GANYMEDE and WCS

Similar Questions

• GANYMEDE + and local access connection

  Basic summary is that I want to have GANYMEDE + and local connection to access router on the vty lines.  So, I did the two groups below.  Goody obviously is what will use GANYMEDE and Console uses the local connections.  I divide them between 0-4 and 5-15.  It seems that whoever is more get first priority for authentication.  If I move the Console to 0-4, knit then the local users and GANYMEDE do not.   If I have Goody at 0-4, then GANYMEDE works, but local doesn't work.  I know I'm missing something simple.  Have two RADIUS servers, I doubt that the two will never back down, but in case I want user names Local to work.   If I apply an access list to 4-0 and use SSH, as well as a list of different access to 5 15 and use telnet, it seems to work that way but doesn't help me if the internet goes down and I am trying to access the router via SSH on-site.

  Thanks in advance.

  David

  AAA authentication login Goody group Ganymede + local
  local authentication AAA Console connection

  Line con 0
  the Console connection authentication
  line to 0
  line vty 0 4
  session-timeout 7
  exec-timeout 5 0
  authentication of connection Goody
  entry ssh transport
  line vty 5 15
  session-timeout 7
  exec-timeout 5 0
  the Console connection authentication
  entry ssh transport

  Hi David -.

  Correct me if I'm not understanding this correctly, but you want to use RADIUS servers for authentication ssh/console type and if they fail, you want the network device to use its local database.

  If that is correct you should not need dividing lines and assign authentication lists. The first tribute that you have:

  AAA authentication login Goody group Ganymede + local

  Lists the Ganymede + and the local database as a possible authentication methods. They will be processed in the order they are configured so that the device will be:

  1. use your servers GANYMEDE +.

  2. If the GANYMEDE servers + inaccessible then the local database is used

  You can test this by assigning 'Goody' to all your vty lines and then do your servers GANYMEDE + unavailable. To do as possible you can:

  -Restart the server

  -Stop the server interface

  -Disconnect the device its uplink network

  -Create a list of access on the uplink interface and connection block to the IP addresses of the servers GANYMEDE +.

  I hope that helps!

  Thank you for evaluating useful messages!

• 802.11 n WISN and WCS support

  That is the new wless 802.11n standard is current cargo support Cisco WLC 44XX and WISN (6500 wireless controller card)?

  Also, I need to know if is is supported in the WCS 4.1?

  Hi Pierre,.

  Yes, 802.11n is supported on the WISN and WCS with the following versions of the 4.2 train;

  Release notes for the controllers wireless LAN Cisco and Points of light access for version 4.2.61.0

  http://www.Cisco.com/en/us/docs/wireless/controller/release/notes/crn4200.html#wp302677

  The following new features are available in the 4.2.62.0 WCS

  802.11n support - the introduction of the series access Cisco Aironet 1250 point, access of the class point business based on the IEEE 802.11n standard some 2.0 standard. The access point provides combined data rates of up to 600 Mbit/s to meet the bandwidth needs. Cisco WCS displays include a list for configuration, management and monitoring 802.11n access points and their associated wireless LAN controllers.

  The new trains WLC and WCS 5.0 are now released as well :)

  I hope this helps!

  Rob

• WLC, WCS and WCS Navigator

  I would like to know what is the difference between wireless Lan controller and controller wireless system.

  I need WLC if I want to deploy WCS.

  Can I use WCS without wireless LAN controllers?

  What is the diference between WCS and WCS Navigator?

  And just to add WCS navigator is used to group multiple instances of WCS. This would serve in a very large deployment (in thousands of controllers).

  -Mike

  http://CS-Mars.blogspot.com

• Interaction of Ganymede + and radius ACS 2.6 download PIX ACLs

  We have ACS v2.6 running and control our connection to remote, routers and switches access. We are now looking to add support for a PIX firewall internal and want to use downloadable ACS ACL for the PIX. (to control outbound traffic through the PIX for authenticated users)

  We have achieved this help attributes RADIUS of Cisco IOS/PIX

  [009\001] cisco-av-pair on ACS. (and ACL restrictions of access on access to users)

  However the problem we noticed is that any user is valid in our database of CiscoSecure or SecureID can authenticate and gain access to through the firewall, even if they are not allowed to do this (and as it is by default on PIX from inside to outside is allowed unlimited full access).

  Was then imposed restrictions on network access on the CiscoSecure ACS for our PIX - to allow only access of corresponding user groups, but it did not work with RADIUS only GANYMEDE + (I guess that's because the RADIUS does not support approval).

  We must work with GANYMEDE + and the passes of the ACS to the bottom of the ACL number/ID for the PIX for users allowed.

