PPP over L2TP with RADIUS Failed

Hi, I'm getting a CodeRej when I try do a PPP over L2TP dynamic using a Radius in a debian OS.
Regards

Ok, Ok i admit it was my fault to not use that common and sometimes strangely new feature probably older than me called "SEARCH"
I checked another discussion regarding the same subject and it turned out by their knowledge that ACS 5.x manage
TACACS+ only for Device Administration
RADIUS for Network Access
Any other way doesn't work...any other opinion? ( i just can't help the fact that Cisco doesn't let use TACACS+ for PPP Authentication...does anybody knows why?)

Similar Messages

  • IEEE 802.1x Authentication with RADIUS failed

    Hello guys,
    I've a little strange Situation.
    If user start his Computer (Windows 7 enterprise) and computer is connected via LAN it works fine.
    If user start his Computer (Windows 7 enterprise) and computer is connected via WLAN it works also fine.
    But if user start his Computer (Windows 7 enterprise) that is connected via LAN it is not more possible to connect to WLAN (parallel). I've implemented an IEEE 802.1 RADIUS authenticiation.
    It does not work with this special user account. I've tested it already successful with couple other accounts.
    Does someone has experience with such Situation?
    Regards
    Rodik

    It does not work with this special user account. I've tested it already successful with couple other accounts.
    Hi,
    Did you mean that this problem just occures to the single User Account but others works fine at same computer, isn't it?
    When it connect Wlan failed, is there any error message? Have you tried to reinstall the WLan device driver for test?
    it would be better to provide more details about the Wlan connect failed.
    Roger Lu
    TechNet Community Support

  • Hi there, I am trying to connect to my server at work from home using a vpn connection. It connects fine and the time ticks along, but when i click go - connect to server, it comes up with connection failed. Please help!

    Hi there, I am trying to connect to my server at work from home using a vpn connection. It connects fine and the time ticks along, but when i click go - connect to server, it comes up with connection failed. Please help!

    ... when i click go - connect to server, it comes up with connection failed.
    If you're trying to connect to a Bonjour server on the remote network, that won't work over a layer 3 VPN. Use something like Hamachi or one of the SSH-tunnelling Bonjour proxy apps for that.

  • ISDN Authorization with RADIUS using ISE 1.1.2

    Hi,
    I am trying to move my ISDN dialup branches authentication/authorization from old ACS 4.1 to ISE appliance. Before it was through ACS 4.2 with TACACS protocol but now since we are moving to ISE we are moving them to ISE with radius.
    Problem is that isdn client gets authenticated and authorized but calls get dropped and they dont able to communicate with HO. IP address is assigned by Head End router to all remote isdn dialing branches..
    I have used default "PermitAccess" in authorization policy and authentication policy is also default. I dont understand where I am going wrong as authentication and authorization is sucessful.
    aaa authentication ppp default group radius local
    aaa authentication network default group radius
    aaa accounting network default start-stop group radius
    radius-server host 12.18.22.41
    radius-server key *****
    below is the router configuration for AAA
    can any one help in this

    CoA is not needed, nor supported for ISDN aaa, i used ACS 3.3 for this a long time ago. I think you should do some debugging if ise does not give you any errors.
    try doing some debug aaa / debug radius & deb ppp nego  if your calls are authenticated and ip is assigned to the calling router, you should see some disconnect reason in the debug.

  • Problem with L2TP with Cisco 3845

    Dear all
    I have the following scenario for my dailup network.
    MaxTNT(LAC) ---Ethernet--- Cisco3845 (LNS)
    I have configuered MaxTNT Dailup server to act as LAC and launch a L2TP Tunnel after authenticating with Radius Server. Cisco 3845 acting as LNS estblishes L2TP tunnel with LAC and Dailup Users get connected on it as VPDNpppOE users.
    However problem i am facing is that i don't receieve any authentication request on Cisco LNS. As soon as user gets connect it sents Accouting Request only.
    I need authorization request in order to Push various different AVP from radius. But its not happening.
    Anyone have any idea what could be wrong here?? is thre any specific parameter i need to set up Cisoc.. or on MaxTNT????
    Waiting for reply

    To enable the Layer 2 Tunnel Protocol (L2TP) tunnel server or network access server (NAS) to perform remote authentication, authorization, and accounting (AAA) tunnel authentication and authorization, use the vpdn tunnel authorization network command in global configuration mode. To disable remote tunnel authentication and authorization and return to the default of local tunnel authentication and authorization, use the no form of this command.
    vpdn tunnel authorization network {list-name | default}
    no vpdn tunnel authorization network {list-name | default}

