GANYMEDE + and RADIUS - don't either care hostname?

When first experimented with GANYMEDE + I remember to change the host name on a router and have it cause problems with authentication.  Is this normal for GANYMEDE + to use a host name of devices as part of the authentication process? What is RADIUS?

Hello

Nope, neither for the AAA process, we use the host name of the appliance.

Only take care of the source (source IP address) interface, the shared secret and the ports used.

HTH,
Tiago

--

If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

Tags: Cisco Security

Similar Questions

  • Interaction of Ganymede + and radius ACS 2.6 download PIX ACLs

    We have ACS v2.6 running and control our connection to remote, routers and switches access. We are now looking to add support for a PIX firewall internal and want to use downloadable ACS ACL for the PIX. (to control outbound traffic through the PIX for authenticated users)

    We have achieved this help attributes RADIUS of Cisco IOS/PIX

    [009\001] cisco-av-pair on ACS. (and ACL restrictions of access on access to users)

    However the problem we noticed is that any user is valid in our database of CiscoSecure or SecureID can authenticate and gain access to through the firewall, even if they are not allowed to do this (and as it is by default on PIX from inside to outside is allowed unlimited full access).

    Was then imposed restrictions on network access on the CiscoSecure ACS for our PIX - to allow only access of corresponding user groups, but it did not work with RADIUS only GANYMEDE + (I guess that's because the RADIUS does not support approval).

    We must work with GANYMEDE + and the passes of the ACS to the bottom of the ACL number/ID for the PIX for users allowed.

    Question: We want to use downloadable s ACL of ACS for the PIX (for reasons of central support) is possible using GANYMEDE + and if yes how we re CiscoSecure ACS suitable for the ACL example below;

    pix_int list access permit tcp any host 10.x.x.x eq 1022

    pix_int list access permit tcp any host 10.x.x.x eq 1023

    Thank you

    Download ACL works only with the RADIUS, as described here:

    http://www.Cisco.com/warp/public/110/atp52.html#new_per_user

    You can continue to set the ACL on the PIX itself and simply pass the ACL via GANYMEDE number (as shown here: http://www.cisco.com/warp/public/110/atp52.html#access_list), but you can actually spend the entire ACL down via GANYMEDE, sorry.

  • Cisco ISE with GANYMEDE + and RADIUS both?

    Hello

    I'm wired opening of authentication on a network using Cisco ISE. I studied the conditions for this. I know that I need to enable the RADIUS on the Cisco switches on the network. The switches in the network are already programmed to GANYMEDE +. Anyone know if they can both operate on the same network at the same time?

    Bob

    I suppose that Ganymede is configured (with ACS 4.x or 5.x) for the peripheral administration via telnet/ssh, and now you need the RADIUS (radius) to authenticate 802. 1 x. Yes they can both work on the same network at the same time.

    ~ BR
    Jatin kone

    * Does the rate of useful messages *.

  • Can I get a refund on an app? I paid 7:99 for the drinking 2015 of the north pole and it is not working, I also message the and do not receive either the case don't thank you

    Can I get a refund on an app? I paid 7:99 for the drinking 2015 of the north pole and it is not working, I also message the and do not receive either the case don't thank you

    Contact iTunes support and ask them

  • Why am I selling a total of 41 pounds (various titles) in November through Kindle, but not one through iBooks? I don't promote either, and I don't know that there are several iPads out there than Kindle. Apple does not have any promotion?

    Why am I selling a total of 41 pounds (various titles) in November through Kindle, but not one through iBooks? I don't promote either, and I don't know that there are several iPads out there than Kindle. Apple does not have any promotion?

    Why are you asking? It's between you and Apple.

  • Authentication Radius 4.2 ACS and RADIUS Accounting

    Is it possible to configure 4.2 ACS to authenticate users of a wireless network (with autonomous APs) through RADIUS while I use the same ACS to provide the command represent the points of access via GANYMEDE +? This issue came out because when I configure the APs 'AAA Clients' under 'Network Configuration' of the ACS server (necessary config for authentication APs and end users), the authentication method used is the RADIUS (Cisco Aironet) and it prevents the generation GANYMEDE server command accounting reports under "reports and activities > GANYMEDE + Administration.

    Any idea on how to solve this problem?

    Thank you

    Antonio

    Hello

    Need to add a different hostname for the AP... IE, RPOS and APt, where you can use the same IP n but use radius for Ganymede and the other.

    Thank you

    Tarik Admani
    * Please note the useful messages *.

  • I can't begin to describe it, firefox opens Web sites and I don't know why

    Please HELP I've ever had problems with this browser that I use almost exclusively. Now, last week, I'll have nothing but.

