Prime Infra Insecure RADIUS Options

Similar Messages

• Cisco Prime Infra 2.1 Standard Install using OVA File HD Requirements

     Hi guys,
         I wanna install the Cisco Prime Infra Standard 2.1 using the OVA File but I haven't 900 HD Space continuous in Storage.
     Two questions
         01) The Virtual Machine allocate this space (900 HD) during the install or allocate dynamically as needed ?
         02) There is a option to install the Standard Version using less HD space ?
        Thanks
        My Best Regards
        Andre Gustavo Lomonaco

  Initially we installed medium when Prime 2.0 came out, however about 3 months lately we needed to upgrade to standard/pro.  Upgrading the CPU/Core was seamless  
  Install a smaller OVA with enough cpu/cores for the standard and just add disk space later on
  https://supportforums.cisco.com/document/9871606/adding-disk-space-prime-infrastructure
  Its not a recommended practice but there are work around...

• Mac Mail is continuously adjusting the "allow insecure authorization" option on it's own

  I've already lost 3 clients due to a lack of timely email response, and I had no idea why Mac Mail was having issues connecting to my email server. I've spoken at length with my web hosting support, and it turns out the options in Mac Mail for "Automatically detect and maintain account settings" and "Allow insecure authentication" are new with Yosemite, in both the incoming and outgoing settings (see below).
  Well it turns out the only way for me to be able to even use Mac Mail and have it connect to my email server, I have to have "Automatically..." unchecked, and "Allow insecure..." checked in each and every one of the accounts. I completely hate the idea of having to have anything "insecure" associated with my email, but it's the ONLY way I can get it to function properly, and I don't have the time to integrate everything to another email program at the moment. Not only is this a huge security risk in general, but the program will continuously uncheck the "Allow insecure authentication" option entirely ON IT'S OWN about every 20-30 minutes or so, completely jam up all communication I'm working on, require me to go back through and repeat the same tedious process for each and every one of the accounts, and then ALSO have to totally shut the program down and reopen it for the settings to take effect. In fact, the second of the two images seen above JUST unchecked the "Allow insecure authentication" box between the time it took me to start this post and take the screen shot!!
  Something HAS TO BE FIXED with this or it could be a huge issue in a lot of ways. I'm planning on dropping the whole program altogether just as soon as I have the time to properly migrate all of my email setup to another program (which I'm looking forward to less than I would a root canal), but for now I'm just hoping and praying I make it that far without either a major security breach or losing any more clientele. As is, I've lost three clients in just the last week from not being able to correspond on tight deadlines.
  Downgrade, in all meanings of the term...

  Since you are doing a workaround, try deselecting use SSL.
  Send Apple feedback. They won't answer, but at least will know there is a problem. If enough people send feedback, it may get the problem solved sooner.
  Mail Feedback

• Cisco Prime Infra 1.2 Web server

  Hello,
  I have installed a version of Cisco Prime Infrastructure 1.2.11 with a kickstart .ova file on my production network.
  Everything goes fine and I follow the instructions for installation ; i can ping my Cisco PI server and ssh into it as admin.
  However, when I try to reach the web server via https, it does not work. I have reviewed my proxy settings and they are not to blame. The nslookup returns the IP address when I poll it. I have read elsewhere that I would need "NCS" service to be started, but I can't find anything called NCS on my Prime Infra server in CLI mode.
  Anyone with a suggestion for this issue ?
  Thanks
  Jeremy

  Actually I know what's happening ; the PnP (plug n play) setup was not configured, and so 443 port was not up.
  I configured PnP using "pnp setup" command, but then I have to supply a list of certificates and keys :
  Enter absolute pathname of PnP Gateway server key file:
  Enter absolute pathname of PnP Gateway server certificate file:
  Enter absolute pathname of Prime Infrastructure server certificate file:
  I tried to do this with the private key I had for my server. I created it on my Certificate Authentication and got a .key and a .csr (certificate server request).
  However when i feed them to my PnP setup I get this error :
  Setup is in progress.......
  Stop PnP Gateway server
  OpenSSL command failed for mycert.csr and mykey.key
  any idea as to why this is happening?
  I read elswhere again that i need to run commands with "ncs" but I don't have "ncs" commands on my prompt...
  Thank you for your time

• Can Cisco Prime Infra 2.1 work as syslog server

  Hello all,
      Customer want Cisco Prime Infra 2.1 to work as syslog server.  they want to query text in syslog and get raw log file from Cisco Prime Infra.  but when i see in user interface.  I think that it cannot query and search text in syslog.  but i am not sure whether we can get raw log file per devices from Cisco Prime Infra.   Can anyone know about this.?
  thanks
  sompoj

