Router Source address for ACS Server
Does anyone know how to configure a router(MSFC in this case so the same ip address is sent to the ACS server for authenticating. The source address may not always be the same depending on the path taken, If the source address isnt an ip address configured for one of my devices the acs server rejects the attempt and the router defaults to local login. I tried settigng a loopback address and always telnetiing to the loopback address however the source address from the MSFC is not the loopback I have 38 vlans, snd i suppose i could configure thoe ip addresses under a device, however if iI add a vlan then I must remember to add that vlan to ACS. Im sure there is a simpler way to address this, I just cant seem to find the configs needed on the MSFC to make it work.
Any help will be greatly appreciated.
Thanks
Hi,
Sounds like you need:
ip tacacs source-interface interface-name
(or ip radius source-interface interface-name)
It's recommended to use a loopback interface, so this would give you (assuming loopback0):
ip tacacs source-interface loopback0
HTH - plz rate if it does
Andrew.
Similar Messages
-
7.4.1 fails "No Address for NTP server"
Did all the upgrades to Airport utility and firmware but couldn't get the AEBS to recognise a valid IP address even though it has leased one. In addition, I looked at the logs and saw the error message 'No Address for NTP server'. The issue was solved by reverting, but 7.4.1 has made my AEBS inoperable.
Thanks for your replies, much appreciated.
-
Different Source Address for a SNMP trap paquet
We use a common platform to manage the CISCO routers for several customers. We are using to manage the devices w/ a loopback address as source of snmp paquet.
We use something like this ...
Router(config)#snmp-server host 172.25.1.1 ORATRAP
Router(config)#snmp-server trap-source loopback0
Router(config)#end
Now, there is some customers that request us to receipt the snmp-traps w/ an ip source of their own ip space (192.168.2.x/24).I cannot imagine how this can be achieve?... Please any idea?. Thks. Eduard.Thks., for your help. This is important matter to us. We also working in the idea of snmp track collector close to our own NMC... but this may cost also money... . So, we are going to try another approach first..
Somewhat like this below....
snmp-server enable traps
snmp-server informs
snmp-server source-interface traps
snmp-server source-interface informs
snmp-server host traps version 1 community string publicCust
snmp-server host informs version 2 community string publicBT
For the get's every MNC sends to the declared IP, so We thing that will use the same IP in answer.
I will let you know. Eduard. -
Change network address of acs server
Put in a new backup ACS server and the senior guy put in temp host address. Now
need to change the temp host address to its permanent address but need a little clarification. Do you just change it in the Windows srvr 2003 tcp/ip stack or do you need to change it also inside the CSACS app?? Can't find it in the manuals easily.Yes you'll need to change ACS config. Just locate the AAA Server entry for the server (in Network Config) and set the ip address to the new value.
Or you can always just enter the server name instead in case the address changes again.
tip: in network config you can enter DNS names instead of ip addresses for devices & aaa servers. -
My confusion is about the source address that voice packets assume for a FXS port in a Ciso router.
I am pasting relevant configuration from 2 routers below.
For the 1st router I have the session targets in the dial peer config as the loopback addresses but the QoS is working using a access-list where the source address is the serial ip.
While in the other router I am getting no packet matches for either the loopback ip or the serial ip.
