RADIUS and Ganymede + running simultaneously?
I have a Secure ACS 5.3.40 running GANYMEDE + and I need to also run 802.1 x radius to meet DISA requirements, I've been working on it for a week. I am unable to get the characteristics of work, all AD connections are already there for GANYMEDE + and so I'm not sure how config, Ray can someone help with the procedures.
Hello
in the configuration of the aaa you must specify the two authentication 802. 1 x that points to the RADIUS and peripheral administration of Ganymede.
Configuration of the network device ACS apply both radius and Ganymede keys.
There will be no conflict for the same as the two have different sets of commands.
Thank you
Please rate if useful...
Tags: Cisco Security
Similar Questions
-
Can I use an ACS as RADIUS and GANYMEDE to the same ASA Server?
I want to GANYMEDE to make the accounting of the SAA, meanwhile, the ASA need RADIUS for authentication ssl vpn. Is it possible to reach this object with only a CSA?
Yes, you can use both. Allows you to add ASA as radius and Ganymede.
ACS-->---> aaa-client network configuration
(1) ASA---> 1.1.1.1---> authentic using Ganymede
(2) ASA1---> 1.1.1.1---> optout by radius
Don't forget the host name cannot be the same.
Kind regards
~ JG
Note the useful messages
-
same host for radius and Ganymede
Hello
can I put a host (asa for example) twice in the acs Server? one for Ganymede to grant administrators access exec and the other for radius authenticate remote users.
I don't want remote users to be able to get exec mode.
Or how should I configure this?
Yes, you can do it. Network configuration ON acs
Add
ASA---> 10.1.1.1---> Auth using Ganymede +.
ASA1--> 10.1.1.1---> Auth using RADIUS
Host name cannot be the same.
Kind regards
~ JG
Note the useful messages
-
RADIUS and GANYMEDE + authentication
We authenticate our systems through dot1x. I also need to be able to authenticate our Cisco admins using the same ACS server. I see how to configure a switch to make the two GANYMEDE + and RADIUS, but I do not see how implement GBA to allow a switch to use GANYMEDE + and RADIUS.
Can someone give me a pointer?
Thank you
You need to put in place once the authentication on the switch.
AAA authentication login default group local Ganymede
Group AAA dot1x default authentication RADIUS
AAA authorization exec default group Ganymede + authenticated if
Group AAA authorization network default RADIUS
Cisco RADIUS-server host 2.2.2.2 keys
Cisco GANYMEDE-server host 2.2.2.2 keys
The GBA, you must add the switch twice.
ACS---> network configuration---> add aaa-clinet
Host name switch1
IP: 3.3.3.3
With the help of authentic: RADIUS IETF
Add another switch
SWITCH2 host name
IP: 3.3.3.3
With the help of authentic: Ganymede +.
Kind regards
~ JG
Note the useful messages
-
Hello
So far I've managed my switches with GANYMEDE +, but now I have deploy 802. 1 X, requiring RADIUS only.
For all I know, ACS (I use 4.2) allows you to set a device using only GANYMEDE or RADIUS, but not both.
Am not mistaken? Or there is a way to define an AAA client to communicate with the ACS even using two protocols?
Assuming I'm right, I then considered the following options:
-Configure all switches to use radius for any service (authentication, authorization ec etc.) this makes it easier, but I lose the GANYMEDE services + for switches. What a big loss?
OR
-Configure L3 switches to use a second closure, just for the RADIUS services. It would always use the GANYMEDE + but would require a new network for the service RADIUS; In addition, switches L2 does not support both IP addresses and would require anyway a migration to the RADIUS.
A considerable administrative burden, in other words.
I'm not ready to deploy a second RAY (ACS, Windows, whatever), right now.
The key point is this: reading autour I see documentation Cisco recommends always using GANYMEDE + for management, but in this case is not possible. In general, whenever the unit has a role of network entry (switch or access point) RAY seems to be the Protocol of choice. Moving to the RADIUS would have some drawback or a change in the communication protocol? (I know the difference between GANYMEDE + and RADIUS: tcp, udp vs, vs whole package of only the password encryption encryption).
Thanks anticipately
C
Hello Carlo,.
You can keep using GANYMEDE + for device management and RADIUS to 802. 1 x, with no need for an additional IPN focuses on additional servers or IP on each managed device.
4.2 ACS allows allows you to set two AAA Clients with the same IP address, one for GANYMEDE + and for RADIUS, however, the host name must be unique.
Then, on the switch, you can define the same ACS server as a server radius and Ganymede-server host, configure the controls of "aaa" to connect to the console and pointing to the GANYMEDE server authorization + and part dot1x pointing to the RADIUS server.
