ISE web auth for other than cisco switch (D-link 3528)

Similar Questions

• With the help of Cisco ACS 5.2 (GANYMEDE +) with other than Cisco devices

  Hi all

  I was hoping that someone could help me with what might be a silly question. I'm trying to implement a solution whereby an operator can control all their nodes (other than Cisco) network via GANYMEDE + involved nodes are

  Juniper M10i running Junos 9.2, M120

  M320 running Junos 8.5 Juniper

  Extremes of BD8810 and BD8806 running 12.4.1.17 XOS

  3804 Alpine extreme Extremeware 7.8.3.5 running

  My question is, can I use Cisco ACS 5.2 (or 4.2) to authenticate using GANYMEDE + to these other than Cisco devices. Has anyone else done this or I have to use RADIUS? If someone has done this are problems of interoperability with Cisco CS and Junos or XOS extreme. Thank you

  / John

  John,

  We have a very large deployment of Juniper (T-series, series MX, etc.). We use Cisco ACS and GANYMEDE to manage these devices. The configuration of the ACS is fairly simple. You'll want to create users to connect and match them to the classes on your JUNOS routers. Here is an example:

  set system login user uid of engineering 2000
  Set system login user engineering genius-class class
  set the connection user uid to NOC 2001 System
  Set system login user AC AC-class class

  define the system connection Engineering-class idle-timeout 15
  define a connection system class engineering-class permissions all
  define the system connection AC-class idle-timeout 15
  define the connection class AC system class view permissions
  Set connection AC-class permissions see the system configuration

  We use two classes of genius and NOC. One is defined as a read / write and the second read-only. This is in turn then mapped in ACS (in our case version 4.2) by user or group (preferred). First, you change the configuration of the interface and add a Ganymede junos-exec service and do not enter the Protocol field. Then, you change the attributes of the user group. I've attached screenshots for both on this subject.

  Hope this helps.

  Derek

• You cannot change the location of the bridge CS5.5 Cache for other than c:\user\

  For some reason, I am unable to change the location of the Cache of bridge CS5.5 outside my c:\user\ folder. Other readers of the system are not detected by bridge. This was not the case before. I used to have another dedicated drive. I have reset the preferences, delete the cache, but still they are not helping. Please help as my C: drive is an SSD with limited space and contains only BONES! There is no problem with the PS or PR, only bridge.

  If it worked before that have you changed?

  I know there are some problems in bridge with users placing file temp so place other than the C drive.  Known bug.

  Here is a link with a similar situation.  http://forums.Adobe.com/thread/760369

• WAP4410N existing other than Cisco network gateway

  Hello

  I was wondering if someone can quickly answer my question?

  I am trying to use my WAP4410N to create a wireless bridge to an existing network that does not contain any Cisco kit. After reading the manual, I tried the bridge WDS wireless solution, which is my router wireless D-Link & MAC address, but there is no option to put in network WPA2 key, I guess I misunderstood how this feature works, & maybe it works with other products of Cisco wireless?

  Thanks in advance to anyone who can shed light on my question,

  Andy

  Sent by Cisco Support technique iPhone App

  HI Andy,.

  Noramlly that configure you WDS Bridge would need to implement WPA 2 personal option under the wireless part, and then click Security.

  Since the SSID and security must be the same, is that were you would enter information. As to make this set your work with a D-Link wireless router, you'll never miss that probably the question were that this wireless device must support WDS. Even then you might also encounter a question having no match wireless chipsets as well.

  More than likely that this configuration will not work for you. I advise to use an other WAP4410n to establish the connection. Rely on what you are wanting to do a WET200 may also work for you since its just fill a wireless network and only use WDS, but I have never tested this connection with a D-link router so I can't 100% guaranteed if this implementation will work as well or not.

  Hope this helps and let me know if you have any questions.

  Thank you

  -Clayton Sill

• How can I save the preview for other than the C: drive files?