ROUTER 1
class-map shell_voip
match access-group 170
policy-map shell_voip
class shell_voip
priority 64
class class-default
fair-queue
random-detect
interface Loopback0
ip address 10.66.12.25 255.255.255.255
interface Multilink101
mtu 100
bandwidth 1544
ip address 10.66.50.14 255.255.255.252
no ip mroute-cache
load-interval 30
service-policy output shell_voip
no cdp enable
ppp multilink
ppp multilink fragment-delay 20
ppp multilink interleave
multilink-group 101
access-list 170 permit udp host 10.66.50.14 range 16000 35000 any range 16000 35000
access-list 170 permit tcp any eq 1720 any
access-list 170 permit tcp any any eq 1720
voice-port 2/0
cptone IN
voice-port 2/1
input gain -6
cptone IN
dial-peer voice 1 pots
destination-pattern 40
port 2/0
dial-peer voice 100 voip
destination-pattern 10
session target ipv4:10.129.67.105
dial-peer voice 2 pots
destination-pattern 99
port 2/1
dial-peer voice 102 voip
destination-pattern 11
session target ipv4:10.129.67.105
ROUTER 2
no voice hpi capture buffer
no voice hpi capture destination
class-map match-all Vsp_voice
match access-group 160
policy-map Vsp_voip
class Vsp_voice
priority 32
class class-default
fair-queue
random-detect
interface Loopback0
ip address 10.65.10.121 255.255.255.248
interface Multilink60
ip address 10.65.50.246 255.255.255.252
service-policy output Vsp_voip
load-interval 30
no cdp enable
ppp multilink
ppp multilink fragment delay 10
ppp multilink interleave
ppp multilink group 60
access-list 160 permit udp host 10.65.50.246 range 16000 35000 any range 16000 35000
access-list 160 permit tcp any eq 1720 any
access-list 160 permit tcp any any eq 1720
voice-port 2/0
cptone IN
voice-port 2/1
cptone IN
dial-peer cor custom
dial-peer voice 9 pots
destination-pattern 1101
port 2/0
dial-peer voice 10 pots
destination-pattern 1102
port 2/1
dial-peer voice 5 voip
destination-pattern 8901
session target ipv4:10.196.3.57
dial-peer voice 6 voip
destination-pattern 8902
session target ipv4:10.196.3.57You may want to refer to the following link.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a0080080115.html
Your dial peers are using H.323, your source will be what ever interface is used to exit the router as determined by the routing table.
You could also use a debug IP packet to have a look at your source and destination if you are unsure.
For this case you may want to just apply:
h323-gateway voip bind srcaddr 10.66.12.25 on Router 1 and h323-gateway voip bind srcaddr 10.65.10.121 to Router 2. Rememeber to put them under the loopback interface. -
DNS fails using router IP address as DNS server address with static IP
This is my first experience with a Linksys router so it might be normal behaviour but just wanted to check. With a WRT54G2 router I have a few PC's I want to use static IP. Up till now with other brand routers including Belkin and Dlink, I have been able to just put the router IP address in as the address of the DNS server when I use static IP. This seemed to work initially with the Linksys but now for some reason, if I don't code the IP addresses of the DNS server provided by my ISP, DNS lookup fails. If I use DHCP for the PC's there is no problem.
Is that normal behaviour or is there something wrong I am doing?
Thanks
LarryI decided to upgrade my Linksys 54G router to a "Ultra RangePlus Wireless-N Broadband Router (WRT160N)Version 1" . I have had problems with the wireless (as far as I know just wireless portion) connection dropping. I have done some searching I was able to find some settings to try, and it did work better, but not for too long. I have this router within arm reach away, so it's not a distance issue. I have tried many things for about the last 6months or so.
As a last resort, and I do mean last resort and against my better judgement I purchased " Dual-Band Wireless-N Notebook Adapter (WPC600N) Version 1". I was hoping it was a compatibility issue, but there was no difference.
I have heard of trying older firmware, but I can't find any.
I have been a Linksys fan for quite sometime, but as of recently I am thinking of reconsidering if I can't get this resolved with out spending any more money. -
I have 2 websites and 1 IP address for my server, how do I set the DNS up?
I am having trouble following the boards and the Server Admin instructions to make sure I can activate a website.
IP address for the Snow Leopard Server on a mac mini
Server Settings for Web has the 2 domain names listed pointing to the same IP address and same port 80.
How do I point the DNS correctly to the domain I want to respond? www.ziggythewinegal.com
If you put the IP address in a browser, it returns the default domain which is just the apache/osx server page. 64.142.85.71
If you put the first domain name in a browswer, it does the same. www.JoelQuigley.com
How do I setup the DNS to www.ziggythewinegal.com which is in the folder WebServer>ziggy>index.php ?64.142.85.71 has an existing public DNS translation, so you'll be adding DNS CNAME (alias) records for the each of the additional hosts into your public DNS at WorldNIC DNS servers.
Your local host either isn't running DNS, or it's running local DNS. If it's running local DNS, then hopefully it's not running with the same domain name as your public DNS services; that you have an external DNS zone and an internal DNS zone, with an external DNS domain and an internal domain name. If you are running DNS locally and are using the same domain name for internal and external DNS servers, then you'll also need to add the translation for the new web sites into your local DNS server configuration.
Once the translation is added, add - as John Lockwood indicates - Sites into your web server.
The numbers of folders can vary. Different sites may or may not be in the same folder, depending on what you're doing. Multiple ttraditional static HTML web sites are probably stored in separate folders. A single site with several names can be in the same folder. A web content management system (CMS) can be stored in one folder.