    I have windows 7 pro 64 bit. Once again, I uninstalled and reinstalled firefox after it seemed to be going haywire. I set how I want it to look, and I want the toolbar to show, the "file, edit etc." and I usually don't have problems finding how to do that.

    But yesterday, those who have disappeared and I use them too much and I don't know what happened.

    So after I uninstalled and re-stalled, that took care of it.

    BUT now this browser when I open, I open a new tab, which should bring a blank page, it goes to the last site I've been. I have not defined to do so.
    (1) anyone know how to stop this?
    (2) it opens to the home page IF I click on firefox, but a new tab to do exactly this.

    Why is this happening? That is my second question. Can anyone remotely be tampering with this?
How would that happen, if so, and how to I guard against it?
I DO NOT let this save passwords. I don't let any browser do that.
 Last, my email on my phone worked just fine until Friday morning, the last time it synched.
 Now I can't get emails on my phone because it says "password changed" -- what the f****? I didn't change anything, I am getting my emails on my notebook just fine, I have a pin on my phone so I can't fathom what is happening. This NEVER happened with my windows phone. I put in the password, and that was that. No issues.
That strays from Firefox, but it is an overall cause of problems of changes etc. that are making me very concerned. Yes I have macafee security.
LAST if someone had remote access, such as a tech with a company, and you end the access can the remote access ON THEIR END be re-connected?

    THANK YOU MUCH in advance for the help because of firefox and no indication on the other.
    Gina

    Go to your https://support.mozilla.org/en-US/questions/1045739#answer-689209 post and report it as problem solved so that others know.

  • My cd dvd drivers are no longer there and I don't know why

    My cd dvd drivers ae either and I don't know why.  I came back to the system restore and still does not. Why?

    Hello

    1. what operating system is installed on your system?

    2. you remember to change the system before the problem occurred?

    Try the method provided below and check if they help to resolve the issue.

    Method 1:

    If the CD/DVD drive is not able to read or write the data, then you can go to the link below and run the hotfix that should help resolve problems with CD/DVD player.

    Your CD or DVD drive cannot read or write media

    http://support.Microsoft.com/mats/cd_dvd_drive_problems/en-us

  • GANYMEDE + and local access connection

    Basic summary is that I want to have GANYMEDE + and local connection to access router on the vty lines.  So, I did the two groups below.  Goody obviously is what will use GANYMEDE and Console uses the local connections.  I divide them between 0-4 and 5-15.  It seems that whoever is more get first priority for authentication.  If I move the Console to 0-4, knit then the local users and GANYMEDE do not.   If I have Goody at 0-4, then GANYMEDE works, but local doesn't work.  I know I'm missing something simple.  Have two RADIUS servers, I doubt that the two will never back down, but in case I want user names Local to work.   If I apply an access list to 4-0 and use SSH, as well as a list of different access to 5 15 and use telnet, it seems to work that way but doesn't help me if the internet goes down and I am trying to access the router via SSH on-site.

    Thanks in advance.

    David

    AAA authentication login Goody group Ganymede + local
    local authentication AAA Console connection

    Line con 0
    the Console connection authentication
    line to 0
    line vty 0 4
    session-timeout 7
    exec-timeout 5 0
    authentication of connection Goody
    entry ssh transport
    line vty 5 15
    session-timeout 7
    exec-timeout 5 0
    the Console connection authentication
    entry ssh transport

    Hi David -.

    Correct me if I'm not understanding this correctly, but you want to use RADIUS servers for authentication ssh/console type and if they fail, you want the network device to use its local database.

    If that is correct you should not need dividing lines and assign authentication lists. The first tribute that you have:

    AAA authentication login Goody group Ganymede + local

    Lists the Ganymede + and the local database as a possible authentication methods. They will be processed in the order they are configured so that the device will be:

    1. use your servers GANYMEDE +.

    2. If the GANYMEDE servers + inaccessible then the local database is used

    You can test this by assigning 'Goody' to all your vty lines and then do your servers GANYMEDE + unavailable. To do as possible you can:

    -Restart the server

    -Stop the server interface

    -Disconnect the device its uplink network

    -Create a list of access on the uplink interface and connection block to the IP addresses of the servers GANYMEDE +.

    I hope that helps!

    Thank you for evaluating useful messages!

  • Problem with IKEv2 routes w using PSK and RADIUS

    Hello

    I have a 7 881 + (15.2 (4) M2) connected to a 1001 ASR (03.07.01.S) via the Internet. The goal is to set up DVTI on the ASR, use FlexVPN on the CPE and inject crypto IKEv2 itineraries in the VRF on the EP for subnets protected on the SCE when using pre-shared key for authentication and RADIUS to return the attributes.

    I can get the tunnel works fine, but I can't get the cryptographic routes.

    My configs:

    7 881 + CPE:

    Crypto ikev2 keyring Keychain-CPE

    peer ASR

    address

    pre-shared key abcd

    !