  My development machine has multiple drives and network drives. The c: / drive is older, slower and more complete. I use elements, but have used the first over the years. At the time, we could make the program work better by offloading the C: files. I don't see how with P Elements 9.

  Go in Edition > Preferences and change the location of the disks to remove the program.

  I use a lot of FW-800 external references, to migrate my projects between computers and keep my complete set of Scratch disks on the outside.

  I wouldn't choose one of the disks in a network, because of the speed.

  Good luck

  Hunt

• Urgent - NAC + ACS + Web-Auth in Wired environment - https redirection - certificate problem

  Hello world.

  I'm seting of an environment that uses Web-Auth for my cable and wireless. I followed the exact steps in this page of Cisco to run:

  http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577490.html

  I'm only testing environment wired right now.

  I plug a PC on a port, and I try to access a Web page of randon (for example, www.cisco.com). It is automatically redirected to the authentication page. I type the user name and password, but when authentication is successful, it goes automatically to the https version of the page, which brings me to the problem. I should add an exception (more on this option on the IE Web page) to this page to continue with the authentication and gain access to the internet. I enclose the steps I must perform:

  

  

  

  I think that it is linked to the certificate, but I'm not sure who or where. I would like to get some advice on your part to avoid this problem. I have no intention to buy all certificates, so if I could jump the https would be great.

  Thanks a lot for your help

  Victor Alves

  If you don't want an official cert, you must go to http only. But this means that people paswords will transit in the clear on the network.

  It's been long that I tried, but not is not remove 'ip http-server secure' do the trick?

• Download Adobe CS3 Web premium for MAC from the Direct download page

  Hi, I am trying to download Adobe CS3 Web premium for MAC that I switch from Windows to a Mac computer. I found the correct Direct download page but when I click the link I get this error message... ' HTTP ERROR: 404 /support/downloads/dlm/main.jsp RequestURI=/support/downloads/dlm/main.jsp ' can anyone help solve the Please this problem? Thank you very much!

  dcppb

  Downloading using another browser, try

  However if your serial number is for windows, it may not work on MAC.

  CS products are platform-specific
  

• Is it possible for other people to see my ID is. related to Windows Live?

  Hello

  Is it possible for other people to see my linked ID? So if I have a link * address email is removed from the privacy * and * address email is removed from the privacy *, anyone can see that the two pieces of identification are related? Thank you!
  original title: Hotmail linked ID?

  View all Windows Live and Hotmail questions in the appropriate forum found here:
  http://windowslivehelp.com/

• How to generate CSR on switches for web auth with NGS

  Hello

  I do solution dot1x with web auth on switches cisco 3750.

  Once the wired customer put in the web authentication status (after dot1x and mab) and goes to a website, he receives a certificate warning. This is because as the switch cisco selfsigned certificate.

  I want to use a verisign certificate to resolve this error, but I can't find a way to generate a CSR on a switch. I only found a guide how to request a certificate from a CA on the local network, but it is also not a solution, because the customers with the help of web authentication, won't the internal certification authority.

  Is it possible to fix this?

  Greetings

  Steven

  Hi Steven,

  The document below is really for IOS SSLVPN, but the part of the certificate must be the same:

  http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6657/white_paper_c07-372106_ps6657_Products_White_Paper.html

  Search for the 'Annex B' and it goes into the creation of a trustpoint and then a section for the self-signed and another is to generate a certificate request to send to an external certification authority.

  Once created a trustpoint command to actually generate the CSR is "crypto PKI enroll."

  This document goes into a bit more details on orders of the person and what they do:

  http://www.Cisco.com/en/us/docs/iOS/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki.html

  Also, you can use something external to the switch as OpenSSL to generate the CSR and private key and then use it to request a certificate from your Verisign CA and then import the cert/key pair in the IOS device.

  Thank you

  Nate

• My default search engine has been on anything other than Google. How to switch this back?

