ACS with two IP address?
Hello
We have the CSACS-1121-K9 Cisco ACS 5.4 running chassis, the chassis has four interfaces and I was wondering if I can configure two different ip addresses in different segments to authenticate network devices. This, because we have to manage two different networks.
Thank you.
I use SNS3495 ACS 5.5, and I already have,
I had 3 interface (1 management MMIC, 1 ACS (gui and ssh), 1 officer of AAA services management)
I think this would work on your case.
but we could have only 1 Management (for GUI config and SSH) interface
don't forget to add the static route between networks.
Tags: Cisco Security
Similar Questions
-
VMware device with 2 network cards claiming the same IP address with two MAC addresses
Hello.
I see messages intermittent my gateway network two MAC addresses associated with a virtual machine running on a 5.5 ESXi host for the same IP address.
The virtual machine is a MiTel 3300 controller for a VOIP system. the system is configured with two IP addresses, one on the local network and another with a public IP address in the DMZ. In the network configuration of the 3300, I assigned the address LAN IP at 00: 0C: 29:30:B2:B2 and the DMZ IP at 00: 0C: 29:30:B2:BC (Mac for network devices presented by the ESXi host virtual machine).
On the host, I configured a vSwitch with exclusive access to two physical network adapters on the host machine. The vSwitch is configured with two machine virtual port groups, LAN and DMZ, with access to the physical network interface cards. Tab grouping of groups vSwitch port NIC, I replaced the order of failover of the switch to activate an active NETWORK card only for the Group of LAN ports and the other card NETWORK only for the DMZ port group. (I don't know how the content of the column of networks is determined. Neither is correct for the traffic on the physical switch. If these are configurable, please advise and I'll change the settings). The relevant parameters of vSwitch, groups of ports and VM are distinguished below.
On the virtual machine itself, through the VMWare host, I assigned 00: 0C: 29:30:B2:B2 for the Group of LAN ports and 00: 0C: 29:30:B2:BC to the DMZ group port (best I can tell, anyway, since the MAC address field annoyingly obscures the last two digits of the MAC address - break if I invert the mapping) (, but all seems OK).
The goal here is to make sure that MACs of ports vSwitch the 3300 is listening and sending always correspond to the physical ports that are VLAN Tag by the physical switch to ensure the routing. Generally speaking, it seems that what is happening but, intermittently, we cross one-way calls that suggests a problem of routing between us and our SIP trunk provider; coinciding with these incidents, I get an email along the lines of "the security in the network device has detected a conflict of IP address with two or more devices. The period of INVESTIGATION "DMZ. DMZ. DMZ. DMZ' is claimed by the following clients with MAC addresses: ' 00: 0C: 29:30:B2:B2' ' 00: 0C: 29:30:B2:BC'. »
I did something in the configuration that would lead to this kind of collision intermittent? Have a hacked together a way to do something that could be accomplished in a way that is simpler and more reliable?
Thanks for any idea that you can offer.
Kind regards
J.
I probably don't fully understand your configuration, but it seems that you are not interested in using the collection of NETWORK adapters in the virtual switch of the VM MiTel 3300.
If it is correct, why not create two virtual switches, each with a group of port (LAN and DMZ) unique and with a separate connection of (vmnic2 and vmnic1)?
In general, collection of NETWORK adapters may be used to share traffic between uplinks and ensure that if one of the uplinks connect fails, a virtual machine still has access to the network.
-
Worked fine until a few days ago. We have an account of Yahoo business, with two addresses. Normally, we can see only an e-mail account to the time, and to change the points of view, there is a drop-down list box top left of Yahoo mail which normally allows the selection of the desired account. Now in these last days, by selecting the drop-down list box only will take you to the Yahoo profile update page, not the drop down menu which allows us to change the e-mail account, we want to see. Correct operation is noted in IE9, but neither Firefox 32-bit or 64-bit allows you to select the second email address.
try to read Web sites look bad or display differently they should
-
vCell Setup with two IP addresses and routing
Hello
My networking team suggested the following configuration:
VLAN-Public: first card network load balancing
VLAN-squatting: second nic load balancer
VLAN-front: first and second nic vCloud Cell01 and even for vCloud Cell02
VLAN-Back: vCenter / ESXi / vShieldMgr / SQL / etc.
Traffic / routing between VLAN-front and back - VLANS are possible.