If you have a firewall here (and you should), then you may need some additional steps. Particularly if you're running NAT, and don't already have rules and port-forwarding enabled on the server. Given it appears you're using mail with this server, there are likely some rules in place, though you'll need to confirm that port 80 TCP and possibly port 443 TCP are (also) being forwarded for your web services.
Here is a write-up on adding what Apple calls Sites and what Apache calls virtual hosts. -
Finding the IP address for email server
Thanks, where would I find that in the management console? Tha name? It is housed on a domain controller. So would the name be the name of the DC?
I am attempting to configure some printers to scan to email. It is asking for the mail server IP address. We have a "webmail" (mail.businesname.com) address that users can check email from when away from their work pc or phone. The Exchange management console is on a domain controller, which is on a seperate network (different state). The ip for the DC which it is housed is something like 192.168.4.xx and our network is 192.168.2.xx.
I wouldn't use the IP address for the DC where the Exchange console is housed would I? I also pinged the mail.businessname.com and got an ip address but am not sure about which is the mail server address and/or how to find it?
This topic first appeared in the Spiceworks Community -
How enable read only access for ACS server itself
Hi,
We would like to know whether its possible to create a read only access to the ACS server. Currenlty ACS server has a generic login with full admin rights.
We need to create a login to couple of users to log into ACS to check the "Report and Activity" tab. Access to all other tabs should be disabled.
We are using ACS4.0 verison. Please let me know whether its possible.
Thanks
NachiHi,alexchy8
We can make use of 2 PowerShell commands to achieve this goal.
Add-MailboxPermission and Add-MailboxFolderPermission.
Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
You can read the following article as reference:
http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards. -
How to re-route source & gate for Buffered Period in DAmx
I am trying to write a DAQmx program that does the follow :
(1) creates 1 PulseTrain task; this task routes is output to a requested pin with will be used as a SOURCE for a Buffered Period task.
(2) if requested creates a second PulseTrain who's output will be used as the Buffered Period GATE.
(3) the Buffered period task needs to assign ANY SOURCE,GATE and run till its stopped by the user.
Note that this task needs to "sample/read" its data and show it to the user.
My questions are :
(a) is the PulseTrain "output" re-route done OK ?
(b) how to re-route the Period source/gate - I used DAQmxSetChanAttribute, but I an not sure it is right
©) how to make the Period task write the data into "my program buffer" so I do not have to read it when "stop" is pressed.
I try to run with simulated devices on a P4 3.2GHZ running XP :
First TrainPulse - ctr0, out->RSTI0
Second TrainPulse - ctr1, out->RSTI1
Period - ctr2, source=RSTI1, gate=RSTI0
Running this program with a SIMULATED device - OK (data = 0). with the real device - I get error -200141
I included my code.
Attachments:
DaQmx test.zip 147 KBI have a new question
I need to create an event buffered task when the source=80mhz internal card timebase, gate=source of other counter (e.q for counter 1 use 0, for 3 use 2)
I know that with Traditional-DAQ it will look like )see attch file):
Now the convertion to DAQmx :
++++++++++++++++++++++++++++++
void SetupEvent(void)
if ( Internal.P6602_ID == -1 ) return;
sprintf(Chan,"Dev%d/ctr1",Internal.P6602_ID); // channel 1
DAQmxErrChk (DAQmxCreateTask("EventChan1",&DaqmxTasks.PCI_6602[1]));
DAQmxErrChk (DAQmxCreateCICountEdgesChan(DaqmxTasks.PCI_6602[1],Chan,"EventChan1",DAQmx_Val_Rising,0,
DAQmx_Val_CountUp));
DAQmxErrChk (DAQmxSetTimingAttribute (DaqmxTasks.PCI_6602[1], DAQmx_SampTimingType, DAQmx_Val_SampClk) );
DAQmxErrChk (DAQmxSetTimingAttribute (DaqmxTasks.PCI_6602[1], DAQmx_SampQuant_SampMode,DAQmx_Val_ContSamps) );
DAQmxErrChk(DAQmxSetTimingAttribute (DaqmxTasks.PCI_6602[1],DAQmx_SampQuant_SampPerChan, BUF_MAX));