  Somehow my default search engine has been changed to Google to what is called "My Web Search". I want to switch to Google, but I can't figure out how. I disabled the plugin and removed my options of search engine in the top right, but nothing has changed.

  You have My Web Search installed; Look under Tools > Modules > Plugins. He could have grafted in on something that you have installed. Always seek and opt-out when installing other programs and Add-ons that you install from sites other than the site of Mozilla Add-ons. My search on the Web is considered malware/adware/spyware by many. You must remove it.

  Step 1. You can check if you have one of these installed ' Fun Web products ' :
  Control Panel > add or remove programs: Ask.com Bar, my search bar, of the MyWay Bar speed, my search on the Web Bar, Fun Web products Easy Installer
  See:
  http://www.safer-networking.com/removemywebsearch.php
  PC Hell: My Web search removal Instructions
  http://helpint.MyWebSearch.com/intlinfo/help/toolhelp.jhtml#Q3
  http://support.Mozilla.com/en-us/KB/troubleshooting+plugins#Manually_uninstalling_a_plugin

  Step 2 You may need to change a preference to reset your default URL/location bar search engine:
  -Enter Subject: config in the URL/address bar and press the Enter key
  -If you see a cautionary, accept it (promise you'll be careful)
  -Filter = keyword.url
  -Under the filter, right-click on the keyword. URL and choose "Reset".
  -Restart Firefox (file > restart Firefox)
  See: http://kb.mozillazine.org/Keyword.url

  Step 3 You may need to reset your homepage. Firefox can open multiple home pages. Home pages are separated by the ' | ' symbol.
  See: http://support.mozilla.com/en-US/kb/How+to+set+the+home+page

  Other topics: ~ ~ Red: you have installed the plug-ins with known security issues. You must update them immediately. ~ ~

  You ~ ~ Red:PEUT~ ~ need to update Adobe Reader for Firefox (aka Adobe PDF plug-in for Firefox): your worm s/o; current version 9.3.3 (updated security important release 29/06/2010; See: http://www.adobe.com/support/security/bulletins/apsb10-15.html)
  ~ ~ Red: check your version here ~ ~: http://www.mozilla.com/en-US/plugincheck/
  See: http://support.mozilla.com/en-US/kb/Using+the+Adobe+Reader+plugin+with+Firefox#Installing_and_updating_Adobe_Reader
  ~ ~ Blue:you may be able to update to Adobe Reader installed on your system~ ~ instead of going on the Adobe site and download. Open the Adobe Reader software installed on your system (in Windows, start > Program Files, find and click on Adobe Reader to open the), click Help, click Find updates. Allow the download / update to occur. If you use this method, no need to proceed with the instructions below, but look at the two downstairs bulleted items ""NOTE for IE:"and" see also: "." Restart Firefox and check your new version here: http://www.mozilla.com/en-US/plugincheck/
  ~ ~ Blue:If you go to the Adobe site to download the Adobe Reader course:~ ~
  -use Firefox to download and SAVE to your hard drive (save to the desktop for easy access)
  ~ ~ Red:-see the images at the bottom left of this post to see the steps on the Adobe site ~ ~
  -the release of Firefox (file > exit)
  -In Windows: make sure that Firefox is completely closed (Ctrl + Alt + Delete, choose Task Manager, click the processes tab, if "firefox.exe" is on the list, made a "firefox.exe" right-click and choose end process, close the Task Manager window)
  -In Windows: double-click the installer for Adobe Reader you just download to install/update Adobe Reader

  • NOTE: under Vista and Windows 7 you may need to run the installer of plugin as an administrator by starting the installation program via the context menu if you do not get a UAC ask permission to continue (that is, nothing seems to happen). See this: http://vistasupport.mvps.org/run_as_administrator.htm
  • NOTE for IE: Firefox and most other browsers use a Plugin. IE uses a version of ActiveX. To install/update the IE ActiveX version, the same instructions as above, except use IE to download the ActiveX Installer. See: ActiveX
  • See also: http://kb.mozillazine.org/Adobe_Reader ~ ~ Red:AND~ ~ How to change options to add Adobe to the list of allowed sites

• No toolbar, no front or rear, no Firefox button buttons, no Favorites, no window address, not ANYTHING other than the web page, I'm on.

