No Radius hosts configured...

Similar Messages

• RADIUS-3-NOSERVERS: No radius hosts configured or no valid server present in the server group

  Hi,
  I currently have an C2960 switch with IOS 15.0(2) SE4. To log on the CLI of the switch authentication against a RADIUS server takes place. Accounting is not wanted. The config of the switch is as follows:
  aaa new-model
  aaa group server radius RADIUSGROUP
   server xxx.xxx.xxx.1 auth-port 1812 acct-port 0
   server xxx.xxx.xxx.2 auth-port 1812 acct-port 0
  aaa authentication login default group RADIUSGROUP local
  aaa authentication dot1x default group RADIUSGROUP
  aaaauthorization network default group RADIUSGROUP
  radius server host xxx.xxx.xxx.1 auth-port 1812 acct-port 0 key 7 [encrypted password]
  radius server host xxx.xxx.xxx.2 auth-port 1812 acct-port 0 key 7 [encrypted password]
  It works fine, the authentication and the login are successful, but every login generates a message in the logging of the switch:
  RADIUS-3-NOSERVERS: No radius hosts configured or no valid server present in the server group
  What is going wrong???
  Any help would be appreciated.

      That's going to be something you are going to have to go the cisco TAC with .  That looks to be some kind of software bug.  Also a feature probably not a lot of people actually use and have knowlwedge about.

• ISE continue to receiving authentication message after removed the radius host test configuration on a IOS router