// set source
DAQmxErrChk (DAQmxSetTimingAttribute (DaqmxTasks.PCI_6602[1], DAQmx_SampClk_Src, "/Dev1/80MHzTimebase"));
// and gate
sprintf(msg,"/Dev%d/ctr0Source",Internal.P6602_ID);
DAQmxErrChk(DAQmxSetChanAttribute (DaqmxTasks.PCI_6602[1], Chan, DAQmx_CI_CountEdges_Term, msg,0));
sprintf(Chan,"Dev%d/ctr3",Internal.P6602_ID); // channel 3
DAQmxErrChk (DAQmxCreateTask("EventChan3",&DaqmxTasks.PCI_6602[3]));
DAQmxErrChk (DAQmxCreateCICountEdgesChan(DaqmxTasks.PCI_6602[3],Chan,"EventChan3",DAQmx_Val_Rising,0,
DAQmx_Val_CountUp));
DAQmxErrChk (DAQmxSetTimingAttribute (DaqmxTasks.PCI_6602[3], DAQmx_SampTimingType, DAQmx_Val_SampClk) );
DAQmxErrChk (DAQmxSetTimingAttribute (DaqmxTasks.PCI_6602[3], DAQmx_SampQuant_SampMode,DAQmx_Val_ContSamps) );
DAQmxErrChk(DAQmxSetTimingAttribute (DaqmxTasks.PCI_6602[3],DAQmx_SampQuant_SampPerChan, BUF_MAX));
DAQmxErrChk (DAQmxSetTimingAttribute (DaqmxTasks.PCI_6602[1], DAQmx_SampClk_Src, "/Dev1/80MHzTimebase"));
sprintf(msg,"/Dev%d/ctr2Source",Internal.P6602_ID);
DAQmxErrChk(DAQmxSetChanAttribute (DaqmxTasks.PCI_6602[3], Chan, DAQmx_CI_CountEdges_Term, msg,0));
return;
Error:
Internal.StartStop = OFF;
if ( DAQmxFailed(error) ) DAQmxGetExtendedErrorInfo(errBuff,1024);
StopCallBack();
MessagePopup ("SetupEvent Error", errBuff);
return;
I am not sure this is the way to do it .
Can samebody help ?
Thanks, Galia
Attachments:
AutoScannerDAQCards.c 20 KB -
License Server: IP Address for Virtual Server
Hi everyone,
Our license server is installed at 192.168.1.5 : 30000. Our internal network is able to access the server. Some SAP Business One client are located remotely so they must connect to server through VPN in which the VPN service provided us 10.8.17.5 as server address. If I want to run the SAP B1 from remote, it is asking me the license server selection. I entered 192.168.1.5 - connection with license server failed. I also tried the 10.8.17.5, same thing, the error message is - connection with license server failed. What could be a possible work around for us in the remote site to be able to access the SAP B1 and pass through the License Server Selection window?Please try below link
[https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/smb_searchnotes/display.htm?note_langu=E¬e_numm=0000824976]
[https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/smb_searchnotes/display.htm?note_langu=E¬e_numm=0001135705]
check this also
[https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/smb_searchnotes/display.htm?note_langu=E¬e_numm=0000927541]
Thanks
Kevin
Edited by: Kevin Shah on Nov 20, 2009 2:25 PM -
Change capitalization of e-mail address for ATTYahoo server
I have a very annoying and odd problem with our DSL host rejecting our e-mail. Our host, ATT PacBell uses Yahoo to provide their services. They recently required that we register all the e-mail addresses that we are using to send over their servers. However, we are having ongoing issues with our e-mails not being sent out because the server rejects them.
After many attempts at fixing this with our ISP, we think the problem is that somehow the server is seeing our e-mail addresses with our names capitalized: [email protected] The error message that comes up in Mail shows our address that has been rejected with capitalization. The issue is that Yahoo does not like capitol letters in their e-mail addresses according to the techs.
Now, in our e-mail preferences and in our Address Book, our e-mail addresses are all lower case letters: [email protected] I'm unable to locate anyplace that I can change the entry to lower case. I can't even ever remember using uppercase letters in my e-mail addresses.
Any ideas?Hi, Marcus.
First, I have a hard time believing that Yahoo "does not like capitol letters in their e-mail addresses." I am not saying that you are mistaken and I believe that someone told you that, but upper or lower case letters are interchangeable in the world of Internet messaging. So, I think it is a different problem.
But, is there a way that you can get around the problem? I mean, from your home over your ATT PacBell DSL connection, can't you use your school's email server? (You used XXX.edu as an example, so I am assuming ...)