Now, I installed vCell01 with two network cards, each one IP address: 192.168.1.1 and 192.168.1.11.
vCell02 with two network cards, each one IP address: 192.168.1.2 and 192.168.1.12.
Installation was no problem, connect to SQL went smooth.
But then I noticed that I could not reach 192.168.1.11 since the vCenter Server. Which makes sense, now that I think of it, given that traffic from the vCenter for 192.168.1.11 lights eth1, but due to the default gateway will leave on eth0. And vCenter probably won't like that.
My questions:
-Can I solve this through routing changes to the routing of the vCells table?
-Should I do a complete change in my configuration / network design?
-Should I continue and do not worry vCenter being unable to reach 192.168.1.11.
Advice welcome
PS: Using CentOS 6.5
Concerning
Gabrié
I ran into a similar problem with asymmetric routing when I first set up my vCloud multi-homed cells. In my case, the IP address for each interface was on a different subnet, but the approach is the same for your scenario. You must add that some policy based routing using iproute2 commands rules.
Here's a great article that describes the problem and the solution: http://www.linuxjournal.com/article/7291
For your question, you probably want something like this:
Cell01:
/ sbin/IP flush table 1 road
/ sbin/IP flush table 2 road
/ sbin/IP route add default via
dev eth0 table 1 / sbin/IP route add default via
dev eth1 table 2 / sbin/IP rule add from 192.168.1.1/32 table priority 1 500
/ sbin/IP rule add the priority of 192.168.1.11/32 table 2 600
Cell02:
/ sbin/IP flush table 1 road
/ sbin/IP flush table 2 road
/ sbin/IP route add default via
dev eth0 table 1 / sbin/IP route add default via
dev eth1 table 2 / sbin/IP rule add from 192.168.1.2/32 table priority 1 500
/ sbin/IP rule add the priority of 192.168.1.12/32 table 2 600
Good luck!
-
Smartwizard discovered on machine with two IP addresses.
Scenario:
Two isolated networks, with a Win 2012 VM Server that is connected to both.
There is no routing between two networks.6 switches from Netgear, 5 including SmartControl Centre worked almost without problems for this virtual machine. (would prefer not having to reboot to change maps, but that's for another post).
An older GS748T, who discovered Smartwizard has worked on several other machine. Currently, works very well since a Win2008 server, we are looking to retire in the coming year. (It is connected to one network, not both)
I wanted to consolidate the 2012 VM server management, so I installed SWD to him, and it detects all the switches.
I ran SWD on Win2008 area and it always detects very well.
So I guess SWD studying adapter badly on the virtual machine from 2012, but I can't seem to find anywhere to tell SWD which adapter to look through, or any comment about it on the forums.
Anyone has experience with this situation and is there a way to tell which network card to use on a computer with multiple discovery Smartwizard cards?
Thank you for your help.
FYI, SmartControlCenter could not use any interface other than which is connected first of all in windows. No, change the interface of CSC had absolutely no effect! : mad:
In order to have SmartControlCenter find on vLAN.100 of networking switches, I had to do a few windows of the system changes. Fortunately, the effect is immediate and does not require a reboot.
\Control Panel\Network and Internet\Network Connections\
-
Text messages sent with an email address from a touch ipod duplicated on a second ipod touch using a different email address, but the two ipods are controlled by a parent with the same apple ID and password. This has happened recently. My two girls have used their respective ipods and texting, without their messages of duplication for each of the other ipods for more than a year. Somehow recently, both addresses seem to be synced with them or something, so that both see each and other messages. I've recently updated two ipods, iTunes on my computer--not the cloud and added music for two ipods, but has not changed anything by email email settings or message I know. Help, please!
Welcome to the Apple community.
I can't fully follow how you have everything set up, but a glance at the settings > messages > send & receive
-
Can I run outlook and outlook Express on the same computer with two different e-mail addresses?
My e-mail with outlook express and my wife with outlook email address.
Yes. You can run them with the same email address as well.
-
I have two email addresses, how do I get my second address
I have two email addresses, how do I get my second address
Just add the two addresses of Thunderbird. The first time you run it, it will ask you to create an account.
Later, you can go via file | New | Existing account Mail and add another.
Or tools | Accounts settings | Accountable for the Actions and add a Mail account.
Or Application Menu. New Message | Add an existing account.
"application Menu" means that the button with the three lines! Looks like a hamburger.
-
another network with my Ip address?
A message appeared saying: "another network has the same IP as this PC, I checked the network administrator and conducted an audit and found no problems.