  I have two issues but related and need help:    
  anyone know how to disable or stop a radius host test message send every seconds from a IOS router after the test statement removed and all radius server information removed from the configuration?   I have this odd testing for the new ISE server.  the purpose of testing is not for load balancing, but find out if IOS support different protocol using radius other than PAP if PPP is not used. after the test, I cannot stop it.  I have a case opened with Cisco, the answer is no way to stop it other than reboot the router. I tried to remove aaa new model and add it back, no help. I have put an access-list on the LAN interface deny the IP any to the radius host and port, no match found.
  On the ISE (version 1.1.1), due to the IOS router test cannot be stopped, the alive authentication page fills up all the authentication failure messages. anyone know how to block the host from ISE live authentication log (the router has been removed from the device page)? 
  below is part of messages from the IOS router (version 15.0.1M6) debug. where 10.2.2.144 is the ISE IP and totally removed from the config. there is no any radius or the ISE IP in the config.
  Aug 28 10:21:15.384: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
  Aug 28 10:21:15.384: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
  Aug 28 10:21:15.384: AAA/SG/TEST: Verifying if further testing required to determine server state.
  Aug 28 10:21:15.384: AAA/SG/TEST: DEAD state verification already in progress for server (10.2.2.144:1645,1646).
  Aug 28 10:21:15.384: AAA/SG/TEST: Server (10.2.2.144:1645,1646) assumed DEAD. Dead time updated to 60 secs(s).
  Aug 28 10:21:33.752: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
  Aug 28 10:21:33.976: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
  Aug 28 10:21:33.976: AAA/SG/TEST: Necessary responses NOT received from server (10.2.2.144:1645,1646).
  Aug 28 10:21:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) marked DEAD. Dead time set for 60 sec(s).
  Aug 28 10:21:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) removed from quarantine.
  Aug 28 10:22:33.976: AAA/SG/TEST: Verifying if further testing required to determine server state.
  Aug 28 10:22:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) quarantined.
  Aug 28 10:22:33.976: AAA/SG/TEST: Sending 1 Access-Requests, 1 Accounting-Requests in current batch.
  Aug 28 10:22:33.976: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
  Aug 28 10:22:33.976: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
  Aug 28 10:22:33.976: AAA/SG/TEST: Verifying if further testing required to determine server state.
  Aug 28 10:22:33.976: AAA/SG/TEST: DEAD state verification already in progress for server (10.2.2.144:1645,1646).
  Aug 28 10:22:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) assumed DEAD. Dead time updated to 60 secs(s).
  Aug 28 10:22:52.760: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
  Aug 28 10:22:53.176: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
  Aug 28 10:22:53.176: AAA/SG/TEST: Necessary responses NOT received from server (10.2.2.144:1645,1646).
  Aug 28 10:22:53.176: AAA/SG/TEST: Server (10.2.2.144:1645,1646) marked DEAD. Dead time set for 60 sec(s).
  Aug 28 10:22:53.176: AAA/SG/TEST: Server (10.2.2.144:1645,1646) removed from quarantine.
  Aug 28 10:21:15.384: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
