Per VRF Tacacs+ - not working
I'm trying to configure per VRF tacacs+ on a 2901 running IOS 15.2(4)M2.
I have the following configured:
aaa new-model
aaa group server tacacs+ MYGROUP
server-private 1.2.3.4 key cisco
ip vrf forwarding vpn_nms
ip tacacs source-interface Loopback100
aaa authentication login default local
aaa authentication login MYGROUP group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group MYGROUP if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
ip cef
ip vrf forwarding
ip vrf vpn_nms
rd 65XXX:3
interface Loopback100
description NMS LOOPBACK
ip vrf forwarding vpn_nms
ip address 10.10.10.10 255.255.255.255
tacacs-server host 1.2.3.4
tacacs-server directed-request
tacacs-server key cisco
line con 0
privilege level 15
logging synchronous
login authentication MYGROUP
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
login authentication MYGROUP
length 0
transport input all
I know some of this config is redundant but I have been trying different things and getting nowhere.
Hi,
Your debug output shows time out to ACS server as below.
Feb 4 11:39:21.372: TAC+: TCP/IP open to 192.168.5.76/49 failed -- Connection timed out; remote host not responding
Feb 4 11:39:21.372: TAC+: Opening TCP/IP to 192.168.5.76/49 timeout=5No authoritative response from any server.
Feb 4 11:39:26.372: TAC+: TCP/IP open to 192.168.5.75/49 failed -- Connection timed out; remote host not responding
Considering the fact that you are not able to see any logs on ACS, that means traffic may not be reaching the ACS.
Have you tried pinging the ACS server from the switch mgmt vrf? Your previous example was showing ping responce to the managment workstation (192.168.5.85) and not to the ACS.
Hope that helps
Najaf
Please rate when applicable or helpful !!!
Similar Messages
-
Tacacs not working for 3 new 5508 WLC's...working fine for 6 old 4400 WLC's.
before 7.116 code upgrade...I remember 5508 was working on and off and now they are not.
Same configs on SW, WLC and ACS.
Debug on WLC gives..below message when Tacacs is attempted..
*aaaQueueReader: Oct 25 09:20:41.700: tplus_processAuthRequest: memory alloc failed for tplus
Any pointers for troubleshooting? Not sure why statistics show zero...?? Radius is working for users.
(wlc03) >show tacacs auth statistics
Authentication Servers:
Server Index..................................... 1
Server Address................................... 10.3.121.21
Msg Round Trip Time.............................. 0 (msec)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
Server Index..................................... 2
--More-- or (q)uit
Server Address................................... 10.3.121.22
Msg Round Trip Time.............................. 0 (msec)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
(wlc03) >show tacacs summary
Authentication Servers
Idx Server Address Port State Tout
1 10.3.121.21 49 Enabled 5
2 10.3.121.22 49 Enabled 5
Authorization Servers
Idx Server Address Port State Tout
1 10.3.121.21 49 Enabled 30
2 10.3.121.22 49 Enabled 5
Accounting Servers
Idx Server Address Port State Tout
1 10.3.121.21 49 Enabled 5
We can ping the TACACS servers...>show memory statistics
System Memory Statistics:
Total System Memory............: 1028820992 bytes
Used System Memory.............: 458424320 bytes
Free System Memory.............: 570396672 bytes
Bytes allocated from RTOS......: 21939008 bytes
Chunks Free....................: 29 bytes
Number of mmapped regions......: 45
Total space in mmapped regions.: 212779008 bytes
Total allocated space..........: 12015112 bytes
Total non-inuse space..........: 9923896 bytes
Top-most releasable space......: 133800 bytes
Total allocated (incl mmap)....: 234718016 bytes
Total used (incl mmap).........: 224794120 bytes
Total free (incl mmap).........: 9923896 bytes
show buffers
Pool[00]: 16 byte chunks
chunks in pool: 50000
chunks in use: 19030
bytes in use: 304480
bytes requested: 90479 (214001 overhead bytes)
Pool[01]: 64 byte chunks
chunks in pool: 40000
chunks in use: 14519
bytes in use: 929216
bytes requested: 566395 (362821 overhead bytes)
Pool[02]: 128 byte chunks
chunks in pool: 20000
chunks in use: 7726
bytes in use: 988928
bytes requested: 672853 (316075 overhead bytes)
Pool[03]: 256 byte chunks
chunks in pool: 4000
