LMS and ACS intergration

Similar Messages

• Does Cisco LMS and CNC require what kind of access on device

                     I would like to know what kind of device access needs to collect information? I have another team trying to collect the information. I have given LMS server snmp access to Cisco Devices. It seems that snmp for LMS is not enough as per their comment. We have CNC server is different than LMS. Please advise. Thanks!!!
  If you have sample output report for LMS and CNC will be also very much appreciated.

  You can check the credentials required by LMS for managing devices for different features here :
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/install/guide/prereq.html#wp1170227
  Not sure about CNC. Let the other experts comments on it.
  -Thanks

• Dynamic VLAN assignment with WLC and ACS for

  Currently, using our autonomous APs and ACS, our users get separate VLANs per building based on their security level (students or staff). Basically, the student VLAN in one building is different from that of the student VLANs in other buildings on campus. Currently, we do this by filling the Tunnel-Private-Group-ID IETF RADIUS attribute with the VLAN name. This all works because each individual AP can map VLAN names to different VLANs like this:
  dot11 vlan-name STUDENT vlan 2903
  dot11 vlan-name FACSTAF vlan 2905
  As we are working on our WiSM deployment, we see that the document below shows how to do the dynamic VLAN assignment on our WLAN controllers:
  http://www.cisco.com/en/US/customer/products/sw/secursw/ps2086/products_configuration_example09186a00808c9bd1.shtml
  However, we haven't figured out if it's possible to still provide our users with different VLANs for each building they're in.
  With the instructions above, it looks like ACS uses a Cisco RADIUS Attribute to indicate the Air-Interface-Name, mapping an ACS/AD group to a single WLC interface which can only have one VLAN/subnet associated with it.
  Does anybody know if what we're trying to accomplish is possible, or if we're really stuck with only one VLAN/subnet per mapped ACS group?

  We only have the one WiSM for all of campus, so it's handling everything. This Cisco docs do indicate how to put differnet users in different Vlans, but we don't currently see a way to also put them in different subnets per building.
  This being the case, any suggestions on how best to handle more than a Class C subnet's worth of users? Should we just subnet larger than Class C, or is there a more elegant way of handling this?

• Wireless Virtual LAN - SSID and ACS User Mapping

  Hi Everybody
  We have the following senario:
  - WLC 4402 and ACS 3.3
  - 2 SSID's , One for Emploies - one for gests
  - All users are (guest and emploies) are authentication against the ACS Server.
  We would like to only permit Guest users to use the Guest SSID.
  I've been reading the Wireless Virtual LAN Deployment Guide :
  http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wvlan_an.pdf
  and have tried to use methode 1.
  - RADIUS-based SSID access control:
  "Upon successful 802.1X or MAC address authentication, the RADIUS server
  passes back the allowed SSID list for the WLAN user to the access point or bridge. If the user used an SSID on the allowed SSID list, then the user is allowed to associate to the WLAN. Otherwise, the user is disassociated from the access point or bridge."
  "This is configured by enableling the ?[026/009/001] cisco-av-pair? option. On the ACS Server
  - Enable and configure Cisco IOS/PIX RADIUS Attribute,
  009\001 cisco-av-pair
  - Example: ssid=LEAP_WEP"
  I've tried this, but regardless of wich SSID the user(-group) has configured, it sill can access all SSID's?
  Does anyone have any idea of what I'm doing wrong?
  Does this setting only apply to Accesspoint, or is it also valid for the WLC 44xx series?
  Greetings
  Jarle

  Hi I'm sorry but this still does not help.
  We have now upgraded ACS to version 4.0 and I'm still having the same problems.
  This is what i have configured:
  WLC:
  - WLAN
  - SSID : Public
  - WLAN id = 3
  - L2 Security : 802.1x
  - Interface Name : GuestVLAN
  - Controller - Interface
  - management - Untagged
  - GuestVLAN - VLAN 112
  - Security
  - RADIUS Servers
  When authenticating a Guest(belonging to the proper group in acs) - the right VLAN is used, IP Adresses from DHCP is recieved, and the Guest can access internet.
  Switch:
  - Port connected to WLC uses Trunking.
  - Guests are connected to VLAN 112 and "native VLAN" is used to connect the Private Users.
  ACS:
  - AAA Client is the WLC, Authenticating using Cisco Airespace
  - Guest Users are member of Group 11
  - Private Users are member of Group 1
  Group 11
  - Use Per Group NAR to only allow WLAN Access
  - Cisco Airespace RADIUS Attributes
  x 14179\001 - Aire-WLAN-ID = 3
  - Cisco IOS / PIX RADIUS Attributes
  x 009\001 Ciso-av-pair = "ssid=Public"
  - IETF Radius Attributes
  x 006 Service Type = Login
  x 007 Framed-Prot = ppp
  x 064 Tunnel-Type = VLAN
  x 065 Tunnel-Medium-tye = 802.1x
  x 081 Tunnel-Private-Group-ID = 112
  Group (default Group)
  - Cisco Airespace RADIUS
  x 14179\001 Aire-WLAN-ID = 1
  - Cisco IOS/PIX Radius Attrib
  x 009\001 Cisco-av-pair = "ssid=Private"
  - IETF RADIUS
  x 008 Service-type = Login
  x 064 Tunnel-Type = VLAN
  x 065 Tunnel-Medium-tye = 802.1x
  x 081 Tunnel-Private-Group-ID = 1
  Do you have any idea of what i should change?
  Greetings
  Jarle