  • %HA_EM-3-LOG: NAC-RADIUS-FAIL-OPEN-DEAD: All RADIUS servers are dead changing the nac-enforcement ACL to permit all

    We just implemented ISE 802.1x in couple of our  Cisco 4507 switches  and we are seeing the following error in the log.
    %HA_EM-3-LOG: NAC-RADIUS-FAIL-OPEN-DEAD: All RADIUS servers are dead changing the nac-enforcement ACL to permit all
    I paste it in the Cisco error message decoder and came back with not found.
    Thanks...

    Jimmy,
    Srory for the late reply but it turned out to be we needed to add the missing auth data vlan command on the switch. After that the error went away.
    Thanks for you input I do appreciate it.
    Jack.

  • Aironet 2702i Autonomous - Web-Authentication with Radius Window 2008

    Hi Guys,
    I have a problems with case, i have diagrams sample like then : AD(Win2008) - Radius(Win2008) - Aironet 2702i => Use methods Web-Auth for EndUser  
    This is my Configure file on Aironet 2702i
    Aironet2702i#show run
    Building configuration...
    Current configuration : 8547 bytes
    ! Last configuration change at 05:08:25 +0700 Fri Oct 31 2014 by admin
    version 15.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname Aironet2702i
    logging rate-limit console 9
    aaa new-model
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login default local
    aaa authentication login DTSGROUP group radius
    aaa authentication login webauth group radius
    aaa authentication login weblist group radius
    aaa authentication dot1x default group radius
    aaa authorization exec default local 
    aaa session-id common
    clock timezone +0700 7 0
    no ip source-route
    no ip cef 
    ip admission name webauth proxy http
    ip admission name webauth method-list authentication weblist 
    no ip domain lookup
    ip domain name dts.com.vn
    dot11 syslog
    dot11 activity-timeout unknown default 1000
    dot11 activity-timeout client default 1000
    dot11 activity-timeout repeater default 1000
    dot11 activity-timeout workgroup-bridge default 1000
    dot11 activity-timeout bridge default 1000
    dot11 vlan-name DTSGroup vlan 46
    dot11 vlan-name L6-Webauthen-test vlan 45
    dot11 vlan-name NetworkL7 vlan 43
    dot11 vlan-name SGCTT vlan 44
    dot11 ssid DTS-Group
       vlan 46
       authentication open eap DTSGROUP 
       authentication key-management wpa version 2
       mbssid guest-mode
    dot11 ssid DTS-Group-Floor7
       vlan 43
       authentication open 
       authentication key-management wpa version 2
       mbssid guest-mode
       wpa-psk ascii 7 013D03104C0414040D4D5B5E392559
    dot11 ssid L6-Webauthen-test
       vlan 45
       web-auth
       authentication open 
       dot1x eap profile DTSGROUP
       mbssid guest-mode
    dot11 ssid SaigonCTT-Public
       vlan 44
       authentication open 
       authentication key-management wpa version 2
       mbssid guest-mode
       wpa-psk ascii 7 04480A0F082E424D1D0D4B141D06421224
    dot11 arp-cache optional
    dot11 adjacent-ap age-timeout 3
    eap profile DTSGROUP
     description testwebauth-radius
     method peap
     method mschapv2
     method leap
    username TRIHM privilege 15 secret 5 $1$y1J9$3CeHRHUzbO.b6EPBmNlFZ/
    username ADMIN privilege 15 secret 5 $1$IvtF$EP6/9zsYgqthWqTyr.1FB0
    ip ssh version 2
    bridge irb
    interface Dot11Radio0
     no ip address
     encryption vlan 44 mode ciphers aes-ccm 
     encryption vlan 46 mode ciphers aes-ccm 
     encryption mode ciphers aes-ccm 
     encryption vlan 43 mode ciphers aes-ccm 
     encryption vlan 1 mode ciphers aes-ccm 
     ssid DTS-Group
     ssid DTS-Group-Floor7
     ssid L6-Webauthen-test
     ssid SaigonCTT-Public
     countermeasure tkip hold-time 0
     antenna gain 0
     stbc
     mbssid
     packet retries 128 drop-packet
     channel 2412
     station-role root
     rts threshold 2340
     rts retries 128
     ip admission webauth
    interface Dot11Radio0.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 spanning-disabled
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding
    interface Dot11Radio0.43
     encapsulation dot1Q 43
     bridge-group 43
     bridge-group 43 subscriber-loop-control
     bridge-group 43 spanning-disabled
     bridge-group 43 block-unknown-source
     no bridge-group 43 source-learning
     no bridge-group 43 unicast-flooding
    interface Dot11Radio0.44
     encapsulation dot1Q 44
     bridge-group 44
     bridge-group 44 subscriber-loop-control
     bridge-group 44 spanning-disabled
     bridge-group 44 block-unknown-source
     no bridge-group 44 source-learning
     no bridge-group 44 unicast-flooding
     ip admission webauth
    interface Dot11Radio0.45
     encapsulation dot1Q 45
     bridge-group 45
     bridge-group 45 subscriber-loop-control
     bridge-group 45 spanning-disabled
     bridge-group 45 block-unknown-source
     no bridge-group 45 source-learning
     no bridge-group 45 unicast-flooding
     ip admission webauth
    interface Dot11Radio0.46
     encapsulation dot1Q 46
     bridge-group 46
     bridge-group 46 subscriber-loop-control
     bridge-group 46 spanning-disabled
     bridge-group 46 block-unknown-source
     no bridge-group 46 source-learning
     no bridge-group 46 unicast-flooding
    interface Dot11Radio1
     no ip address
     shutdown
     encryption vlan 46 mode ciphers aes-ccm 
     encryption vlan 44 mode ciphers aes-ccm 
     encryption vlan 1 mode ciphers aes-ccm 
     encryption vlan 43 mode ciphers aes-ccm 
     encryption vlan 45 mode ciphers ckip-cmic 
     ssid DTS-Group
     ssid DTS-Group-Floor7
     ssid SaigonCTT-Public
     countermeasure tkip hold-time 0
     antenna gain 0
     peakdetect
     dfs band 3 block