For example, I have a DSL connection with Verizon. I can send things through their email gateway, but I must authenticate with my Verizon account and password. But, I can also list the mail exchanger for avolio.com as my SMTP server (authenticating with my avolio.com credentials), and likewise for gmail.com.
Can you just send through your university's email gateway and avoid PacBell's silliness?
-fred -
After trusting the promise of Apple that installing and running a Mavericks Server is easy as pie, I bought and installed the server, i.e. just managed to install a folder named "Locker" in adherence to the instructions. Everything else seems "foolproof" - meaning that only fools should believe such promises.
My next step planned is to install the calendar service because currently it makes me mad to run calenders on each computer in my network. Trying so, I manage to perform only a single step: The software requires a mail address for the server, recommends this : com.apple.calendarserver@mactheknife as the address and rejects it immediately. Stop! (Note: I have installed and run Mac networks since the days of Appletalk in 1987.)
I appreciate the great help by the server. But I need to know what I need to do. As easy as pie - may be, but no idea why I should do what. Plase help …Your question is probably better off in the OS X Server section. And I don't know much about this, but shouldn't that address look like something as [email protected]?
-
Is their a way to set the source address for TACACS?
I have about 170 remote sites that I want to use my ACS server (Ver. 3.3) for Autentication/Authorization. I am using 1918 addressing at the remote locations, and at the corporate office. The ACS server is inside the Corporate network, and I am telnetting to the 10.address inside interface of the router at the remote site. It looks for the tacacs server, but does not find it, and fails back to use the local password.
I can ping the IP address of the tacacs server doing a ping with the source IP of the Inside ethernet, and the IP address of the loopback, on the remote router.OK, 16 pages down in the forum, I finally found my answer.
Use the command:
ip tacacs source-interface -
Hi,
I have configured SNS server 3415 for ACS server and assigned an ip address through the first setup command, after that i have assigned my laptop an ip from the same subnet of ACS, tried to access or ping it with no luck, i have disabled the internal FW and antivirus in my lapop.
I have also turned on the ICMP echo and tried to browse through https and http as in the following with no luck
Https:/192.168.1.1/acsadmin.ihave added router ip & hostname as aaa clients,
aaa configuration has been done on Device ,the router is pingable from Acs server, but its not authenticating ,
local user is still active, what could be the issue.the following configuration is givenaaa new-model
aaa group server tacacs+ NACS_Group1
aaa authentication login default group NACS_Group1 local
aaa authentication enable default none
aaa authorization config-commands
aaa authorization exec default group NACS_Group1 if-authenticated
aaa authorization exec NACS_Group1 group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 defaultgroup start-stop group tacacs+
aaa accounting commands 15 defaultgroup start-stop group tacacs+
aaa session-id common
====
tacacs-server host Primary IP timeout 5
tacacs-server host SEcondary IP timeout 5
tacacs-server directed-request
tacacs-server key 7 104D000A061843595F
Hi,
Are you getting any failed attempt messages on cisco ACS when ever you are trying to telnet or ssh on router and have you configured the following command on line vty also
line vty 0 4
login authentication groupname
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
Maybe you are looking for
-
PDF Format Oracle Reports font size is not consistent.
My process is generating the batch oracle Reports. Their key map is: Key1: %* server=server1 userid=xxxs/xxx@xxxx report=D:\sample.rdf destype=file desformat=PDF My process is calling IAS server to generate report. IAS server is generating and saving
-
While updating to iOs5 it stops and says network connection lost or timed out. please help...
I have tried to update my iPad like 3 times and each time after the 2 hours to do it, an error pops up saying that my network connection was lost/timed out. Please help me!!! This is so frustrating
-
IMac & Snow Leopard - Airport internet sharing: WEP only?
Hello guys, happy owner of a 24 inche iMac. Found out I can turn my iMac into a wireless access point by enabling airport internet sharing (system preferences > Sharing > Internet). That's nice because in my setup that would be better than paying for
-
Idoc for Material Master Specific to SAP AFS
Hi All, I have requirement to create & extend the material master from Non-SAP to SAP specific to AFS industry, however can anyone suggest which inbound idoc needs to be configured in details like (Message type, basic type & process code) Also ple
-
How do I eliminate the automatic pop-up created when using the Rectangle Tool?
For some odd reason, Acrobat 9 is now adding a pop-up every time I use the Rectangle Tool. I am using the Rectangle Tool merely to draw a box around text but I do NOT want there to be an associated pop-up. Is there a way to change it so the pop-up