  Firefox is in full screen mode. Windows 7. I can't do anything other than read the web page, I'm. There is NO button for navigation or anything else. No toolbar. Nothing. The only way I can close the program must use Ctrl-Alt-Del and use the Task Manager. No way to start Firefox in Safe Mode, no way to reset. Suggestions like hitting Alt or Alt followed by V - T - M do nothing. I've updated plug-ins. I uninstalled and reinstalled Firefox - no change. It is completely unusable.

  If you are in full screen view then hover over with the mouse upward to make the bar appear Navigation and tab bar.
  
  You can click the maximize button in the upper right to leave the mode full screen or empty space of a right-click on a toolbar and use "exit full screen" or press F11.

  • https://support.Mozilla.org/KB/how-to-use-full-screen

  You can check for problems with the file localstore.rdf.

  • http://KB.mozillazine.org/Corrupt_localstore.RDF

• Why Microsoft did remove the ability for Windows Vista to install on herself from one location other than being inside the BONE you want to fix it?

  No Option to install repair - SAD

  Hello

  Why Microsoft removed the ability for Windows Vista to install on herself from one location other than being inside the BONE you want to repair.

  I recently had a problem where Vista Business 64-bit would only boot to a black screen with a mobile cursor - KSOD.   Who, in searching the Web I found is a fairly common problem with Vista.  I discovered that my only option was about to reinstall Vista CLEAN and all the other programs I had installed under it.  I can't believe that Microsoft released the 'repair installation option"similar to that of Windows XP, where you can hit the"R"key during installation and we left with nothing but the"System Restore"options and"Startup Repair ".  Neither of which has helped in my situation.  Since then, this was a dual system boot with XP Pro, then any restore point has been removed from the partition to Vista anytime, I started another recognized problem, by Microsoft, which Microsoft has made no significant effort to fix, in addition to recommending that you hide the partion Vista in XP - a whole of XP.  That beats a little the entire purpose of dual boot.

  As I tried to start in safe mode, it left me at the same point as a normal boot - black screen with a cursor.  I tried ctrl + alt + delete and nothing. Two Windows RE options did not help me.  This left me no option but to the completely reinstall Vista.   Why Microsoft did remove the ability for Windows Vista to install on herself from one location other than being inside the BONE you want to repair.. Please don't tell me that it is because Vista uses an image file instead of an installation as XP system.   I see no other reason for not allowing the upgrade of outside BONE in addition to Microsofts greed and paranoia that he can transform the operating system easier to install illegally.  I hope that some third party has actually changed the Vista installation routine to allow you to install Vista on itself, because as it is, it's really hard for me to even recommend Vista as the operating system or install any where else, if not the only recourse after loading OS, is to reinstall completely.

  Adobe, Autodesk, and almost all other software publishers... allow you to perform a "REPAIR" of their software installation, if something prevents you to load after installation.  Even MS Office has a routine repair.  Ms has an internal version of the Setup routine which allows outside the OS upgrade option that you want to "Upgrade" / repair? ".  If not, why?

  -Todd w.

  "Why Microsoft removed the ability for Windows Vista to install on herself from one location other than being inside the BONE you want to repair."

  «.. . After using XP's repair function, the operating system itself would become less stable and frankly not in a good state of repair. »

  As Todd, is the answer.

  "This response does not hold water as on one of my computers I've been running Windows XP for about four years now, after a repair install.

  Then, you were lucky.  Try to replace the system files on a computer that does not start even at a desk or safe mode usually will get a return to office, but will probably repeat the same problem in a few weeks.  Tech professional would only use this function to retrieve the data before a complete reinstallation.