  Aug 28 10:21:15.384: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
  Aug 28 10:21:15.384: AAA/SG/TEST: Verifying if further testing required to determine server state.
  Aug 28 10:21:15.384: AAA/SG/TEST: DEAD state verification already in progress for server (10.2.2.144:1645,1646).
  Aug 28 10:21:15.384: AAA/SG/TEST: Server (10.2.2.144:1645,1646) assumed DEAD. Dead time updated to 60 secs(s).
  Aug 28 10:21:33.752: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
  Aug 28 10:21:33.976: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
  Aug 28 10:21:33.976: AAA/SG/TEST: Necessary responses NOT received from server (10.2.2.144:1645,1646).
  Aug 28 10:21:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) marked DEAD. Dead time set for 60 sec(s).
  Aug 28 10:21:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) removed from quarantine.
  Aug 28 10:22:33.976: AAA/SG/TEST: Verifying if further testing required to determine server state.
  Aug 28 10:22:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) quarantined.
  Aug 28 10:22:33.976: AAA/SG/TEST: Sending 1 Access-Requests, 1 Accounting-Requests in current batch.
  Aug 28 10:22:33.976: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
  Aug 28 10:22:33.976: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
  Aug 28 10:22:33.976: AAA/SG/TEST: Verifying if further testing required to determine server state.
  Aug 28 10:22:33.976: AAA/SG/TEST: DEAD state verification already in progress for server (10.2.2.144:1645,1646).
  Aug 28 10:22:33.976: AAA/SG/TEST: Server (10.2.2.144:1645,1646) assumed DEAD. Dead time updated to 60 secs(s).
  Aug 28 10:22:52.760: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
  Aug 28 10:22:53.176: AAA/SG/TEST: No Test response from server (10.2.2.144:1645,1646)
  Aug 28 10:22:53.176: AAA/SG/TEST: Necessary responses NOT received from server (10.2.2.144:1645,1646).
  Aug 28 10:22:53.176: AAA/SG/TEST: Server (10.2.2.144:1645,1646) marked DEAD. Dead time set for 60 sec(s).
  Aug 28 10:22:53.176: AAA/SG/TEST: Server (10.2.2.144:1645,1646) removed from quarantine.
  Thanks in advance,

  It seems reload is the only way to fix it. I don't think there is any way to stop or ignore messages for specific host in live authentication page of ISE. From security point of view it is required to logs all the authentication hits.
  Regards,
  ~JG
  Do rate helpful posts!

• Error displaying host configuration

  I'm running version 10.2.0.1 of OEM on a Windows 2003 advanced server and I get
  the following error message when trying to view the charts for my cpu target: "Error displaying host configuration - Host Configuration"
  I also get the following error message:
  "Error getting data from the repository for target txsna09egssrv03.ITServices..... Exception: java.sql.SQLException: ORA-20206: ORA-06512: at "SYSMAN.EMD_MNTR_HOST", line 243 ORA-01403: no data found ORA-06512: at line 1"
  Any help with this would be greatly appreciated.
  Thanks

  I am also getting the same error, when i click host under general section of oem database control's homepage, but on the homepage itself, i have an alert under the secion RELATED ALERTS.
  That alert says "Memory Utilization is 99.77%" and when i click that, it is showing me the host configuration and i can monitor the host.
  why is the host link on the homepage gives an error whereas i can monitor the host through the related alerts.
  i have oracle 10g database server and have client running on rhel4.
  thanks!

