Cisco Secure ACS 5.3 SNMP agent does not

Similar Questions

• Cisco Secure ACS Solution Engine ping

  1. I installed Cisco Secure ACS Solution Engine with V3.3 and I can access via the http port 2002 but I can't it ping from anywhere in the network, but the server can ping every thing, is this normal.

  2. If I can't ping haw I can define the service keeplaive to load balance 2 ACS engine using CSS

  By the way, I forgot that ACS 3.3 device has a CSA integrated. This agent is enabled by default. He explains why you can't ping it.

  For enable/disable it, go to "System Setup Configuration - device. Toggle the checkbox enabled the CSA according to needs.

  http://www.Cisco.com/en/us/partner/products/sw/secursw/ps5338/products_user_guide_chapter09186a008023361d.html#wp859228

  Rgds,

  AK

• Cisco Secure ACS vs IAS in Windows

  Hi all

  I need deploy an AAA for the following situations.

  (1) remote access via Cisco VPN Clients.

  (2) AAA for wireless windows PC in remote areas

  (3) AAA for Cisco switches and routers in remote areas

  (4) authentication with a windows domain

  The the Windows IAS would be virtually free that we already have Windows 2003 domain controllers at each remote site. However, Cisco Secure ACS might also be an option. Not all have experience in these two?

  What are the positives\negatives of each? and limits?

  Does anyone have any information on case study etc. in comparing the two?

  Your help is greatly appreciated.

  Kind regards

  Andy

  PS: There is a limitation in Windows 2003 Standard edition, which limits the number of Radius clients to 50. Although we have more than 50 potential clients in society, no site has more than 50 altogether.

  MS IAS allows you to implement the solution using only the RADIUS protocol

  ACS offers the feature to use RADIUS as well as GANYMEDE.

  Looking 4 solutions you want to implement, only 3rd solution will be a little easier with GANYMEDE, but even once it not something you can not implement using RADIUS.

  On the limitation of Radius client, ACS offers a large database that you can use for customers, so limiting to 50 customers. In addition many many features, you'll love to integrate into your network as the NAP/NAC implementation, made it easier.

  So you need to check if you have the budget, you can go to ACS, IAS on the other can work well for all solutions (except limitation of radius client, I m sure that MS can provide a workaround solution).

  the following link can help you with information on sales of ACS:

  http://wwwIn-nmbu.Cisco.com/thevault/files/1027/5/ACS4.1-Sales-guide%20April%204%202007.htm

• With Cisco Secure ACS for Windows GANYMEDE +, authentication fails with AD

  I'll put up a Cisco Secure ACS 4.2 server to act as a RADIUS server for switches and routers I use Windows 2003 server for the candidate countries.
  and an Active Directory of Windows 2003 server.  The ad server is very good, it is used for many other things.

  I've implemented ACS as defined nit it installation guide, including all the steps in the "Member Server" section of the installation guide
  When you use AD as an external database (e.g. setting up services to run with a domain administrator account, set up a machine called "CISCO"
  on the field, etc.).

  I've set the unknown user policy to use the database of Windows, if the internal database does not contain the details of the user.

  If I add a user to the internal database, authentication goes through fine, with an entry in the journal "Authentication," spent

  02-24-2010, 05:07:03, authentic failed, eXXXX, Network Administrators (NDG), X.X.X.X, (default), internal error, (get the internal error error message)

  I scoured google etc and just cannot come up with any reason why this should be the case.
  I followed all of the installation to the letter guides.  I need to get this up and running as soon as possible,
  so am eager to know if someone can help me with this one!

  Thanks and greetings

  Sharan

  George,

  Internal error is fairly generic, but a common situation, we see this error is when ACS is installed on a

  64-bit computer.  ACS would not work with the active Manager when it is installed on the 64-bit before machines

  ACS 4.2.1.

  -Jesse

• Cisco Secure ACS 4.2 on VMware ESX 4.0.

  We must move from ESX 3.5 to ESX 4.0 a virtual machine running Cisco Secure ACS for Windows version 4.2.

  This solution is compatible and supported by Cisco?

  Thank you.