• 802.1x between Switch 3750 and ACS 4.2 Authentication faild --need help

  I configured the Switch 3750 and ACS for 802.1x authentication.
  when I used the windows as the 802.1x client, it prompted "click here to enter user name and pasword for the network " as normal.
  The problem is that after I entered username and password (i am sure i enter the identical username and password as in ACS) the authentication failed,
  What is the most possibly problem?
  Thx in advance!!!
  The configuration is Sw3750 is:
  aaa new-model
  aaa authentication login default local
  aaa authentication enable default line
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  dot1x system-auth-control
  interface GigabitEthernet1/0/18
  description Link to test 802.1x
  switchport access vlan 119
  switchport mode access
  dot1x pae authenticator
  dot1x port-control auto
  spanning-tree portfast
  radius-server host 10.1.1.333 auth-port 1645 acct-port 1646
  radius-server source-ports 1645-1646
  radius-server key keepopen0
  In the ACS:
  Network Configuration -->aaa client ip address: 10.1.119.1(the vlan 119's ip address), shared secret: keepopen0
  user setup -->real name:test1, password: test1.
  Attached is the debug information

  What do you see in acs failed attempts?

• Incompatibility issue - WLC 5508 and ACS 5.4

  Hi,
  This is my scenario:
  Cisco WLC 5508 firmware 7.4.110.20 and ACS 5.4, two WLAN eap/tls, many client  can't connect to WLAN and on ACS i receive the following error:
  Authentication failed : 11051 RADIUS packet contains invalid state attribute
  workaround:
  1 -Check the network device or AAA Client for hardware problems.
  2-known RADIUS compatibility issues.
  3-Check the network that connects the device to ACS for hardware problems
  there are some incompatibility issue between WLC and ACS ? the compatibility matrix document for wireless imposes the 7.5 firmware for WLC.
  What do you think is possibile ?

  Are there any other errors shown in the details of the failed authentication?
  We may need to look at service logs in debug mode, opening a TAC case would be the best way to go about this.
  Javier Henderson
  Cisco Systems

• Using Active Directory and ACS for Concentrator 3000 VPN

  Has anyone gone down the path of using Cisco ACS for network access control AND authenticating it with their W2K Active Directory for VPN 3000 concentrators? I did some research on Google, Cisco web, and this group, I did not find a definite answer on the best practice for the architecture and design, can anyone share your experience how you approached this?
  Below is my understanding, I appeciate any help to piece some or all the below together
  (1) The end state is once a VPN user is successfully authenticated, it is assigned to certain network access privilege based on its group's policy. How to accomplish this?
  (2) AD stores a central user database for user authentication. Each user may belong to one or more groups on the AD; ACS is reponsible for network access control for the specific groups and enforces these controls to the users via the concentrators.
  (3) Concentrator is the NAS, and ACS is the RADIUS server
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800949b4.shtml
  (4) Concentrator can link to the AD as an external database: http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_1/gs/gs3mgr.htm
  (5) A single "Tunnel Group" is created on the concentrator
  (6) Mulpile Groups, per corporate infosec policies are created on the AD
  (7) Mulpile Groups, per corporate infosec policies are also created on ACS, need to match with what're in the AD
  TIA.

  In order to restrict access for a specific AD group to specific SSID this is what you need to perform.
  When the WLC sends an authentication request to the  ACS, it will include  the SSID that the user is connecting to, in the  attribute  Calling-Station-Id(31). We can use this information to create  multiple  rules in ACS 5.x in order to take actions based on the  information  contained in the attribute.
  Under the  Users and Indetity Stores > click on Directory Groups > select  > check the group name you want to add and hit ok. Save the changes.
  We  just need to  create a DNIS rule that includes the name of the SSID and  use it as a  condition in any rule that we create for authentication.  The * is  required because the attribute not only contains the SSID but  also a MAC  address so the * is use as a regular expression.
  Now go to access-policies > default-network access > identity should be AD1.
  Go  to authorization > click on customize > move the  AD1:ExternalGroups and end-station filter attribute on the right side  and hit ok.
  After that slect the appropriate ad group for teachers and end-station filter.
  Save changes.
  Jatin Katyal
  - Do rate helpful posts -

• How to create guest access in wireless by WISM and WCS and ACS?

  dear sir
  i neeed to know the steps of how we can make guest access to our network like hotels by using our WISM v 7.0.220 and wireless control system and ACS ?