     stbc
     mbssid
     packet retries 128 drop-packet
     channel 5745
     station-role root
     rts threshold 2340
     rts retries 128
    interface Dot11Radio1.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 spanning-disabled
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding
    interface Dot11Radio1.43
     encapsulation dot1Q 43
     bridge-group 43
     bridge-group 43 subscriber-loop-control
     bridge-group 43 spanning-disabled
     bridge-group 43 block-unknown-source
     no bridge-group 43 source-learning
     no bridge-group 43 unicast-flooding
    interface Dot11Radio1.44
     encapsulation dot1Q 44
     bridge-group 44
     bridge-group 44 subscriber-loop-control
     bridge-group 44 spanning-disabled
     bridge-group 44 block-unknown-source
     no bridge-group 44 source-learning
     no bridge-group 44 unicast-flooding
     ip admission webauth
    interface Dot11Radio1.45
     encapsulation dot1Q 45
     bridge-group 45
     bridge-group 45 subscriber-loop-control
     bridge-group 45 spanning-disabled
     bridge-group 45 block-unknown-source
     no bridge-group 45 source-learning
     no bridge-group 45 unicast-flooding
     ip admission webauth
    interface Dot11Radio1.46
     encapsulation dot1Q 46
     bridge-group 46
     bridge-group 46 subscriber-loop-control
     bridge-group 46 spanning-disabled
     bridge-group 46 block-unknown-source
     no bridge-group 46 source-learning
     no bridge-group 46 unicast-flooding
    interface GigabitEthernet0
     no ip address
     duplex auto
     speed auto
     dot1x pae authenticator
     dot1x authenticator eap profile DTSGROUP
     dot1x supplicant eap profile DTSGROUP
    interface GigabitEthernet0.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 spanning-disabled
     no bridge-group 1 source-learning
    interface GigabitEthernet0.43
     encapsulation dot1Q 43
     bridge-group 43
     bridge-group 43 spanning-disabled
     no bridge-group 43 source-learning
    interface GigabitEthernet0.44
     encapsulation dot1Q 44
     bridge-group 44
     bridge-group 44 spanning-disabled
     no bridge-group 44 source-learning
    interface GigabitEthernet0.45
     encapsulation dot1Q 45
     bridge-group 45
     bridge-group 45 spanning-disabled
     no bridge-group 45 source-learning
    interface GigabitEthernet0.46
     encapsulation dot1Q 46
     bridge-group 46
     bridge-group 46 spanning-disabled
     no bridge-group 46 source-learning
    interface GigabitEthernet1
     no ip address
     shutdown
     duplex auto
     speed auto
    interface GigabitEthernet1.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 spanning-disabled
     no bridge-group 1 source-learning
    interface GigabitEthernet1.43
     encapsulation dot1Q 43
     bridge-group 43
     bridge-group 43 spanning-disabled
     no bridge-group 43 source-learning
    interface GigabitEthernet1.44
     encapsulation dot1Q 44
     bridge-group 44
     bridge-group 44 spanning-disabled
     no bridge-group 44 source-learning
    interface GigabitEthernet1.45
     encapsulation dot1Q 45
     bridge-group 45
     bridge-group 45 spanning-disabled
     no bridge-group 45 source-learning
    interface GigabitEthernet1.46
     encapsulation dot1Q 46
     bridge-group 46
     bridge-group 46 spanning-disabled
     no bridge-group 46 source-learning
    interface BVI1
     mac-address 58f3.9ce0.8038
     ip address 172.16.1.62 255.255.255.0
     ipv6 address dhcp
     ipv6 address autoconfig
     ipv6 enable
    ip forward-protocol nd
    ip http server
    ip http authentication aaa
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1 
    radius-server attribute 32 include-in-access-req format %h
    radius server 172.16.50.99
     address ipv4 172.16.50.99 auth-port 1645 acct-port 1646
     key 7 104A1D0A4B141D06421224
    bridge 1 route ip
    line con 0
     logging synchronous
    line vty 0 4
     exec-timeout 0 0
     privilege level 15
     logging synchronous
     transport input ssh
    line vty 5 15
     exec-timeout 0 0
     privilege level 15
     logging synchronous
     transport input ssh
    end
    This is My Logfile on Radius Win 2008 : 
    Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    User:
    Security ID: S-1-5-21-858235673-3059293199-2272579369-1162
    Account Name: xxxxxxxxxxxxxxxx
    Account Domain: xxxxxxxxxxx
    Fully Qualified Account Name: xxxxxxxxxxxxxxxxxxx
    Client Machine:
    Security ID: S-1-0-0
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: -
    Calling Station Identifier: -
    NAS:
    NAS IPv4 Address: 172.16.1.62
    NAS IPv6 Address: -
    NAS Identifier: Aironet2702i
    NAS Port-Type: Async
    NAS Port: -
    RADIUS Client:
    Client Friendly Name: Aironet2702i
    Client IP Address: 172.16.1.62
    Authentication Details:
    Connection Request Policy Name: Use Windows authentication for all users
    Network Policy Name: DTSWIRELESS
    Authentication Provider: Windows
    Authentication Server: xxxxxxxxxxxxxx
    Authentication Type: PAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 66
    Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
    So i will explain problems what i have seen:
    SSID: DTS-Group using authentication EAP with RADIUS and it working great (Authentication Type from Aironet to RADIUS is PEAP)
    SSID:L6-Webauthen-test using web-auth and i had try to compare with RADIUS but ROOT CAUSE is AUTHENTICATION TYPE from Aironet to RADIUS default is PAP. (Reason Code : 66)
    => I had trying to find how to change Authentication Type of Web-Auth on Cisco Aironet from PAP to PEAP or sometime like that for combine with RADIUS.
    Any idea or recommend for me ?
    Thanks for see my case  

