Cisco :: 1130 AG - MBSSID And Dynamic Vlan
Jun 26, 2011
I have some 1130AG access point and I'd like to have :
- Multiple broadcasted SSIDs (because most of my clients are OSX and OSX doesn't deal with hidden SSID at all ! the clients have to enter the data each time which for WPA2 enterprise is really annoying)
- Dynamic VLAN assignement (so my clients don't have to know to which VLAN they belong and so I can easily change them from one to another).
As it turns out, it's apparently not supported to have both. But I can't understand WHY ? What exactly is the relation between those features ? What's the underlying technical constraint ?
I can understand the cipher suite must match between all the dynamic vlan because of the way wlan works, but for this, I really don't see what the problem is ... (Especially since I only have one of the SSID that needs dynamic assignement, the other is really the 'guest' one).
View 4 Replies
ADVERTISEMENT
Dec 14, 2011
We have a Cisco Aironet 1130AG Wireless AP (firmware 12.4) and have a guest wireless network (internet only) and corporate wireless network configured on it. They are kept separate by having different VLANs assigned to them. When a laptop connects to the guest network I see the DHCP request go out and it is tagged with the correct VLAN. The problem is when a laptop connects to the corporate network I see the DHCP request go out but there is no VLAN tagged on the packets. This causes a problem because both of our DHCP servers (on VLAN 1 and 3, remote DHCP servers no DHCP running on the Aironet [Doesn't seem like this version has a DHCP server]) are sending responses and sometimes the corporate user will get an IP address on the Guest subnet.
Our corporate network is setup on VLAN 1 which is configured as the Native VLAN on the Aironet. Will this cause the Aironet not to tag these packets with any VLAN information? Any other thoughts as to why it isn’t tagging these packets to a VLAN?
View 3 Replies
View Related
May 12, 2012
I convert IOS Cisco AP 1130 LAP to 1130 Autonomous mode. Well, the periphericals - clients connect to SSID AP no recieved I.P Adress, I think that is not possible active option DHCP server in AP 1130 dispositive. In mode I.P static clients the connection is established successfully.
View 1 Replies
View Related
Feb 3, 2011
I have looked at the Cisco Feature Navigator and according to the output with IOS 12.4(15)T1 thru T13 there is support for multiple SSID's and the feature "Multiple Basic Service Set ID" should be supported.
When I try to invoke that command mbssid on my Dot11 interface I get 'Invalid' response. Am I missing something here? Is the Feature Navigator misleading me or am I doing something wrong?
All I want to do is broadcast both SSID's that I currently have configured. Currently only one guest mode SSID is allowed and broadcast.
View 2 Replies
View Related
Dec 17, 2012
how to change our wireless setup. Currently, we have 2 Cisco AiroNet 1130 WAP's in the office that go directly into the 2 POE ports on our Cisco ASA 5500. These WAP's have 1 SSID and are using WEP for security. After demonstrating the flaws of WEP to my boss, he has agreed that we should use something more secure and I've suggested WPA. We want visitors to our office to be able to hop on our wireless but on a separate guest SSID with WEP.
I'd like the internal SSID to route to the ASA and take the default route to the internet (it will be our new fiber connection once it's installed in a couple weeks). The default route is whichever connection is working since our ASA 5500 will fail over when it detects an outage.
I'd like the guest SSID to route to the ASA and then go over our existing cable connection. This connection will be our backup once the fiber connection is installed. Since we won't be using it very often, but will be paying for it, I advised that we send all guest wireless traffic over this connection since 50/5 is plenty for guests.
The current SSID (which will be the internal SSID) has no VLAN. We do currently have a few VLANS on our network, one for voice (.42) and one for data (.100) and the default (.0). What device to I create the VLAN on (Cisco 5500?) and how to I setup the WAP? I need very basic instructions to start and I'm also trying to do this without causing downtime if possible.
I've attached a diagram of what it should look like. Red indicates our internal network and Blue indicates the guest network. I can send screenshots as well.
View 2 Replies
View Related
Jan 16, 2011
I have just upgraded our WLC from 4.0 to 7.0 (via 4.2). Before the upgrade we had our ACS returning a VLAN based on user group. This seemed to be working without an issue. Now that the WLC is on version 7 this is no longer working correctly. The ACS is returning a VLAN and passing the user but the client can not get an IP from the DHCP server configured.
Example configuration:
SSID-----VLAN
PN-CSC-----CSCVlan: Works
PN-Others------OthersVlan: Works
PN-Others-----CSCVlan: No DHCP
When users are trying to be allocated to a vlan that is different from the native one the DHCP fails however both WLANs are configured to point to the management interface so dont have any real connection to the vlan other than by name.