  Hi Sompoj,
  In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered
  , the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The
  syslog messages will not be saved into log files .
  Thanks-
  Afroz
  ****Ratings Encourages Contributors ****

• Cisco Prime Infra and SMS gateway integration

  Hello,
  Can anyone point me to right documents or resources to integrate cisco prime infra 2.x with SMS gateway?
  Is there any way I can get SMS alerts for critical events in Cisco Prime Infra 2.x?
  Any suggestion is highly appreciated.
  Regards,
  Girish

  Not directly.
  If you configure PI to email you on alerts, many carriers allow you receive SMS via an email address - i.e. <your_number>@<your_carrier>

• ISE ( Idendity Service Engine ) & MSE (Mobility Service Engine ) & Prime Infra

  What is the difference between ISE ( Idendity Service Engine ) & MSE (Mobility Service Engine ) & Prime Infra .
  How this will be used along with WLC & AP & wireless Users.

  The Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and VPN access, leading to more productive workers and lower operations costs. When operating in a network, ISE provides the following key features: 1.Rigorous identity enforcement 2. Extensive policy enforcement 3.
  Security compliance 4. Automated onboarding whereas Cisco Mobility Services Engine supports RTLS and WIPS and Cisco Prime is centralize wireless and wired Monitoring and management solution. ISE and MSE both can be integrated with Cisco Prime. For more deatil over these products you can see the below links.
  http://www.cisco.com/en/US/prod/netmgtsw/prime.html
  http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/data_sheet_c78-475378.html
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/data_sheet_c78-656174.html

• Prime Infra 2.0 alert when syslog message received

  Dear member,
  May I know did prime infra 1.3, 2.0 can support alerted user when received a syslog message?
  if yes, and configiuration guide for reference?
  Regards

  Hi Russ,
  PI does not actually keep a record of the raw syslog  messages it receives, and there is no report for syslogs. When PI receives a syslog, it will immediately process the message and convert it to an event/alarm.
  Also, note that PI only processes severity 1 and 2 syslogs. The closest thing you can get to a  syslog report
  would be to run anadvanced search for events
  For other alarms and events you can go to Operate > Alarms
  & Events > Email Notification page. Make sure that the alarm categories that you
  want to have notifications for also has the Enable checkbox checked.
  Thanks-
  Afroz
  [Do rate the useful post]

• Upgrade Prime Infra 1.4 to 2.x

  Hello,
  Is there a timeframe for the Prime Infra 1.4 Version to get upgraded to 2.x?
  thanks in advance
  Martin

  Note: Cisco Prime Infrastructure version 1.4 and 1.4.x cannot be upgraded to version 2.1; upgrade will be available for a future 2.x release.
  http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/datasheet-c78-731516.html

• Issue with Prime Infra 2.1.1 and Nexus 7K

  We have recently migrated from our NCS to Prime Infra 2.1.1. Since doing this we have started to import or switching gear into PI in addition to our WLC and MSE appliances. Discovery and inventory of the 3750X and 4500-X switches has been without issue. When we point PI 2.1.1 to a Nexus 7K running a VDC, the switch discovers as a Nexus 9500 instead of a 7K. Anyone else seen this happen? Any work arounds or suggestion on what might be going on? My thought was its discovering a VDC on the 7K and its not the admin VDC. That said our Admin VDC is not configured for SNMP and  we wanted to discover the VDC's that we actually use for client traffic. I should note we have loaded the lastest available device pack to PI as well.
  Please advise - any help would be greatly appreciated.
  Thanks,
  Jeff

  We ran a  discovery of all our Nexus switching last night. Once we did that the patter was easy to see. Any 9 or 10 slot Nexus was fine, any 4-slot Nexus appears as a Nexus 9500 instead of a 7K. I checked the compatibility matrix (latest release through DP 6.0) and support for the 9/10/18 slot is listed. No mention of support for the 4 slot. I believe that is our issue.
  Jeff

• Prime Infra: Add guest user to all WLC's

  Hi all,
  I have prime infra 2 running, with 2 WLC's v7.4
  1  WLC has all the AP's, the other one sits in the same mobility group in case the first one fails (it has no joind AP's when acting as standby).
  When I create a guest user in Prime Infra, it only gets created on the WLC with the AP's joined.
  So WLC1 has the AP's WLC2 has none -> I create a guest user and it is added to WLC1
  I do a failover, WLC1 has no AP's WLC2 has all the AP's, I create a new guest user, it is added only to WLC2
  Is there a way that I can add a guest user, and it adds it to the 2 WLC's?
  Thanks in advance!