chunks in use: 808
bytes in use: 206848
bytes requested: 154777 (52071 overhead bytes)
Pool[04]: 1024 byte chunks
--More-- or (q)uit
chunks in pool: 15300
chunks in use: 11645
bytes in use: 11924480
bytes requested: 4945714 (6978766 overhead bytes)
Pool[05]: 2048 byte chunks
chunks in pool: 1000
chunks in use: 189
bytes in use: 387072
bytes requested: 355272 (31800 overhead bytes)
Pool[06]: 4096 byte chunks
chunks in pool: 1000
chunks in use: 36
bytes in use: 147456
bytes requested: 102479 (44977 overhead bytes)
Raw Pool:
chunks in use: 186
bytes requested: 156052303
show process memory
Name Priority BytesInUse BlocksInUse Reaper
cslStoreManager (240/ 7) 0 0 ( 0/ 0)%
System Reset Task (240/ 7) 0 0 ( 0/ 0)%
reaperWatcher ( 3/ 96) 0 0 ( 0/ 0)% I
osapiReaper ( 10/ 94) 0 0 ( 0/ 0)% I
TempStatus (240/ 7) 424 1 ( 0/ 0)% I
pktDebugSocketTask (255/ 1) 0 0 ( 0/ 0)%
LICENSE AGENT (240/ 7) 2228 85 ( 0/ 0)% I
emWeb ( 7/ 95) 1235795 20743 ( 0/ 0)% T 300
webJavaTask (240/ 7) 0 0 ( 0/ 0)%
fmcHsTask (100/ 60) 0 0 ( 0/ 0)%
apstatEngineTask (240/ 7) 0 0 ( 0/ 0)%
rrcEngineTask (240/ 7) 0 0 ( 0/ 0)%
spectrumDataTask (255/ 1) 1614480 12 ( 0/ 0)%
spectrumNMSPTask (255/ 1) 28808 3 ( 0/ 0)%
wipsTask (240/ 7) 0 0 ( 0/ 0)%
tsmTask (255/ 1) 0 0 ( 0/ 0)%
cids-cl Task (240/ 7) 0 0 ( 0/ 0)%
ethoipSocketTask ( 7/ 95) 0 0 ( 0/ 0)%
ethoipOsapiMsgRcv (240/ 7) 0 0 ( 0/ 0)%
--More-- or (q)uit
envCtrollerStatus (240/ 7) 0 0 ( 0/ 0)%
rfidTask (240/ 7) 0 0 ( 0/ 0)%
idsTrackEventTask (239/ 8) 0 0 ( 0/ 0)%
DHCP Server (240/ 7) 0 0 ( 0/ 0)%
bcastReceiveTask (240/ 7) 0 0 ( 0/ 0)%
ProcessLoggingTask (240/ 7) 0 0 ( 0/ 0)%
CDP Main (240/ 7) 3100 13 ( 0/ 0)%
sntpMainTask (240/ 7) 0 0 ( 0/ 0)%
sntpReceiveTask (240/ 7) 0 0 ( 0/ 0)%
cdpSocketTask (240/ 7) 0 0 ( 0/ 0)%
grouping Task (255/ 1) 0 0 ( 0/ 0)%
dot11a (255/ 1) 63 3 ( 0/ 0)%
rrm Socket Task ( 1/ 97) 35024 1 ( 0/ 0)%
rrm Socket Task (255/ 1) 35024 1 ( 0/ 0)%
dot11a (255/ 1) 0 0 ( 0/ 0)%
grouping Task (255/ 1) 0 0 ( 0/ 0)%
dot11b (255/ 1) 105 5 ( 0/ 0)%
rrm Socket Task (255/ 1) 35024 1 ( 0/ 0)%
dot11b (255/ 1) 0 0 ( 0/ 0)%
rrm Socket Task (255/ 1) 35024 1 ( 0/ 0)%
apfPmkCacheTimer (240/ 7) 0 0 ( 0/ 0)%
Apf Guest (240/ 7) 0 0 ( 0/ 0)%
RLDP Schedule Task (240/ 7) 0 0 ( 0/ 0)%
--More-- or (q)uit
apfMsConnTask_5 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_4 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_6 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_7 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_3 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_2 (175/ 32) 0 0 ( 0/ 0)%
apfLbsTask (240/ 7) 0 0 ( 0/ 0)%
apfMsConnTask_0 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_1 (175/ 32) 0 0 ( 0/ 0)%
apfProbeThread (200/ 22) 0 0 ( 0/ 0)%
apfOrphanSocketTas (240/ 7) 0 0 ( 0/ 0)%
apfRogueDetectorTh (175/ 32) 0 0 ( 0/ 0)%
apfRogueTask (240/ 7) 0 0 ( 0/ 0)%
apfOpenDtlSocket (175/ 32) 0 0 ( 0/ 0)%
apfRLDP (175/ 32) 424 1 ( 0/ 0)%
apfRLDPRecv (175/ 32) 0 0 ( 0/ 0)%
apfReceiveTask (175/ 32) 0 0 ( 0/ 0)%
mmMfpTask (175/ 32) 0 0 ( 0/ 0)%
mmMobility (240/ 7) 1272 3 ( 0/ 0)%
mmSSHPeerRegister (240/ 7) 0 0 ( 0/ 0)%
mmListen (180/ 30) 99920 227 ( 0/ 0)%
tplusTransportThre (201/ 22) 0 0 ( 0/ 0)%
radiusCoASupportTr (201/ 22) 0 0 ( 0/ 0)%
--More-- or (q)uit
EAP Framework (240/ 7) 0 0 ( 0/ 0)%
aaaQueueReader (225/ 13) 3518 12 ( 0/ 0)%
radiusRFC3576Trans (201/ 22) 0 0 ( 0/ 0)%
radiusTransportThr (201/ 22) 0 0 ( 0/ 0)%
pemReceiveTask (240/ 7) 0 0 ( 0/ 0)%
iappSocketTask (240/ 7) 0 0 ( 0/ 0)%
ccxRmTask (230/ 11) 0 0 ( 0/ 0)%
ccxS69Task (240/ 7) 424 1 ( 0/ 0)%
ccxDiagTask (240/ 7) 0 0 ( 0/ 0)%
ccxL2RoamTask (240/ 7) 240424 3 ( 0/ 0)%
dot1xSocketTask (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_7 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_6 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_2 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_3 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_4 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_5 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_1 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_0 (240/ 7) 424 1 ( 0/ 0)%
dot1xMsgTask (240/ 7) 0 0 ( 0/ 0)%
locpTxServerTask (220/ 15) 408 2 ( 0/ 0)%
locpRxServerTask (200/ 22) 428043 1961 ( 0/ 0)%
capwapSocketTask ( 72/ 70) 303104 148 ( 0/ 0)%