    Hi Dhiresh Yadav,
    Many thanks for your reply me,
    I will explain again for clear my problems.
    At this case, i had setup complete SSID DTS-Group use authentication with security as PEAP combine Radius Server running on Window 2008.
    I had login SSID by Account create in AD =>  It's work okay with me. Done
    Problems occurs when i try to use Web-authentication on Vlan45 With SSID :
    dot11 ssid L6-Webauthen-test
       vlan 45
       web-auth
       authentication open 
       dot1x eap profile DTSGROUP
       mbssid guest-mode
    After configured on Aironet and Window Radius , i had try to login with Account create in AD by WebBrowser but it Fail ( i have see mini popup said: Authentication Fail" . So i go to Radius Server and search log on EventViewer.
    This is My Logfile on Radius Win 2008 : 
    Network Policy Server denied access to a user.
    NAS:
    NAS IPv4 Address: 172.16.1.62
    NAS IPv6 Address: -
    NAS Identifier: Aironet2702i
    NAS Port-Type: Async
    NAS Port: -
    RADIUS Client:
    Client Friendly Name: Aironet2702i
    Client IP Address: 172.16.1.62
    Authentication Details:
    Connection Request Policy Name: Use Windows authentication for all users
    Network Policy Name: DTSWIRELESS
    Authentication Provider: Windows
    Authentication Server: xxxxxxxxxxxxxx
    Authentication Type: PAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 66
    Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
    Im  think ROOT CAUSE is :
    PAP is the default authentication type for web-auth users on Aironet 2702i, so it can't combine with Radius Window 2008 because they just support PEAP (CHAPv1,CHAPv2....) => Please give me a tip how to change Authentication Type from PAP to PEAP for Web Authentication on Aironet

