authenticate the cisco WLC 5508 with cisco ACS 1120 (version 5.0) using GANYMEDE +.

My installation has cisco WLC 5508 and ACS 1120 ver 5.0. How to authenticate users who access to the WLC via the ACS 1120 users GANYMEDE +. I am able to authenticate users for routers and cisco switches, but when I try the same for the CMT, it fails.

Can someone explain please the config/basic steps that must be configured on both services ACS & WLC.

You use plain vanilla 5.0 or have installed patches?

the ACS 5.1 has new GANYMEDE related functionaity, including support for custom services and attributes. If they are necessary for the WLC yo need support it would improve.

He could also relevant corrective patch from calendar 5.0 but I can't find any relevant specific at this stage CDETS

Tags: Cisco Security

Similar Questions

  • Cisco ISE 2.0 and WLC 5508 with 7.6.130.0

    I have looked on the release notes and compatibility n for ISE 2.0 and have not seen the answer to that. For the WLC 5508, the minimum AirOS is 7.0.116.0 but he limited the AAA authentication and support for comments. The recommended version of AirOS is 8.0.121.0.

    http://www.Cisco.com/c/en/us/TD/docs/security/ISE/2-0/compatibility/ISE _...

    What airos 7.6.130.0? I know that AirOS release works with 1.3 and 1.4, even if they show the same support for version 2.0. I'm just afraid that something may have changed with 2.0. I am concerned only about the AAA authentication and guest access. No BYOD, posture or MDM is necessary.

    No change. Works well.

  • restore the configuration of the cisco ACS 1121 ver 5.2 to SNS 3425 ver 5.6

    Dear all,

    We currently have Cisco ACS 1121 ver 5.2 in our production, then we will replace it with the new devices using SNS 3425 ver 5.6.

    Please good to want to help someone can tell you how to restore all the old configuration of devices (ACS 1121 ver 5.2) for the new Member States?

    Best regards

    Yudibagam

    Hello! You must upgrade the current device to a min of v5.4 for restoration work and be supported.

    http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_control_system/5-6/release/notes/acs_56_rn.html

    However, if you're going to go through the upgrade problems then I would say that you upgrade all the way to 5.6 just to be sure :)

    I hope this helps!

    Thank you for evaluating useful messages!

  • Configuration of the Cisco ACS Radius

    Hello

    I'm trying to set up authentication radius on cisco ACS but short question. When I set up my group of network devices in the configuration of the AAA Client as one of ray device groups, my authentications fail with authentication as a failure code"

    CS invalid password' but when I change my group of devices to "Unassigned", everything started working.

    On my AAA client, when authentication fail, I see

    Server RADIUS audit package fails:

    Please note that the AAA client is a non-cisco device.

    Any suggestions?

    It seems that you run ACS 4.x. You are facing this problem because the key is set on the excessive rides of the level (Group of devices network XYZ in your case) NDG key at the level of the AAA client.  Please make sure that you don't have different secret key on the client inside the NDG AAA and on the NDG himself.

    Not affected is working because it has no key defined in the NDG.

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NetCfg.html#wp342738

    "Each device that is assigned to the network device group will use the shared key you enter here. The key that has been attributed to the device when it has been added to the system is ignored. If the Enter key is null, the key of the AAA client is used. »

    ~ BR
    Jatin kone

    * Does the rate of useful messages *.

  • [Cisco ACS 5.2] Disk partitions used by display of the CSA?

    Salvation (and happy new year)

    In Cisco ACS 5.2, there are several disk partitions:

    Which partition is used by the view of the CSA?

    A document that explains all the features of partitions exist?

    Kind regards

    Patrick

    Patrick,

    I'm not aware of a document that explains all the ACS 5.x Disk Partitions. However, I can assure that the display of the ACS are stored on the/opt partition.

    If you have an ACS 5.x on a Production network, one of the requirements is to install using the 500 GB HARD disk. The / opt folder on a 500 GB ACS reserves 347 Go to this folder (/ opt) because it stores the information in view of the CSA (reports and newspapers). It is the large partition as ACS View data includes all the ACS reports.

    I hope this helps.

    Kind regards.

  • Configuration of the Cisco ACS 5.3 AnyConnect VPN and management of a Cisco ASA 5500.

    We have configured a Cisco ASA 5505 as a VPN endpoint for one of our user groups.  It works, but it works too well.

    We have a group called XXX we need to have access to the Cisco AnyConnect Client.  We have selected this group of our Active Directory and added to our ACS configuration.  We've also added a group called YYY that will manage the ASA. However, this group has no need to access the VPN.

    We added XXX movies for the elements of the policy of access to the network-> authorization profiles.  We also have a profile of YYY.

    She continues to knock on our default Service rule that says allow all.

    We have also created a default network access rule. for this.