--More-- or (q)uit
spamApTask6 (118/ 53) 25929 63 ( 0/ 0)%
spamApTask7 ( 53/ 78) 24233 59 ( 0/ 0)%
spamApTask5 (118/ 53) 23445 61 ( 0/ 0)%
spamApTask4 (118/ 53) 23513 58 ( 0/ 0)%
spamApTask3 (118/ 53) 19569 48 ( 0/ 0)%
spamApTask2 ( 53/ 78) 23809 58 ( 0/ 0)%
spamApTask1 ( 53/ 78) 22961 56 ( 0/ 0)%
spamApTask0 ( 78/ 68) 39189 106 ( 0/ 0)%
spamReceiveTask (120/ 52) 2204024 252 ( 0/ 0)%
spamSocketTask ( 32/ 85) 0 0 ( 0/ 0)%
Image License brok (240/ 7) 0 0 ( 0/ 0)% I
Image License brok (240/ 7) 28 1 ( 0/ 0)% I
IPC Main Thread (240/ 7) 0 0 ( 0/ 0)% I
License Client Lib (240/ 7) 96 1 ( 0/ 0)% I
sshpmLscScepTask (100/ 60) 0 0 ( 0/ 0)%
License Client Lib (240/ 7) 96 1 ( 0/ 0)% I
sshpmLscTask (100/ 60) 25783 1739 ( 0/ 0)%
sshpmReceiveTask (175/ 32) 6697 66 ( 0/ 0)%
sshpmMainTask (100/ 60) 208440 358 ( 0/ 0)%
mfpKeyRefreshTask (255/ 1) 0 0 ( 0/ 0)%
mfpEventTask (255/ 1) 0 0 ( 0/ 0)%
mfpTrapForwardTask (255/ 1) 0 0 ( 0/ 0)%
clientTroubleShoot (100/ 60) 2841248 4 ( 0/ 0)%
--More-- or (q)uit
loggerMainTask (200/ 22) 0 0 ( 0/ 0)%
debugMainTask (200/ 22) 0 0 ( 0/ 0)%
dot3ad_lac_task (240/ 7) 32901 3 ( 0/ 0)%
gccp_t (240/ 7) 5864 5 ( 0/ 0)%
dot1dTimer (240/ 7) 0 0 ( 0/ 0)% T 300
dot1dRecv (250/ 3) 0 0 ( 0/ 0)%
uart_session (240/ 7) 0 0 ( 0/ 0)%
StatsTask (240/ 7) 0 0 ( 0/ 0)%
fdbTask (240/ 7) 0 0 ( 0/ 0)%
broffu_SocketRecei (100/ 60) 13 1 ( 0/ 0)%
SNMPProcMon (240/ 7) 0 0 ( 0/ 0)% T 300
RMONTask ( 71/ 71) 0 0 ( 0/ 0)% I
SNMPTask (240/ 7) 61089 1064 ( 0/ 0)%
DHCP Socket Task (240/ 7) 0 0 ( 0/ 0)%
DHCP Proxy Task (240/ 7) 0 0 ( 0/ 0)%
dhcpClientTimerTas (240/ 7) 0 0 ( 0/ 0)%
DHCP Client Task (240/ 7) 0 0 ( 0/ 0)% T 600
BootP (240/ 7) 0 0 ( 0/ 0)% T 300
TransferTask (240/ 7) 848 2 ( 0/ 0)% I
osapiTimer (100/ 60) 13024 2 ( 0/ 0)% T 300
nim_t (100/ 60) 2447 3 ( 0/ 0)%
dtlArpTask ( 7/ 95) 98436 3 ( 0/ 0)%
dtlTask (100/ 60) 41089 20 ( 0/ 0)%
--More-- or (q)uit
dtlDataLowTask ( 7/ 95) 0 0 ( 0/ 0)%
sysapiprintf (240/ 7) 22657 3 ( 0/ 0)%
osapiBsnTimer ( 95/ 62) 0 0 ( 0/ 0)%
fp_main_task (240/ 7) 153068796 26868 ( 0/ 0)% -
Per-VRF TACACS config gets "Address already in use" error
I have created a per-VRF TACACS config on a couple of network devices. I can ping the ACS servers through the VRF. TACACS makes the attempt to contact the servers, but the following message shows up in the log when I debug TACACS:
*Mar 11 08:57:38 starts: TAC+: Opening TCP/IP to x.x.x.x/49 timeout=5
*Mar 11 08:57:38 starts: TAC+: TCP/IP open to x.x.x.x/49 failed -- Address already in use
I can't find anything on CCO that references the "Address already in use" message.
Has anyone run into this?Hmmm...no, the server group is still there. Did you see the other post which describes the bug ID? The link to the bug is:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl45701
Do you get the IP address is in use log message? -
Per VRF Tacacs+ support on 3550EMI
Trying to get Tacacs+ running on a 3550EMI switch running 12.1(22)EA3 (latest release), without much success due to wht appears to be lack of support for for Per VRF AAA/TACACS+ on the box.
Checked elsewhere and looks like this feature is only available in some 12.2 and in 12.3T, but does anyone know if vrf-aware TACACS+ it is likely to appear on the 3550EMI or indeed on 12.1? Or does anyone know of a work around? (tried specifying a source-interface but this doesn't work)
TIAThis feature was introduced in 12.3(7)T. I guess its not supported on the Switch currently.
-
I have been trying to get my Nexus 1KV working with AAA/TACACS+ and I'm stumped.
The short version is that I see where the issue is, but can't seem to resolve it.
When I try to log in using TACACS, it fails. The ACS server reports InvalidPassword.
The CLI on the Nexus shows:
2011 Sep 9 16:37:13 NY_nexus1000v %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
2011 Sep 9 16:37:14 NY_nexus1000v %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user gtopf from 192.168.20.151 - sshd[15675]
2011 Sep 9 16:37:23 NY_nexus1000v %DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for illegal user gtopf from 192.168.20.151 - sshd[15672]
And an AAA test from the nexus fails.
I have good connectivity between the two boxes, I can ping, and obviously the failed login showing on ACS shows that it's talking, but it's just not working.