  Andrea

  ACS Windows 4.2 is not supported by Cisco, when installed on VMWare ESX 4.0 in accordance with the following documentation:

  http://Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/device/guide/sdt42.html#wp37898

  Only ACS 5.1 is supported on ESX 4.0:

  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_vmware.html

• Cisco Secure ACS 4.2 Windows authentication of different domain

  Hello

  I have a Cisco Secure ACS for Windows Server 4.2. The server belongs to a domain and the domain, the users belonging to a certain group are authenticated.

  Now, I have to change the configuration of the server and reassign it to another area. There is no trust relationship between two domains and I would like to know if users can always be authenticated against the previous domain.

  Hello

  First of all, take backup (by measure of precaution in order to restore config if something goes wrong) then continue witht the following:

  -Remove the configuration of the windows domain (group... mapping etc) from the server before changing the field.

  -Change the domain membership, and then restart.

  -follow the missions post-disiez for ACS (see this link): http://tiny.cc/zr6huw.

  -Configure the external database again on GBA (group mapping, strategy unknown user... etc).

  You should note that if the new domain controller is Windows Server 2008 R2, which is not supported by ACS 4.x.

  HTH

  Amjad

  Rating of useful answers is more useful to say "thank you".

• ENE PCI Secure Digital / MMC Card Reader Controller does not

  ENE PCI Secure Digital / MMC Card Reader Controller does not

  I suggest that you go the manufacturer of your computers website and search for drivers chipset update.

  Click Start, type: Device Manager

  Press enter on your keyboard

  Click with the right button on the controller listed in the tree view of the devices

  Click on uninstall

  Restart your computer and let Windows redetect.

• 12 c on the repository server management agent does not start due to a failure of the system

  My environment architecture for 12 c Cloud Control (used for the purpose of personal practice) can be explained as follows:

  @DBSERVER: (OEL6.5, x 86-64)

  -12 c Enterprise Manager Cloud Control (EMCC)

  -Database 11.2.0.4 which acts as a repository for 12 c EMCC

  Monitored host is on a virtual machine (VM12) which is currently in the DBSERVER:

  VM12: (OEL6.5, x 86-64)

  -12 c Management Agent which monitors host and database (12.1.0.1)

  The server worked fine for months until recently when the computer has restarted abruptly. Abrupt restart has occurred several times in the past, but this time, he had a problem when restarting. The DBSERVER when a startup starts the SGC and the AGENT. WHO starts perfectly, but the AGENT does not start. On trying to start the agent, it displays the following error message:

  [orcl11204g@dbserver bin] $. / emctl start agent

  Oracle Enterprise Manager Cloud control 12 c Release 3

  Copyright (c) 1996, 2013 Oracle Corporation.  All rights reserved.

  Starting Agent... failed.

  Manager of target failed to startup: targets.xml was rejected: loaded with a token incorrect agent

  See emctl.log and emagent.nohup in: / home/u01/oemrel3/agent/agent_inst/sysman/log

  [orcl11204g@dbserver bin] $

  The targets.xml file contains the following information, which do not seem to be of any help:

  [orcl11204g@dbserver emd] $ cat targets.xml

  <? XML version = "1.0"? >

  <>targets

  < / objectives >

  [orcl11204g@dbserver emd] $

  Anyone can provide assistance in such circumstances?

  The DBSERVER repository database, the auditor and the who are running, while the agent is down. VM12, listener and agent database is running. Is there another file that should be checked for more information?

  --> $/ AGENT_INST/bin/emctl stop agent

  If the agent does not stop is free then kill all the background process agent first grepping for agent perl and java process only

  --> Move your existing target.xml file

  MV target.xml target.xml.old

  --> Create an empty file targets.xml under/AGENT_INST/sysman/MDTs with the below content

  --> Start the agent of

  $AGENT_INST/bin/emctl start agent

  That starts agent but without all the targets in targets.xml

  To the discovery of targets saw agent console resynchronization

  Concerning

  Krishnan

• Labmanger-"Agents does not.

  Hello

  I have 4.0 running with Labmanager to 75VM. Recently, I changed the pwd of the ESX host root. Today, when I rebooted my server VC, (hosts & VM) evrything work properly via the server Vsphere.

  But I found that the hosts are not connected in the Labmanager. His watch the X symbol in the resource-> tab-> column available hosts. All my VM in the labmanger showing not available States.

