Network Assistant and TACACS+

Similar Messages

• Cisco Network Assistant, and Linksys Switches?

  Hi all,
  Given that Cisco owns Linksys, that CNA seems aimed at the small/medium business market, and that many of those businesses (like me) probably mix and match Linksys managed switches (like the SRW series) as leaf switches hanging off other higher end Cisco network gear, It seems to me that making CNA ccapable of discovering and managing those Linksys switches would make a lot of sense.
  Is there any hope or plan for this in the future?
  -Kyle

  I would like to see this as well.  I have nine Linksys SRW2024 units and it is a pain to go into each one seperately.  I am used to the Cisco Network Assistant and it would greatly help if they could talk to LinkSys smart switches.  Please!
  -Milt Hull

• Cisco Network Assistant and add to comunity problem via HTTPS

  hello,
  i have big network of cisco switches and all is in my cisco network assistant in comunity connected via HTTPS. if i add new switch to network (all for HTTPS access is configured good: domain name, ip http secure-server, authenticate locale ...) and if i can add this switch to comunity (right click on icon and ADD TO COMUNITY), CNA say "Unable to Connect", because it can connect to switch via HTTP (i have disable it on switch), not via HTTPS. i have never version of CNA ... where is problem? why it not connect to switch via HTTPS? hmmm? thank you ... Peter

  "The HTTP server interface must be enabled to display the network assistant. " Source.
  You can put an access-list on the http server if you are concerned about security exposure.

• Cisco Network Assistant and IOS

  Does Cisco Network Assistant require a certain Ciso IOS to work?

  Hi,
  My understanding is that CNA is limited to a certain set of platforms, as indicated here:
  http://www.cisco.com/en/US/products/ps5931/products_data_sheet0900aecd8034fbf1.html
  AS long as you have a supported device, I don't believe you need a special IOS version in order to use it.
  Hope that helps - pls rate the post if it does.
  Paresh

• Question about Cisco Network Assistant and authentication

  I'm trying to manage several 3750 stacks using CNA and it's able to authenticate with all but two of the stacks (these are NOT cluster members).  During the discovery process, CNA keeps prompting for a username/password.  We use TACACS+ so I give it the same username/password that I would when I login using SSH.  Here's where things come off the rails for me.  If I go to my ACS server and pull up troubleshooting and the load up CNA I do not see any activity.  If I turn on debugs on the switch here's the output I get while trying to connect with CNA:
  3750-Fire-Access-Sw2#show debug
  General OS:
    TACACS+ events debugging is on
    TACACS+ authentication debugging is on
    TACACS+ authorization debugging is on
    TACACS+ packets debugging is on
    AAA Authentication debugging is on
    AAA Authorization debugging is on
  HTTP Server:
    HTTP Server Authentication debugging is on
  3750-Fire-Access-Sw2#termin
  3750-Fire-Access-Sw2#terminal mon
  3750-Fire-Access-Sw2#terminal monitor
  3750-Fire-Access-Sw2#
  Mar  4 16:26:19: HTTP: Authentication failed for level 15
  The funny thing is that if I do these same debugs on a switch that works I get this:
  3750-Saints-Access#
  Mar  4 16:32:25: HTTP: Priv level granted 15
  Mar  4 16:32:25: AAA/BIND(000005A8): Bind i/f
  (this is repeated several dozen times)
  My understanding of ip http is that if no authentication is enabled it uses the authenication method used by vty (the switch is using http server version 1).  The switch is configured to use aaa/tacacs for vty.  If that is the case then why don't I see activity in ACS and why don't a see a bunch of output from all of the other debugs?  How is CNA authenticating with the switch? 

  Does anybody else think Cisco's aaa new-model configuration is as clear as mud?  For what it's worth, I figured out the problem (just in case anybody else has the same issue).  What killed me was this line:
  aaa authentication enable default group tacacs+ enable
  There's nothing wrong with this command.  I think all it's saying is exec privilege can be provided by tacacs+ OR the locally configured enable secret/password.  The problem for me was that the user account I was using to login just happened to have a different password (in Active Directory) than it did on the local switch for TWO of the ten switch stacks I was trying to group together.  The other switch stacks had the same enable secret as the user account's password.  Now what I don't understand is why the switch decided to look at the enable secret first before trying tacacs.  That doesn't seem logical to me.  How does the switch make this decision?  Is that documented anywhere?

• Captive Network Assistant checks 249 different airport, hotel and other misc WiFi hotspots adding a good 3 minutes to my startup time.