  • AAA with RADIUS on ASA

    Hey Everyone,
    I am configuring AAA with RADIUS on our remote ASA firewalls.  This is pretty straight forward, but I have some firewalls that this is not working on.  I have upgraded the IOS image on the ASA 5510 to ASA804-K8.BIN on all of them.  The strange part is some of them are working and some of them are not working.
    Just wondering if anyone else has come across this before and what info do you need to give me an assist.
    Thanks in advance,
    Kimberly

    Hi Kimberly,
    just curious: why 8.0.4 and not 8.0.5 ?
    What are you using radius for ? What is the radius server? Did you configure all the ASAs on the radius server(s) ? Did you use the correct shared secret?
    Is there anything different between the working ASAs and the failing ones? Configuration, location in the network, etc?
    If the above doesn't help please post the config of a failing ASA (or at least the relevant parts, and make sure to remove any sensitive data) and the output of:
    debug radius
    debug aaa authen
    debug aaa common 254
    You can test just the radius part with the cli command "test aaa-server authentication ..."
    hth
    Herbert

  • Voice over Wireless with Cisco phones 7921 and 7925

    Hello experts,
    I made an wireless audit for a company.
    They have 2 WLCs 5508 in HA mode, with APs 2602 for indoor and 1552. Version of the WLC : 7.6.120.0
    At the end of the day we noticed that the roaming between indoor and outdoor access points is sometimes failing and results to a complete disconnection of the wireless phone (7921 or 7925) from the network. When people go from the indoor to the outdoor area, there is no problem. The problem comes when people are coming from the outdoor to the indoor.
    Also, on the WLC, the power lvl of the outdoor APs are set to 1 ... Is it good or not ?
    My question is, is there any known issue about Voice over wireless with WLC 5508-7.6.120.0 with APs 2602 and 1552 ?
    Maybe it should be better to upgrade to 7.6.130.0 ?
    Thanks in advance,
    Alexis

    Normally yes.
    Is there a way to troubleshoot what's going on with the phones ? Maybe a "show client detail MAC address* on the WLC ?
    Here are some logs when the phones are losing the network :
    *Dot1x_NW_MsgTask_4: Apr 09 12:44:21.320: #DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:957 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client 00:24:d7:83:56:dc
    *apfMsConnTask_6: Apr 09 12:28:32.668: #APF-3-VALIDATE_CCKM_REASS_REQ_ELEMENT: apf_utils.c:2506 Could not validate the CCKM Reassociation request element.Received Timestamp deviation > 1sec in CCKM Info Element from mobile. Mobile:4c:00:82:85:6e:e1,  AP:1
    *Dot1x_NW_MsgTask_1: Apr 09 12:26:53.964: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:445 Invalid replay counter from client 74:26:ac:63:8c:a9 - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
    *Dot1x_NW_MsgTask_1: Apr 09 12:26:53.929: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:445 Invalid replay counter from client 74:26:ac:63:8c:a9 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
    *apfMsConnTask_4: Apr 09 12:24:34.959: #APF-3-VALIDATE_CCKM_REASS_REQ_ELEMENT: apf_utils.c:2506 Could not validate the CCKM Reassociation request element.Received Timestamp deviation > 1sec in CCKM Info Element from mobile. Mobile:78:da:6e:f6:5f:89,  AP:5
    *Dot1x_NW_MsgTask_0: Apr 09 12:22:30.217: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:445 Invalid replay counter from client 4c:00:82:85:1d:68 - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
    *Dot1x_NW_MsgTask_4: Apr 09 12:22:30.206: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:445 Invalid replay counter from client 4c:00:82:85:b3:ac - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
    *Dot1x_NW_MsgTask_4: Apr 09 12:22:30.186: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:445 Invalid replay counter from client 4c:00:82:85:b3:ac - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
    *Dot1x_NW_MsgTask_0: Apr 09 12:22:30.167: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:445 Invalid replay counter from client 4c:00:82:85:1d:68 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
    *Dot1x_NW_MsgTask_6: Apr 09 12:22:29.672: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:445 Invalid replay counter from client 78:da:6e:f6:14:2e - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
    *Dot1x_NW_MsgTask_6: Apr 09 12:22:29.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:445 Invalid replay counter from client 78:da:6e:f6:14:2e - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
    *apfMsConnTask_3: Apr 09 12:19:22.098: #APF-3-VALIDATE_CCKM_REASS_REQ_ELEMENT: apf_utils.c:2506 Could not validate the CCKM Reassociation request element.Received Timestamp deviation > 1sec in CCKM Info Element from mobile. Mobile:4c:00:82:85:6e:e1,  AP:5
    *osapiBsnTimer: Apr 09 12:13:36.031: #LOG-3-Q_IND: spam_lrad.c:53542 The system is unable to find WLAN 2 to be deleted