  Question: We want to use downloadable s ACL of ACS for the PIX (for reasons of central support) is possible using GANYMEDE + and if yes how we re CiscoSecure ACS suitable for the ACL example below;

  pix_int list access permit tcp any host 10.x.x.x eq 1022

  pix_int list access permit tcp any host 10.x.x.x eq 1023

  Thank you

  Download ACL works only with the RADIUS, as described here:

  http://www.Cisco.com/warp/public/110/atp52.html#new_per_user

  You can continue to set the ACL on the PIX itself and simply pass the ACL via GANYMEDE number (as shown here: http://www.cisco.com/warp/public/110/atp52.html#access_list), but you can actually spend the entire ACL down via GANYMEDE, sorry.

• Cisco ISE with GANYMEDE + and RADIUS both?

  Hello

  I'm wired opening of authentication on a network using Cisco ISE. I studied the conditions for this. I know that I need to enable the RADIUS on the Cisco switches on the network. The switches in the network are already programmed to GANYMEDE +. Anyone know if they can both operate on the same network at the same time?

  Bob

  I suppose that Ganymede is configured (with ACS 4.x or 5.x) for the peripheral administration via telnet/ssh, and now you need the RADIUS (radius) to authenticate 802. 1 x. Yes they can both work on the same network at the same time.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• Configure the PIX to use GANYMEDE and RAY for VPN

  Using PIX 506th ver 6.3: whenever I have add the command 'authentication of customer mymap map crypto PARTNERAUTH' removes the current client GANYMEDE authentication +. I need to have both, until I have finished testing the radius server. Can I add a designation additional crypto map command in order to accommodate and to use both the current GANYMEDE + (ACS) and the RADIUS?

  Hello

  You need a time out to do the test.

  Kind regards

• WLSE and WCS

  Help!

  I intend implementation of 10-15 s AP in my company. I don't need a lot, but I want a ssid and the ability to walk between access points without losing the connection. The cost is a little problem as well. In my view, there is an area called 2.13 to express the Cisco Wireless LAN Solution. Now this box as terribly cheap. Makes me wonder. Every time I thought a lot about this, I so with the price of the WCS of 25 reviews 4400, 7 times the price upward. Now, I've been Googling my fingers numb, but I can't really know what is distinguished by a wcs and wlse solution. Can I use this box of Cisco Wireless LAN Solution Express 2.13 at little cost only a PoE switch and some radio stations? Or do I have as well a 6500 with a controller wlse switch? because then; the 4400 would be cheaper.

  Appreciate the help,

  \\mark

  Hi Mark,

  This is a big topic of discussion! Haha, I hope I can help with some basic information. The two solutions as you watch (WLSE vs WLC/WISN/WCS) are for two different architectures wireless. The WLSE is for 'stand-alone' access points, and the WISN/WLC/WCS are all for "lightweight" access points

  The fundamental difference between the two is that autonomous architecture is a distributed design, while the lightweights are centralized. Here are some details:

  AUTONOMOUS

  Each access point runs any himself. It must be set up individually for all SSID and VLAN. A WLSE device can be used to manage multiple APs via SNMP, but it's a manual process. A WLSE can also help the management of radio, as the channel design, but it is still a very manual process.

  LIGHT WEIGHT

  Access points are not individually configured. They must join a wireless LAN (WLC) controller to operate. They can find the controller automatically, and when they do they download a configuration. They work with the help of the controller. The controller takes the information of all the APs and adjusts dynamically the channels and power radio as needed to optimize the network. The WLC is the only device that you need to manage since it manages all the APs for you.

  It's a view VERY high level of the two models. Long story short, stand-alone solutions require usually more work to manage, and lightweight demand less. You are just looking to run 10-15 access points, so a light solution probably won't pay off as it would if you were installing 100 +. This does not mean that you don't have light, but it might not be useful the extra cost.

  Once again, very complicated subject and I hope that gives you a better understanding that will help you when Googling. Try Googling light autonomous vs, you'll find some good articles.

• 4402 WLC and WCS

  Hi all

  We have 3 WLC 4402 all with identical config and we use Lobby Admin to create guest accounts.

  Problem with this is that the guest account must be created on 3 WLC.

  I installation WCS and want to know how to extract the 3 existing wlc and their config in the WCS.

  Can the admin of lobbay can create accounts on the WCS and grow them into all wlc

  Hi RR,.

  >I install WCS and want to know how to extract the 3 existing wlc and their config in the WCS.

  It's pretty easy. You must add a new controller via the configuration-> page controllers. The option 'Add the new controller' is in the drop-down list at the top right of the screen. You can use a list separated by commas of IP addresses to add all three at the same time. WCS audit of the controller software and get to the bottom of the config.