  You need to define your requirements a little bit. The WLC can do WebAuth and an employee can access either the WLC or WCS to put in the username and password credentials, but you would need to figure out what's best for you.
  Here is a support doc that you can reference.
  https://supportforums.cisco.com/docs/DOC-13954
  Sent from Cisco Technical Support iPhone App

• MM and PM intergration

  Hye
  Can you please le tme know what is MM and PM intergration
  thanks

  Hi,
  The integration aspects of MM-PM are:
  1) for non stock materials requirement, purchase requsition can be created from the plant maintenance order. PR is converted to the Purchase order. when ever goods receipt is done , the cost is directly booked to the plant maintenace order.
  2) for stock materials requirement,,reservation can be created from the plant maintenance order and the material can be issued to the order against the reservation.
  3) Like materials , for services also PRs can be created from the plant maintenace order.
  Another integration is BOM - Bill Of Material.
  With Equipment BOM, you can create a list of material through which equipment is created or in othre words you can mention the spares that you may require during the maintenance of the equipment.
  Regards,
  Vikas

• Prime Infrastructure 1.1 LMS and NCS installation.

  Dear all
                I have purchase below mention product. Now my question is that.
  A>  1). Prime (2). LMS 4.2  (2). NCS 1.1 are they different software and has to install them separately ?
  B>   or The prime is the only virtual(.ova) software where there LMS and NCS works as a feature?
  C> Please help me with the download link and installation guide..
  CISCO
  R-PI-1.1-K9
  Cisco Prime Infrastructure 1.1
  CISCO
  R-PI-1.1-100-K9
  Prime Infrastructure 1.1 Software - 100 Device Base Lic
  CISCO
  L-PILMS42-100
  Prime Infrastructure LMS 4.2 - 100 Device Base Lic
  CISCO
  L-PINCS11-100
  Prime Infrastructure NCS 1.1 - 100 Device Base Lic
  CISCO
  L-PINCSW11-100
  Prime Infrastructure NCS WAN 1.1 - 100 Device Base Lic
  With Regards
  Tanmay
  [email protected]

  SOme of the similar discussion happened here, which would be helpful.
  To answer your questions :
  A.> Yes all three of them are separate software.
  LMS :--> Ciscoworks Prime LMS is about to be end-of-life software which will phase out in favour of its successor Cisco Prime Infrastructure. This Software was the key application from Cisco to help manage the entire Wired Infrastructure for cisco devices, like Routers, switches, VPN, FW's, etc.
  NCS:--> Wireless Control System (WCS) was the LMS equivalent software to manage Cisco's wireless infrastructure. It evolved as a new Generation Network Control System (NCS).
  Cisco Prime Infrastructure :--> Cisco felt market demand to have a unified experience to manage both Wired and Wireless Infrastructure, hence Cisco Prime Infrastructure was introduced which is NCS+LMS. Not all features of LMS are migrated, hence customer's are allowed to use LMS latest version 4.2.x for wired network devices, if required.
  B.> Prime is now provided with an inbaked Linux kernel to remove dependency from Windows or Unix (Solaris) OS, hence it is only available as OVA deployment image to be used under virtualized environment and can take benefit of virtualized infrastructure.
  FOllowing are the download links :
  Download LMS 4.2 here
  Download PI 2.1 here 
  -Thanks
  Vinod
  **Encourage Contributors. RATE Them.**

• Communicating with LMS and System Users

  Thanks in advance for your help. I am looking for a solution and wondering if my request is even possible. Our training module needs to be able to communicate with our clients LMS and determine whether a user has taken our course previously or not. This functionality should guide the user to a specific path depending on their history. Is this even possible!? if so PLEASE HELP! Thanks again in advance!
  Hines,

  If you manage to get the LMS to send this information in the form of a URL variable (e.g. www.mycourse.com?userName=Fred&doneCourseBefore=1) then there are ways to get that information from the URL via Javascript and then ActionScript into the course.
  I think Jim Lechlitner wrote a post on something similar a while back on these forums.  He's the JavaScript guru around here. I couldn't find the exact post, but here's one that should get you some useful info about using JS with Captivate: http://forums.adobe.com/message/3645857#3645857

• Single SSID and ACS

  Hi,
  I would like your help in the following scenario, we currently have a setup of CAS CAM, LDAP, WISM and ACS,
  The main point I'm focusing on is the ACS and WISM.
  Users are to obtain wireless access using a single SSID, and upon validation of credentials, they should gain access to one of 3 vlans, guest, data and voice, the use of separate SSID per vlan was highly discouraged by customer.
  Would appreciate your advice on the best feasible way to implement this.
  Regards,

  Hi,
  You can have single SSID in your setup. You need to set up feature called Dynamic VLAN Assignment.
  Check out this link,
  http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  Regards,
  ~JG
  Please rate if that helps !