My config is below (omitted ethernet port configs)
!Command: show running-config
!Time: Fri Sep 9 16:45:49 2011
version 4.2(1)SV1(4a)
no feature telnet
feature tacacs+
feature lacp
username admin password 5 $1$Q50UpgN/$4eu39QmZHLTf3FAkwwdOF1 role network-admin
banner motd #Nexus 1000v Switch#
ssh key rsa 2048
ip domain-lookup
ip domain-lookup
ip name-server 192.168.20.10
tacacs-server timeout 30
tacacs-server host 192.168.20.30 key 7 "j3gp0"
aaa group server tacacs+ TacServer
server 192.168.20.30
deadtime 15
use-vrf management
source-interface mgmt0
hostname NY_nexus1000v
ntp server 192.168.20.10
aaa authentication login default group TacServer
aaa authentication login console group TacServer
aaa authentication login error-enable
tacacs-server directed-request
vrf context management
ip route 0.0.0.0/0 192.168.240.1
vlan 1,20,40,240
lacp offload
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile type ethernet Unused_Or_Quarantine_Uplink
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type ethernet system-uplink
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 20,40,240
channel-group auto mode active
no shutdown
system vlan 240
description "System profile for critical ports"
state enabled
port-profile type vethernet data20
vmware port-group
switchport mode access
switchport access vlan 20
no shutdown
description "Data profile for VM traffic 20 VLAN"
state enabled
port-profile type vethernet data40
vmware port-group
switchport mode access
switchport access vlan 40
no shutdown
description "Data profile for VM traffic 40 VLAN"
state enabled
port-profile type vethernet data240
vmware port-group
switchport mode access
switchport access vlan 240
no shutdown
description "Data profile for VM traffic 240 VLAN"
state enabled
port-profile type vethernet system-upilnk
description "Uplink profile for VM traffic"
vdc NY_nexus1000v id 1
limit-resource vlan minimum 16 maximum 2049
limit-resource monitor-session minimum 0 maximum 2
limit-resource vrf minimum 16 maximum 8192
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 32 maximum 32
limit-resource u6route-mem minimum 16 maximum 16
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
interface port-channel1
inherit port-profile system-uplink
vem 3
interface port-channel2
inherit port-profile system-uplink
vem 4
interface port-channel3
inherit port-profile system-uplink
vem 5
interface port-channel4
inherit port-profile system-uplink
vem 6
interface mgmt0
ip address 192.168.240.10/24
interface control0
line console
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4a.bin sup-1
boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4a.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4a.bin sup-2
boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4a.bin sup-2
svs-domain
domain id 500
control vlan 240
packet vlan 240
svs mode L2
svs connection vcenter
protocol vmware-vim
remote ip address 192.168.20.127 port 80
vmware dvs uuid "52 8b 1d 50 44 9d d7 1f-b6 25 76 f1 f7 97 d8 5e" datacenter-name 28th St Datacenter
max-ports 8192
connect
vsn type vsg global
tcp state-checks
vnm-policy-agent
registration-ip 0.0.0.0
shared-secret **********
log-levelFYI...
I was able to get TACACS+ auth working using the commands in the Original Post (without the two additional suggestions) as follows...
1000v# conf t
1000v(config)# feature tacacs+
1000v(config)# tacacs-server host 192.168.1.1 key 0
1000v(config)# aaa group server tacacs+ TacServer
1000v(config-tacacs+)# server 192.168.1.1
1000v(config-tacacs+)# use-vrf management
1000v(config-tacacs+)# source-interface mgmt 0
1000v(config-tacacs+)# aaa authentication login default group TacServer local
1000v(config)# aaa authentication login error-enable
1000v(config)# tacacs-server directed-request
I guess the OP had some other problem (perhaps incorrect shared secret??) -
TACACS not working - Need help
Hi,
I have implemented the TACACS in VPN VRF environment but the same is not working, I am not able to route the ACS servers IP's through the VRF-VPN.
Configuration pasted below
aaa authentication login default group tacacs+ line
aaa authentication login no_tacacs line
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
ip tacacs source-interface VLAN1
tacacs-server host X.X.X.X
tacacs-server host 10.10.10.4
tacacs-server key 7 ####################333
tacacs-server administration
aaa group server tacacs+ tacacs1
server-private 10.10.10.4 key ############
ip vrf forwarding LAN
ip tacacs source-interface VLAN1Hi sorry for late reply.