    I am at a loss.  I'm sure I missed a checkbox or something.

    Any help would be really appreciated.

    Dwane

    We use Protocol Management GANYMEDE ASA and Ray for VPN access?

    For administration, you must change the device by default admin access strategy and create a permission policy. Even by the way, you can change the network access by default for vpn access and create a respective policy for that too.

    On the SAA, you must configure Ganymede and Ray both as a server group.

    For the administration, you can set Ganymede as an external authentication under orders aaa Server

    AAA-server protocol Ganymede GANYMEDE +.

    Console HTTP authentication AAA GANYMEDE

    Console Telnet AAA authentication RADIUS LOCAL

    authentication AAA ssh console LOCAL GANYMEDE

    Console to enable AAA authentication RADIUS LOCAL

    For VPN, you must set the authentication radius under the tunnel-group.

    I hope this helps.

    Kind regards

    Jousset

    The rate of useful messages-

  • Upgrade to Cisco acs 1120 to 4.2.1.15 help

    Hi all

    I downgrade of cisco device 1120 DCC acs 4.2.0.124 5.0, I need to upgrade to acs 4.2.1.15. Is device 1120 cisco acs supports 4.2.1.15, how do I upgrade 4.2.0.124 4.2.1.15.

    There are any server distribution for the upgrade. Please suggest on this, thank you

    Yes, you can upgrade it to 4.2.1.15 and you can download the version from the link below listed;

    http://Tools.Cisco.com/Squish/d4e4A

    Here are the files you need to download:

    ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip

    ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip

    : Note apply the upgrade of management first and then software update. ..

    Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special)

    Upgrade an application of 4.2.1.15

    http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1148376

    I hope this helps.

    Rgds, jousset

    Note the useful posts ~

  • Why I can see all the photos on FaceBook with Explorer and I canoe see some using then?

    When I browse my Facebook using Firefox, I can't see some of the pictures. But when I use Internet EXPLORER I can see all the photos on my FaceBook page. Why is this happening? Magda.

    You are welcome

  • How to specify the location of CSS with BlackBerry S/w Version 4.5

    I use version 4.5 software.

    I'm developing some login pages in html and to specify the location of the CSS file. Documentation, I noticed that the HTML tag does not support the rel attributes or the type attribute that you can set to the style sheet and text/css.

    How can we embark/link CSS in the html file?

    Thanks in advance.

    The link tag should work. Maybe the docs are wrong. Best way is to just try and see what happens.

  • With the help of Photoshop CS5.1 Extended (full version) for commercial use

    Is it permissible? I can't find a license for this version, only CS6, in which I can't find anything definitive.

    Thank you

    Yes. The restriction is to have bought the software don't not to use it.

  • Does Cisco ACS 1113 v4.2 device work with Windows 2008

    Hello

    I have a wireless currently in production infrastructure. All my Cisco LWAP is managed by Cisco WLC. Authentication is done via RADIUS through my device Cisco ACS 1113 running on version 4.2. The Cisco ACS 1113 device communicates with my Windows 2003 Active Directory. Everything is good now.

    Next month, we plan to update Active Directory from Windows 2003 to Windows 2008? Will be all fine and good, or will it be questions? Please advice kindly.

    I saw another post in this community that the States https://supportforums.cisco.com/thread/1003597?tstart=0. I am now confused. Help, please.

    Kind regards

    RAM

    + 60122918870

    ACS 4.2 does not work with Windows 2008R2.  I had a case of TAC open about this, and basically, they told me that I had to switch to 5.2 ACS.   I've been doing demonstrations there and it authenticates with Windows2008R2 very well.

  • Trouble getting a Cisco 2600 series AP to stay connected to WLC 5508

    Hello

    I recently loaded the independent our old APs upgrade to LWAPs.  We have a WLC 5508 to our Virtual Co - Lo and I use Flexconnect to accommodate local switch and dhcp on our sites.  I have updated more than 50 APs and joined them to the controller.  These include only the 1130AG and 1240AG models.  However they work perfectly and stay connected to the controller.  I'm having is with a new batch of 2600 series APs stay connected to the controller.  I tried to do research in what may cause disconnect it but have yet to find a solution.  I use DNS to resolve queries for CAPWAP & LWAPP APs to the controller on our EXTENSIVE network.  Read other messages I thought that this is perhaps a problem with packages to drop but have had our provider that manages Sonicwalls at both ends of the WAN confirm for me that there is no packet loss.  Here are the logs that I collected through the puttty of the WLC & AP.  Any help would be greatly appreciated.

    AP, I do the test on:

    NAME: "AP2600', DESCR: 'Cisco Aironet 2600 Series (IEEE 802.11n) Access Point.

    PID: AIR-CAP2602I-A-K9, VID: V01, SN: FTX1740J8V1

    WLC in question:

    Name of the manufacturer... Cisco Systems Inc..