Have there been any changes I haven't seen in the way the dynamic vlan allocation works in version 7?
View 8 Replies
View Related
Dec 13, 2012
I'm having trouble getting the dynamic vlan assignment to work on my 1242AG Cisco Aironet APs. I've seen multiple cases with a similar setup and configuration where it works just fine. I've tried everything I can think of. IAS and AD is running on Windows Server 2003.Everything works fine except the vlan assignment. Wireless clients successfully authenticate through IAS and Active Directory, but instead of being switched to the appropriate vlan the client stays in whichever vlan/ssid it originally connected to.PEAP is the authentication method, using MS-CHAP v2. Naturally I have the attributes in the policy set appropriately,[code] I've attached the config for the AP, which shows that I have two vlans/SSIDs set to cipher, aes, network eap, wpa, etc. I noticed that if the Tunnel-Pvt-Group-ID attribute is set to a vlan id that doesn't exist on the AP then the AP makes an event log saying so.
View 16 Replies
View Related
Nov 27, 2012
Does the WAP4410N support Dynamic VLAN assignment by means of 802.1x authentication?
The reason why I ask this; I am able to configure a SSID on a WAP4410N with WPA2-Enterprise, in combination with 802.1x PEAP network authentication. I can succesfully connect Windows, Windows RT, Windows Phone, iOS and Android devices. But.. I am unable to designate them to another VLAN based on access/connection policies. For example; I want mobile devices such as iPhone and Windows Phone to be assigned to a specific VLAN. The Wireless Access Point (authenticator) must be able to support that.
This is my setup:
Spplicants: Windows 8 / iPad / ...
Authenticator: WAP4410N
Authentication Server: Microsoft NPS (Network Policy Server)
I used 802.1x PEAP (Protected EAP) with password (domain user) authentication. In fact, the suplicants communicate with 802.1x to the authenticator. The authenticator communicates with RADIUS to the authentication server. NAP is not in between. It's just plain 802.1x authentication.
wether dynamic VLAN assignment is supported?
View 5 Replies
View Related
Aug 21, 2012
I am using several SG300-28 Switches with firmware version 1.1.2.0.I have dynamic VLAN enabled. As RADIUS server I am using free radius 2.1.12.Authentication is only based on the MAC address. (I configured that on the switches)On the switches I created three VLANs. VLAN100 for the authenticated clients, VLAN200 for Management interface and VLAN300 as Guest VLAN. After a wrong authentication the clients should be put into this Guest VLAN immediately (I configured this on the switches). I am using Windows XP and Windows 7 clients in my network. I did not configure any EAP settings because I just wnat to use the MAC address.
In most cases the dynamic VLAN assignment and authentication is working fine. The switch log says that the client is authenticated and the same I can see on free radius log. But in some (rare) cases the client is rejected. The CISCO log says "MAC aa:bb:cc:dd:ee:ff was rejected on port ge17" but when I look at the free radius log then this MAC address was successfully authorized.
The problem is that the client gets an IP address based on the Guest VLAN300 but after that the switch seems to "switch" the VLAN on the port and then the client is authenticated correctly on the right VLAN but the client does not request a new IP on the new VLAN. If I unplug and re-plug the LAN cable in most cases the client get the correct VLAN and the correct IP. This is happening randomly on nearly all my PCs.
Do I have to set some timers higher ? I don't think it is a problem between switch and RADIUS but a problem between communication of the host and the switch.
View 14 Replies
View Related
Jan 28, 2013
When the users connect their laptop they are getting a authentication prompt but the switch is not changing the VLANs on the port after successful authentication.Below are the logs on the switch
Jan 28 2013 17:21:32.417 CST: RADIUS: Framed-MTU [12] 6 1500
Jan 28 2013 17:21:32.417 CST: RADIUS: Called-Station-Id [30] 19 "E4-D3-F1-0B-C6-0A"
Jan 28 2013 17:21:32.417 CST: RADIUS: Calling-Station-Id [31] 19 "84-8F-69-A8-BD-1D"
Jan 28 2013 17:21:32.417 CST: RADIUS: EAP-Message [79] 45
[code]....
View 1 Replies
View Related
Apr 22, 2013
I have enabled IP DHCP snooping on a 24 port 3560 switch (v small office) and let the database fill up, now I have added dynamic arp inspection on the single vlan and I amd getting these errors.
Apr 23 16:15:34: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/5, vlan 1.([5835.d9b0.b9d1/172.30.5.2/0000.0000.0000/172.30.5.3/16:15:33 BST Tue Apr 23 2013])
Apr 23 16:15:39: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:39 BST Tue Apr 23 2013])
Apr 23 16:15:40: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:40 BST Tue Apr 23 2013])
[Code] .....