I also checked for antivirus updates and no problems were found. I recently signed up for Yahoo. This has something to do with the IP address?
Hello Silvia,.
I don't see how to sign up for Yahoo this would cause. Although this is stated in the reference below, it is IMPOSSIBLE to have two identical IP addresses on the internet. There are sometimes common sense as well as the technical reasons for this. You can read or skip to the next section you choose covering some basic concepts of networking that can help as I don't know where you are in terms of networking knowledge. This could be much too basic or even above your head. The answer to your question follows this section with an article that will probably the thing and then a search for related sites that cover this problem if this article isn't enough.
******************************************************************
It is a phenomenon of local network because all local networks use one of three ranges for the allocation of addresses TCP/IP based on the number of computers should be connected. For home use, it is usually begins with 192.168. and two other numbers that are limited by a set of rules. Most people use 192.168.000.001 (or which is written 192.168.0.1 as address of the router (or gateway) and the local DHCP server, Server DNS and WINS Server (often assigned and controlled by the router, but sometimes by a computer instead for various reasons). Then network (DHCP server) Configuration is used to assign a range of acceptable numbers for computers that use this number.
Most people allow these numbers are dymically assigned by the DHCP server to keep things simple - so that a specific computer may change from time to time. Some devices need an assigned static address (which is reserved for this device which always uses and nothing else is never assigned it on this network because two that are the same on the same network would have caused a problem such that the communication would not have an idea that you choose if selected). An example might be a stand-alone network printer where the configuration of the printer on any computer using it could be a nightmare if not to change the address of the printer and that nobody was able to connect to it - then it becomes static and then all computers use this address and since it never changes which avoids printer problems. Another example is the above router other than the same problems occur whenever the computers tried to connect to the internet or connect to what be it through the router.
Now, if you have two LANs linked together, a problem starts to appear as both may have been implemented with the same philosophy and therefore likely to use the same numbers. This is often done using a network http://www.ehow.com/how_5329107_use-router-bridge-two-networks.html bridge or can be done through complex subnets creation of each network (more complicated).
For the more (and perhaps even to understand that, you need to understand the basics of networks.) Here's a search to find some one who can help you get started: http://www.bing.com/search?q=networking%20basics%20tutorial&PQ=Networking%20basics%20&SP=2&QS=AS&SK=AS1&sc=16-26&form=BSRTSS&pc=BBSR.
*******************************************************************
Please see http://answers.microsoft.com/en-us/windows/forum/windows_other-networking/another-computor-is-using-same-ip-adress-as-my/84f10eec-9ff4-4d40-8867-392422367026 which should help explain some things about it (and even if in a forum of Vista, most if not all of it applies to networks in general - so don't worry that).
Learn more (a lot more, actually) on both computers with the same ip address, see the following Bing search which will give you plenty of resources for this, why and how it happens and what to do when it comes to solving things: http://www.bing.com/search?q=two%20computers%20with%20same%20ip%20address&PQ=two%20computes%20with%20&SP=1&QS=SC&SK=&sc=16-34&form=BSRTSS&pc=BBSR.
I hope this helps.
Good luck!
Kosh
-
How to remove the default for a limited only account gateway (with static ip address)
I have 1 pc with 4 accounts 1 account administrator and user the rest is limited accounts. I use a static ip address and the question is how to remove the default gateway on these limited account so that they cannot access the internet
The entry door is fixed to the adapter and selectively cannot set properties of the different adapter for different users, all users use the same adapter.
With Internet Explorer (does not work with other browsers), you can configure a proxy server with a fake address, you can do this through Group Policy, or you can do it manually for each individual user through the Internet Options settings. You can set the proxy server address map of loopback (127.0.0.1) or you can set it to a bogus address of your private address range (usually the range 192.168.xxx.xxx)
If you are using other browsers, you can use NTFS permissions to deny access to the Explorer or the program directory or you can use software restriction policies to deny access to specific programs.
Alternatively, you can use a logon script to activate the network connection service when you open a session and the other to turn it off when you log, but if you do this you will disable the entire network for limited users if it cannot be a solution for them. The script can be a simple two-line script:
Logon script:
SC config Netman start = demand
net start netmanLogoff script:
net stop netman
SC config Netman start = disabledThese can be useful:
http://www.howtonetworking.com/Internet/restrictie11.htm
http://www.christianblog.com/blog/abelajohnb/disable-Internet-access-in-Windows-for-specific-user-accounts/John
-
I have two email address but a friend, who I asked for help, sent many of my answers without paper that I use to communicate with family and friends. Now, I have more 2 000 not open emails and it grows even more every day. Also places like Amazon, etc., invade my Inbox. How can I get a kind of order to places like Amazon, that I always use and continue to receive emails of friends & family. Also, I want to update and use the sites online, but do not want my name or address of the pop until I feel safe with them. How can I do that too?