    Product name... Cisco controller

    Version of the product... 7.3.112.0

    Bootloader Version... 1.0.1

    Retrieving Image Version field... 6.0.182.0

    Firmware version... Console USB 1.3, 1.6 Env FPGA, 1.27

    Build Type....................................... DATA + WPS

    System name... wificontroller

    Location of the system... Corp

    Contact System... Net engineer

    ObjectID of system... 1.3.6.1.4.1.9.1.1069

    Redundancy mode... People with disabilities

    IP Address....................................... 10.250.32.8

    Last Reset....................................... Software reset

    Time system... 190 days 3 hours 34 minutes 24 seconds

    Location of the time zone of the system... (GMT - 5:00) Eastern (USA and Canada)

    The country is set... USA - United States

    Operating environment... Utilities (0 to 40 ° C)

    Limits the internal temperature alarm... 0 to 65 ° C

    -Other - or ITU (q)

    ... Internal temperature 38 C

    Outdoor temperature... + 20 C

    Fan Status....................................... Ok

    State of 802. 11 b network... Activated

    State of 802. 11A network... Activated

    Number of wireless LANs... 14

    Number of Active Clients... 71

    Built-in MAC address... C8:9 C: D: 8 1: 52:E0

    Power supply 1... Currently, OK

    Power supply 2... Absent

    Maximum number of taken access points supported... 100

    Here is the result which leaves on concluded that the AP joins the WLC for a short period and then goes offline

    WT-4thFlr-AP3 #.

    * 15:42:04.419 Dec 14: % 3-CAPWAP-ERRORLOG: County of Retransmission for package exceeded max (CAPWAP_WTP_EVENT_REQUEST

    ., 3)

    * 15:42:11.443 Dec 14: EVT-4-AVT %: write flash: / done event.capwap

    * 15:42:11.483 Dec 14: LWAPP-3-CLIENTERRORLOG %: switch to standalone mode

    * 15:42:11.487 Dec 14: % 3-CAPWAP-ERRORLOG: dating BACK to the DISCOVERY of FASHION

    * 15:42:11.487 Dec 14: % DTLS-5-SEND_ALERT: send FATAL: close notify alert at 10.250.32.8:5246

    * 15:42:11.571 Dec 14: % FEDS-6-persons with DISABILITIES: Signature of IDS is removed and disabled.

    * 15:42:21.575 Dec 14: % 3-CAPWAP-ERRORLOG: MWAR selected ' wificontroller'(index 0).

    * 15:42:21.575 Dec 14: % 3-CAPWAP-ERRORLOG: go join a capwap controller

    * 15:42:12.000 Dec 14: % CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.250.32.8 peer_port: 5246

    * 15:42:14.303 Dec 14: % CAPWAP-5-DTLSREQSUCC: DTLS connection created successfully peer_ip: 10.250.32.8 peer_port: 5246

    * 15:42:14.303 Dec 14: % CAPWAP-5-SENDJOIN: send request to join 10.250.32.8

    * 15:42:15.127 Dec 14: "Promiscuous" from Ethernet mode

    * 15:42:15.535 Dec 14: LWAPP-4-CLIENTEVENTLOG %: OfficeExtend Localssid recorded Flash AP

    * 15:42:15.667 Dec 14: ac_first_hop_mac - IP:10.1.2.250 Hop IP:10.1.2.250 IDB:BVI1

    * 15:42:15.667 Dec 14: AC setting hop first MAC: 0017.c575.a23c

    * 15:42:15.855 Dec 14: % CAPWAP-5-JOINEDCONTROLLER: AP joined controller wificontroller

    * 15:42:15.911 Dec 14: LWAPP-4-CLIENTEVENTLOG %: No. Flex ACL to load map configuration file. To connect to the controller to get the configuration file

    * 15:42:15.911 Dec 14: LWAPP-4-CLIENTEVENTLOG %: No. Flex ACL to load map configuration file. To connect to the controller to get the configuration file

    * 15:42:15.911 Dec 14: LWAPP-4-CLIENTEVENTLOG %: map No. LS Flex to load ACL configuration file. To connect to the controller to get the configuration file

    * 15:42:15.915 Dec 14: LWAPP-4-CLIENTEVENTLOG %: no central Dhcp configuration file map to load. To connect to the controller to get the configuration file

    * 15:42:15.915 Dec 14: % LWAPP-3-CLIENTERRORLOG: connected mode

    * 15:42:23.639 Dec 14: FEDS-6-ACTIVATED %: Signature of IDS is loaded and enabled

    * 15:42:34.615 Dec 14: CLEANAIR-6-State: Slot 0 disabled

    * 15:42:34.615 Dec 14: CLEANAIR-6-State: Slot 1 disabled

    * 15:45:43.783 Dec 14: % 3-CAPWAP-ERRORLOG: County of Retransmission for package exceeded max (CAPWAP_WTP_EVENT_REQUEST

    (. 11).