View 2 Replies
View Related
Jul 11, 2012
I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right? Doesn't this limitation significantly reduce the usefulness of the DVA feature?
View 2 Replies
View Related
Nov 23, 2012
I`m working on Dynamic Vlan Assigmenton the basis of end user authenticatedwhoc are part of specific AD Group in c ampus enviorment.Objective: Need to assign the vlan on switch port on the basis of authenticated users OU Group in Active Directory. Eg: There are 2 OU groups in AD, Sales and Administration. Authenticated user in Sales group should get Vlan 10 and user in Admininstration Group shoudl get Vlan 20.
Components:
Cisco 3750x/Cisco 4500
ACS Version 5.2
Microsoft AD
View 1 Replies
View Related
Apr 11, 2013
I'm trying to use 802.1x to authenticate clients on my network with dynamic VLAN assignment from RADIUS. We have IP-Phones(powered by PoE) that only supports EAP-MD5, and we would rather use MAB(it also uses LLDP-MED for some settings) to authenticate the phones using the MAC-range from the phones vendor. The following scenario works perfect:Connect the phone and let it boot up(takes a while) and authenticate with MAB.Connect a computer in the phones data-port and let it authenticate with 802.1x(or fail and reach guest-vlan) However, the following scenario doesn't work:The computer is already connected to the phoneThe phone is then connected to the switch What happends now is that the computer is authenticated using 802.1x before the phone boots up and get's authenticated with MAB. When the phone is ready, it's authenticated with MAB and everything works. However, after a short period(let's say a minute), using `debug authentication all`, we see a "NEW LL MAC: phones mac" message(which is weird since the mac has already been MAB-authenticated), and then we are unable to contact the phone using ping. When I check `show mac address-table` it has now moved the mac from `Port Gi 0/12` to `Port Drop`. However, if I check `show mab interface Gi 0/12` or `show authentication sessions` it lists the phones-mac as `mab auth sucess `.why the first scenario works, and not the second?
The switch is a 3560E PoE 24p with IOS 12.2.58SE2. Sample of the switch-config: network-policy profile 1voice vlan 90!interface GigabitEthernet0/12switchport mode accessnetwork-policy 1authentication control-direction inauthentication event fail retry 1 action authorize vlan 60authentication event server dead action authorize vlan 60authentication event no-response action authorize vlan 60authentication event server alive action reinitializeauthentication host-mode multi-domainauthentication order mab dot1xauthentication priority mab dot1xauthentication port-control autoauthentication periodicauthentication violation replacemabdot1x pae authenticatordot1x timeout tx-period 5dot1x max-reauth-req 1spanning-tree portfast!Btw, when we tried authenticating the phones using 802.1x too (EAP-MD5), there are NO problems in any of the scenarios. However, we want to use MAB instead of 802.1x to avoid the requirement of configuring the phones with a username and password. The RADIUS response was the same when using 802.1x as it is with MAB for the phones (including device-traffic-class=voice AV-pair).
View 2 Replies
View Related
Feb 6, 2012
We have Cisco Cat4503 series L3 Switch and Cisco L2 2560 Series Switches, some of the users want to have a dynamic VLAN membership, and connecting with the network as mobile users,
can it possible and create dynamic VLAN for specific group of users.
View 6 Replies
View Related
Nov 27, 2011
I know what the problemis i need to tell the AP what the mac of the switchport is but i can not figure it out because it is a CATos Switch?on a IOS I would just use the Show interface command and use the bia but i dont know how to figure out the bia on a CATos?
View 3 Replies
View Related
Apr 2, 2012
what is the reason that cisco 1130 series ap cannot be seen by switch it connected to, by CDP protocol
View 2 Replies
View Related
Jul 21, 2011
I need to configure SNMP on our company Aironet 1130. I am told there is a tool we can use that will allow us do the configuration from a PC vs connecting directly to the device.. If that is true, where can I download it?
View 5 Replies
View Related
Jun 5, 2012
I've got this weird problem with my AP. It keeps rebooting randomly. It happen to all the AP in my campus randomly. It happens recently. It have been commission for quite a long time. ie user able to connect and use it. its connect back to the controller to back in another campus. Below are the logs i gather.
*Jun 7 11:13:54.287: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 7 11:13:54.290: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
[Code]......
View 20 Replies
View Related
Apr 2, 2012
Why it could be that switch cannot see Cisco ap 1130 series by cdp .