Please find below the logs from the router
Feb 12 14:10:28.748: AAA/ACCT/CMD(000000B9): free_rec, count 2
Feb 12 14:10:28.748: AAA/ACCT/CMD(000000B9): Setting session id 283 : db=846968EC
Feb 12 14:10:28.748: AAA/ACCT(000000B9): Accouting method=tacacs+ (TACACS+)
Feb 12 14:10:35.450: AAA/BIND(000000BA): Bind i/f
Feb 12 14:10:35.450: AAA/ACCT/EVENT/(000000BA): CALL START
Feb 12 14:10:35.450: Getting session id for NET(000000BA) : db=83E3E3B0
Feb 12 14:10:35.450: AAA/ACCT(00000000): add node, session 284
Feb 12 14:10:35.450: AAA/ACCT/NET(000000BA): add, count 1
Feb 12 14:10:35.450: Getting session id for NONE(000000BA) : db=83E3E3B0
Feb 12 14:10:36.014: AAA/AUTHEN/LOGIN (000000BA): Pick method list 'default'
Feb 12 14:10:38.749: AAA/ACCT/CMD(000000B9): STOP protocol reply FAIL
Feb 12 14:10:38.749: AAA/ACCT(000000B9): Accouting method=NOT_SET
Feb 12 14:10:38.749: AAA/ACCT(000000B9): Send STOP accounting notification to EM successfully
Feb 12 14:10:38.749: AAA/ACCT/CMD(000000B9): Tried all the methods, osr 0
Feb 12 14:10:38.749: AAA/ACCT/CMD(000000B9) Record not present
Feb 12 14:10:38.749: AAA/ACCT/CMD(000000B9) reccnt 2, csr FALSE, osr 0
Feb 12 14:10:46.011: AAA/AUTHEN/LINE(000000BA): GET_PASSWORD
Feb 12 14:11:14.326: AAA/AUTHOR: config command authorization not enabled
Feb 12 14:11:14.326: AAA/ACCT/CMD(000000B9): Pick method list 'default'
Feb 12 14:11:14.326: AAA/ACCT/SETMLIST(000000B9): Handle 0, mlist 83E2FF8C, Name default
Feb 12 14:11:14.330: Getting session id for CMD(000000B9) : db=846968EC
Feb 12 14:11:14.330: AAA/ACCT/CMD(000000B9): add, count 3
Feb 12 14:11:14.330: AAA/ACCT/EVENT/(000000B9): COMMAND
Feb 12 14:11:14.330: AAA/ACCT/CMD(000000B9): Queueing record is COMMAND osr 1
Feb 12 14:11:14.330: AAA/ACCT/CMD(000000B9): free_rec, count 2
Feb 12 14:11:14.330: AAA/ACCT/CMD(000000B9): Setting session id 285 : db=846968EC
Feb 12 14:11:14.330: AAA/ACCT(000000B9): Accouting method=tacacs+ (TACACS+)
Feb 12 14:11:16.642: AAA/ACCT/EXEC(000000BA): Pick method list 'default'
Feb 12 14:11:16.642: AAA/ACCT/SETMLIST(000000BA): Handle 0, mlist 83E2FEEC, Name default
Feb 12 14:11:16.642: Getting session id for EXEC(000000BA) : db=83E3E3B0
Feb 12 14:11:16.642: AAA/ACCT(000000BA): add common node to avl failed
Feb 12 14:11:16.642: AAA/ACCT/EXEC(000000BA): add, count 2
Feb 12 14:11:16.642: AAA/ACCT/EVENT/(000000BA): EXEC DOWN
Feb 12 14:11:16.642: AAA/ACCT/EXEC(000000BA): Accounting record not sent
Feb 12 14:11:16.642: AAA/ACCT/EXEC(000000BA): free_rec, count 1
Feb 12 14:11:16.642: AAA/ACCT/EXEC(000000BA) reccnt 1, csr FALSE, osr 0
Feb 12 14:11:18.425: AAA/AUTHOR: config command authorization not enabled
Feb 12 14:11:18.425: AAA/ACCT/243(000000B9): Pick method list 'default'
Feb 12 14:11:18.425: AAA/ACCT/SETMLIST(000000B9): Handle 0, mlist 83144FF8, Name default
Feb 12 14:11:18.425: Getting session id for CMD(000000B9) : db=846968EC
Feb 12 14:11:18.425: AAA/ACCT/CMD(000000B9): add, count 3
Feb 12 14:11:18.425: AAA/ACCT/EVENT/(000000B9): COMMAND
Feb 12 14:11:18.425: AAA/ACCT/CMD(000000B9): Queueing record is COMMAND osr 2
Feb 12 14:11:18.425: AAA/ACCT/CMD(000000B9): free_rec, count 2
Feb 12 14:11:18.425: AAA/ACCT/CMD(000000B9): Setting session id 286 : db=846968EC
Feb 12 14:11:18.429: AAA/ACCT(000000B9): Accouting method=tacacs+ (TACACS+)
Feb 12 14:11:18.649: AAA/ACCT/EVENT/(000000BA): CALL STOP
Feb 12 14:11:18.649: AAA/ACCT/CALL STOP(000000BA): Sending stop requests
Feb 12 14:11:18.649: AAA/ACCT(000000BA): Send all stops
Feb 12 14:11:18.649: AAA/ACCT/NET(000000BA): STOP
Feb 12 14:11:18.649: AAA/ACCT/NET(000000BA): Method list not found
Feb 12 14:11:18.649: AAA/ACCT(000000BA): del node, session 284
Feb 12 14:11:18.649: AAA/ACCT/NET(000000BA): free_rec, count 0
Feb 12 14:11:18.649: AAA/ACCT/NET(000000BA) reccnt 0, csr TRUE, osr 0
Feb 12 14:11:18.649: AAA/ACCT/NET(000000BA): Last rec in db, intf not enqueued -
I want to set the mailto app for google apps gmail.
I tried editing the gecko...mailto.2.uritemplate as per instructions found on web (https://mail.google.com/a/MYDOMAIN/mail/?extsrc=mailto&url=%s.
Set 3 related config values to "true" as per instructions (network.protocol-handler.expose.mailto ; network.protocol-handler.warn-external.mailto ; AND, third, gecko.handlerService.allowRegisterFromDifferentHost.
Does not work, no Google Apps in the mailto app spot.
Tried javascript method in address bar without success:
javascript:window.navigator.registerProtocolHandler("mailto","https://mail.google.com/a/MYDOMAIN/mail/?extsrc=mailto&url=%s","Google Apps GMail")
Any light anyone can shed will be appreciated. Cheers, jlfGreat howto Steve! This further increased my understanding of the MVC patterns used by BC4J.
Some remarks:
[*]Select New Business Components...
This should be 'New Business Components Package', or you won't be able to add business components.
ename as "Name",
sal as "Salary"
from emp
where empno = ?That should be deptno.
[*]Select the EditEmpsInDepartment view objectThat should be EmpsInDepartment.