    * 15:45:43.787 Dec 14: LWAPP-3-CLIENTERRORLOG %: switch to standalone mode

    * 15:45:43.787 Dec 14: % 3-CAPWAP-ERRORLOG: dating BACK to the DISCOVERY of FASHION

    * 15:45:43.787 Dec 14: % DTLS-5-SEND_ALERT: send FATAL: close notify alert at 10.250.32.8:5246

    * 15:45:43.867 Dec 14: % FEDS-6-persons with DISABILITIES: Signature of IDS is removed and disabled.

    * 15:45:53.867 Dec 14: % 3-CAPWAP-ERRORLOG: MWAR selected ' wificontroller'(index 0).

    * 15:45:53.867 Dec 14: % 3-CAPWAP-ERRORLOG: go join a capwap controller

    * 15:45:44.000 Dec 14: % CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.250.32.8 peer_port: 5246

    * 15:45:46.315 Dec 14: % CAPWAP-5-DTLSREQSUCC: DTLS connection created successfully peer_ip: 10.250.32.8 peer_port: 5246

    * 15:45:46.315 Dec 14: % CAPWAP-5-SENDJOIN: send request to join 10.250.32.8

    * 15:45:46.487 Dec 14: "Promiscuous" from Ethernet mode

    * 15:45:49.903 Dec 14: LWAPP-4-CLIENTEVENTLOG %: OfficeExtend Localssid recorded Flash AP

    * 15:45:50.031 Dec 14: ac_first_hop_mac - IP:10.1.2.250 Hop IP:10.1.2.250 IDB:BVI1

    * 15:45:50.031 Dec 14: AC setting hop first MAC: 0017.c575.a23c

    Here are the results of the client debugging capwap event about to access:

    WT-4thFlr-AP3 #debug capwap customer event

    Display debugging EVENT customer CAPWAP is on

    WT-4thFlr-AP3 #.

    * 15:54:58.335 Dec 14: % 3-CAPWAP-EVENTLOG: Echo interval has expired.

    * 15:54:58.335 Dec 14: % 3-CAPWAP-EVENTLOG: sending package to AC

    * 15:54:58.335 Dec 14: % 3-CAPWAP-EVENTLOG: echo sent to 10.250.32.8 request

    * 15:54:58.343 Dec 14: % 3-CAPWAP-EVENTLOG: reset reTransmissionCnt to 0

    * 15:54:58.343 Dec 14: % 3-CAPWAP-EVENTLOG: queue empty.

    * 15:54:58.343 Dec 14: % 3-CAPWAP-EVENTLOG: echo response from 10.250.32.8

    * 15:55:08.000 Dec 14: % 3-CAPWAP-EVENTLOG: setting the time at 15:55:08 UTC 14 December 2013

    * 15:55:25.579 Dec 14: % 3-CAPWAP-EVENTLOG: sending package to AC

    * 15:55:25.587 Dec 14: % 3-CAPWAP-EVENTLOG: reset reTransmissionCnt to 0

    * 15:55:25.587 Dec 14: % 3-CAPWAP-EVENTLOG: queue empty.

    * 15:55:25.587 Dec 14: % CAPWAP-3-Journal of EVENTS: event Wtp 10.250.32.8 response

    * 15:55:25.827 Dec 14: % 3-CAPWAP-EVENTLOG: sending package to AC

    * 15:55:25.835 Dec 14: % 3-CAPWAP-EVENTLOG: reset reTransmissionCnt to 0

    * 15:55:25.835 Dec 14: % 3-CAPWAP-EVENTLOG: queue empty.

    * 15:55:25.835 Dec 14: % CAPWAP-3-Journal of EVENTS: event Wtp 10.250.32.8 response

    * 15:55:55.835 Dec 14: % 3-CAPWAP-EVENTLOG: Echo interval has expired.

    * 15:55:55.835 Dec 14: % 3-CAPWAP-EVENTLOG: sending package to AC

    * 15:55:55.835 Dec 14: % 3-CAPWAP-EVENTLOG: echo sent to 10.250.32.8 request

    * 15:55:55.843 Dec 14: % 3-CAPWAP-EVENTLOG: reset reTransmissionCnt to 0

    * 15:55:55.843 Dec 14: % 3-CAPWAP-EVENTLOG: queue empty.

    * 15:55:55.843 Dec 14: % 3-CAPWAP-EVENTLOG: echo response from 10.250.32.8

    * 15:55:56.000 Dec 14: % 3-CAPWAP-EVENTLOG: setting the time at 15:55:56 UTC 14 December 2013

    * 15:56:25.735 Dec 14: % 3-CAPWAP-EVENTLOG: sending package to AC

    * 15:56:25.743 Dec 14: % 3-CAPWAP-EVENTLOG: reset reTransmissionCnt to 0

    * 15:56:25.743 Dec 14: % 3-CAPWAP-EVENTLOG: queue empty.