What you're looking for is feasible and it is normal to use GANYMEDE + for device management and RADIUS for 802. 1 x.
I hope that answers your questions.
Kind regards
Federico
--
If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.
-
Running the old and new Vcenters simultaneously on the same San
We spend VSphere 4.1 to 5.5. We are very weak with only 3 hosts running about 20 comments of the virtual computer on a San. Our former VM VCenter is always on Win 2003 and I am changing as well.
So instead of doing an upgrade from 4.1 to 5.5 and convert the former vcenter 4.1, we decided to simply fill out a brand new VSphere 5.5 installation to a new server we have. We have also installed a Vcenter 5.5 new appliance as well. So, essentially, we have installed two different vcenter, old and new running. Then, we plan to move hosts esxi 4.1 existing in the new Vcenter device manually. Then eventually fly over the guests of a host in the new box and then wipe and reload each older host with 5.5
So I've already finished the first half of this project. But I have a question.
During the passage of Windows VCenter 4.1 to the new host esx and VCenter Unit 5.5. I run two VCenter (ver 4.1 and ver 5.5) simultaneously for a short period of a few days. We're still running on the host 4.1 old and the new vcenter 5.5 running on the new esx host 5.5.
We will walk a host both the old VCenter and will be added to the new Vcenter 5.5 appliance. But I'll share my SAN alone of course. If I do this and the two versions of VCenter (old and new) running at the same time and sharing my data SAN even stores at the same time, are there problems with it? I don't think so, but I'm not sure.
I installed the first new esxi host and I pointed out to my warehouse of SAN data without any problem. And data warehouses has appeared as they should. But when I add the new host for the new VCenter, as part of the installation process, it displays all relevant San warehouses. I thought it was weird to show during the 'Add host' vcenter. Are there restrictions to running two VERSIONS different VCenter simultaneously on the same data warehouses?
Thank you.
HMorris
You can have multiple instances from running in the same environment vCenter server. What you need to take care of, it's that the ESXi hosts that share the same warehouses not have access to each and other virtual machines (i.e. do not add VMS to multiple hosts). Keep in mind that only VMFS3 data warehouses are available in two versions, do not pass the VMFS data store to VMFS5 when running always hosts v4.1.
> as part of the installation process, it displays all relevant San warehouses
That's ok. When you add a host to vCenter Server it will show that all connected, as well as the VMS data warehouses that are stored on this host.
André
-
Can run simultaneously master coll and licenses CC Photoshop CS6?
I have CS6 master collection through my employer, installed and works on work and home machines.
But I know that will not improve anytime soon, so I signed up for a subscription to the CC Photoshop on my own behalf, because I need to be up to date with it. I have not installed anything yet, just registered and got confirmation.
So, how can I do, while both are at CS6? I guess that in June, when Photoshop CC comes out, it will come in its own directory, and both versions will run independently. But until then? Can the two licenses somehow be run simultaneously and if so, how?
Hi Twenty_one,
Yes you can run Photoshop and Photoshop CC on the same machines when Photoshop CC was released on June 17, 2013.
Until then, you can run your subscription to Photoshop by clicking "This software license", if you disable your current serial number by clicking on "Help--> Deactivate.
Thank you
Kapil Malik
-
Hi all
I want to download a free, yet reliable servers AAA and GANYMEDE , can you guide me? Also, I need help with their configuration for study purpose.
Both of them are GANYMEDE, do you also need RADIUS (your post says AAA)? Assuming you just need GANYMEDE:
Probably the best known is:
http://www.shrubbery.NET/tac_plus/
Also, the go RANCID.
For a solution based on Windows you can also consult:
If cela messages answers your question or is useful, please consider rating it and/or mark as answered.
-
ASA auth-proxy Radius and downloadable ACLs
Hello
I want to have ACLs that decide what traffic to allow after authorization auth-proxy.
1. What are the options I have to ASA + ACS?
2. can I use auth-proxy on SAA with the CSA and download RADIUS and ACLs?
3. can I use auth-proxy on SAA with the ACS and Ray 01/09/00-cisco-av-pair (will be ASA understeand it?)
4. can I use auth-proxy on ASA attrbuts auth-proxy ACS and Ganymede (with ACLs)?
Thanx
Hello
Take a look at this guide to see if that helps answer your question. You can use the downloadable ACLs or the cisco av pair, I saw that the cisco-av-pair method works a little better because he has the user name who logged in as part of the acl which facilitates troubleshooting.
http://www.Cisco.com/en/us/docs/security/ASA/asa84/configuration/guide/access_fwaaa.html#wp1150820
Thank you
Tarik Admani
-
Cisco ACS 5.3 - attributes Radius, and "Administration/Shell device profiles.