  I got the following error in LAbmanager

  "The vCenter Lab Manager agent on the host is not responding. Each prepared host running an agent application. This request of the agent does not respond. This may be due to the breakdown of the network, failure of the host or agent failure. "

  Someone at did you encounter this problem, please provide the solution. We strive to resolve the issue as soon as POSSIBLE.

  Thank you

  Yohanna.

  See the attached file.

• Secure ACS unit and Remote Agents

  Hello

  We test Secure ACS 3.2 device and authentication against AD via remote agents. When two or more remote agents are registered with the device in the network menu, is the pretty smart device to try the second machine remote agent if she can't talk to the first? We tested this failover by stopping the service of the remote agent on the first domain controller where it has been installed. However, failover does not occur. We want to know if this failover is supposed to work, and if so what we need to do to make it work.

  Yoshi Nagase

  Hello

  I implement a solution similar to yours... 2 ACS unit with 2 Remote Agent...

  I set the remote agents on the Network Configuration and the external user DB - database of Windows - Windows Remote selection of the Agent.

  In this menu the value primary and secondary Remote Agent

  HTH

  Omar

• Cisco Secure ACS appliance - impossible to edit... Reason: The host no longer exists.

  Hi team,

  I have 2 camera which I am not able to remove a group of network devices home device.

  When I try to remove the device after error is thrown

  Impossible to edit INMUM-VPE-T1-3rdFloor-3750-S...  Reason: The host no longer exists.

  Running on Version: Cisco Secure ACS4.2.0.124

  One would come in all of these issues. someone knows the solution.

  Concerning

  Vineeth

  Hi Vineeth

  Yes, you can do through GUI.

  The GUI:

  1 ACS gui > network configuration > click on 'Search', then click 'Search' again.

  2. complete list of all network devices. On top, you will see an option "Download".

  Download the complete file.

  Let me know if it helps.

  Thank you

  Nelson Saha

• Cisco Secure ACS groups 5.1 Active Directory and RSA Authentication Manager 7.1 for profiles

  / * Style definitions * / table. MsoNormalTable {mso-style-name: "Table Normal" "; mso-knew-rowband-size: 0; mso-knew-colband-size: 0; mso-style - noshow:yes; mso-style-priority: 99; mso-style - qformat:yes; mso-style-parent:" ";" mso-padding-alt: 0 cm 0 cm 5.4pt 5.4pt; mso-para-margin: 0 cm; mso-para-margin-bottom: .0001pt; mso-pagination: widow-orphan; font-size: 11.0pt; font family: 'Calibri', 'sans-serif"; mso-ascii-font-family: Calibri; mso-ascii-theme-make: minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-make: minor-fareast; mso-hansi-font-family: Calibri; mso-hansi-theme-make: minor-latin ;}"}

  Hello

  I'm deploying an ACS connected to an RSA AuthManager (that is connected to an Active Directory domain)

  I create several groups within the Active Directory server, I try to give to users for their groups different access rights.

  I tried to define an access policy "NetOp/NetAdm" and two authorization rules:

  Rule-1 AD - AD1:ExternalGroups contains all dir. INTRA/groups/NETOP 'Auth for net operators' 0

  Rule 2 AD - AD1:ExternalGroups contains all dir. INTRA/groups/NETADM 'Auth net admin' 0

  Default: refuse

  In the identity, I have configured the RSA identity source, so that users get authenticated by the RSA Authentication Manager.

  But I still refuse to get access, RSA authentication is successful, but the group membership, active directory does not work, even with the unix attributes or group principal defined for the user.

  My question is this valid configuration scenario? Is there another way to define several profiles according to the Group of users of external source?

  The stages of monitoring:

  Measures

  Request for access received RADIUS 11001

  11017 RADIUS creates a new session

  Assess Service selection strategy

  15004 Matched rule

  Access to Selected 15012 - NetOp/NetAdm service policy

  Evaluate the politics of identity

  15004 Matched rule

  15013 selected identity Store - server RSA

  24500 Authenticating user on the server's RSA SecurID.

  24501 a session is established with the server's RSA SecurID.

  24506 check successful operation code

  24505 user authentication succeeded.