    * 15:56:25.743 Dec 14: % CAPWAP-3-Journal of EVENTS: event Wtp 10.250.32.8 response

    * 15:56:25.983 Dec 14: % 3-CAPWAP-EVENTLOG: sending package to AC

    * 15:56:25.991 Dec 14: % 3-CAPWAP-EVENTLOG: reset reTransmissionCnt to 0

    * 15:56:25.991 Dec 14: % 3-CAPWAP-EVENTLOG: queue empty.

    * 15:56:25.991 Dec 14: % CAPWAP-3-Journal of EVENTS: event Wtp 10.250.32.8 response

    * 15:56:55.991 Dec 14: % 3-CAPWAP-EVENTLOG: Echo interval has expired.

    * 15:56:55.991 Dec 14: % 3-CAPWAP-EVENTLOG: sending package to AC

    * 15:56:55.991 Dec 14: % 3-CAPWAP-EVENTLOG: echo sent to 10.250.32.8 request

    * 15:56:55.999 Dec 14: % 3-CAPWAP-EVENTLOG: reset reTransmissionCnt to 0

    * 15:56:55.999 Dec 14: % 3-CAPWAP-EVENTLOG: queue empty.

    * 15:56:55.999 Dec 14: % 3-CAPWAP-EVENTLOG: echo response from 10.250.32.8

    * 15:56:56.000 Dec 14: % 3-CAPWAP-EVENTLOG: setting the time at 15:56:56 UTC 14 December 2013

    Here are the results of debug capwap client package in detail:

    WT-4thFlr-AP3 #.

    * 14 Dec 15:59:01.823: <   start="" of="" capwap="" packet ="">>

    * 15:59:01.823 Dec 14: control of CAPWAP mesg sent to 10.250.32.8, Port 5246

    * 15:59:01.823 Dec 14: Type Msg: CAPWAP_ECHO_REQUEST

    * 15:59:01.823 Dec 14: Msg length: 0

    * 15:59:01.823 Dec 14: Msg SeqNum: 44

    * 14 Dec 15:59:01.823: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:01.831: <   start="" of="" capwap="" packet ="">>

    * 15:59:01.831 Dec 14: mesg 10.250.32.8 Recd, Port 5246 CAPWAP control

    * 15:59:01.831 Dec 14: HLEN 2, Radio ID 0, WBID 1

    * 15:59:01.831 Dec 14: Type Msg: CAPWAP_ECHO_RESPONSE

    * 15:59:01.831 Dec 14: Msg length: 15

    * 15:59:01.831 Dec 14: Msg SeqNum: 44

    * 15:59:01.831 Dec 14:

    * 15:59:01.831 Dec 14: Type: CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, length 11

    * 15:59:01.831 Dec 14: the vendor identifier: 0 x 00409600

    * 15:59:01.831 Dec 14:

    * 15:59:01.831 Dec 14:

    IE: UNKNOWN IT IS ABOUT 151

    * 15:59:01.831 Dec 14: IE length: 5

    * 15:59:01.831 Dec 14: decode the routine unavailable, Hex Dump printing

    * 15:59:01.831 Dec 14:

    52 80 46 00 AC

    * 14 Dec 15:59:01.831: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:20.931: <   start="" of="" capwap="" packet ="">>

    * 15:59:20.931 Dec 14: mesg 10.250.32.8 Recd, Port 5246 CAPWAP control

    * 15:59:20.931 Dec 14: HLEN 2, Radio ID 0, WBID 1

    * 15:59:20.931 Dec 14: Type Msg: CAPWAP_CONFIGURATION_UPDATE_REQUEST

    * 15:59:20.931 Dec 14: Msg length: 93

    * 15:59:20.931 Dec 14: Msg SeqNum: 38

    * 15:59:20.931 Dec 14:

    * 15:59:20.931 Dec 14: Type: CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, length 89

    * 15:59:20.931 Dec 14: the vendor identifier: 0 x 00409600

    * 15:59:20.931 Dec 14:

    * 15:59:20.931 Dec 14:

    IE: RRM_NEIGHBOR_CTRL_PAYLOAD

    * 15:59:20.931 Dec 14: IE length: 83

    * 15:59:20.931 Dec 14: decode the routine unavailable, Hex Dump printing

    * 15:59:20.931 Dec 14:

    00 0 HAS FA 20 08 01 00 07 0A 20 08 03 00 01 FA F4

    01 00 00 3 B4 2ND 2ND 06 94 51 79 25 C7 B2 B4 E7

    22 FD BE F6 04 00 00 00 00 00 00 00 00 50 52 4F

    53 2D 57 69 46 69 00 00 00 00 00 00 00 00 00 00

    00 00 00 00 00 00 00 00 00 00 00 00 00 01 06 0B

    01 01 01

    * 14 Dec 15:59:20.931: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:20.931: <   start="" of="" capwap="" packet ="">>

    * 15:59:20.931 Dec 14: control of CAPWAP mesg sent to 10.250.32.8, Port 5246

    * 15:59:20.931 Dec 14: Type Msg: CAPWAP_CONFIGURATION_UPDATE_RESPONSE

    * 15:59:20.931 Dec 14: Msg length: 8

    * 15:59:20.931 Dec 14: Msg SeqNum: 38

    * 15:59:20.931 Dec 14:

    * 15:59:20.931 Dec 14: Type: CAPWAP_MSGELE_RESULT_CODE, length 4

    * 15:59:20.931 Dec 14: result of Code: CAPWAP_SUCCESS

    * 14 Dec 15:59:20.931: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:21.139: <   start="" of="" capwap="" packet ="">>

    * 15:59:21.139 Dec 14: mesg 10.250.32.8 Recd, Port 5246 CAPWAP control

    * 15:59:21.139 Dec 14: HLEN 2, Radio ID 0, WBID 1

    * 15:59:21.139 Dec 14: Type Msg: CAPWAP_CONFIGURATION_UPDATE_REQUEST

    * 15:59:21.139 Dec 14: Msg length: 111

    * 15:59:21.139 Dec 14: Msg SeqNum: 39

    * 15:59:21.139 Dec 14:

    * 15:59:21.139 Dec 14: Type: CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, length 107

    * 15:59:21.139 Dec 14: the vendor identifier: 0 x 00409600

    * 15:59:21.139 Dec 14:

    * 15:59:21.139 Dec 14:

    IE: RRM_NEIGHBOR_CTRL_PAYLOAD

    * 15:59:21.139 Dec 14: IE length: 101

    * 15:59:21.139 Dec 14: decode the routine unavailable, Hex Dump printing

    * 15:59:21.143 Dec 14:

    01 0 TO FA 20 08 01 F4 00 07 0A 20 08 00 01 0C FA

    01 00 00 3 B4 2ND 2ND 06 94 51 79 25 C7 B2 B4 E7

    22 FD BE F6 04 00 00 00 00 00 00 00 00 50 52 4F

    53 2D 57 69 46 69 00 00 00 00 00 00 00 00 00 00

    00 00 00 00 00 00 00 00 00 00 00 00 00 24 28 2

    30 34 38 3 40 95 99 9 01 01 01 01 01 01 01 A1

    01 01 01 01 01

    * 14 Dec 15:59:21.143: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:21.143: <   start="" of="" capwap="" packet ="">>

    * 15:59:21.143 Dec 14: control of CAPWAP mesg sent to 10.250.32.8, Port 5246

    * 15:59:21.143 Dec 14: Type Msg: CAPWAP_CONFIGURATION_UPDATE_RESPONSE

    * 15:59:21.143 Dec 14: Msg length: 8

    * 15:59:21.143 Dec 14: Msg SeqNum: 39

    * 15:59:21.143 Dec 14:

    * 15:59:21.143 Dec 14: Type: CAPWAP_MSGELE_RESULT_CODE, length 4

    * 15:59:21.143 Dec 14: result of Code: CAPWAP_SUCCESS

    * 14 Dec 15:59:21.143: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:25.547: <   start="" of="" capwap="" packet ="">>

    * 15:59:25.547 Dec 14: control of CAPWAP mesg sent to 10.250.32.8, Port 5246

    * 15:59:25.547 Dec 14: Type Msg: CAPWAP_WTP_EVENT_REQUEST

    * 15:59:25.547 Dec 14: Msg length: 14

    * 15:59:25.547 Dec 14: Msg SeqNum: 45

    * 15:59:25.547 Dec 14:

    * 15:59:25.547 Dec 14: Type: CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, length 10

    * 15:59:25.547 Dec 14: the vendor identifier: 0 x 00409600

    * 15:59:25.547 Dec 14:

    * 15:59:25.547 Dec 14:

    IE: RRM_LOAD_DATA_PAYLOAD

    * 15:59:25.547 Dec 14: IE length: 4

    * 14 Dec 15:59:25.547: slot ccaLoad 0 rxLoad 0 txLoad 0 33

    * 14 Dec 15:59:25.547: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:25.555: <   start="" of="" capwap="" packet ="">>