• Host Configuration not found error in database control

  I have freshly installed Oracle DB 11g and a starter database.
  Then i went to emctl (database control), at the home tab, I noticed the status is up (Green up arrow icon) but the "Instance Name", "Version", "Up Until" entries have the value "unknown"
  And then when i Click on the "view all properties link", I noticed that the ORACLE_HOME entry has a warning icon after the entry. Then when you click on the ORACLE_HOME entry link, I get a page saying
  Host Configuration not found. Check to see if the target exists.Whats happening? Did I miss something in my installation?
  regards,
  Anton

  What is the OS?. Have you seen the Metalink note: 353681.1
  Subject: Problem: Click on ORACLE_HOME gets "Host Configuration not found. Check to see if the target exists"
  Doc ID: 353681.1 Type: PROBLEM
  Modified Date : 30-JUL-2007 Status: PUBLISHED

• The remote desktop session host configuration & Remote session shadowing options missing in Windows server 2012.

  Hi All,
  I am using a Windows server 2012 Standard. When i leave my session idle for more than 20 min it disconnects and post more 20 minutes my session is logged off.
  I know this setting can be changed from Remote desktop session host configuration in Windows server 2008 R2. But this option "Remote desktop session host configuration" is not there in Windows server 2012. Does any one have an idea where do i go
  and edit these settings in the Server 2012 o/s ?
  Also the Remote session shadowing option is also not available when i right click a user in the task manager. Any idea on an alternate method in Windows server 2012 ?
  Gautam.75801

  Exactly WHERE are the W2K12 R2 equivalent GPO settings to W2K8 R2 GPO settings of "Set time limit for disconnected sessions" and "set time limit for active but idle Remote Desktop Services
  sessions"?  Microsoft changed the remote desktop/terminal services around.  
  Appreciate it.
  Matt
   Policy Path 
   Scope 
   Policy Setting Name 
   Windows Components\Remote Desktop   Services\Remote Desktop Session Host\Session Time Limits 
   User 
   End session when time limits are   reached 
   Windows Components\Remote Desktop   Services\Remote Desktop Session Host\Session Time Limits 
   Machine 
   End session when time limits are   reached 
   Windows Components\Remote Desktop   Services\Remote Desktop Session Host\Session Time Limits 
   User 
   Set time limit for disconnected   sessions 
   Windows Components\Remote Desktop   Services\Remote Desktop Session Host\Session Time Limits 
   Machine 
   Set time limit for disconnected   sessions 
   Windows Components\Remote Desktop   Services\Remote Desktop Session Host\Session Time Limits 
   User 
   Set time limit for active but idle   Remote Desktop Services sessions 
   Windows Components\Remote Desktop   Services\Remote Desktop Session Host\Session Time Limits 
   Machine 
   Set time limit for active but idle   Remote Desktop Services sessions 
   Windows Components\Remote Desktop   Services\Remote Desktop Session Host\Session Time Limits 
   User 
   Set time limit for active Remote   Desktop Services sessions 
   Windows Components\Remote Desktop   Services\Remote Desktop Session Host\Session Time Limits 
   Machine 
   Set time limit for active Remote   Desktop Services sessions 
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Re: All on One Host Configuration

  Evaluation mode runs on a single host. Please note that it is called evaluation mode because scale-able production deployments are NOT supported in evaluation mode.

  Hi,
  A small correction: There are two single host configurations for VDI ("All on One Host" and "VDI Demo").
  * All on One Host - http://wikis.sun.com/display/VDI3/Supported+Configurations#SupportedConfigurations-AllonOneHost
  * VDI Demo - http://wikis.sun.com/display/VDI3/Getting+Started+-VDIDemo
  The VDI Demo is not a supported production environment configuration, but the "All on One Host" configuration is fully supported as long as you have an extra support contract with MySQL to cover the InnoDB engine.
  Best regards,
  Stephanie

• EAP-TLS with Radius Server configuration (1130AG)