  >Also can the admin Hall can create accounts on the WCS and grow them into all wlc

  I have not used the account Admin Hall (it is not really appropriate in the office where I work), but I know that you can create a guest account in the controller model launch pad. It is under Security in the sidebar. This model can then be applied to all three WLCs at the same time, that will simplify things. I guess you would need to make sure that your Hall administrator can access this particular part of the WCS.

  Hope that helps.

  -Jason

• Differences between a WLC, WLSE and WCS

  Small question:

  I'm working on a proposal for a new WLAN infrastructure for a certain local government entities.  We use a Cisco WLC 5508.  I wonder what would be appropriate for additional management functions... Basically, I wonder if it would be wise to use a WLSE device... or is a WLSE basically a watered down Wireless LAN Controller?  I also read that the use of WCS is really large deployments... that I proposed would be 1142 32 laps with a WLC...  The client wants to know if there are tools or equipment and the benefits/disadvanteges both management software.  They want all these features... reports which told me in another post that WCS is what would be necessary for these functions.

  Thanks in advance!

  Cole

  WLC = wireless LAN controller.  It is a device of Layer2 AP will join and get their configuration and code.

  WCS = wireless control system.  It is a server on the LAN that uses SNMP for monitoring and the creation of models of the WLC.

  WLSE wireless LAN Solutions engine =.  This is used to monitor and model for autonomous AP.

  So, for what your customer is looking for, WLC 5508 need a WCS.  WCS is were all reporting will come from.

  See you soon,.
  Steve

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• GANYMEDE + and RADIUS - don't either care hostname?

  When first experimented with GANYMEDE + I remember to change the host name on a router and have it cause problems with authentication.  Is this normal for GANYMEDE + to use a host name of devices as part of the authentication process? What is RADIUS?

  Hello

  Nope, neither for the AAA process, we use the host name of the appliance.

  Only take care of the source (source IP address) interface, the shared secret and the ports used.

  HTH,
  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• ACS 5.1 GANYMEDE + and an ad group

  I joined our ACS5.1 to AD.  I can map a group in the AD section and see that he mapped correctly.

  How can I configure GANYMEDE + to authenticate to this group?  I'm not able to see this group appears nowhere in the choice of the group.  I am also unable to see the users within this group anywhere.

  Thank you.

  Hi burnsidestev, what happened to your access policies. Goto the tab authorization of your policy (usually Default Device Admin) GANYMEDE. And then click Customize this page. She is expected to add new columns to the list of Conditions, which should be "AD1: external groups. Once that is added to the page, you should be able to change any rule and select one AD groups that you selected in the original AD configuration.  Thanks, Nate

  Posted from my mobile device.

• ACS 5.2 GANYMEDE + and two-factor authentication?

  I am trying to wrap my head around this topic and fault.  I want to configure two-factor authentication via ACS 5.2 GANYMEDE + without having to use a token (such as RSA).  Is it possible to do?

  More information:

  Users of the areas without AD link will connect to routers and switches.

  Is there an available certificate server to generate certificates.

  SSHv2 is the current Protocol of the connection.

  Thank you!

  Without RSA, I don't see a way to do this.

  With Ganymede all you have

  username:xxxxxx

  password: xxxxxx

  ciscoasa > activate

  password: xxxxxx

  above you use 2 login password and activate it.

  Jatin kone

  -Does the rate of useful messages-

• ISE and WCS

  Dear,

  I have 2 questions below please respond

  • Installation of new servers of ISE, I m will configure comments sponsor portal the main task, in the existing configuration, there was a wireless controller comments webauth in what administrator-controlled wireless control system allows you to create a user id and password for the client (guest user duration is for 3 months) (6 months, 1 year) how I can import these 800 users in ISE, once the guest SSID is shifted to authenticate with ISE, all guest users will not have access to avoid this a major stop, how do I import all users of WCS in ISE?
  • Can we import the user id and the password to a CSV file and then e-mail to all customers about the change of common password, then when you first connect to the guest, he should get a password change request. and they can set their own password. is this possible?

  Thank you

  Hi Jack,

  Yes, you can use option for change of password for guest users.

  Under access invited > configure > portals comments

  Select the portal and find the settings of the Login page.

  > Allow customers to change the password after logging in.

  Concerning

  Gagan

  PS: rate if this can help!

• WISN 4.1.185.0 and WCS 802.1 x dynamic wep "to generate a new key.

  I tried to find the command that can check the wep keys are dynamic changed.

  All docs involved 802. 1 x not dyn wep but what command I can type on the WISN to see cli that the kay has changed?

  We get messages from AirMagnet (which might be bugs) indicating that the keys do not change.

  I watched show advanced eap and I also watched some debug commands.

  Can someone point me to the correct command to verify that a key is changing somehow?

  Thank you

  Bob Todd

  Please evaluate the useful messages.