  Hey there,
  During startup of my MacBook Pro, Captive Network Assistant checks 249 different airport, hotel and other misc. WiFi hotspots. Proabaly adding a good 3 minutes to my startup time. ***? This all started while I was on extended layover at Amsterdam Schiphol Airport.
  I thought Captive Network Assistant was an iOS thing. No iOS devices in my home or office. Here's a portion of the console log during startup.
  2/20/12 4:34:13.000 PM kernel: en1: 802.11d country code set to 'US'.
  2/20/12 4:34:13.000 PM kernel: en1: Supported channels 1 2 3 4 5 6 7 8 9 10 11 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165
  2/20/12 4:34:15.000 PM kernel: MacAuthEvent en1   Auth result for: 00:26:0a:ee:8f:b3  MAC AUTH succeeded
  2/20/12 4:34:15.000 PM kernel: wlEvent: en1 en1 Link UP
  2/20/12 4:34:15.000 PM kernel: AirPort: Link Up on en1
  2/20/12 4:34:15.000 PM kernel: en1: BSSID changed to 00:26:0a:ee:8f:b3
  2/20/12 4:34:16.386 PM genatsdb: *GENATSDB* FontObjects generated = 495
  2/20/12 4:34:16.426 PM ntpd: bind(26) AF_INET6 fe80::fa1e:dfff:fed8:2f6d%5#123 flags 0x11 failed: Can't assign requested address
  2/20/12 4:34:16.426 PM ntpd: unable to create socket on en1 (5) for fe80::fa1e:dfff:fed8:2f6d#123
  2/20/12 4:34:23.308 PM configd: network configuration changed.
  2/20/12 4:34:23.425 PM UserEventAgent: CaptiveNetworkSupport:CaptivePublishState:1211 en1 - Probe
  2/20/12 4:34:23.552 PM UserEventAgent: CaptiveNetworkSupport:CNSPreferencesBuildSSIDLookup:278 ssidLookup:
  2/20/12 4:34:23.552 PM UserEventAgent:   Estancia La Jolla
  2/20/12 4:34:23.552 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.552 PM UserEventAgent:   PatientInternet
  2/20/12 4:34:23.552 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.552 PM UserEventAgent:   MONZOON
  2/20/12 4:34:23.552 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.553 PM UserEventAgent:   !Blue Peaks Public Wireless*~
  2/20/12 4:34:23.554 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.554 PM UserEventAgent:   AIELKHORN
  2/20/12 4:34:23.554 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.554 PM UserEventAgent:   Goldies341
  2/20/12 4:34:23.554 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.555 PM UserEventAgent:   Royal on the Park Brisbane Pub
  2/20/12 4:34:23.555 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.555 PM UserEventAgent:   hcc
  2/20/12 4:34:23.555 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.555 PM UserEventAgent:   wireless_yokum
  2/20/12 4:34:23.555 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.556 PM UserEventAgent:   Picospot
  2/20/12 4:34:23.556 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.556 PM UserEventAgent:   bytelynk
  2/20/12 4:34:23.556 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.556 PM UserEventAgent:   Lynmar
  2/20/12 4:34:23.556 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.556 PM UserEventAgent:   WEBbeams-Argo Tea
  2/20/12 4:34:23.556 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.556 PM UserEventAgent:   ETHOSTREAM
  Several hunderd lines of the same omitted..........
  2/20/12 4:34:23.556 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.556 PM UserEventAgent:   bigwireless
  2/20/12 4:34:23.556 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.556 PM UserEventAgent:   ParkInn-ethostream
  2/20/12 4:34:23.556 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.556 PM UserEventAgent:   High Speed Internet
  2/20/12 4:34:23.581 PM UserEventAgent:   OBC_wireless
  2/20/12 4:34:23.581 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.581 PM UserEventAgent:   BTOpenzone-CaffeNero
  2/20/12 4:34:23.581 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.581 PM UserEventAgent:   Airport View
  2/20/12 4:34:23.581 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.581 PM UserEventAgent:   Telefonica
  2/20/12 4:34:23.581 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.581 PM UserEventAgent:   Oaks Calypso Public Wireless
  2/20/12 4:34:23.582 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.582 PM UserEventAgent:   White Sands Beach Resort
  2/20/12 4:34:23.582 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.582 PM UserEventAgent:   public-supsi
  2/20/12 4:34:23.582 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.582 PM UserEventAgent:   La Quinta Inn
  2/20/12 4:34:23.582 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.582 PM UserEventAgent:   radisson
  2/20/12 4:34:23.582 PM UserEventAgent:       0 : com.apple.cnstest
  2/20/12 4:34:23.582 PM UserEventAgent: *** process 11 exceeded 500 log message per second limit  -  remaining messages this second discarded ***
  2/20/12 4:34:23.910 PM UserEventAgent: CaptiveUserAgent:doLaunchWebsheet:119 can't run websheet, -43
  2/20/12 4:34:23.926 PM configd: network configuration changed.
  2/20/12 4:34:24.016 PM com.apple.launchd: (com.apple.xprotectupdater[51]) Exited with code: 253
  Looking at the times, I see this only takes a fraction of a second but my startup time is still much much longer than it ever was or should.
  Does anyone have any idea on how to get rid of this? I deleted the Captive Network Assistant.app from my computer but the checking continues. It seems to be a rarely mentioned issue doing a web search, and nothing like this, although  it's referred to in certain articles.
  Really weird.
  Gregg