Greetings,
Ivo -
Mail Per User Quotas Not Working
We just migrated from 10.9 server to the new 10.10 server and noticed that our per user mail quotas were no longer working. If I change the Server app - Mail setting - to have a global mail quota on it work, however, we have a few accounts that we need to leave unlimited and the per user quota will not override the global quota. So far we have had to leave the global quota disabled because of this.
Even without global quota turned off - trying to set per user mail limits is still not working. We are changing it thru the Server app and clicking users - selecting a user - then select edit mail options - and changing the setting for the limit size. No matter what we set it to - it will not work.
Does anyone know what command or how to change the per user quota limits from the command line? I found that Dovecotadm quota -u username shows you what the quota is, but I am stumped as how to change it via a command line or thru another method since the server app is not working.
Any help would be appreciated!
ps. Also posted my doveconf -n file below, but I am missing if there is anything not configured properly.
bash-3.2# dovecot -n
bash: dovecot: command not found
bash-3.2# doveconf -n
# 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf
# OS: Darwin 14.1.0 x86_64 hfs
aps_topic = com.apple.mail.XServer.a1c54f6d-f4ad-4431-b882-0f11570dd637
auth_mechanisms = cram-md5 plain login
auth_socket_path = /var/run/dovecot/auth-userdb
auth_username_format = %n
debug_log_path = /Library/Logs/Mail/mail-debug.log
default_internal_user = _dovecot
default_login_user = _dovenull
disable_plaintext_auth = no
first_valid_gid = 6
first_valid_uid = 6
imap_id_log = *
imap_id_send = "name" * "version" *
imap_urlauth_submit_user = submit
info_log_path = /Library/Logs/Mail/mail-info.log
log_path = /Library/Logs/Mail/mail-err.log
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_access_groups = mail
mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict
mail_location = maildir:/Library/Server/Mail/Data/mail/%u
mail_log_prefix = "%s(pid %p user %u): "
mail_plugins = quota zlib acl fts fts_sk
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
mdbox_rotate_size = 200 M
namespace acl-mailboxes {
list = children
location = maildir:/Library/Server/Mail/Data/mail/users/%%u:INDEX=/Library/Server/Mail/Dat a/mail/shared/%%u
prefix = shared.%%u.
separator = .
subscriptions = no
type = shared
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
mailbox Junk {
special_use = \Junk
mailbox Sent {
special_use = \Sent
mailbox "Sent Messages" {
special_use = \Sent
mailbox Trash {
special_use = \Trash
prefix =
namespace list-archives {
list = children
location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/ Library/Server/Mail/Data/listserver/messages/archive/shared/%%u
prefix = archives.%%u.
separator = .
subscriptions = no
type = shared
passdb {
driver = od
passdb {
args = /Library/Server/Mail/Config/dovecot/submit.passdb
driver = passwd-file
plugin {
acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300
acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes
fts = sk
quota = maildir:User quota
quota_warning = storage=100%% quota-exceeded %u
quota_warning2 = storage=85%% quota-warning %u
sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve
sieve_dir = /Library/Server/Mail/Data/rules/%u
stats_refresh = 30 secs
stats_track_cmds = yes
protocols = imap lmtp sieve pop3
quota_full_tempfail = yes
service auth {
extra_groups = _keytabusers
idle_kill = 15 mins
unix_listener auth-userdb {
user = _dovecot
service dns_client {
unix_listener dns-client {
mode = 0600
service imap-login {
inet_listener imap {
port = 143
inet_listener imaps {
port = 993
ssl = yes
service_count = 0
service imap {
client_limit = 5
process_limit = 200
service_count = 0
service indexer-worker {
user = _dovecot
service lmtp {
unix_listener lmtp {
mode = 0600
service managesieve-login {
inet_listener sieve {
port = 4190
service pop3-login {
inet_listener pop3 {
port = 110
inet_listener pop3s {
port = 995
ssl = yes
service pop3 {
client_limit = 5
process_limit = 200
service_count = 0
service quota-exceeded {
executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded .sh
unix_listener quota-exceeded {
group = mail
mode = 0660
user = _dovecot
user = _dovecot
service quota-warning {
executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning. sh
unix_listener quota-warning {
group = mail
mode = 0660
user = _dovecot
user = _dovecot
service stats {
fifo_listener stats-mail {
mode = 0600
user = _dovecot
ssl = required
ssl_ca = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.chai n.pem
ssl_cert = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.cert .pem
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!ADH:!eNULL
ssl_key = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.key. pem
ssl_key_path = /etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.key.p em
userdb {
args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf global_quota=0 enforce_quotas=yes
driver = od
userdb {
args = /Library/Server/Mail/Config/dovecot/submit.passdb
driver = passwd-file
verbose_proctitle = yes
protocol lmtp {
mail_plugins = quota zlib acl fts fts_sk sieve
protocol lda {
mail_plugins = quota zlib acl fts fts_sk sieve push_notify
protocol imap {
mail_max_userip_connections = 20
mail_plugins = quota zlib acl fts fts_sk imap_acl imap_quota imap_zlib
protocol pop3 {
mail_max_userip_connections = 6I guess the problem didn't resolve itself, rather it has revealed that it is intermittent (my favorite kind).
What could made a message sent to a legitimate alias username not get picked up during the imap connection. I know the smtp server accepted the message (see logs above). -
Tacacs+ not working on VRF Interface
C4948-10G switch running IOS 15.0(2)SG
ACS 4.2 cannot authenticate on the vrf interface. The issue on vrf aaa authentication.