  Did you install the application in /Applications? If so, then it's available to all users on that machine and they can add it to their Dock, or you can login to each account and add it to their Dock.
  When creating new accounts, the template used is the one you get when you first create an account on a new Mac, and that was specified by Apple.
  Mulder
  If my answer helped solve your problem, please consider awarding some points. Why Reward Points?
  iMac G4 700Mhz   Mac OS X (10.3.9)  

• VM running Prime infra 1.2 - continuously rebooting

  My VMware virtual machine running Prime Infrastructure 1.2 is continiously rebooting.
  VM console is generating logs as shown below.  Has anyone come accross this before? Any thoughts on how to fix this?
  Many thanks!
  Luc van Deuren

  Did the install ever work?
  Regarding the NMI message: 
  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2031297
  Since you have no visibility to the OS, one option is to either restore a VM snapshot, redeploy and restore a backup or
  redeploy and reconfigure.  If you had a backup that was not being moved off the
  VM server this document may help you get one out of the VMDK file.
  https://supportforums.cisco.com/docs/DOC-26689

• Prime Infra 2.1, AP Auto Positioning

  Hi Forum,
  Ive a situation that our site needs to assign the AP (Access Point) into the existing NMS (Prime Infrastructure 2.1). ive already built the floor as the figure below. so ive many AP on site, how could I make it auto positioning. because, its hundred AP, cant manage all and needs to re-survey if the PI cant have ability to solve this.
  hope anyone already implement this case. any comment i appreciate that.
  regards,

