REP integration with STP Networks

I would like to know what are the recommended steps that I need to put in interaction one REP ring and a STP Network. This is because I have a ring of Cisco Devices supporting rep, but my others devices aren´t so I need to make a new connection but I don´t wanna create a loop. I know thar ports REP enabled drop STP TCNs.
What would be the best way to do this?, is there docummentation available for this?.
Thanks.
EHP.

Hi,
see this document
http://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/software/release/15.2_2_S/configuration/guide/swrep.html
for device that not support REP you can configure the Edge No-Neighbor Ports
V.

Similar Messages

  • Steps: SNC (Supplier Network Collaboration) Integration with ECC through XI

    Hi,
    Has anyone worked on the SNC(Supplier Network Collaboration) integration with SAP ECC via SAP XI.
    Could you pls share any documentation related to this. And also could anybody tell me the setup required to go ahead with the integration.
    Thanks,
    S

    Hi Xavier,
    SNC integration with XI has predefined mappings. So ask your basis guys to download the XI content for SNC using with PI. Once they deployed you will have a builtin predefined content in XI. Within the predefined content mostly they all are xsl mappings.
    If your requirement is with the standard idocs then you can use them directly. Else if their is customization they you may need to change the mappings according to your requirements.
    Also check this help:
    http://help.sap.com/esoa_scm_snc2007/helpdata/en/index.htm
    Regards,
    ---Satish

  • Integrating Oracle Social Network with ADF Application in UI

    Hello,
    I'm new to ADF as well as OSN, I went through the ADF tutorial (Developing RIA Web Applications with Oracle ADF) and understood a little bit.
    My requirement is to integrate the Oracle Social Network in the ADF web application UI. I found the link "Implementing Oracle Social Network Integration - 11g Release 7 (11.1.7)"
    I'm finding difficulties in following the documentation, particularly the pre-requisites.
    * I use JDeveloper version 11.1.1.7.0 and I have downloaded all updates related to webcenter in my JDeveloper.
    May I request you to add few more screen shots that explain where to enter the Oracle Social Network URL in JDeveloper.
    Else a simple tutorial with screen shots would be a great help!
    Thank you,
    MC.

    MC, the documentation you are looking at is specific to Fusion Apps developers integrating with Oracle Social Network.  If you are looking to do generic ADF development including work against OSN then this is probably not the place to start.  Are you a Fusion Apps developer, or are you an Oracle Cloud Apps customer that has an application and OSN that you are trying to extend?  If you could provide a little more context about what you are trying to achieve we will be able to advise the right route for you to take.
    Thanks,  Andy

  • Network card integrated with motherboard

    Hi!
    Is the network card on a HP dv7-3130eo integrated with the motherboard?
    My networkcard is breaking down, and I get bluescreens often. Now I only use the cable to get online. I've installed the latest drivers and I am almost sure that the hardware is the problem. Is this a common problem?
    /Simon

    DonSimon11 wrote:
    Hi!
    Is the network card on a HP dv7-3130eo integrated with the motherboard?
    Hi,
    You can use Device Manager to work this out, under "Network Adapters". BUT I believe it can be Broadcom or Realtek (which is NOT integrated with the motherboard).
    Regards,
    BH
    **Click the KUDOS thumb up on the left to say 'Thanks'**
    Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

  • ISE integration with Mobile Device Management ( MDM ) help required

    Dear Techies,
         Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
         We are conduction a Proof Of Concept (PoC) on  Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
    Setup Brief :
    =========
          Our Setup has  ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
         Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
    Activity Brief:
    =========
         As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
    Clarifications Required
    ================
    Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
    Wireless Scenario
    MDM can be integrated to ISE ? 
    How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
    What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
    If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
    Is MDM will do client provisioning or ISE should do ?
    Is MDM send or update patches of Mobile Devices ?
    As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
    Thanks for Reading...
    Arun

