated Relocations: (not relocatable)
  Version : 1.0.0 Vendor: Oracle
  Release : 8.el4 Build Date: Wed 19 Sep 2007 05:46:22 AM CST
  Install Date: Wed 26 Sep 2007 12:03:06 PM CST Build Host: ca-build6.us.oracle.com
  Group : Test Environment/Libraries Source RPM: oracle-validated-1.0.0-8.el4.src.rpm
  Size : 39137 License: GPL
  Signature : DSA/SHA1, Wed 19 Sep 2007 05:46:24 AM CST, Key ID 2e2bcdbcb38a8516
  Summary : Verifies and sets system parameters based on Oracle validated configuration recommendations for OEL4
  Description :
  This package verifies and sets system parameters based on Oracle validated configuration recommendations for Oracle Enterprise Linux Release 4
  Files affected: /etc/sysctl.conf, /etc/security/limits.conf, /etc/modprobe.conf, /boot/grub/grub.conf
  For changes to modules, this package installation will modify module paramters and re-insert.
  /etc/sysconfig/oracle-validated/oracle-validated-verify
  /etc/sysconfig/oracle-validated/oracle-validated.params
  /usr/bin/oracle-validated-verify

• Configuring AAA with 2811 IPIP Voice Gateway

  Hi,
  I am trying to configure 2811 Gateway for IP to IP VoIP calls as a carrier and need to calls to be Authenticated/Accounted on Radius Billing Server. The problem is that when a call comes into the GW, the call is forwarded on the second leg without authenticated but the accounting messages are coming properly.
  Cisco TAC advised that I need to run TCL which I don't understand why. I am NOT using any IVR for the incoming calls, but still they insist using it.
  Anyone has any experience in this implementation.

  TCL != IVR
  TCL is just a scripting language.
  There is such a TCL script that authenticates IP-to-IP calls.
  So what the TAC has advised you is right.
  Just configure the proper TCL script at your dial-peer and it will handle the authentication for you (will send authentication/authorization messages to the Radius server).

• Installing and Configuring OBIA with OBIEE, Informatica, DAC

  Hi
  Can anybody send me set up procedure for , how to install and configure OBIA with OBIEE, Informatica and DAC?
  mail Id : [email protected]
  Thnks In advance.

  Hi,
  the setup procedure depends on your Oracle BI Apps version.
  You can find all Oracle documentation to install and configure Oracle BI Apps from this URL :
  http://www.oracle.com/technetwork/middleware/bi-foundation/documentation/bi-apps-098545.html
  hope it helps,
  Benoit

• AAA with RADIUS on ASA

  Hey Everyone,
  I am configuring AAA with RADIUS on our remote ASA firewalls.  This is pretty straight forward, but I have some firewalls that this is not working on.  I have upgraded the IOS image on the ASA 5510 to ASA804-K8.BIN on all of them.  The strange part is some of them are working and some of them are not working.
  Just wondering if anyone else has come across this before and what info do you need to give me an assist.
  Thanks in advance,
  Kimberly

  Hi Kimberly,
  just curious: why 8.0.4 and not 8.0.5 ?
  What are you using radius for ? What is the radius server? Did you configure all the ASAs on the radius server(s) ? Did you use the correct shared secret?
  Is there anything different between the working ASAs and the failing ones? Configuration, location in the network, etc?
  If the above doesn't help please post the config of a failing ASA (or at least the relevant parts, and make sure to remove any sensitive data) and the output of:
  debug radius
  debug aaa authen
  debug aaa common 254
  You can test just the radius part with the cli command "test aaa-server authentication ..."
  hth
  Herbert

• Oracle10gRAC installation with ASM, SGeRAC and Oracle Clusterware on Ita64

  Hello!
  Does anyone have an installation guide for the configuration: Oracle10gRAC with ASM, SGeRAC and Oracle Clusterware on Itanium?
  Thanks in advance, Mara

  859875 wrote:
  Thanks Fiedi. Thanks a lot for your response.
  Last month I did RAC installation where I need format raw devices using below commands :
  clean all
  create part ext
  create part log
  Is it not required for standalone DB installation with ASM ?
  Basically preparing disk for ASM on RAC or non RAC is the same
  >
  >
  I am able to create 4 logical raw devices (175GB) each. 2 for Data and 2 for DB flash. However I am not able to clean those raw devices with "clean all" command.
  Can you help me ?
  what error did you get?. Try delete the logical partition and recreate it

• Configuring AAA in ACE using ANM

  Hi guys
  Is there a way to do this? I cant find anywhere how to configure the AAA parameters for the ACE CLI access using the ANM. I know where to configure AAA for the ANM access, but not for the ACE devices.
  thx in advance!
  Omar M

  Hi Omar,
  Is there a way to change the interface that the ACE uses for TACACSs requests?
  The interface to be used for the AAA request is chosen based on the routing table, so, unless the server is in a vlan directly connected to the ACE, you can define which interface to be used by configuring a static route towards the server.
  Also, there's gonna be a request for each context right?
  The AAA configuration is done on a per-context basis, so, each context will handle connections arriving to it following its own configuration settings.

• Can i configure a network with ACS and ISE?

  I have both acs and ise, how do i integrate these appliance to work togheter?
  Thanks

  ISE does not interoperate with Cisco Secure ACS deployments. The Cisco Identity Services  Engine can work in tandem with Cisco NAC Manager to provide the same  profiling service as the NAC Profiler, which has reached end-of-sale  status.
  Existing Cisco Secure ACS customers using network  access can easily migrate to the Cisco Identity Services Engine platform  using migration part numbers and tools. However, existing Cisco Secure  ACS customers using TACACS functions will not be able to migrate to the  current version of ISE for network device identity management which is  often acceptable for customers who prefer to keep user and network  identity on separate systems.