Thank you
Tim
Hi TimOgle_885,
I suggest that you post your question on the Forums of Windows Live for a better answer to this question. This is a dedicated forum for any questions related to Hotmail and Windows Messenger.
http://www.windowslivehelp.com/product.aspx?ProductID=1
With regard to:
Samhrutha G S - Microsoft technical support.
-
Problem setting up Port Forwarding with two routers.
I can't set up by Linksys RT31P2 and routers port forwarding WRT160Nv3.
My setup is Webstar Modem = RT31P2 = WRT160N = Mac OS 10.6.5. (No configurable modem and ISP do not prevent port forwarding. It comes with two Linksys routers).
I had a Monty Python-going around with the support of Cisco cat; and follow up with telephone assistance in which the agent knew nothing about port forwarding and his supervisor expressed the view that it was not possible with two routers. Sigh.
If anyone can help me with step by step specific and simple instructions to configure routers. I know that the basic procedures. I'm not clear, what exactly changes on routers.
I read that portforward.com has to say and it does not work so I must be misunderstanding something.
The ip address of my computer is 192.168.1.103. Are the last three digits of this speech concluded the two routers in the area on the port forwarding page? What other changes should be done what router?
I know the port numbers that I use are OK because I can implement successfully if I connect to one or other of the routers (but not both), and my software of p2p shows port are open.
Any help and suggestions most welcome.
If you set up as I have suggested that you have only a single LAN that will be using in your addresses * 192.168.15 case. So in your case:
1. change the address LAN IP of 192.168.1.1 to 192.168.15.2 WRT.
2 disable the DHCP server.
3. connect the LAN of the WRT port to port LAN of the RT.That's all. Disable the DHCP server will not affect whatever it is that you're connected LAN - LAN and DHCP server on the RT is still operational.
After the change, previously the WRT computers may require a reboot to get a new address 192.168.15. *.
Your computer to which you are transferring must have an IP static and not dynamic (or variable). Check the current IP information on this computer. It must have an IP address like 192.168.15.103, mask 255.255.255.0, gateway 192.168.15.1 subnet and DNS 192.168.15.1 server or maybe two other IP addresses instead. Note DNS servers if you do not 192.168.15.1.
Then configure a static IP address on the computer. Use something like 192.168.15.10, 255.255.255.0 gateway 192.168.15.1 and the DNS servers you found before.
After this implement 192.168.15.10 port forwarding.
-
DHCP fails with two subnets and RV325 and SG300 - 28 p
DHCP fails to issue addresses in double subnet environment. Please see attached.
Hello
Mr. Ezzell, after reviewing all the screenshots and have a look at your configuration and you are not able to change the arrangement for VIRTUAL LANs, you can try this:
As a work-around to use the router as DHCP VLAN 2 server, you can enable the DHCP server on the router for the VLAN 1, leave 2 IP addresses available, lets say 192.168.1.253 to 192.168.1.254 then go to static DHCP under network and the local network and hire two false addresses to these two IP addresses, so they will not be assigned to all devices. This way you will always be able to use your DHCP server without having to disable the DHCP server on the router
Thank you for pointing out the firmware version very low on your switch, you actually run the firmware that came out of the unit.
Here is a link to the firmware download page:
https://software.Cisco.com/download/release.html?mdfid=283019669&flowid=...
Please upgrade to the following firmware versions:
1.2.9.44
1.3.0.62
1.3.5.58
1.4.0.88Keep in mind that on the 1.3.5.58 version, you must also upgrade the bootcode using TFTP software.
Once you are done with the upgrade of the connection check and see if it works.
-
RV82 Dual WAN and online banking. Packages of two IP addresses
Hi all
I have a set RV082 in place with two different ISPS (load balancing). Some time ago, users began to experience problems with online banking. It seems that the banking system set up more than a 'channel' to/from the end user and that bank systems won't accept that the packets come from 2 different public IP. I solved this by linking all HTTPS traffic to WAN1.