    I would like to avail your valuable inputs to understand on the  Client provisioning part for the Mobile Devices/ Laptop. I understand  from your reply that MDM integration is not available in the current  release ISE 1.1 - That is correct.
    Kindly let me know your views or any documents on the following scenarios with the current release in mind
    1. User  with Mobile devices connecting to Wireless  ( both Employee  and Guest ) , How the Flow differs for the Employee and Guest.  How the  client provisioning is done ( i.e. Like Posturing  or Compliance Check  ).
    The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
    2. User  with Laptop  connecting to Wireless  ( both Employee  and Guest ). How the client provisioning is done ( i.e. Like Posturing   or Compliance Check ).
    Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
    3. What are advantages of having ISE also in  place for Mobile devices, since most of the Mobile related tasks ( like  Authentication, Authorization, Profiling and  Posture ) are carried out  by MDM. I am checking for the significant advantage of having ISE for  Client network having only Mobile devices. Kindly clarify.
    Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
    4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user  authentication as Open ?
    For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
    There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
    5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
    This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
    You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
    6. We are also looking for VDI  ( Citrix, VMware ) solution for the  client  ( both Employee and Guest ) , how ISE can play a role in  securing the VDI environment.
    For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
    7. Is that any integration required  with Citrix or VMware. How the  VDI can be offered based on the User  role ( i.e. Employee, Contractor or Guest ), since Guest database is  available only with ISE, how the checks are made from the VDI  environment.
    IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
    Our solution demands  MDM in the integrated  solution, As on today ISE cant be integrated with MDM. so what kind of  solution we can propose to have MDM and Cisco ISE .Do the clients now  enter the network should have already installed the MDM agent (or) any  other way of pushing the same to the Client.
    Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Jabber cannot Call - Integration with CUCM/AD

    Dear all,
    I installed CUCM 9.1.1 and CUPS 9.1.1 with Jabber client 9.0.1.
    when I run Jabber on a joined domain PC (login with AD username and password), there are no problem with the calling ability.
    But when I try to use a non-join domain PC (I am using VPN to connect to office network and using my personal PC), only the chatting feature that are available. I cannot loggin to phone accounts and cannot make any calls with my Jabber client.
    Should I use UDS integration with AD?
    Thanks,
    Hasan

    Hi Hasan,
    Can you take a look on this thread:
    https://supportforums.cisco.com/message/3914353#3914353
    If you still have problem connecting, can you try with newer version of Jabber?
    Regards,
    Srdjan

  • Unity Connection Integration with CS 1000 and Meridian 81 - PIMG

    I have a customer who have  (2) Nortel Meridian 81 and (1) CS1000  for their 3 locations along with Octal 350 servicing 2500 voicemail users today. Customer also has a  Cisco UCM in their network today which is servicing their wireless phone users.
    UCM and CS1000 are networked together using Q.Sig trunks today. Customer is looking at replacing their Octal solution with a new Voice mail solution.
    I was looking at integration documents for Unity Connection using PIMG.
    In this  scenario, would I need 3 separate PIMG 's at the three remote sites and integrate it with Unity connection or Can I achieve this using just one PIMG at one of the sites, considering the three sites are trunked together using tie-trunks.
    http://www.cisco.com/en/US/partner/docs/voice_ip_comm/connection/7x/integration/pimg/guide/cucintpimg090.html#wp1051831
    Appreciate any pointers/ help.

    Hi there,
    Just to add a note to the great tips from Hailey (+5 Hailey!)
    We are in the final stages of replacing our "old" Octel with Unity Connection, part of
    which is integrated to our CS1000 and CUCM in a "Hybrid" deployment like yours
    Centralized Voice Messaging
    Cisco Unity Connection supports centralized voice messaging through the phone system, which supports
    various inter-phone system networking protocols including proprietary protocols such as Avaya DCS,
    Nortel MCDN, or Siemens CorNet, and standards-based protocols such as QSIG or DPNSS. Note that
    centralized voice messaging is a function of the phone system and its inter-phone system networking,
    not voice mail. Connection will support centralized voice messaging as long as the phone system and its
    inter-phone system networking are properly configured.
    Setting Up a Nortel Meridian 1 Digital PIMG
    Integration with Cisco Unity Connection
    Attachments:
    cucwithnortel.pdf (308.1 K)
    Centralized voice messaging provides voice messaging services to all users in a networked phone system environment. Connection can be hosted on a message center PINX and provide voice messaging services to all users in an enterprise assuming the message center PINX and all user PINX phone systems are properly networked.For a centralized voice messaging configuration to exist, a suitable inter-phone system networking protocol must exist to deliver a minimum level of feature support, such as:•Message waiting indication (MWI).•Transfer, which ensures that the correct calling/called party ID is delivered to the voice messaging system.•Divert, which ensures that the correct calling/called party ID is delivered to the voice messaging system.Other features may be required depending on how the voice messaging system is to be used. For example, if it is also serving as an automated attendant, path-replacement is needed as this feature prevents calls from hair-pinning.
    http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/design/guide/7xcucdg050.html#wp1053538
    Cheers!
    Rob