  Hi All,
  Im currently tryign to get eap-tls user certificate based wireless authentication working. The mismatch of guides im trying to follow has me ocming up trumps with success so far, so heres hoping you guys can right me wrongs and put me on the right path again.
  My steps for radius:- (i think this part ive actually got ok)
  http://technet.microsoft.com/en-us/library/dd283091(v=ws.10).aspx
  Steps for the wirless profile on a win 7 client:- this has me confused all over the place
  http://technet.microsoft.com/en-us/library/dd759246.aspx
  My 1130 Config:-
  [code]
  Current configuration : 3805 bytes
  ! Last configuration change at 11:57:56 UTC Fri Jan 25 2013 by apd
  ! NVRAM config last updated at 14:43:51 UTC Fri Jan 25 2013 by apd
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname WAP1
  aaa new-model
  aaa group server radius RAD_EAP
  server 10.1.1.29 auth-port 1812 acct-port 1813
  aaa authentication login default local
  aaa authentication login EAP_LOGIN group RAD_EAP
  aaa authorization exec default local
  aaa authorization network default local
  aaa session-id common
  ip domain name ************
  dot11 syslog
  dot11 ssid TEST
     authentication open eap EAP_LOGIN
     authentication network-eap EAP_LOGIN
     guest-mode
  crypto pki trustpoint TP-self-signed-1829403336
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1829403336
  revocation-check none
  rsakeypair TP-self-signed-1829403336
    quit
  username ***************
  ip ssh version 2
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid TEST
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  ssid TEST
  no dfs band block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.1.2.245 255.255.255.0
  ip helper-address 10.1.1.27
  no ip route-cache
  no ip http server
  ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  radius-server host 10.1.1.29 auth-port 1812 acct-port 1813 key **************
  radius-server key ************
  bridge 1 route ip
  line con 0
  logging synchronous
  transport preferred ssh
  line vty 0 4
  logging synchronous
  transport input ssh
  sntp server 130.88.212.143
  end
  [/code]
  and my current debug
  [code]
  Jan 25 12:00:56.703: dot11_auth_send_msg:  sending data to requestor status 1
  Jan 25 12:00:56.703: dot11_auth_send_msg: Sending EAPOL to requestor
  Jan 25 12:00:56.703: dot1x-registry:registry:dot1x_ether_macaddr called
  Jan 25 12:00:56.703: dot11_auth_dot1x_send_id_req_to_client: Client 74de.2b81.56c4 timer started for 30 seconds
  WAP1#
  Jan 25 12:01:26.698: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for 74de.2b81.56c4
  Jan 25 12:01:26.698: dot11_auth_dot1x_send_client_fail: Authentication failed for 74de.2b81.56c4
  Jan 25 12:01:26.698: dot11_auth_send_msg:  sending data to requestor status 0
  Jan 25 12:01:26.698: dot11_auth_send_msg: client FAILED to authenticate 74de.2b81.56c4, node_type 64 for application 0x1
  Jan 25 12:01:26.699: dot11_auth_delete_client_entry: 74de.2b81.56c4 is deleted for application 0x1
  Jan
  WAP1#25 12:01:26.699: %DOT11-7-AUTH_FAILED: Station 74de.2b81.56c4 Authentication failed
  Jan 25 12:01:26.699: dot11_aaa_upd_accounting: Updating attributes for user: 74de.2b81.56c4
  Jan 25 12:01:26.699: dot11_aaa_upd_accounting: Updating attributes for user: 74de.2b81.56c4
  Jan 25 12:01:26.699: dot11_auth_client_abort: Received abort request for client 74de.2b81.56c4
  Jan 25 12:01:26.699: dot11_auth_client_abort: No client entry to abort: 74de.2b81.56c4 for application 0x1
  Jan 25 12:01:27.580: AAA/BIND(000000
  WAP1#12): Bind i/f
  Jan 25 12:01:27.580: dot11_auth_add_client_entry: Create new client 74de.2b81.56c4 for application 0x1
  Jan 25 12:01:27.580: dot11_auth_initialize_client: 74de.2b81.56c4 is added to the client list for application 0x1
  Jan 25 12:01:27.581: dot11_auth_add_client_entry: req->auth_type 0
  Jan 25 12:01:27.581: dot11_auth_add_client_entry: auth_methods_inprocess: 2
  Jan 25 12:01:27.581: dot11_auth_add_client_entry: eap list name: EAP_LOGIN
  Jan 25 12:01:27.581: dot11_run_auth_methods: Start aut
  WAP1#h method EAP or LEAP
  Jan 25 12:01:27.581: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  Jan 25 12:01:27.581: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 74de.2b81.56c4
  Jan 25 12:01:27.581: EAPOL pak dump tx
  Jan 25 12:01:27.581: EAPOL Version: 0x1  type: 0x0  length: 0x002B
  Jan 25 12:01:27.581: EAP code: 0x1  id: 0x1  length: 0x002B type: 0x1
  01801670:                   0100002B 0101002B          ...+...+
  01801680: 01006E65 74776F72 6B69643D 54455354  ..networkid=TEST
  WAP1#
  01801690: 2C6E6173 69643D41 50445741 50312C70  ,nasid=WAP1,p
  018016A0: 6F727469 643D30                      ortid=0
  Jan 25 12:01:27.582: dot11_auth_send_msg:  sending data to requestor status 1
  Jan 25 12:01:27.582: dot11_auth_send_msg: Sending EAPOL to requestor
  Jan 25 12:01:27.582: dot1x-registry:registry:dot1x_ether_macaddr called
  Jan 25 12:01:27.583: dot11_auth_dot1x_send_id_req_to_client: Client 74de.2b81.56c4 timer started for 30 seconds
  WAP1#
  [/code]
  Can anyone point me in the right direction with this?
  i also dont like it that you can attempt to join the network first before failing
  can i have user cert based + psk? and then apply it all by GPO
  Thanks for any help