    * 15:59:25.555 Dec 14: mesg 10.250.32.8 Recd, Port 5246 CAPWAP control

    * 15:59:25.555 Dec 14: HLEN 2, Radio ID 0, WBID 1

    * 15:59:25.555 Dec 14: Type Msg: CAPWAP_WTP_EVENT_RESPONSE

    * 15:59:25.555 Dec 14: Msg length: 0

    * 15:59:25.555 Dec 14: Msg SeqNum: 45

    * 14 Dec 15:59:25.555: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:25.795: <   start="" of="" capwap="" packet ="">>

    * 15:59:25.795 Dec 14: control of CAPWAP mesg sent to 10.250.32.8, Port 5246

    * 15:59:25.795 Dec 14: Type Msg: CAPWAP_WTP_EVENT_REQUEST

    * 15:59:25.795 Dec 14: Msg length: 14

    * 15:59:25.795 Dec 14: Msg SeqNum: 46

    * 15:59:25.795 Dec 14:

    * 15:59:25.795 Dec 14: Type: CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, length 10

    * 15:59:25.795 Dec 14: the vendor identifier: 0 x 00409600

    * 15:59:25.795 Dec 14:

    * 15:59:25.795 Dec 14:

    IE: RRM_LOAD_DATA_PAYLOAD

    * 15:59:25.795 Dec 14: IE length: 4

    * 14 Dec 15:59:25.795: slot ccaLoad 1 rxLoad 0 txLoad 0 0

    * 14 Dec 15:59:25.795: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:25.803: <   start="" of="" capwap="" packet ="">>

    * 15:59:25.803 Dec 14: mesg 10.250.32.8 Recd, Port 5246 CAPWAP control

    * 15:59:25.803 Dec 14: HLEN 2, Radio ID 0, WBID 1

    * 15:59:25.803 Dec 14: Type Msg: CAPWAP_WTP_EVENT_RESPONSE

    * 15:59:25.803 Dec 14: Msg length: 0

    * 15:59:25.803 Dec 14: Msg SeqNum: 46

    * 14 Dec 15:59:25.803: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:30.375: <   start="" of="" capwap="" packet ="">>

    * 15:59:30.375 Dec 14: mesg 10.250.32.8 Recd, Port 5246 CAPWAP control

    * 15:59:30.375 Dec 14: HLEN 2, Radio ID 0, WBID 1

    * 15:59:30.375 Dec 14: Type Msg: CAPWAP_CONFIGURATION_UPDATE_REQUEST

    * 15:59:30.375 Dec 14: Msg length: 17

    * 15:59:30.375 Dec 14: Msg SeqNum: 40

    * 15:59:30.375 Dec 14:

    * 15:59:30.375 Dec 14: Type: CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, length 13

    * 15:59:30.375 Dec 14: the vendor identifier: 0 x 00409600

    SlotId: 0

    Mobile Mac Addr: BC:52:B7:E3:17:CB

    * 14 Dec 15:59:30.375: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:30.375: <   start="" of="" capwap="" packet ="">>

    * 15:59:30.375 Dec 14: control of CAPWAP mesg sent to 10.250.32.8, Port 5246

    * 15:59:30.375 Dec 14: Type Msg: CAPWAP_CONFIGURATION_UPDATE_RESPONSE

    * 15:59:30.379 Dec 14: Msg length: 8

    * 15:59:30.379 Dec 14: Msg SeqNum: 40

    * 15:59:30.379 Dec 14:

    * 15:59:30.379 Dec 14: Type: CAPWAP_MSGELE_RESULT_CODE, length 4

    * 15:59:30.379 Dec 14: result of Code: CAPWAP_SUCCESS

    * 14 Dec 15:59:30.379: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 15:59:30.387: <   start="" of="" capwap="" packet ="">>

    * 15:59:30.387 Dec 14: mesg 10.250.32.8 Recd, Port 5246 CAPWAP control

    * 15:59:30.387 Dec 14: HLEN 2, Radio ID 0, WBID 1

    * 15:59:30.387 Dec 14: Type Msg: CAPWAP_WTP_EVENT_RESPONSE

    * 15:59:30.387 Dec 14: Msg length: 0

    * 15:59:30.387 Dec 14: Msg SeqNum: 47

    * 14 Dec 15:59:30.387: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 16:00:00.387: <   start="" of="" capwap="" packet ="">>

    * 16:00:00.387 Dec 14: control of CAPWAP mesg sent to 10.250.32.8, Port 5246

    * 16:00:00.387 Dec 14: Type Msg: CAPWAP_ECHO_REQUEST

    * 16:00:00.387 Dec 14: Msg length: 0

    * 16:00:00.387 Dec 14: Msg SeqNum: 48

    * 14 Dec 16:00:00.387: <  end="" of="" capwap="" packet ="">>

    * 14 Dec 16:00:00.395: <   start="" of="" capwap="" packet ="">>

    * 16:00:00.395 Dec 14: mesg 10.250.32.8 Recd, Port 5246 CAPWAP control

    * 16:00:00.395 Dec 14: HLEN 2, Radio ID 0, WBID 1

    * 16:00:00.395 Dec 14: Type Msg: CAPWAP_ECHO_RESPONSE

    * 16:00:00.395 Dec 14: Msg length: 15

    * 16:00:00.395 Dec 14: Msg SeqNum: 48

    * 16:00:00.395 Dec 14:

    * 16:00:00.395 Dec 14: Type: CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, length 11

    * 16:00:00.395 Dec 14: the vendor identifier: 0 x 00409600

    * 16:00:00.395 Dec 14:

    * 16:00:00.395 Dec 14:

    IE: UNKNOWN IT IS ABOUT 151

    * 16:00:00.395 Dec 14: IE length: 5

    * 16:00:00.395 Dec 14: decode the routine unavailable, Hex Dump printing

    * 16:00:00.395 Dec 14:

    52 80 81 00 AC

    * 14 Dec 16:00:00.395: <  end="" of="" capwap="" packet ="">>

    Try reducing the mtu on ap 2600.

  • Cisco ACS 4.2: The most important to back up files?

    Dear Sir

    Can you tell me what are the most important files to back up in the Cisco ACS directory?

    Currently, I am only backup (with Symantec Backup Exec):

    C:\Program Files\CiscoSecure ACS v4.2\CSAuth\System backups

    * But, I would like to know if my server crash, can I restore the entire configuration with the files listed in the directory below? (Users, groups, groups of devices, AD, mapping, users, groups,...)

    * The Cisco ACS there change in the Windows registry?

    * Is it necessary to reinstall the Cisco ACS, if I need to put in an emergency on a new server? I guess Yes, because the installation creates services, etc.

    I ask this question because it takes time to install the patches...

    * Or, can I save all the Cisco ACS directory... On a new server, install the Cisco ACS and restore the backup?

    Thank you very much for giving me your experience about it.

    Kind regards

    You should back up the files that come from ACS backups, i.e.

    System configuration > backup GBA, the location that is specified in this section.

    And the default location is the one that already save for example "C:\Program Files\CiscoSecure ACS v4.2\CSAuth\System backups"

    In case you are required to host ACS on a new server, you would be required to re - install the complete application of the CSA and then simply take the last backup and restore in the newly installed ACS. It will be to restore everything users, group etc. to etc. of the external database mappings.

    When you install ACS on a new server, then make sure that if you run them Services ACS with a service account (this is required for the authentication of the window according to your requirement), you would be required to run new services with this account too, and which may require that go you through the following documentation.

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/Windows/postin.html#wp1041202

    Kind regards

    Prem

    Please rate if this can help!

  • [Cisco ACS] 11036 the RADIUS Message Authenticator attribute is invalid

    Hello

    I had a lot of Cisco AP related to Cisco WLC 2.

    On each WLC, I configured a primary and a secondary RADIUS server.

    RADIUS servers are Cisco ACS 5.2.0.26 (patch 10)

    ACS primary and secondary configurations are synchronized.

    There is no problem between primary rules WLC and Cisco ACS (primary and secondary).

    When secondary WLC asks primary Cisco ACS, I get this error "11036 the RADIUS Message Authenticator attribute is not valid.

    WLC secondary contacts automatically secondary Cisco ACS and it works fine.

    Cisco ACS description for this error: "this can be reason of mismatched shared Secrets."

    The two Cisco ACS are synchronized, so I should have the same error on them...

    Why primary ACS generates this error?

    Thanks for your help,

    Patrick

    Patrick: The shared secret mismatch could be on the side WLC, not on the side of the ACS.

    Make sure that the shared secret of the radius primary server is configured correctly on the secondary WLC.

    HTH

    Amjad

    Rating of useful answers is more useful to say "thank you".

  • The upgrade to Cisco ACS SE and Remote Agent

    Hello

    Currently we are upgrading the PDC to Windows Server 2008, Standard Edition R2.

    I am little confused with information available for upgrade scenarios. Appearing on the current working versions.

    Cisco ACS SE - version 4.1 Build 23 5 Patch 1

    Cisco ACS Remote Agent version 4.2 (0.124)

    The new operating system will work on 64-bit, I think that the current ACE SE and the remote agent can / must be upgraded.

    My existing versions, give the possible scenarios of upgrade available for me. After that upgraded SE and Remote Agent should work for the 64 bit OS.

    Thanks in advance!

    Yes, it is not possible to upgrade the ACS ACS 5.2 existing to level 4.1. They are two different boxes run on a different platform.

    Unfortunately ACS 4.x does not support windows 2008 r2.

    5.2 ACS is the only option left, and you will need to buy a new box of seprate with the new licnese for this.

    Concerning

    Bellefroid

    Note the useful messages

Maybe you are looking for