  • SharePoint 2013 on-premises integration with third party email account

    the Email sending issue from SharePoint is causing too much time waste 
    First let me explain how our SharePoint is deployed
    Sharepoint version : 2013
    Deployment type : on-premise
    Authentication : from Domain controller also hosted locally 
    domain name ; say domain.com this domain.com is same as our website address hosted on godaddy
    SharePoint computer name on local DNS :  sharepoint.domain.com
    OS and IIS : 2008 r2 , IIS 7.5 
    Network firewall : 25 26 ports  opened for sharepoint , both incoming and outgoing.
    Server firewall : turned off
    Email configuration Attempts by IIS 6.0 
    We tried following setting on IIS 6.0 SMTP local server properties
    In General tab
    qualified name was shown as : sharepoint.dts-solution.com
    IP assigned : sharepoint server IP  , advanced putted two entries of IP with ports as 25,26
    In Access tab
    Authentication : selected as Anonymous 
    Connection : All except below list : empty list
    Relay : only the list below , one entry as 127.0.0.1 and other is local static IP of SharePoint server
    in Delivery tab
    outbound security : Basic authentication : accessed user in AD and given the right password, also checked with annonymous -not working 
    outbound connection: all default values and port = 25
    Advance : fully qualified domain name = sharepoint.domain.com , DNS test showed success, rest every check box unchecked 
    On sharepoint central management settings
    Outbound email = sharepoint.domain.com
    from and reply to address = [email protected] 
    IIS 7.5 SMTP settings 
    In IIS 7.5 sharepoint application we added SMTP settings as smtp server = godaddy out going smtp , user name as [email protected] , password = godaddy password , port : godaddy outgoing port  .
    Godaddy account 
    Our website hosted on godaddy with same name as domain.com
    open relay not possible on emails.
    Results
    After setting alerts on SharePoint sites and assigning tasks with alerts we receive email in queue folder but they never get forwarded. We just wish to use any of our email *.domain.com to send outgoing emails from SharePoint . Its been a while we have no
    success. 
    Tech Learner

    Hi,
    As I understand, you are using SharePoint 2013 integrating with third party SMTP server which provides email function.
    From SharePoint side, I'd suggest you refer to the link below to configure email integration:
    http://technet.microsoft.com/en-us/library/ee956941(v=office.15).aspx
    If you have already confirm that message is sent from SharePoint, while stuck in queue on SMTP server, then the issue might be related to relay on SMTP server. Since the issue is related to third party product, we do not have enough resource here,
    I'd recommend you contact their support engineer for more assistance:
    https://support.godaddy.com/help/category/154/email
    https://support.godaddy.com/help/article/3552/managing-your-email-account-smtp-relays
    Thanks for the understanding.
    Regards,
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected] .
    Rebecca Tu
    TechNet Community Support

  • I do not want integration with IOS or iCloud

    Hello,
    I have a late 2010 27 inch iMac and a first generation iPad.
    I foolishly installed Mountain Lion when it came out and have become increasingly frustrated and irritated with the emphasis on iCloud (I did not install that) and integration with IOS.
    I do not like the way Safari operates in this OS nor the alterations to mail and other applications.
    It seems to be very difficult to revert to Snow Leopard which is what I would prefer to do.
    It also seems that Apple does not understand that some users just want to use a computer in the traditional way and have no interest in social networks or in integrating devices.
    I have been using computers for 25 years and do know what I need. 
    Does anyone have a simple solution to reverting to Snow Leopard and ignoring these latest developments?
    Everyone is urged to back up with Time Machine which is what I have always done - to an external drive.  However, it seems this is useless when wanting to revert to SL as I do so that was a waste of time too.
    Joan