  ok ive ammdened the wireless profile as suggested
  i already have the root ca and a user certificate installed with matching usernames
  I had already added the radius device to the NPS server and matched the keys to the AP
  now heres the debug im getting, when i check the NPS server, still doesnt look like its getting any requests at all :|
  Jan 29 11:53:13.501: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for 74de.2b81.56c4
  Jan 29 11:53:13.501: dot11_auth_dot1x_send_client_fail: Authentication failed for 74de.2b81.56c4
  Jan 29 11:53:13.501: dot11_auth_send_msg:  sending data to requestor status 0
  Jan 29 11:53:13.501: dot11_auth_send_msg: client FAILED to authenticate 74de.2b81.56c4, node_type 64 for application 0x1
  Jan 29 11:53:13.501: dot11_auth_delete_client_entry: 74de.2b81.56c4 is deleted for application 0x1
  Jan
  WAP1#29 11:53:13.501: dot11_mgr_disp_callback: Received message from Local Authenticator
  Jan 29 11:53:13.501: dot11_mgr_disp_callback: Received FAIL from Local Authenticator
  Jan 29 11:53:13.501: dot11_mgr_sm_run_machine: Executing Action(BRIDGE,AUTHENTICATOR_FAIL) for 74de.2b81.56c4
  Jan 29 11:53:13.502: dot11_mgr_sm_send_client_fail: Authentication failed for 74de.2b81.56c4
  Jan 29 11:53:13.502: %DOT11-7-AUTH_FAILED: Station 74de.2b81.56c4 Authentication failed
  Jan 29 11:53:13.502: dot11_mgr_disp_auth_abort
  WAP1#: Sending abort request for client 74de.2b81.56c4 to local Authenticator
  Jan 29 11:53:13.502: dot11_auth_client_abort: Received abort request for client 74de.2b81.56c4
  Jan 29 11:53:13.502: dot11_auth_client_abort: No client entry to abort: 74de.2b81.56c4 for application 0x1
  Jan 29 11:53:14.619: AAA/BIND(00000019): Bind i/f
  Jan 29 11:53:14.619: dot11_mgr_disp_auth_request: Send auth request for client 74de.2b81.56c4 to local Authenticator
  Jan 29 11:53:14.619: dot11_auth_add_client_entry: Create new c
  WAP1#lient 74de.2b81.56c4 for application 0x1
  Jan 29 11:53:14.620: dot11_auth_initialize_client: 74de.2b81.56c4 is added to the client list for application 0x1
  Jan 29 11:53:14.620: dot11_auth_add_client_entry: req->auth_type 0
  Jan 29 11:53:14.620: dot11_auth_add_client_entry: auth_methods_inprocess: 2
  Jan 29 11:53:14.620: dot11_auth_add_client_entry: eap list name: EAP_LOGIN
  Jan 29 11:53:14.620: dot11_run_auth_methods: Start auth method EAP or LEAP
  Jan 29 11:53:14.620: dot11_auth_dot1x_start: in the dot11
  WAP1#_auth_dot1x_start
  Jan 29 11:53:14.620: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 74de.2b81.56c4
  Jan 29 11:53:14.620: EAPOL pak dump tx
  Jan 29 11:53:14.621: EAPOL Version: 0x1  type: 0x0  length: 0x002B
  Jan 29 11:53:14.621: EAP code: 0x1  id: 0x1  length: 0x002B type: 0x1
  01808560: 0100002B 0101002B 01006E65 74776F72  ...+...+..networ
  01808570: 6B69643D 54455354 2C6E6173 69643D41  kid=TEST,nasid=A
  01808580: 50445741 50312C70 6F727469 643D30    WAP1,portid=0
  Jan 29 11:53
  WAP1#:14.621: dot11_auth_send_msg:  sending data to requestor status 1
  Jan 29 11:53:14.621: dot11_auth_send_msg: Sending EAPOL to requestor
  Jan 29 11:53:14.622: dot11_mgr_disp_callback: Received message from Local Authenticator
  Jan 29 11:53:14.622: dot11_mgr_disp_callback: Received DOT11_AAA_EAP from Local Authenticator
  Jan 29 11:53:14.622: dot11_mgr_sm_run_machine: Executing Action(BRIDGE,AUTHENTICATOR_REPLY) for 74de.2b81.56c4
  Jan 29 11:53:14.622: dot11_mgr_sm_send_response_to_client: Forwarding Authenti
  WAP1#cator message to client 74de.2b81.56c4
  Jan 29 11:53:14.622: EAPOL pak dump tx
  Jan 29 11:53:14.622: EAPOL Version: 0x1  type: 0x0  length: 0x002B
  Jan 29 11:53:14.622: EAP code: 0x1  id: 0x1  length: 0x002B type: 0x1
  01808690:                   0100002B 0101002B          ...+...+
  018086A0: 01006E65 74776F72 6B69643D 54455354  ..networkid=TEST
  018086B0: 2C6E6173 69643D41 50445741 50312C70  ,nasid=WAP1,p
  018086C0: 6F727469 643D30                      ortid=0
  Jan 29 11:53:14.623: dot1x-regi