  24553 user record has been cached

  24502 with RSA SecurID Server session is closed

  Authentication 22037 spent

  22023 proceed to the recovery of the attribute

  24628 user cache not enabled in the configuration of the RADIUS identity token store.

  Identity sequence 22016 completed an iteration of the IDStores

  Evaluate the strategy of group mapping

  15006 set default mapping rule

  Authorization of emergency policy assessment

  15042 no rule has been balanced

  Evaluation of authorization policy

  15006 set default mapping rule

  15016 selected the authorization - DenyAccess profile

  15039 selected authorization profile is DenyAccess

  11003 returned RADIUS Access-Reject

  Thank you

  Christophe

  I think you need to do is to create a sequence of identity with RSA as a selection in

  Authentication and recovery research list of attributes and AD in the additional attribute list recovery research. Then select this sequence as a result of the politics of identity for the service

• Cisco Secure ACS 5.1 and strong authentication ACS administrators?

  Hello

  Is it possible to authenticate administrators using an RSA SecurID token?

  There is no indication on this issue in the Panel "System Administration > directors > settings > authentication.

  (I'm under Server Secure ACS 5.1.0.44)

  Thank you

  Christophe

  Hi Christophe,

  Unfortunately not.

  The DB supported only for accounts of Administractors is the internal DB of GBA.

  I hope this helps.

  ARO
  Tiago

• ACS Web Interface 5.1 does not

  We have a Cisco Access Control Server (TACACS+ version 5.1) with an additional
  
      2 port NIC card. This produces 4 ports on the ACS server(G0 through G3).
  
  After initial setup of the ACS server with an IP address on G0, I connected a Windows 7
  
      server with IE8 to G0. The ACS web interface appears (after accepting certificate) and I
  
      entered some user accounts and NDGs.
  I then connected the ACS server to a configured port with port-security on our 6500
  
      switch. The port becomes err-disabled since the MAC address does not match up. It appears
  
      that the onboard NIC on the ACS server is bonded thus producing the MAC address issue.
  To fix this connection issue, on the ACS server, I cleared out G0 and setup G2 (additiional
  
      NIC card) with the IP address. After connecting to the 6500 switch, the ACS server port
  
      works fine.
  I removed the connection to the 6500 and connected the Windows server to the ACS.I can ping
  
      the ACS server but the web interface is now unavailable unlike before. I do not get a
  
      certificate warning on IE, it just states that internet not available.
  On ACS, the 'show' status of acs shows all the processes are running and initialized.
  Any help would be appreciated. It has got me stumped as all I did was change NIC configuration
  
      on the ACS server.
  Antonio
  
      

  I wanted to check if the failed to load web interface could also be due to something on the 6500 switch.

  So far:

  You have been able to see the Web interface with the ACS configured on G0 and directly connected to the PC Win 7.

  With the G0 set to ACS, you saw some MAC problem and so no web interface.

  With the ACS configured on G2, you can test the ACS server when it is directly connected and connected to the 6500, but in both cases do not display the web interface.

  So, it seems that you have two options:

  (1) seek to solve your problem of port security 6500.  (You have access to set up the port-security 6500?)

  (2) fix the G2 interface configuration.  If you do not see the web interface with the Win 7 PC directly connected then there is something wrong with the config on GBA.

• SNMP protocol does not work

  Hello

  I installed NMS on the new server (windows server 2008 r2). I turn off the firewall and installed SNMP protocol. There is no firewall between the devices I have try to sane and the server. The SNMP working on the switch.

  However, while I try to add switch NEM does not recognize the SNMP protocol. The error I get "SNMP: does not.

  What can I do about it?

  Best regards

  Victor

  While ensuring.

  There is this document on adding a device

  http://en.community.Dell.com/TechCenter/networking/NMS/w/wiki/6806.adding-devices-by-SNMP

  If you follow this can you please add screen shots of what you see?

  You can pling device? Make sure that you can do in the place where the Agent is running (not sure how your configuration looks like, the agent may be on the server or on a different host).

  In addition, our experts NMS actually monitor the NMS community

  http://communities.quest.com/community/NMS?view=discussions

  If you can repost this question to this community with screenshots that will be very useful.

  Golan