    These programs will make a clone.
    Clone  - Carbon Copy Cloner          (Often recommended as it has more features than some others)
    Clone – Data Backup
    Clone – Deja Vu
    Clone  - SuperDuper
    Clone - Synk
    Clone Software – 6 Applications Tested
    Commonly Used Backup Methods

  • Autodiscover not working correctly when Office 365 integrated with Server Essentials 2012 R2

    Hello!
    This last weekend I setup our server as new and to ease the creation of users, integrated with our Office 365 (which to this point has worked fine) and imported the users. This had a somewhat unexpected side effect in that the import used the email address
    as for the user forename and then synced that change back to Office 365 and so needed to enter this information back in on the dashboard which synced back to Office 365. This may or may not have any relevance to our issue below.
    I should also point out that we have our own domain name so within the original Office 365 setup we had just one .onmicrosoft.com user with all the rest setup with our own domain name.
    At the weekend when it came to the client install, Outlook (2010 or 2013) would fail on the autodiscover with it asking again for credentials but critically displaying a server name of .contoso.com rather than the office365srvr.contoso.com . As I mention,
    Office 365 had been operating fine for some time and DNS records where checked and have been set for sometime. I spoke to Office 365 support and after a while come up with a temporary solution (so that I could complete the client installs) of assigning each
    user a onmicrosoft address, using that in the new account wizard to pick up the server correctly and then signing in the the Office 365 .contoso.com credentials.
    This worked OK to get us past the weekend (although I am having to reset up profiles on quite number of users where they get disconnected but with no credentials box appearing) but isn't a solution. The clients do not see public folders or their archives
    and of course we don't want to keep having to reset the profiles.
    I'm think that there must be something in the internal network that needs reconfiguring but I don't know what. I have tried pointing the client to an external DNS server just in case the internal DNS server was throwing the autodiscover out but this has
    made no difference.

    Ah - solved my own problem.
    Despite the domain DNS record looking OK and the Office 365 Portal domain checker not highlighting any issue, it looks as though the autodiscover is picking up an imap account provided by the web host.
    I've added an alias on the local DNS server to point to the Office 365 autodiscover server and this has solved the problem.

  • Cisco ISE integration with third-party firewalls

    Can Cisco ISE be integrated with a third-party firewall (such as Checkpoint), to provide authentication/authorization services to remote VPN user devices (based on device MAC address)?
    The remote user would establish a VPN connection to a third-party firewall, based on a username/password authentication, but the user would only be allowed to send/receive traffic to the internal network if the MAC address of the device being used was authorized by Cisco ISE.
    Thank you in advance.

    Rui,
    I do not think the vpn client sends the ip address in a called-station-id, that might be the public ip address that the client is initiating the request from. If you have an existing radius server or can run a packet capture you should be able to verify that.
    If the client does send the mac address in the radius packet then you can create a custom condition that can be used to check the mac address along with the username to allow it access to the session. However in VPN deployments there is no concept of profiling since 802.1x deployments usually include the client's mac address.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Ask the Expert: C-Series Integration with Cisco Unified Computing System Manager

    Welcome to the Cisco Support Community Ask the Expert conversation. This conversation is an opportunity to learn and ask questions about Cisco C-Series Integration with Cisco Unified Computing System® Manager (Cisco UCS® Manager) with Cisco experts Vishal Mehta and Manuel Velasco.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (Cisco IMC). When a C-Series rack-mount server is integrated with Cisco UCS Manager, the IMC no longer manages the server. Instead you will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager command-line interface (CLI).
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management. The following are the connectivity modes:
    Dual-wire management (shared LAN On Motherboard [LOM]): Shared LOM ports on the rack server are used exclusively for carrying management traffic.A separate cable connected to one of the ports on the Payment Card Industry Express (PCIe) card carries the data traffic.
    SingleConnect (Sideband): Using Network Controller Sideband Interface (NC-SI), the Cisco UCS Virtual Interface Card 1225 (VIC1225) connects one cable that can carry both data and management traffic.
    Direct Connect Mode: Cisco UCS Manager Version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    Vishal Mehta is a customer support engineer for Cisco’s Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching and service provider.
    Manuel Velasco is a customer support engineer for Cisco’s Data Center Server Virtualization TAC team based in San Jose, California.  He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco UCS, Cisco Nexus 1000V, and virtualization.  Manuel holds a master’s degree in electrical engineering from California Polytechnic State University (Cal Poly) and CCNA® and VMware VCP certifications. Remember to use the rating system to let Vishal and Manuel know if you have received an adequate response. 
    Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation in the Data Center, under subcommunity, Unified Computing, shortly after the event. This event lasts through May 23, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