  • 789 error.The L2TP connection attempt fail.

    Hi
    I configure the L2TP vpn an ASA-5520.I configured by the CLI mode.But I cant not connected to my laptop by vpn.A error is coming to my windows 7 laptop. The name of the error
    789 error. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
    In this regards what I do?????

    make sure IKE and AuthIP IPsec Keying Modules" service and the "IPsec Policy Agent" service is up and try to upgrade your network adapter driver
    Sent from Cisco Technical Support iPad App

  • How to configure ACS to authenticate Modem with radius

    Hi,
    How do I configure ACS to authenticate and authorize modem users with radius. My problem is with authorization(authentication is ok in the debug). Do I need to configure specific Av pairs (006 and 007 in IETF)

    Hi Dominic,
    Are we have Microsoft radius server or ACS?
    Yes, these attributes should be configured.
    006-service-type: login
    007-framed-protocol: PPP
    HTH
    JK

  • Mac registration with L2FM failed

    My Logfile on Nexus 6K is fiilled with Logs like below:
    Nexus Version is: 7.0(3)N1(1)
    2014 Sep 12 14:49:11 Nexus-6K %ADJMGR-3-MAC_REG_FAILED:  adjmgr [3727]  Mac registration with L2FM failed for mac xxxx.xxxx.xxxx, iod Vlan191, phy iod: port-channel169
    2014 Sep 12 14:49:24 Nexus-6K %ADJMGR-3-MAC_REG_FAILED:  adjmgr [3727]  Mac registration with L2FM failed for mac xxxx.xxxx.xxxx, iod Vlan108, phy iod: port-channel91
    2014 Sep 12 14:49:36 Nexus-6K %ADJMGR-3-MAC_REG_FAILED:  adjmgr [3727]  Mac registration with L2FM failed for mac xxxx.xxxx.xxxx, iod Vlan108, phy iod: port-channel91
    2014 Sep 12 14:49:58 Nexus-6K %ADJMGR-3-MAC_REG_FAILED:  adjmgr [3727]  Mac registration with L2FM failed for mac xxxx.xxxx.xxxx, iod Vlan191, phy iod: port-channel169
    Cisco's document does not explain what is causing this:
    Error Message:     AM-3-MAC_REG_FAILED Format: Mac registration with L2FM failed for mac %s, iod %s, phy iod: %s
    Explanation    MAC registration with L2FM failed.
    Recommended Action    No action is required.
    Here is my Logging Configuration:
    logging level aaa 5
    logging level cdp 6
    logging level copp 6
    logging level flogi 5
    logging level hsrp 6
    logging level interface-vlan 5
    logging level lldp 5
    logging level monitor 6
    logging level radius 5
    logging level session-mgr 6
    logging level spanning-tree 6
    logging level track 6
    logging level virtual-service 2
    logging level igmp 3
    logging event link-status default
    logging logfile messages 6
    logging server x.x.x.x use-vrf x facility syslog
    logging monitor 6
    Can anyone tell me what are these and how to stop them from occurring. Also would appreciate suggestions on how can I improve logging configuration.