    Profile of crypto ikev2 IKEV2-PROFILE-CPE

    match one address remote identity 255.255.255.255

    identity local fqdn cpe.ipsec.net

    sharing front of remote authentication

    sharing of local meadow of authentication

    Keyring key chain local-CPE

    DPD 30 2 periodic

    !

    Crypto ipsec transform-set esp - TFS-AES256-SHA-HMAC-aes 256 esp-sha-hmac

    tunnel mode

    !

    by default the crypto ipsec profile

    game of transformation-TFS-AES256-SHA-HMAC

    profile ikev2 IKEV2-PROFILE-CPE

    !

    Crypto ikev2 client flexvpn FLEX

    Peer 1

    Customer inside Loopback0

    customer connect Tunnel0

    !

    interface Loopback0

    IP 255.255.255.255

    !

    interface Tunnel0

    the negotiated IP address

    source of tunnel Dialer2

    ipv4 ipsec tunnel mode

    dynamic tunnel destination

    tunnel protection ipsec default profile

    PE OF THE ASR:

    Authorization group to the network IPSEC-AUTHOR of AAA AAA-GROUP-IPSEC-RADIUS

    !

    Crypto ikev2 60 2 dpd periodicals

    !

    Profile of crypto ikev2 IKEV2-PROFILE-ASR

    corresponds to fvrf FVRF

    match identity fqdn remote domain ipsec.net

    sharing front of remote authentication

    sharing of local meadow of authentication

    Keyring aaa IPSEC-AUTHOR

    AAA authorization user psk IPSEC-AUTHOR list

    virtual-model 1

    !

    Crypto ipsec transform-set esp - TFS-AES256-SHA-HMAC-aes 256 esp-sha-hmac

    tunnel mode

    !

    by default the crypto ipsec profile

    game of transformation-TFS-AES256-SHA-HMAC

    the value of RADU ikev2-profile

    answering machine only

    !

    type of interface virtual-Template1 tunnel

    no ip address

    source of tunnel GigabitEthernet0/0/3

    ipv4 ipsec tunnel mode

    tunnel vrf FVRF

    tunnel protection ipsec default profile

    Definition of RADIUS user name:

    CPE. IPSec.net

    Tunnel-Password = abcd,

    Framed-IP-Address = 172.16.0.254,

    Box-IP-Netmask = 255.255.255.254,

    Cisco-avpair = "ip:interface - config = vrf forwarding test",

    Cisco-avpair = "" ip:interface - config = address ip 172.16.0.255 255.255.255.254 ","

    Cisco-avpair = 'ipsec:route - value = interface',

    Cisco-avpair = "ipsec:route - value prefix = 32",

    Cisco-avpair = "ipsec:route - accept = any"

    The tunnel interface is coming on the CPE, the virtual access interface is implemented on the ASR. I could use BGP to Exchange routing between EP and CPE information, but I want to use IKE.

    I think the problem is because I don't know how to call a permission policy IKEv2 on PBS (in which I could set up a list of access for the ). But on the CPE, I have the following limitations:

    I want to use PSK for authentication, but no RADIUS server is available. So, the only other option for PSK authentication is a Keyring set locally, as there is no way to use a user name defined locally (local authentication) with a set of keys.

    So how can I trigger an IKEv2 authorization under the profile of IKEv2 policy?

    CPE (config-ikev2-profile) list of psk #aaa user authorization?

    The WORD AAA list name

    If I set a local aaa authorization list, then all authentication fails:

    AAA authorization network default local

    Profile of crypto ikev2 IKEV2-PROFILE-CPE

    by default the AAA user psk authorization list

    * 15:52:27.042 Dec 20 UTC: IKEV2-3-NEG_ABORT %: negotiation failed due to the ERROR: exchange Auth failed

    And there is no way to trigger that the authorization policy if I do not set the command above, is not it? I tried to modify the authorization policy by default with access list, but it is not taken into account.

    If I use a card with an access-list and IKEv2 encryption, I can get directions crypto on the ASR. But I want to use FlexVPN on the CPE.

    Is there a way to do this?

    Also the IOS configuration guides are not too useful

    Thank you

    Radu

    . "09:12:42.299 Dec 21 UTC: IKEv2:IKEv2 local AAA asks author ' 87.84.214.31 '.

    . "09:12:42.299 Dec 21 UTC: IKEv2:IKEv2 local AAA - political ' 87.84.214.31 ' does not exist.

    . 09:12:42.299 Dec 21 UTC: authorization IKEv2:IKEv2 162 error

    Not sure how resembles your config, but here it says that it cannot find

    ikev2 crypto 87.84.214.31 permission policy

    <...>

    If it is configured?