  I'd take another look at your startup log.
  If you look closely, you'll see that all those log messages occurred in the space of 30 milliseconds - by comparison, a human blink takes about 150 milliseconds.
  So while I don't doubt you're seeing slow startup time, I don't think CaptiveNetworkSupport is the culprit, per se.
  Fortunately, since every startup event is timestamped, it should be easy enough to determine what task is taking the most time.
  As for CNS, it's not just an iOS thing - it's standard in Mac OS X, too. I'm also under the impression (but can't confirm) that it only checks the networks that you've previously connected to, so check System Preferences -> Network -> AirPort -> Advanced -> WiFi and delete any networks you no longer use or expect to connect to.

• I set up a new router and the windows machines have no problem with connectivity.  I go through the MacBook Pro's airport assistant and view my network and then enter the WPA2 password.  I get back a message saying the password is incorrect when it is

  I set up a new router and the windows machines connect fine.  My MacBook Pro does not.  I go through the airport assistant and see the network yet when I enter the router WPA password I get a message back saying that the password is incorrect.  And, it isn't!  Very frustrating.  What can I do as I had the same problem after I tried to reinstall my last router.  Again, only on the Mac.  Thanks!

  If you kept the same Base Station name and network name, that can confuse Keychain Access. Either change the Base Station and network name, or open Keychain Access Utility and delete any reference to your Base Station and network name. Make sure you delete from the Login and System keychains.

• ESW-520-24-K9 and Cisco Network Assistant

  HI,
  Is this switch model ESW-520-24-K9 is supported by Cisco Network Assistant.
  In the leatest release notes of CNA are supported Catalyst Express 520 Series Switches and this model WS-CE520-24TT-K9 is on the supported list.
  But the mention model above is EoL and the new one is ESW-520-24-K9.
  Thanks,
  Kamil

  Hi Dave,
  Thanks for your replay.
  Yes, you are right that this switch model is supported by CCA but not by Cisco Network Assistant.
  These programs are different in functionality.
  The situation has become clearer, since the customer bought the Cisco Catalyst 2960 series switch.
  Kamil

• My iMac does not connect to internet via wireless after I log in. I have to open network preferences and run the assistant everytime to make it work. Its a new system, updated to Mountain Lion,.

  My iMac does not connect to internet via wireless after I log in. I have to open network preferences and run the assistant everytime to make it work. Its a new system, updated to Mountain Lion,.

  Hi, this has worked for a few...
  Make a New Location, Using network locations in Mac OS X ...
  http://support.apple.com/kb/HT2712
  10.7…
  System Preferences>Network, top of window>Locations>Edit Locations, little plus icon, give it a name.
  10.5.x/10.6.x/10.7.x instructions...
  System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
  The interface that connects to the Internet should be dragged to the top of the list.
  Instead of joining your Network from the list, click the WiFi icon at the top, and click join other network. Fill in everything as needed.
  For 10.5/10.6, System Preferences>Network, unlock the lock if need be, highlight the Interface you use to connect to Internet, click on the advanced button, click on the DNS tab, click on the little plus icon, then add these numbers...
  208.67.222.222
  208.67.220.220
  Click OK.
  Also, turn off IPv6:
  System Preferences » Network » AirPort » TCP/IP tab » Configure IPv6
  Or whatever Interface you use.

• Migration assistant, Network Settings, and Printers

  When you use migration assistant, and you uncheck the box to migrate network settings, does that mean printers are not transferred? Are printers considered part of "network settings", whether they are local or actual network printers?

  Printers are not part of network settings. Network settings include the preferences configured in Network preferences and the preference files for the network from /Library/Preferences/SystemConfiguration/. Printer settings are part of the Print & Fax configuration. They will be transferred unless you choose not to migrate preferences.

• 2960S-48FPD and Cisco network Assistant

  Hi all,
  I'm using Cisco network Assistant V5.5 and when I try to discover WS-C2960S-48FPD-L I have this message :
  Unsuported device type ... cannot add device to commuity
  Any have a solution to that problem ??
  Thank's, Laurent

  Hi Laurent,
  This switch is not supported by Cisco Network Assistant yet.