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login no_tacacs local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization network default group tacacs+ local if-authenticated
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
ip vrf mgmt
rd 100:1
interface fa1
ip vrf forwarding mgmt
IP address 192.168.5.1 255.255.255.0
duplex auto
speed auto
ip vrf forwarding mgmt
aaa group server tacacs+ tacacs+ (command did not prompt to sub-command for server-private ....)
server-private {ip-address | name} [nat] [single-connection] [port port-number] [timeout seconds] [key [0 | 7] string]
tacacs-server host 192.168.5.75 key secret (Then, I decided to use global)
tacacs-server host 192.168.5.76 key secret
ip route vrf mgmt 192.168.5.75 255.255.255.0 192.168.5.2 (ACS 4.2 Tacacs+ server1)
ip route vrf mgmt 192.168.5.76 255.255.255.0 192.168.5.2 (ACS 4.2 Tacacs+ server2)
ip route vrf mgmt 192.168.5.85 255.255.255.0 192.168.5.2 (my management workstation)
ip tacacs source-interface fa1
sw2#debug tacacs
SW2#debug aaa authentication
SW2#test aaa group tacacs+ tester passwordtest new-code
Feb 4 11:36:09.808: AAA/AUTHEN/LOGIN (00000000): Pick method list 'default'
Feb 4 11:36:09.808: TPLUS: Queuing AAA Authentication request 0 for processing
Feb 4 11:36:09.808: TPLUS: processing authentication start request id 0
Feb 4 11:36:09.808: TPLUS: Authentication start packet created for 0(tester)
Feb 4 11:36:09.808: TPLUS: Using server 192.168.5.75
Feb 4 11:36:09.808: TPLUS(00000000)/0/NB_WAIT/1AEFC558: Started 5 sec timeout
Feb 4 11:36:14.808: TPLUS(00000000)/0/NB_WAIT/1AEFC558: timed out
Feb 4 11:36:14.808: TPLUS: Choosing next server 192.168.5.76
Feb 4 11:36:14.808: TPLUS(00000000)/1/NB_WAIT/1AEFC558: Started 5 sec timeout
Feb 4 11:36:14.808: TPLUS(00000000)/1AEFC558: releasing old socket 0User rejected
SW2#
Feb 4 11:36:19.808: TPLUS(00000000)/1/NB_WAIT/1AEFC558: timed out
Feb 4 11:36:19.808: TPLUS(00000000)/1/NB_WAIT/1AEFC558: timed out, clean up
Feb 4 11:36:19.808: TPLUS(00000000)/1/1AEFC558: Processing the reply packet
SW2#test aaa group tacacs+ tester passwordtest legacy
Attempting authentication test to server-group tacacs+ using tacacs+
Feb 4 11:39:16.372: AAA: parse name=<no string> idb type=-1 tty=-1
Feb 4 11:39:16.372: AAA/MEMORY: create_user (0x1AEFC4A4) user='tester' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Feb 4 11:39:16.372: TAC+: send AUTHEN/START packet ver=192 id=153531412
Feb 4 11:39:16.372: TAC+: Using default tacacs server-group "tacacs+" list.
Feb 4 11:39:16.372: TAC+: Opening TCP/IP to 192.168.5.75/49 timeout=5
Feb 4 11:39:21.372: TAC+: TCP/IP open to 192.168.5.76/49 failed -- Connection timed out; remote host not responding
Feb 4 11:39:21.372: TAC+: Opening TCP/IP to 192.168.5.76/49 timeout=5No authoritative response from any server.
SW2#
Feb 4 11:39:26.372: TAC+: TCP/IP open to 192.168.5.75/49 failed -- Connection timed out; remote host not responding
Feb 4 11:39:26.372: AAA/MEMORY: free_user (0x1AEFC4A4) user='tester' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)
SW2#ping vrf mgmt 192.168.5.85
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.85, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
SW2#sh ip route vrf mgmt
Routing Table: mgmt
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.5.0/24 is variably subnetted, 3 subnets, 2 masks
S 192.168.5.75/32 [1/0] via 192.168.5.2
S 192.168.5.76/32 [1/0] via 192.168.5.2
S 192.168.5.85/32 [1/0] via 192.168.5.2
C 192.168.5.0/24 is directly connected, FastEthernet1
SW2#sh ip vrf
Name Default RD Interfaces
mgmt 100:1 Fa1
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080bd091c.shtmlHi,
Your debug output shows time out to ACS server as below.
Feb 4 11:39:21.372: TAC+: TCP/IP open to 192.168.5.76/49 failed -- Connection timed out; remote host not responding
Feb 4 11:39:21.372: TAC+: Opening TCP/IP to 192.168.5.76/49 timeout=5No authoritative response from any server.
Feb 4 11:39:26.372: TAC+: TCP/IP open to 192.168.5.75/49 failed -- Connection timed out; remote host not responding
Considering the fact that you are not able to see any logs on ACS, that means traffic may not be reaching the ACS.
Have you tried pinging the ACS server from the switch mgmt vrf? Your previous example was showing ping responce to the managment workstation (192.168.5.85) and not to the ACS.
Hope that helps
Najaf
Please rate when applicable or helpful !!! -
Hi Guys
I have added a 2960x switch to my network and configured with tacacs. It does not seems to talk to the tacacs ACS server and I can ping the server as it also authenticates other devices on the network but this new switch only lets me login with local credentials. I have added the switch to ACS aswell
When i tried "test aaa group tacacs username password" Attempting authentication test to server-group tacacs+ using tacacs+
No authoritative response from any server."
My config on the switch is:
aaa group server tacacs+ ACS1
server 10.10.10.10
aaa authentication login default group ACS1 local
aaa authentication enable default group ACS1 enable
aaa authorization config-commands
aaa authorization exec default group ACS1 if-authenticated
aaa authorization commands 1 default group ACS1 if-authenticated
aaa authorization commands 15 default group ACS1 if-authenticated
aaa accounting update newinfo
aaa accounting commands 1 default start-stop broadcast group ACS1
aaa accounting commands 15 default start-stop broadcast group ACS1
tacacs-server host 10.10.10.10
tacacs-server key 12345678
ThanksThanks Reza
After some investigation it seemed the issue is with the tacacs-server host 10.10.10.10 command. I realised upon entering this command the cli accepted it but gave a warning message
"Warning: The cli will be deprecated soon
'tacacs-server host acs-1 key 0 <my-key>'
Please move to 'tacacs server <name>' CLI"
Apparently cisco have made a few changes to the config. The tacacs-server ACS1 commands didnt work.