  "I thought that this area was a place to really get answers instead of the ole same"answers of bs that are on all the other forums."

  It is a place that will try to help you fix your computer if you have problems.  It has technicians in computing, no decision-makers, developers or executives.  We will try to answer technical questions about problems you might have with Windows Vista.

  If you want to have input on the future of Microsoft operating systems, then help you beta-test and provide feedback to the developers.  Windows 7 and IE 8 are currently in beta.

  Another possible place you could make suggestions which could see the developers would be:

  https://connect.Microsoft.com/default.aspx

  Brent
  Microsoft Answers Support Engineer
  Visit our Microsoft answers feedback Forum and let us know what you think.

• The ISE Cisco switch configuration

  Hi experts,

  I got the following network:

  Devices-> switch access-->--> access switch central office switch-> ISE Server

  All switches are capable IOS for the 802. 1 X and configurations of AAA for ISE to manage network devices. However, I read in the guide on the configuration of the switches in preparation for the deployment of the ISE of CIsco, but I wonder what should I configure switches for access and basic switches or only configure the switches for access to EHT?

  Thanks for your time to read!

  If all clients are non-DHCP clients, then no configuration is based or distribution at all.

  But you may need to search different options of profiling, if the customers are not active DHCP. Access switch supports the function of detection IOS? Would be very useful to have such a that it would send important profiling information at ISE. You may need to use the right options for ISE of profiling to determine the details of the endpoint.

  Concerning

  Vivek

• Web authentication with RSA SecureID on a Cisco Switch

  Hello

  I recently searched by linking in our Cisco Switch of GB 2960 S with RSA SecureID via Radius

  I already managed to tie in to ssh access

  but I failed to make it work for http / web access to the switch

  I think it's because we use 'single use' maximum security with RSA SecureID tokens

  the web interface tries to authenticate several times against the Radius server RSA SecureID part

  (agreement on the first authentication, but every time after that he's going to want a different code in token)

  I was wondering if anyone knew a way around this? (if there is a way to get the right switch authenticate once instead of multiple times the radius server)

  FYI, the switch is a WS-C2960S-24TS-L with IOS 15.0 (1) SE2

  Hello Chris,

  You can test the following configuration?

  AAA webtac_grp radius server group

  Server

  expiration of cache 1

  authorization cache profile httpauth

  hiding authentication profile httpauth

  !

  AAA authentication login httpauth cache webtac_grp group webtac_grp

  AAA authorization exec httpauth cache webtac_grp group webtac_grp

  AAA authorization network httpauth cache webtac_grp group webtac_grp

  AAA cache profile httpauth

  all the

  IP http server

  IP http authentication aaa - authentication of the connection httpauth

  IP http authentication aaa exec-authorization httpauth

  RADIUS server host key *.

  I know for sure the above configuration works when you use GANYMEDE + instead of RADIUS in order to avoid multiple guests due to the authentication of JAVA Applets to access the GUI of the IOS. I him have not tested against RSA acting as an authentication server.

  NOTE: As "aaa authorization exec" is configured the RSA should send Service-Type attribute with administrative value for it to work as expected.

  If this was helpful please note.

  Kind regards.

• 5508 loading cert for web auth

  I have web auth enabled on the WLC so when clients connect, they get a cert error because it uses a self signed cert.  I was reading upward on obtaining a third part cert and he tells have openssl and then generate the cert and send it to a third-party CA etc.

  All the links that you can share would be very useful, explaining best practices and to load a cert of third party on the WLC 5508 for web authentication.

  Why can't just get a cert from them for our domain and simply load on the WLC?

  Hi Mohammed,.

  Here are the two links that are like the bible to generate certificates...

  http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a0080a77592.shtml

  http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

  Depends on whether you use Chained or chained UN CERT... Following the link above will help you to get the problem resolved!

  Let me know if this answers your question!

  Concerning

  Surendra