• Primary-secondary radius server configuration

  Hi all ,
        I have a couple of ACS 5.2 configured as active and backup and I am   doing dot 1x authentication using these servers . I have configured the  switch with the bellow configuration.
  radius-server host 10.0.10.15 auth-port 1645 acct-port 1646
  radius-server host 10.0.10.16 auth-port 1645 acct-port 1646
  radius-server key 7 aaaaaaaaaaaaaa
  please help to understand what will happen in switch
  1) in case of primary failure
  2)in case if primary returns alive .
  thanks in advance ,
  Selva

  Hi Selva,
  You need to post all your AAA config. the above lines show you added the radius servers but it is not necessarily all server will be reached. We need to look into the AAA config to see what server groups are configured and what servers under the groups.
  In general, if things are configured correctly:
  - If the primary did not reply at all (down, not reachable...etc) the AAA client (switch in your case) will try the next radius server.
  - If the primary server replies (with access-reject, error, ...etc) the AAA client (switch in your case) send auth failure to the host.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Internal and External Portals be hosted & Configured on Same Portal server?

  Hi Experts,
  Is it possible to host and configure the Internal portal and External Portal on the same portal server?
  If yes, kindly provide the inputs.
  We have a scenario wherein we have to use the same portal server for both kinds of users (Internal as well as External).
  We want to provide separate URLs for both the portals and the datasource for the users management would be different for both the scenarios.
  The user managemnet in case of Internal Portal has to be authenticated to an AD server whereas in case of External Portal the user management would be taken care by UME.
  Please suggest and share some docs if possible.
  Thanks & Regards,
  Anurag

  Hi,
  Can we customise the Portal logon page for both the portals differently?
  I've already customised the portal logon page by modifying the UME properties in the Config Tool but that was done keeping in mind the External Portal users. Now, we want to customise the page for Intranet users but with different options at the logon page.
  How can we achieve this functionality as any property that we modify in either VA or Config Tool will affect both types of portal pages.
  For an eg. we have a Self Registration link for the external users which we do not want for the Intranet users. How is this possible?
  If we design a webdynpro java application for the logon page and for authentication purpose, can we call a home page iview on successful authentication?
  And with this customised webdynpro java application, can we connect to the AD server for the user authentication?
  Best Regards,
  Anurag

• 11g Grid Control - Host Configuration Collection Problems

  Hi Guys,
  I just installed Oracle 11g Grid Control and it has been running for 2 weeks until I recently tried to walk through the parts of it.
  My intention was to clear off all the error messages, critical warnings, alerts, and policy warnings.
  When I arrived at the development summary box, on the home tab, I can see that there is 1 collection problem.
  When I clicked it, I saw that apparently the problem is with the host where I installed the grid control.
  Problem type: Warning during collection of Oracle Software
  message: Unknown WLS Home Location or WLS Version in Middleware Home /u01/app/oracle/product/middleware
  I tried clicking on the "Refresh Host" button, but it didn't solve the problem at all.
  I have also tried to take a look at the targets.xml however it seems the configuration in there are already pointing to the correct path to the weblogic home.
  Please let me know if anyone has a suggestion for this.
  Searching from google doesn't really return anything closely matched to this.
  Thanks,
  Adhika

  What is the intent/timeline for fixing this bug? On MOS, it appears to have a status of "Status 33 - Suspended, Req'd Info not Avail". We are encountering this bug also and I would glady provide information from our systems in order for the issue to be resolved.
  Thanks.
  PostScript: FWIW, Google yielded a blog referencing this error and Doc ID 1433113.1. I am unable to access that document (as was the blogger). Because of this, and another major caveat (our machines with this collection error do not have WLS installed on them), I'm thinking this probably needs to be an SR rather than a forum discussion.
  Edited by: JeriF on Feb 4, 2013 12:00 PM

• Frontend Host Configuring

  I have read the article on Middleware Magic on setting the front end host but when I hit the URL and observe it through httpWatch still shows the appserver/port as the "host".   Doesn't seem to matter what I put in there, it always returns the same thing in the host headers.  Questions:
  1) Is there another tool that shows the host headers and info coming back from the request?
  2) What format should I be filling this parameter in?   Should it have the entire URL in it (like http://sitportal1:7070/fc/Controller.jpf) or just a host name (like sitportal1).  The help doesn't seem to illustrate the format this needs to be input as.  I have tried it pointing the web server front end as well (sitweb2.company.com) but doesn't seem to return anything as the header but the name and port of the WebLogic app server.
  3) The application is deployed to a cluster and I've made the changes there as well, with the same results.   Yes, managed servers were restarted...
  I got points, who wants them?