View 1 Replies
View Related
Sep 15, 2012
Any info on successfully resetting an light weight 1130 AP to the factory settings? I tried the method described in the doc for 1130 on how to reset 1130 AP to the default settings, but it was not successful. I tried shutdown the AP, and plug in the power while press and holding the Mode button for about 3 seconds.This AP has lost it association with the WLC, is there anyway i can reset the AP to factory default and put in the correct IP address again?
View 3 Replies
View Related
Aug 13, 2012
I have the problem that the AP1130 can not join to WLC2504.
Console Messages of AP1130:
*Aug 14 09:34:54.029: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 14 09:34:54.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.x.251 peer_port: 5246
[Code].....
View 10 Replies
View Related
Jun 16, 2013
Looking to set up a small office cheaply and quickly and was thinking about ordering a 2006 and some 1130s off EBay. Are the lightWeight 1130s compatible with the 2006?
View 9 Replies
View Related
Oct 14, 2012
IOS of my access point 1130 was deleted after bad manipulation. I have just a boot but not a flash on my AP. I can connect it just in console mode. What is the procedure to restore the IOS?
View 2 Replies
View Related
Mar 23, 2011
my college using WisM (WS-SVC-WISM-1-K9) as wireless controller , Cisco 1130 access point and Cisco Secure ACS 4.X Solution Engine 1113 Appliance as radius server. For username and password, we take it from existing Oracle database.
The problem is the password that store in oracle database is in encrypted format. Base from feedback from database administrator, the encrpytion is done by oracle - application layer and cannot be decrypt back.
To tackle this problem, we decide to use external script in php to verify the username & password...The php script will check directly from oracle database. If the username & password match, it will sent a boolean true (1) to the Wism controller and if the username & password not match, the script will send boolean false(0) to the Wism controller.
My question is, can WiSM module talk to php script? Can it receive boolean parameter from php script?
View 5 Replies
View Related
May 1, 2012
When is 1130 AP going eos/eol? I have tried searching, but could just find eos/eol for 1130 power supply and not for the AP itself.
View 6 Replies
View Related
Aug 5, 2012
i have lwapp 1130 in internal network , i already configure dhcp with option 43, in my switch connected to ap i set vlan 1424 for management AP and the ap got ip addres from dhcp server. The wlc controller is in DMZ with ip 10.222.5.3, from switch connected to ap i can ping 10.222.5.3 , it aslo seperated by cisco asa firewall, i already set allow from 0.0.0.0 to 10.222.5.3 udp port 5246-5247 and 12222-12223.
View 4 Replies
View Related
Feb 27, 2013
I have a couple of AP's that are down and won't let me change to up. When I try to enable admin status I get a pop up window: " error in enabling admin status".
I have configured the WLC for power injectors with a 3550.
View 2 Replies
View Related
Jan 21, 2012
I have a lwapp 1130 here and it's no longer associated with the controller. I issued the clear lwapp private-config, it went through and cleared the config. Now when I try to issue the lwapp commands to set the ip and such i get ERROR!!! Command is disabled. I read that this means the static configuration is locked, but it did not say how to "unlock" it. how to get this re-enabled.
View 31 Replies
View Related
Jun 12, 2011
I have CISCO Aironet access point C1130 , but not able to connect by users, I can see below logs from access point.
Jun 13 17:50:10.686: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000
Jun 13 17:50:10.686: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247
Jun 13 17:50:15.678: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000
Jun 13 17:50:15.678: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247
[Code] .....
View 0 Replies
View Related
Sep 14, 2011
I just received a Cisco Aironet 1130 AG wi-fi router to configure and when I entered the router through console, I am not able to get into config mode. It says:
AP588d.09a7.93e4#conf t
^
% Invalid input detected at '^' marker.
Also,
AP588d.09a7.93e4#sh start
startup-config is not present
Also, this is what I see in my flash:
AP588d.09a7.93e4#sh flash:
Directory of flash:/
3 -rwx 217 Mar 01 2002 00:07:10 +00:00 env_vars
4 drwx 128 Jan 01 1970 00:02:03 +00:00 c1130-rcvk9w8-mx.bin
I need to configure this device and set up for wi-fi access in my organisation network.
View 2 Replies
View Related
May 1, 2013
1) Virtual controller 7.3.112 is OK
2) N° 2 LAP 1130 e 1240 is Joined to controller OK
3) flexconnect in localswitch is OK
4) flexconnect in central switch IS NOT work.
View 3 Replies
View Related
Aug 28, 2012
i have stand alone cisco 1130g ap ,and wlc 2504. wlc 2504 support this ap or not ?
View 3 Replies
View Related