So I entered tacacs-server host 10.10.10.10 key 12345678
That worked.
Thanks -
Maximum records per page is not working
I am trying to run a report with the property on repeating frame which says
MAXIMUM RECORDS PER PAGE. I set it to 20 and also set property PRINT OBJECT ON = 'ALL PAGES' still when report is in preview mode it is not displaying more then 20 records. I know this query has more then 30 records.
If anybody has any idea let me know.Asit,
If you only want to have a maximum of 20 records per page, you only need to set the maximum records per page property. You should leave the print object on property at default or first. For a further explanation of how the print object on property works, check out the on-line help at http://otn.oracle.com/reports/help/. There is a section on restrictions which may make this clearer for you.
Hope that helps,
Toby -
TACACS not working in ASA 8.0(3)
We have quite a few ASA s with similar tacacs and crypto configs but yesterday we had issue with pix and we swapped pix with ASA 8.0(3) and tunnel is up and running but we are not able to login using tacacs even after the configs,, and i found a bug in cisco.com which asks us to use command " crypto map set reverse-route"
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk08454
even after configuring it right,, am not able to,, login using tacacs,, can some tell me how to use this command or ,, any other way ?
thnx in advancewe have a tunnel established with remote ASA and here are the configs related: let me know if ya need any hing,, thnx for replyin thgh
local device configs:
aaa-server protocol tacacs+
aaa-server host < ip>
aaa authentication ssh console
aaa authentication http console
access-list extended permit ip any
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map 20 match address
crypto map 20 set peer x.x.x.x
crypto map 20 set transform-set ESP-3DES-MD5
crypto map 20 set reverse-route
crypto map interface outside
crypto isakmp enable outside
crypto isakmp policy 20
crypto isakmp policy 65535
remote ASA
access-list remark MobileAL
access-list extended permit ip any ip add subnet
crypto map 1925 match address outside_1925_cryptomap
crypto map 1925 set peer
crypto map 1925 set transform-set ESP-3DES-MD5
crypto map 1925 set security-association lifetime seconds 86400
crypto map 1925 set nat-t-disable
crypto map 1925 set reverse-route -
Hi All,
I have configured tacacs for WLC. But I am not able to login to WLC using TACACS username and password.
Getting following message
Tue Sep 22 15:26:50 2009: Forwarding request to 10.0.0.1
6 port=49
Tue Sep 22 15:26:50 2009: tplus response: type=1 seq_no=2 session_id=ecf27238 le
ngth=6 encrypted=0
Tue Sep 22 15:26:50 2009: TPLUS_AUTHEN_STATUS = UNKNOWN(1)
Thanks
Jamal.SThere is radius happening on the auth portion of the WLC.
There seems to be a misconfiguration issue.
What do the ACS failed logs say?
Can you make sure you followed exactly:
http://cisco.com/en/US/docs/wireless/controller/6.0/configuration/guide/c60sol.html#wpmkr1261119 -
Multiple page per sheet not working...
Dear all,
Since some time now (even before Mavericks), the "Multiple page per sheet" is not working.
When I select it and print (either to PDF or to any of my printers), I always get 1 page per sheet... and I can't save trees!!!!
Do you know how to fix this ?
Thank you very much.
Best regards,Ar eyou able to print to PDF? If you have that facility select Adobe PDF in the pop down menu, go to properties and the first tab has layout, you should be able to select number up required, save to PDF and open the new PDF...this should be stepped up how you want it.
Alternatively if you have Illustrator or Indesign (Quark works too) you can create a page with picture boxes and import/place the PDF however many up you want. -
My server not Working use Hotspot Shield vpn what I do
Purchased Hotspot Shield vpn $9.99 per year but not Working what happent no suit with my server or someting wrong I have been Email Hotspot Shield support no answer
Hello,
Why are you handing out 192.185.2.1 through 192.185.2.10 in your VPN Addresses
Should this 192.168.0.XXX through 192.168.0.XXX and out of range on what the router is handing out?
Why don't you try making your Server 192.168.0.2 using your router as the gateway of 192.168.0.1
Set your router's DHCP scope 192.168.0.10 through 192.168.0.100
Set your VPN addresses for L2TP 192.168.0.101 through 192.168.0.149
Set your VPN addresses for PPTP 192.168.0.150 through 192.168.0.199
Thanks,
ebrind
Message was edited by: ebrind
Maybe you are looking for
-
Error:- weblogic.security.SecurityInitializationException: Authentication
Hi, I am getting below error when ever i am trying to start the Managed server in cluster environment(unix). I am able to start the server on local machine but in case of remote machine its not gettig started. I have tried most of the steps as mentio
-
Copying data from a result-set does not work as expected. If I type COMMAND-C, which is the default for OS X, the Table Cell gets openend. I have to copy the contents with CTRL-C, which is not usefull at all, because one has to stumble accross this i
-
ORA-01079: ORACLE database was not properly created, operation aborted
Hello everyone, On Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 My problem is that I've to drop the database as the same is not created properly. For that, I get the below error when I try to mount the database. ORA-01079: ORACLE databas
-
TS3789 digital audio from apple tv not working
the digital audio output from my apple tv to my reciever was working initially. It is no longer working. Any ideas?
-
The 'reply' and 'new message' bar has disappeared from mail on my iPad since I upgraded my Macbook Pro from OSX 10.5 to 10.6. How can I get it back?