    Hi Saurabh,
    The L2FM is Layer2 Feature Manager which manages the mac-address table and mac-address
    registrations and deletions from the hardware table. The L2FM component exists on Nexus
    7K. In case of Nexus 5500 and Nexus 6K, there is an equivalent component called FWM. Since
    most of the code is re-used in Nexus 6K platform, the references to L2FM need to be
    removed/resolved on Nexus 6K code. There is a software bug to fix these L2FM references in
    the code. Still the bug is in assigned state, hence the fix for this bug is not yet
    available. You can safely ignore these messages, they have no impact. The mac-addresses
    are registered with FWM and since there is no L2FM these messages have no impact.
    ========================================
    CSCum82485    Nexus 5500/6000: L2FM messages seen
    Symptom:
    In a Nexus 6000 switch running NX-OS 7.0(0)N1(1), messages such as following can be seen
    %ADJMGR-3-MAC_REG_FAILED:  adjmgr [3745]  Mac registration with L2FM failed for mac
    002a.6a35.b341, iod Vlan250, phy iod: Gateway Port-Channel1:186
    %ADJMGR-3-MAC_REG_FAILED:  adjmgr [3745]  Mac registration with L2FM failed for mac
    00d0.03eb.2000, iod Vlan60, phy iod: Ethernet131/1/15
    Conditions:
    Usually seen when a host comes online.
    Workaround:
    L2FM is not a valid component on Nexus 6000. These are cosmetic messages and can be
    ignored.
    HTH
    Inayath
    ***Plz rate the post and mark the thread as closed******

  • Mpls over atm ppp over aal5

    Hi,
    Does cisco support mpls over atm-ppp-llc
    per RFC 2354(PPP over AAL5).
    Something like a scenario if Cisco acts as a PE and it gets frames with mpls over atm-ppp-llc from a connected CE ,is it supported in cisco , or it will drop the frames ?
    Running mpls over ce-pe link is mandatory for the specific scenario.
    Thanks
    Thanks in advance

    Hello,
    The MPLS should be supported also on PPP over AAL5. Simply use the "mpls ip" command on the Virtual-Template or the Dialer interface you are using on top of the ATM VC to set up the PPP interface.
    The 3640 with proper IOS can support the PE functions. The Enterprise feature sets should be equipped with all features necessary to provide a PE router functionality - basically, the VRF, MPLS, LDP, MPLS VPN support, BGP, BGP VPNv4 support, IGP protocols with VRF support and that should be sufficient.
    Best regards,
    Peter

  • ASA , Cisco VPN client with RADIUS authentication

    Hi,
    I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
    All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
    Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
    Thank you.
    Kind regards,
    Alex

    Hi Alex,
    It is working as it should.
    You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
    thanks
    John

  • I get error message: "An error occurred with the  publication of album...Authentication with server failed...whenever I open a facebook file in my iPhoto. In each file, most of my photos have disappeared. What do I need to do?

    I get error message: "An error occurred with the  publication of album...Authentication with server failed. Please check your login and password information" whenever I open a facebook file in my iPhoto. In each file, most of my photos have disappeared. I am hoping I can retrieve these "lost" files. What do I need to do?

    Message was edited by: leroydouglas
    better yet, try this solution:
    https://discussions.apple.com/message/12351186#12351186

Maybe you are looking for

  • Not able to see GC on web.

    GC 10.2.0.1 DB : 10.2.0.4 OS : AIX 5.3 Hello Folks, I have installed GC on exisiting db, without any issue. After installation EM page is not visible on internet explorer. In emoms.log file I have got below error 2009-01-08 17:02:51,849 [XMLLoader0 7

  • Can't upgrade from pdf converter to pro

    I can't upgrade from the pdf converter to the pro...It gives me an error message and sends me here to support. How do I upgrade? "Unable to complete request To complete your upgrade, please contact customer support." 

  • Plugging camera in G5 via firewire showing up in Motion or FCP

    I have a camera that I would like to plug into Motion or Final Cut Pro via the Firewire plug in my G5. Is it possible to have this live feed show up in Motion or FCP? I would also like to know if I could put a Green background in back of a subject as

  • How to view laptop on a tv

    I want to watch ESPN 360 on my tv. Is there a way to hook my Mac Book Pro to my tv to do this?

  • I HOW I FILL PDF FORM WITH HEBROW ON CHROME ?

    I HOW I FILL PDF FORM WITH HEBROW ON CHROME ?