  Do not know what you are trying to accomplish, but note that the front host setting makes it possible that a certain host name is configured to which redirects are sent (when it is set it rejects the information contained in the host header). It does not change the host header (not to my knowledge anyway).
  The documentation (3 Ensuring the Security of Your Production Environment) sheds some more light on this:
  "When a request on a web application is redirected to another location, the Host header contained in the request is used by default in the Location header of the response. Because the Host header can be spoofed — that is, corrupted to contain a different host name and other parameters — this behavior can be exploited to launch a redirection attack on a third party.
  To prevent the likelihood of this occurrence, set the FrontendHost attribute on either the WebserverMBean or ClusterMBean to specify the host to which all redirected URLs are sent. The host specified in the FrontendHost attribute will be used in the Location header of the response instead of the one contained in the original request."
  or (http://docs.oracle.com/middleware/1212/wls/WLMBR/mbeans/ClusterMBean.html?skipReload=true#FrontendHost)
  "FrontendHost - The name of the host to which all redirected URLs will be sent.
  Sets the HTTP FrontendHost for the default webserver (not virtual hosts) for all the servers in the cluster. Provides a method to ensure that the webapp will always have the correct HOST information, even when the request is coming through a firewall or a proxy. If this parameter is configured, the HOST header will be ignored and the information in this parameter will be used in its place, when constructing the absolute urls for redirects."
  What I understand from this is that you set a host name (for example, google.com, or some other host name that is mapped to an IP-address, or the IP-address itself)  to which the request is to be redirected (and if the application to which the redirect is going is not listening on any of the default HTTP ports (:80 or :443) you can define the port by using either frontend http port or frontend https port).
  As a tool to monitor HTTP(S) traffic you can probably use fiddler ( Fiddler - The Free Web Debugging Proxy by Telerik), but the one you are using (HttpWatch) is doing the job as well.

• Compare Host Configurations via custom script

  I have a verification shell script that I have on my servers. The script goes off and responds with COTS versions, deployment versions, software bundles, and various other pedigree information about that server. It is beneficial to me, in that I can quickly analyze what software is sitting on a specific server. I can run this script from OEM 12c, using the run Host command and see the results in a clean GUI fashion.
  My dilemma is this: I would like to be able to save or store a process to leverage OEM to automate this procedure...on multiple servers, and then do a comparison of the two results. So basically, run the script on server 1 and server 2...and show a comparison (somewhat like the configuration comparison tool) of the results of the two server scripts...showing what is identical and what is different on each server. Is something like this possible?
  One idea I had was to design a plugin to create a new target type, that stores all of the results of this script in a target. Then doing a comparison of those targets would show me the differences. That is a long drawn out process and I am not really familiar with it. So I am looking for some additional ideas from other users...Thank you ahead of time.

  Guinea,
  What you need is custom configuration collection. This feature will allow you to register your script for scheduled execution. the output of this script is parsed and stored in the EM repository and can be used for comparisons, searching, report generation, etc.
  Refer to the following documentation:
  http://docs.oracle.com/cd/E24628_01/em.121/e27046/config_mgmt.htm#BABBDHCB

• WPA2 and Radius server configuration

  On the page: http://cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
  is described how to setup a WPA2 and Radius server.
  If I follow this, the Radius server does not work. In the document they descibe that I need to use 10.0.0.1 as the IP, but my AP has a 192.168.1.251 address. Even if I enter that adres, or the 10.0.0.1, it does not work.
  Normal WPA2 personal, without Radius does work.
  I use a 1100 series AP, (AIR-AP1120B-E-K9) with a AIR-MP21G and the firmware of the radio module is 5.90.11.
  The IOS version is 12.3(8)JA2.
  Does anyone know what to do?
  Haik

  Hello,
  I understand that. I have given the AP a fixed address, 192.168.1.251. This is outside the DHCP pool, from the router.
  Even if I use this address in th Radius configuration, it still does not work. My client (laptop with Intel Pro Wireless 2200 card), detects that there is a Radius server, and asks for a username / password.
  But even if I fill it in correctly (copy / paste) it does not work.
  So what can be wrong with this configuration?
  Haik

• Cisco 3650 Converged LAN/WLAN Design: Radius Authentication configuration example needed

  Hello Cisco-Experts,
  one of our customers would like to deploy Cisco3650-switches with integrated WLC-functionality.
  The platform is new to me and I have started to configure some basic settings.
  Unfortunately I cannot find information on how to implement 802.1x Radius authentication.
  Do You know, where I can find detail information or an example how to implement this ?
  Thank You
  Wini

  Hello Rasika,
  thank You very much for link to Your 802.1x authentication configuration
  on similar 3850 platform.
  Very useful stuff.
  Is it possible to setup the Radius -Server function on the switch itself ?
  I'm asking because I would like to test the setup in our office before rollout to customer.
  Kind regards
  Wini