  Location Accuracy Tool
  You can analyze the location accuracy of non-rogue and rogue clients, interferers, and asset tags by using the Location Accuracy tool.
  By verifying for location accuracy, you are ensuring that the existing access point deployment can estimate the true location of an element within 10 meters at least 90% of the time.
  The Location Accuracy tool enables you to run either of the following tests:
  Scheduled Accuracy Testing—Employed when clients, tags, and interferers are already deployed and associated to the wireless LAN infrastructure. Scheduled tests can be configured and saved when clients, tags, and interferers are already prepositioned so that the test can be run on a regularly scheduled basis.
  On-Demand Accuracy Testing—Employed when elements are associated but not pre-positioned. On-demand testing allows you to test the location accuracy of clients, tags, and interferers at a number of different locations. It is generally used to test the location accuracy for a small number of clients, tags, and interferers.
  Both are configured and executed through a single page.
  Enabling the Location Accuracy Tool
  NoteYou must enable theAdvanced Debug option in Prime Infrastructure to use the Scheduled and On-demand location accuracy tool testing features. The Location Accuracy tool does not appear as an option on the Operate > Operational Tools > Wireless menu when the Advanced Debug option is not enabled.
  To enable the advanced debug option in Prime Infrastructure:
  Step 1 In Prime Infrastructure, choose Operate > Maps .
  Step 2 Choose Properties from the Select a command drop-down list, and click Go .
  Step 3 Select the Enabled check box to enable the Advanced Debug Mode. Click OK.
  Note If Advanced Debug is already enabled, you do not need to do anything further. Click Cancel.
  Use the Select a command drop-down list to create a new scheduled or on-demand accuracy test, to download logs for last run, to download all logs, or to delete a current accuracy test.
  Note • You can download logs for accuracy tests from the Accuracy Tests summary page. To do so, select an accuracy test and from the Select a command drop-down list, choose either Download Logs or Download Logs for Last Run. Click Go.
  The Download Logs option downloads the logs for all accuracy tests for the selected test(s).
  The Download Logs for Last Run option downloads logs for only the most recent test run for the selected test(s).
  Scheduling a Location Accuracy Test
  Use the scheduled accuracy testing to verify the accuracy of the current location of non-rogue and rogue clients, interferers, and asset tags. You can get a PDF of the test results at Accuracy Tests > Results . The Scheduled Location Accuracy report includes the following information:
  A summary location accuracy report that details the percentage of elements that fell within various error ranges.
  An error distance histogram.
  A cumulative error distribution graph.
  An error distance over time graph.
  A summary by each MAC address whose location accuracy was tested noting its actual location, error distance and a map showing its spatial accuracy (actual vs. calculated location), and error distance over time for each MAC.
  To schedule a Location Accuracy test:
  Step 1 Choose Operate > Operational Tools > Wireless > Location Accuracy Tool.
  Step 2 Choose New Scheduled Accuracy Test from the Select a command drop-down list.
  Step 3 Enter a test name.
  Step 4 Choose an area type, a building, and a floor from the corresponding drop-down lists.
  Note Campus is configured as Root Area, by default. There is no need to change this setting.
  Step 5 Choose a beginning and ending time for the test by entering the days, hours, and minutes. Hours are entered using a 24-hour clock.
  Note When entering the test start time, be sure to allow enough time prior to the test start to position testpoints on the map.
  Step 6 Choose a destination point for the test results. (If you choose the e-mail option, you must first define an SMTP Mail Server for the target email address. Choose Administrator > Settings > Mail Server to enter the appropriate information.)
  Step 7 Click Position Testpoints .
  Step 8 On the floor map, check the check box next to each client, tag, and interferer for which you want to check location accuracy.
  When you check a MAC address check box, two icons appear on the map. One represents the actual location and the other represents the reported location. If the actual location for an element is not the same as the reported location, drag the actual location icon for that element to the correct position on the map. (You cannot drag the reported location.)
  Step 9 (Optional) To enter a MAC address for a client, tag, or interferer that is not listed, check the Add New MAC check box, enter the MAC address, and click Go .
  An icon for the newly added element appears on the map. If the element is on the location server but on a different floor, the icon appears in the left-most corner (in the 0,0 position).
  Step 10 When all elements are positioned, click Save.
  Step 11 Click OK to close the confirmation dialog box.
  You are returned to the Accuracy Tests summary page.
  Step 12 To check the test results, click the test name, click the Results tab in the page that appears, and click Download under Saved Report.
  Running an On-Demand Location Accuracy Test
  You can run an On-Demand Accuracy Test when elements are associated but not prepositioned. On-Demand testing allows you to test the location accuracy of clients, tags, and interferers at a number of different locations. It is generally used to test the location accuracy of a small number of clients, tags, and interferers. You can get a PDF of the test results at Accuracy Tests > Results . The On-Demand Accuracy Report includes the following information:
  A summary location accuracy report that details the percentage of elements that fell within various error ranges.
  An error distance histogram
  A cumulative error distribution graph
  To run an On-Demand Accuracy Test:
  Step 1 Choose Operate > Operational Tools > Wireless > Location Accuracy Tool.
  Step 2 From the Select a command drop-down list, choose New On demand Accuracy Test.
  Step 3 Enter a test name.
  Step 4 Choose an area type, a building, and a floor from the corresponding drop-down lists.
  Note Campus is configured as Root Area, by default. There is no need to change this setting.
  Step 5 Choose a destination point for the test results. (If you choose the e-mail option, you must first define an SMTP Mail Server for the target email address. Choose Administrator > Settings > Mail Server to enter the appropriate information.)
  Step 6 Click Position Testpoints.
  Step 7 To test the location accuracy and RSSI of a particular location, select client, tag, or interferer from the drop-down list on the left. A list of all MAC addresses for the selected option (client, tag, or interferer) is displayed in a drop-down list to the right.
  Step 8 Choose a MAC address from the drop-down list, move the red cross hair to a map location, and click the mouse to place it.
  Step 9 From the Zoom percentage drop-down list, choose the zoom percentage for the map.
  The X and Y text boxes are populated with the coordinates based on the position of the red cross hair in the map.
  Step 10 Click Start to begin collection of accuracy data, and click Stop to finish collection. You must allow the test to run for at least two minutes before stopping the test.
  Step 11 Repeat Step 11 to Step 14 for each testpoint that you want to plot on the map.
  Step 12 Click Analyze Results when you are finished mapping the testpoints, and then click the Results tab in the page that appears to view the

• Prime Infra. 2.0 SSH and SNMP access to devices

  New Prime Infrastructure install. I am trying to discover my routers and switches.  From the Operate and Discovery section, I can "Quick Discovery".  I am given the option set the SNMP string.  After the discovery completes, I am add SSH credentials to each (individually) device.  Is there a method to set the SSH parameters ahead of time or via bulk?
  Thanks    

  Excellent idea.  Thanks.
  I suspect the "discovery settings" will allow SSH to be added but I haven't been able to make it work.  From the discovery settings section and after I enable SSH, I am asked to provide an IP address along with the username and password.  I get the username/password but I don't understand why an IP address is needed.
  Either way, the bulk add is pretty easy.
  Thanks again!

• Netflow is not showing on prime infra 1.2 and also reports are not generating

  Hi friends,
  I add my router to cisco prime for netflow and configured it by temelate as mentioned by cisco in deployment guide. I got netfloe till last friday but today i am getting anyflow on prime.
  second I am not able to generate raw netflow.
  how can i removed any device from data sources ifthis is nolonger present there. for better understanding i am also ataching the snapshot.

  Hi,
  Thanks
  Yes I have configured the command “aaa accounting exec default start-stop group tacacs+”
  As I have mentioned all the other reports are working. Which user and when he has logged in and what commands he has used. Only the TACAS+ Accounting and logned user is not working.
  Regards,
  Vineet