Is this a good solution or is there a better way to deal with this? I'm afraid that it will be 'imbalance' my network as many services like Netflix and Youtube is HTTPS.
Are there other services online that may have problems with a configuration of load balancing?
If WAN1 breaks down. WAN2 will start HTTPS transport even if HTTPS is related to WAN1?
I also have a similar problem with the router alert (goes to wrong ISP each time second), but this seems to be fixed in the latest firmware:
"Authentication of email account is configurable for email alert".Thanks in advance
Jone
Hello James,
Your solution is correct. Certain types of secure connection HTTPS or SSH will not work if you keep changing IP address source, because it breaks the three-way handshake. To avoid that you binding memorandum of installation you have. You can do the same for all other traffic must always go out to a certain port WAN.
If the WAN connection selected for protocol links to crashes, he switched to the other WAN until the connection retrieves.
I have not seen too many online services that have problems with the load balancing is especially with secure connections, namely HTTPS. I tried to access the HTTPS, Netflix, but I could never get an encrypted connection, but your best bet is to monitor and observe the network to see how it affects you.
I mean the line you are citing has to do with the configuration of authentication to an SMTP server to send alerts by e-mail, rather than choose a port WAN to use, however if you protocol links SMTP to the WAN you would use that should no longer be a problem.
Hope that helps,
Christopher Ebert - Advanced Network Support Engineer
Cisco Small Business Support Center
* Please note the useful messages *.
-
Cisco ASA5520 facing ISP with private IP address. How to get the IPSec VPN through the internet?
/ * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-marge-top : 0 ; mso-para-marge-droit : 0 ; mso-para-marge-bas : 10.0pt ; mso-para-marge-left : 0 ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ;}
Hello guys,.
I have Cisco ASA5520 facing the ISP with private IP address. We don't have a router and how to get the IPSec VPN through the internet?
The question statement not the interface pointing to ISP isn't IP address private and inside as well.
Firewall configuration:
Firewall outside interface Gi0 10.0.1.2 > ISP 10.0.1.1 with security-level 0
Firewall inside the interface Ethernet0 192.168.1.1 > LAN switch 192.168.1.2 with security-level 100
I have public IP block 199.9.9.1/28
How can I use the public IP address to create the IPSec VPN tunnel between two sites across the internet?
can I assign a public IP address on the Gig1 inside the interface with the security level of 100 and how to apply inside to carry on this interface?
If I configure > firewall inside of the item in gi1 interface ip address 199.9.9.1/28 with security-level 100. How to make a safe lane VPN through this interface on the internet?
I'm used to the public IP address allocation to the interface outside of the firewall and private inside the interface IP address.
Please help with configuration examples and advise.
Thank you
Eric
Unfortunately, you can only complete the VPN connection on the interface the VPN connection source, in your case the external interface.
3 options:
(1) connect a router in front of the ASA and assign your public ip address to the ASA outside interface.
OR /.
(2) If your ISP can perform static translation of 1 to 1, then you can always finish the VPN on the external interface and ask your provider what is the static ip address assigned to your ASA out of the IP (10.0.1.2) - this will launch the VPN of bidirectionally
OR /.
(3) If your ISP performs PAT (dynamic NAT), then you can only start the tunnel VPN on the side of the ASA and the other end of the tunnel must be configured to allow VPN LAN-to-LAN dynamics.
Maybe you are looking for
-
Cannot start from the CD in my Satellite P300-23F
Hello I'm trying to fix the old laptop from my brother. It's a Toshiba satellite p300-23f. The laptop did not work well, so he bought another. I think he might have a problem with the HARD drive, but I'm not sure about this and want to try to format
-
Devices in the laptop settings and in the bar of charms.
Original title: devices Hello! I'm a little confused by what Microsoft calls devices. On the menu charms there is an entry called devices. This includes only the monitors and projectors. On the Settings of the PC , there is an entry devices as well.
-
I have a table of the adf, I added a column that contains a button that I created, when I click it must remove this row in the table, but it is not, please help
-
How can I create two TTS for 1 slide?
Hi allI want to create two text files in slide 1.When I add a new TTS for a slide, it adds to the original audio file? I want two audio files separated into a slide.Thank you.
-
LR is important only the first 5 pictures
Hello!I'm trying to import my pictures from my Canon EOS1000D but LR import only the first 5 pictures and said then he couldn't read the others. So I close LR and reconnect my camera. Then I can re-import only 5 photos.