• WS-2960-48TC-L and Cisco Network Assistant

  Hello all!
  I have WS-2960-48TC-L in
  #show ver
  Switch Ports Model              SW Version            SW Image
  *    1 50    WS-C2960+48TC-L    15.0(2)EZ             C2960-LANBASEK9-M
  In Cisco Network Assistant (ver. 5.8.(9.1)) I can not  add a switch to the community? And Why in Model string we have + (plus) but not - (dash)
  Sorrry for my bad English.

  Hi Dave,
  Thanks for your replay.
  Yes, you are right that this switch model is supported by CCA but not by Cisco Network Assistant.
  These programs are different in functionality.
  The situation has become clearer, since the customer bought the Cisco Catalyst 2960 series switch.
  Kamil

• Cisco Network Assistant 5.5 and WS-X4013+10GE

  I have installed CNA 5.5 and it works fine with most of the devices, including catalyst 4500 series with different supervisors (WS-X4013+, WS-X4013+TS, WS-X45 SUP6-E).
  It can also detect supervisor WS-X4013+10GE, but CNA failed to show this device in Front Panel View. Is there anything I have to do to make the devices with Supervisor WS-X4013+10GE to be shown in Front Panel View?
  WS-X4013+10GE are in either 4503 or 4506 chassis, running IOS version 12.2(31)SGA or 12.2(40)SG.
  Please give some hints, thanks.
  Rgds,
  Sunny

  I  downloaded Cisco Network Assistant 5.5, everytime when I try to run
  I get error message "Could not creat Java virtual Machine' any idea how
  to solve this?
  To overcome this problem, open the file C:\Program Files\Cisco Systems\CiscoSMB\Cisco Network Assistant\startup\startup.properties (the default installation path), and modify this entry:
  JVM_MAXIMUM_HEAP=1024m
  Replace 1024m with a lower setting that does not exceed the available RAM. There is no way to foresee what value will work. Try 512m, and lower it further if necessary. You can use the dial peer tag range 2500 to 2999 out-of-band to define your own dial peers.
  Check out the below link for more information
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_network_assistant/version5_0/release/notes/OL12210a.html
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• Ever since i updated to ios 8.3, my imessage has been on "Waiting for Activation" Please who can assist? i have reset the network settings and also have restarted the phone.

  ever since i updated to ios 8.3, my imessage has been on "Waiting for Activation" Please who can assist? i have reset the network settings and also have restarted the phone.

  same problem here

• Network Assistant freezeing

  I recently reinstalled OS X 10.3.9 with the option of maintaining my user information. When I started it up, I had to create a new user, then drag my files from its folders (Desktop, Music, etc.) to the new user's folder for some programs (ie. Itunes) to use them. That went fine.
  What didn't work is my Airport, I tried to add it in the Network section of the systems prefrences using the "Assist Me" Icon. That was going fine, I named my location, choose that I connect to the internet using Airport, then IT asked me to cut my airport on, it did, and the wireless network that I connect to showed in the selection, I click it and pushed next, and then it stated that it was going to try to connect to that network.
  And that's when it started acting up, and did not connect. Bottom line, I can't get on the internet, I tried directly through the Ethernet, and that did not work either.
  I think it is a problem with my network info, and not moving whatever files assiociated from my old system. Is there a way or a proceedure to update the new system with the old network information.
  PS I am running OS X 10.3.9
  Thanks a million for your time and assistance, enjoy your mac.
  -Diblio

  Last problem is aaa authentication, that fails in some switch while in others works.
  My configuration is the same in all switches:
  aaa authentication login default group tacacs+ enable           
  ip http server
  ip http authentication aaa
  Some switches don't try aaa authentication, and debug is:
  Oct  4 11:01:32.551: TAC+: (780243843): received author response status = PASS_ADD
  Oct  4 11:01:39.497: HTTP AAA Login-Authentication List name: tty-in
  Oct  4 11:01:39.497: HTTP AAA picking up console Exec-Authorization List name: default
  Oct  4 11:01:39.497: AAA/AUTHEN/LOGIN (00000000): Pick method list 'tty-in'
  Oct  4 11:01:39.556: HTTP: Authentication failed for level 15
  Oct   4 11:01:41.561: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user:  netassistant] [Source: 192.168.0.2] [localport: 80] [Reason: Login  Authentication Failed] at 13:01:41 MET Tue Oct 4 2011
  Oct  4 11:01:44.598: HTTP AAA Login-Authentication List name: tty-in
  Oct  4 11:01:44.598: HTTP AAA picking up console Exec-Authorization List name: default
  Oct  4 11:01:44.598: AAA/AUTHEN/LOGIN (00000000): Pick method list 'tty-in'
  Oct  4 11:01:44.639: HTTP: Authentication failed for level 15
  Oct   4 11:01:46.644: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user:  netassistant] [Source: 192.168.0.2] [localport: 80] [Reason: Login  Authentication Failed]