    Hello Sebastian,
    The different modes of connecting C-Series with UCSM come into play depending on the type of infrastructure you already have along with C-Series and NIC model.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (CIMC) .
    Powerful features provided by Cisco UCS Manager can be leveraged to manage C-Series server by integrating  C-Series Rack-Mount Server with UCSM.
    This not only gives you rich-feature set but also one management plane to operate UCS-B Series Chassis and UCS-C Series Rack Server.
    You will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager CLI.
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management.
    The following are the connectivity modes:
    •  Dual-wire Management (Shared LOM):
    Shared LAN on Motherboard (LOM) ports on the rack server are used exclusively for carrying management traffic. A separate cable connected to one of the ports on the PCIe card carries the data traffic. Using two separate cables for managing data traffic and management traffic is also referred to as dual-wire management.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0100.html
    This mode is recommended when you have C-Server which does not  have or cannot support VIC 1225 card (such C-200 server)
    •  SingleConnect (Sideband):
    Using Network Controller Sideband Interface (NC-SI), Cisco UCS VIC1225 Virtual Interface Card (VIC) connects one cable that can carry both data traffic and management traffic.
    This feature is referred to as SingleConnect.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_011.html
    This most recommended Integration model when using FEX and VIC 1225 card
    •  Direct Connect Mode:
    Cisco UCS Manager release version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    This mode will eliminate the need for FEX module as Servers are directly plugged into the base ports of Fabric Interconnect
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0110.html
    Please let us know if you need more information. Thank you!
    Thanks,
    Vishal

  • WLC not integrating with Radius Server

    Hello world,
    I have the following situation:
    One WLC 2000 Series (software version 7.0.230.0) with multiple SSID`s, one is with 802.1x integrated with a Radius Server.
    Everything worked fine until fiew days ago, when users were unable to logon via they`re certificates on Windows XP.
    The infrastracture didn`t suffer modifications.
    What i have checked: Radius certification isn`t expired, client certification isn`t expired, the password between controller and Radius is correct.
    There are no ACL`s between the WLC and the remote Server. I can ping the devices, other SSIDs on the same controller (wpa/psk) are working correct.
    The AP`s are 1242.
    I have tried deleting the SSID, configure it back. The OS on Windows Server is  2003 Standard. The AP`s are configured H-Reap.
    I have increased the Server Timeout from Radius Authentication Servers from 2 to 30 sec.
    The message logs recived on WLC Trap Logs:
    RADIUS server X.X.X.X:1812 failed to respond to request (ID 161) for client xx.xx.xx.xx.xx.xx/ user 'unknown'
    The message from the debug dot1x aaa enable:
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_CALLING_STATION_ID(31) index=1
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_CALLED_STATION_ID(30) index=2
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_PORT(5) index=3
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_INT_CISCO_AUDIT_SESSION_ID(7) index=4
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_IP_ADDRESS(4) index=5
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_IDENTIFIER(32) index=6
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_VAP_ID(1) index=7
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_SERVICE_TYPE(6) index=8
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_FRAMED_MTU(12) index=9
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_PORT_TYPE(61) index=10
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_EAP_MESSAGE(79) index=11
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_RAD_STATE(24) index=12
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_MESS_AUTH(80) index=13
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df AAA EAP Packet created request = 0x1cff348c.. !!!!
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Sending EAP Attribute (code=2, length=6, id=10) for mobile xx.xx.xx.xx.xx.xx.
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00000000: 02 0a 00 06 0d 00                                 ......
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df [BE-req] Sending auth request to 'RADIUS' (proto 0x140001)
    *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df [BE-resp] AAA response 'Interim Response'
    *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df [BE-resp] Returning AAA response
    *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df AAA Message 'Interim Response' received for mobile xx.xx.xx.xx.xx.xx.
    *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.329: 00:15:e9:33:75:df Skipping AVP (0/27) for mobile xx.xx.xx.xx.xx.xx.
    The messages on Windows 2003 Standard:
    User Y was denied access.
    Fully-Qualified-User-Name = xx.domain.com/Users_T/user
    NAS-IP-Address = X.X>X.X
    NAS-Identifier = Cisco_
    Called-Station-Identifier = ---------------------
    Calling-Station-Identifier = ---------------------
    Client-Friendly-Name = ---------------------
    Client-IP-Address = ---------------------
    NAS-Port-Type = Wireless - IEEE 802.11
    NAS-Port = 1
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = Wireless Policy
    Authentication-Type = EAP
    EAP-Type = Smart Card or other certificate
    Reason-Code = 262
    Reason = The supplied message is incomplete.  The signature was not verified.User Y was denied access.
    Fully-Qualified-User-Name = xx.domain.com/Users_T/user
    NAS-IP-Address = X.X>X.X
    NAS-Identifier = Cisco_
    Called-Station-Identifier = ---------------------
    Calling-Station-Identifier = ---------------------
    Client-Friendly-Name = ---------------------
    Client-IP-Address = ---------------------
    NAS-Port-Type = Wireless - IEEE 802.11
    NAS-Port = 1
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = Wireless Policy
    Authentication-Type = EAP
    EAP-Type = Smart Card or other certificate
    Reason-Code = 262
    Reason = The supplied message is incomplete.  The signature was not verified.
    Can anyone help why i cannot log the users via 802.1x ?