  • My husband installed windows 7 and I don't like it at all. I want to go back to my factory settings and do not know how to do this. Help, please!

    I have a Hewlett Packard and my husband has windows 7 installed top and
    I do not like.  I want to go back to the original settings and I
    don't know nothing about it.  Please help me.

    New computers that come pre-installed with Windows often have what is called a recovery partition. This is used to reinstall an operating system in the case of a system failure. To access it, you need to start when you start your computer by pressing a function key. This can be either F1, F2, F9, F10, F11, F12 key DEL or tab. See the manual that came with your PC for instructions on how to reinstall Windows.

    This is how the recovery partition is available for the most popular brands

    For Dell, press CTRL + F11 directly after switching on the device

    For HP, press F11 directly after switching on the device

    For Toshiba, press and hold "0" BEFORE and during the power upward

    For Acer, press and hold ALT + F10, as soon as you see the logo

    For Asus, press F9, as soon as you see the Asus logo.

    Advent, restart your computer. Then, press F10 repeatedly until the message "Starting system recovery"

  • Cannot terminate my subscription to Lightroom.  I do not have the qualified products and I don't have a serial number to register so I could cancel

    Cannot cancel by phone either.  They have a perfect scam goes here.  -He brings to $10 per month forever!

    Since this is an open forum, not Adobe support... you must contact Adobe personnel to help

    Chat/phone: Mon - Fri 05:00-19:00 (US Pacific Time)<=== note="" days="" and="">

    Don't forget to stay signed with your Adobe ID before accessing the link below

    Creative cloud support (all creative cloud customer service problems)

    http://helpx.Adobe.com/x-productkb/global/service-CCM.html

  • Yet once the money has been withdrawn from my account for starz and I don't

    I was billed for starz and I don't

    Deleting an application in no way stops a periodic subscription if one was launched at any time.

    You can cancel the App subscriptions from the subscription management screen in device iOS or iTunes on a computer.

    View, change or cancel your subscription - Apple Support

  • Freezes in Finder. looks like pieces of various files and I don't see any specific file to select

    Freezes in Finder. looks like pieces of various files, and I don't see any specific file to select. Only solution is to shut down the computer and restart. How can get fixed?

    Try to drag the /Home/Library/Preferences/com.apple.finder.plist file to the trash (not empty.) Also, drag the /Home/Library/Caches/com.apple.finder/ folder to the trash.

    If you see not the folder/Home/Library/and then see the following:

    Three ways to make the House/library folder Visible

    A. this method will make the folder visible permanently. Open the Terminal application in the Utilities folder, and paste the following at the command prompt:

    chflags nohidden ~/Library

    Press RETURN.

    B. click on the desktop, press the Option (⌥) key, select library in the Finder menu go.

    C. go to the folder in the Finder menu select go. Paste the following text in the path field:

    ~/Library

    Click the OK button.

  • I have my 5 factory reset iPhone, now I can't set up my iPhone because it must be enabled, and I don't have a sim card. Can someone help me please?

    I have my 5 factory reset iPhone, now I can't set up my iPhone because it must be enabled, and I don't have a sim card to make. Is there a way I can install and use my iPhone without needing to be activated? Can someone help me please?

    To skip the activation of sim card, you can use iTunes if you have a CDMA iPhone. However, if you have a GSM model you will need to insert a sim card to activate your iPhone (it can even be used/inactive). Here is an article that will help you determine if your iPhone is GSM or CDMA: http://osxdaily.com/2012/11/15/determine-iphone-gsm-or-cdma/

Maybe you are looking for

  • BT Broadband Huawei Modem 3G with Tecra M5 or XP problem

    Please can you help me? I have a USB of Huawei E180 key for mobile broadband access that has been issued by British Telecom (BT). I want to use it with my Toshiba Tecra M5 (model PTM 50F - 013013EN) laptop running XP Professional (SP3). When inserted

  • Pavilion 15-p215ne: graphics upgrade

    Hello I wanted to ask if it was possible to improve the graphics from nvidia geforce 840 m (4 GB) on the rise? If there is I can buy? Thank you

  • Satellite Pro M30: compatibility with a TOSHIBA 320 GB external USB HDD

    Hello I was looking for a new external hard drive when I came across the disc toshiba 320 GB external hard. However, under the heading "compatible notebooks" it did not have my model. Is this a problem that suggests this will not work on my laptop or

  • updates SP3 requiring c/d

    I'm being invited to download windows xp sp3 updates. I downloaded these updates, but when I try to install it asks I don't have an installation cd. I contacted Dell computers and told me that this cd is not available. I checked to see what the file

  • No data lens for the 200mm f2.8 in DPP?

    Just bought the 200mm f2.8 L lens and I am unable to see any 200mm Prime lenses in DPP, am I missing something? Jack