• Still struggling with Captivate 6, Oracle LMS and SCORM 2004

  Still can't get this course tracking with scores.  Herewith the screen shot.  Does anyone know if the settings I have chosen for the quiz are correct.  When I load the published course into the lms and test it, it shows "not attempted" prior to opening it and it gives the final score on the last quiz slide.  There is a slide after the last quiz slide.  It still seems not to transfer the scores to the lms.  I recently found out that we have Scorm 2004 version 4, so I changed the configuration setting as it was defaulted to version 3, but that still hasn't helped with the scores.  Under the start and end settings, I have chosen close project for the end.   I have been through a week of torture with this course!  Please can anyone assist as I'm not sure what to do anymore!

  Oh no.  Now I'm panicking!  I will try it.  Thanks
  Mrs T Cassisa
  Oracle Learning Management Practitioner
  Tel: 27 (21) 403 3069
  Fax: 27 (21) 403 3333
  www.parliament.gov.za
  >>> RodWard <[email protected]> 2/26/2014 11:20 AM >>>
  Re: Still struggling with Captivate 6, Oracle LMS and SCORM 2004
  created by RodWard in Quizzing/LMS - View the full discussion
  This sounds like you have some major issue in this course project file.
  Breaking it up into smaller files might not fix your issue.
  I suggest you create a new blank CPTX project file, add one true/false quiz question, set it to report to LMS with the settings you have above, publish as a single SCO package zip file, and upload to both your LMS and SCORM cloud.
  If this file doesn't even work, your installation of Captivate would have to be suspect and nothing you do in course module is going to fix that until you work out what the problem is.  If this very simple single-SCO lesson plays OK and reports successfully to the LMS, then we need to figure out what is lacking in your current file. 
  It could be that your current file has somehow become corrupted.  See the suggestions here for how to debug general corruption issues:
  http://www.infosemantics.com.au/adobe-captivate-troubleshooting/basic- troubleshooting-techniques
  Please note that the Adobe Forums do not accept email attachments. If you want to embed a screen image in your message please visit the thread in the forum to embed the image at http://forums.adobe.com/message/6158090#6158090
  Replies to this message go to everyone subscribed to this thread, not directly to the person who posted the message. To post a reply, either reply to this email or visit the message page: http://forums.adobe.com/message/6158090#6158090
  To unsubscribe from this thread, please visit the message page at http://forums.adobe.com/message/6158090#6158090. In the Actions box on the right, click the Stop Email Notifications link.
  Start a new discussion in Quizzing/LMS at Adobe Community
  For more information about maintaining your forum email notifications please go to http://forums.adobe.com/thread/416458?tstart=0.

• SAP LMS and e-learning

  Hi guys
  Can anyone send me any goodl inks that provide SAP LMS documentation and e-learning modules?? If you have any good material on the same, pls send it to [email protected]
  whats the future prospects for LMS and e-learning?
  regards
  M A
  Message was edited by:
          Shakir

  Hi shakir!
  please go through this documentation:
  http://help.sap.com/erp2005_ehp_01/helpdata/de/30/e63a3c24b4a00ae10000000a11402f/frameset.htm
  The future prospects are that the LMS will be evaluated so far that it can deal with the highest technology from the content provider side.
  The e-learning plays even more role within the huge organisations.
  If you would like to know more about please send me direct questions.
  Have a very nice day and I hope I was able to direct you to the right way!
  Best regards,
  Zsolt

• 1100 AP and ACS 3.1 with LEAP

  Anyone been able to get this to work? I saw the link on how to configure LEAP with the 352 AP and ACS but dont see anything for the 1100. Been following the documentation for the 1100 and ACS and still no Joy.
  1120 AP latest Firmware
  ACS 3.1 win2k
  Client ACU latest software

  To configure LEAP on AP1100, you need to enable WEP & enable EAP and Open authentication. Here is the link which explains what you need to configure on AP and on Client based on security feature.
  http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/ap11icg/ivicgaut.htm#xtocid4
  On top of that link, it explains what to configure on AP1100 too.
  For other config on AP1100, visit
  http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/ap11icg/index.htm