    Okay that is good..... this is what I would do next.  I would create a test ssid that uses PEAP MSchapv2 and create a new policy in IAS that is basic.  Allow 802.1x wireless and user group only and see if you can reconfigure one of the XP machines for PEAP.  Can you also post a screen shot of your polices (connection and network) so we can review it. 

  • CUC 8.5 UM integration with multiple AD Forest

    Hi Guys,
    I need to do a unity connection 8.5 UM integration with exchange 2003 and 2010 in two different AD Forest. AD 2003/exchange 2003 is in one Forest (Account Forest) with 2003 mailboxes on a corporate network AND AD 2008/exchange 2010 is in second Forest (Resource Forest) with 2010 mailboxes in the CLOUD. There is also a trust relationship between 2 AD Forest. As per unity connection 8.x SRND, we must create separate unified messaging services account (AD account) for each Forest.
    Given the above scenario, I think we need 2 AD accounts, one on AD 2003 (for exchange 2003 mailboxes) and second one on AD 2008 (for exchange 2010 mailboxes). However, in this configuration if mailboxes are moved from 2003 to 2010 we will have to manually disassociate the unity connection subscriber mailbox with unified messaging service account (AD 2003 account) and re-associate it with unified messaging service account (AD 2008 account), is that correct? or is there a way to automate this if the mailboxes are moved to 2010 unity connection automatically detects the change?
    Any pointers in the right direction would be much appreciated.
    Thanks

    Can any one comment on this please? Perhaps TAC engineers might be able to provide some insight?
    Thanks

  • Remote WSUS integration with SCCM 2012

    Hi,
    We are currently having WSUS already in place for Patching , but not used at all its just installed.
    can remote WSUS be integrated with SCCM 2012 server which is on different server ? what is the best practice ? is it to have WSUS on same server as Primary server?
    or I decommission it and install a new WSUS on same server as SCCM server.
    what steps have to be taken care if remote WSUS is integrated ? any documents or steps to be taken care .
    Thanks in Advance

    When you install SUPs, they automatically configure the underlying WSUS instance to sync from an upstream server based upon your ConfigMgr hierarchy.
    A couple of notes here though:
    - You generally shouldn't use an existing instance of WSUS for ConfigMgr. Once integrated into ConfigMgr, WSUS should no longer manage approvals, update binary downloads, or update binary distribution as these are all handled by ConfigMgr separate from WSUS.
    Using an existing WSUS instance where this was the case can be problematic at best and will cause unexpected behavior and results.
    - Clients do not choose SUPs based upon boundaries or location so using a remote SUP is typically not beneficial and in many cases will cause additional network load. The exception to this is if the SUP is within a secondary site.
    Jason | http://blog.configmgrftw.com | @jasonsandys

Maybe you are looking for