Can someone help me with that?
Under ' profiles policy elements/authorization and permission to access/permissions/network "I defined a profile and the following attribute:
Attribute = F5-LTM-user-role
Type = unsigned integer 32
Value = 300.My question is:
How can I set the same as above using "Administration/Shell device profiles?There is a custom attributes tab, but I can't understand how to specify the field 'Type '. (On the custom attributes tab is there room for 2 fields and not 3 fields).
Hello
Just for my understanding you try using radius or Ganymede?
Profiles of the shell are used for Ganymede and authorization profiles are used for RADIUS.
Thank you
Tarik
-
Procedure Oracle can run simultaneously?
Hi Experts
Procedure Oracle can run simultaneously?
Here's my concern, my procedure is already started manually and according to the times calls the same procedure by another application at the same time, so now procedure can work simultaneously or it will display an error message?
Please explain
Thanks in advanceMultiple instances of a procedure can be executed at the same time...
It will cause problem - that will depend on what you do in the procedure...
For example, if the procedure seeks to change the same data even time in various forums, it will cause problems...
-
How to enable and disable a simultaneous program to a Pl/sql Package
How to enable and disable a simultaneous program to a Pl/sql PackageI just want to know why this not prvent not the program to run, it updates the backend for open State helped N, but not in Frontend.
If you can advise on the same.
Did you use the API to change the ENABLED_FLAG of 'Y' "N"? If so, you commit the changes? What happens if you ask this program contributing to the application (simultaneous > program > set), can you confirm that it is disabled then if this has been done since the backend? The program remains active after the deactivation of the application it?
Thank you
Hussein -
Third-party applications have control of gps, and exactly what kind of information you get when and after running?
What I mean is can party like Strava apps or MapMyRun turn on and use the GPS for the courses?
Also, the default running app, what kind of information you get? During the race, exactly what then I tell me? In addition, exactly what information can I see after I run? I would like to know whether or not she has the cadence.
Last question: is it easy to verify my info running? Speed and natural lights?
Thank you!
Hello
Information about the integrated training application - including data you can choose to display during training, and where the information is available to see later - are available here:
Cadence is not measured by the app to training.
More information:
-
Installation and first run of the FF, I get a collection box that is displayed for about 5 seconds after the program loads and displays the first screen. It obviously requires a response, but it contains no words. The box doesn't cause any Word show either. the screen takes over and no other button cannot be clicked: I have a hardware failure on FF.
Empty the gray bar, box, box white, question mark?
This irritating box was related to an add-on for AOL. In order to remove the extension of the problem, you will probably need to start Firefox in Safe Mode so that it does not work.
You need to close Firefox anyway, you can, for example:
- ALT + F4
- Right click of its mosaic on the taskbar > close all windows
- (Ctrl + Shift + Esc) Task Manager
To start Firefox in Safe Mode, hold down the SHIFT key while double-clicking the shortcut.
A small dialog box should appear. Click on 'Start mode safe' (not update).
Then you can go to the Add-ons page using either:
- CTRL + SHIFT + a
- "3-bar" menu button (or tools) > Add-ons
In the left column, click Extensions. Then on the right, locate AOL.
A little luck?
-
I bought the new iPad and I run the install. I put the code to access and it is locked. not affecting does not complete
What should I do
What do you mean it's locked? You have forgotten the password? If this is what happened, you have to connect to iTunes and restore it using the recovery mode.
Maybe you are looking for
-
Satellite A210 - 128 (PSAELE) turns off when you try to boot from the CD/DVD
Hi all. I have a (serious) problem. I bought my Toshiba two years ago (it was brand new) with Windows Vista already installed (vista and boot partition). Now I'm trying to boot and install Windows 7 Ultimate, but after I select boot from CD/DVD and s
-
How do I remove a search provider default set for my navigation toolbar?
When I use my navigation for the search toolbar / entered the words in it and clicking on 'Enter', the search engine defined as www.qip.ru. Please advise how can I get rid of him? And set it to the American search engine?
-
"Access denied" when you try to delete some adware
Original title: adware on my laptop I have I'm "Access is denied" when you try to delete some advertising software which has been downloaded to my laptop somehow. I tried to delete these files using my add/REMOVE icon, as well as through my C drive,
-
How to add contacts on BBM BlackBerry Smartphones? If we do not know email address and pin code?
BlackBerry 9220 curve
-
Hello I have my recovery blown discs... I don't have them... And I want to back up the HP drivers somewhere... All I want is when my system crashes... I will recover the windows of Microsoft system image recovery option and when I have a working OS,