I have 2 Cisco 1141 aironets access points.
I've fallowed this tutorial: [URL]
I have an Ubuntu server running free radius authenticating against an LDAP server. Now I'm able to log into the AP via ssh with my LDAP credentials.
What I can't figure out is how do I setup the AP so when people connect to the AP's wireless they are prompted to use their LDAP credentials.
I have AIR-AP1141N-A-K9 access point, but can not get over 130 Mbps speed. Looking at the manual it appears that I need to set "channel width" to 40-above or 40-below, but it only accepts 20. Is the 2.4Ghz radio limited to 20Mhz? Since the specs indicate that it can do 300Mbps, I must be misunderstanding something.
View 4 Replies View RelatedI'm trying to turn off the LED on a Cisco Aironet 1141 p/n AIR-AP1141N-A-K9. This is a standalone AP and from the CLI I'm issuing this command:
ap(config)#led display off
The LED does not turn off after typing this command. If I do `show run' it shows up in the config so the command was accepted. Is there a different way to turn off the LED? I'm running IOS Version 12.4(21a)JA1.
I'm encountering what I think is an issue on logging system on FW ASA 5520 - Asa Version 8.4(2), ASDM version 6.4(5). When I disabled the logging inside a rule from ASDM, or from console with the "log disable" option inside ACL, If I check in ASDM logging real time window I continue to see all the entry related to disabled rules. This is a correct behaviour about ASA logging ? How I can "hide" the entry related to disabled rules (this is what I need for troubleshooting purposes) ?
View 1 Replies View RelatedI have two access points that I recently purchased from ebay. I updated them both to c1140-k9w7-mx.152-2.JB and I have been unsuccessful at getting either of them to connect at faster than 39MBps. After scouring google for answers I found several with the issue of not using the correct WPA2/AES configuration and that was me. However after changing the configuration, I am still unable to connect to either of the APs at faster than the 39Mbps. [code]
View 4 Replies View RelatedWe have about 15-20 APs out in the field, and at random they seem to disassociate from the WLCs and re-associate within a few minutes. We have not looked into that entirely yet, but we are having an issue with a few. Sometimes, they will disassociate and after a few hours reassociate.
View 9 Replies View RelatedI have an aironet 1141 with multiple v lans configured, all with wpa2 but I need to put mac filter on only one v lan, so I follow this manual: [URL}. Basically is mac a ACL and applied to sub interface. So, I can associate to the AP, but no one can transmit or receive . If i remove the ACL all works fine.
My config:
access-list 700 permit <maclist> 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
interface Dot11Radio0.130
[code]....
I have an existing setup consisting of:
Windows Server - doing DHCP for private wired/wireless
Cisco 1141 Autonomous WAP with only private wireless access.
ASA 5505 (with very basic licensing)
HP switch
The customer wants to have guest WiFi.
The guest WiFi is going out to the internet via a seperate VLAN/interface on the ASA. Can the 1141 do DHCP for the guest WiFi? Or do I need to do it via the ASA?
I have a problem putting a Cisco 1141 AP in repeater mode with a AP HP Procurve.Root AP is a the Procurve, but when try to put the Cisco AP with same SSID, Authentication, etc, I receive this error:
%DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: NO Aironet Extension IE
I try disable the Aironet Extensions and always get the same error all time. It's possible connect both APs?
I have a customer who accedentally got a AIR-LAP-1141. He needs it to be autonomous. If I convert from LWAP to Autonomous, will there be a licensing issue?
View 1 Replies View Relatedrecently we purchased cisco aironet AIR-AP1141N-E-K9 standalone model. after configuring it , client has no problem with connection and coverage, but there is problem with thoughput. clients are not able to connect at higher rates, even if i set channel width at 40 mhz, max rate for N capable client device is 54mb.
[URL]
I'm setting up a Cisco Aironet 1141 (standalone mode, AP) to handle wireless traffic in the office. It gives out 2 mbssids, one of which authenticates domain users through a RADIUS server and places them in an appropriate VLAN (RADIUS options 64, 65, and 81). The other is a guest ssid that uses WPA-PSK and places users in the restricted guest VLAN. Physically, the AP is connected to a 3750 PoE Catalyst, to which RADIUS and DHCP servers are also connected. AP, SSIDs, RADIUS and EAP authentication all work. The configuration given below is a working configuration. People do get authenticated and do get placed in the appropriate vlan. The problem is that, once authenticated, the "Obtaining IP Address" phase on the client hangs and most clients timeout without getting an IP address. Given that the DHCP server is on the same switch and a test simple ASUS Wi-Fi IP gives out the same scenario (except the multiple VLAN) at the speed of light, I don't think that it's a problem with the network connections between clients and the DHCP server. After reading some topics here, I realized that probably other communication will be extremely slow, as well, but haven't tested that for sure. Clients are all non-Cisco - smartphones, notebooks, etc. Most of them are 802.11G, not N.
View 4 Replies View Relatedi'm having some trouble pushing CLI templates to controllers in my lab. i get an invalid credentials error but it is random. sometimes i can push the template fine but 30 seconds later if i push the same template it will fail with error. several minutes later try it again and it fails. i have verified the credentials by reconfiguring them consistantly accrosss the devices but if the credentials were actually wrong it should fail every time, not intermittently. there are also 2 controllers i am testing this against and it is also random which controller fails. on the instances where i don't get the credential error my CLI template fully executes without error.
i am using WCS 7.0.230.0 on WIN2K and two 4400 controllers running 7.0.230.0.both controllers are configured with SNMPv3 and SSH. telnet and lower versions of SNMP are disabled.
How do i get the 12.4 code to assign a dhcp address to my ethernet interface from my server? I deleted the default config on the 1141 and searching has not turned up anything useful.
View 1 Replies View RelatedTo enable our receptionits to print a guest user ticket on a small A8 ticket printer I'm looking for a way to adjust the layout and formatting of the guest account credentials page.
I have searched through the javascript and css files but with no success.
We are using WCS 7.0.172.0
Does WLC 5508 has capability to create login credentials with specific time of validity? Could it be used in hotel set-up to provide prepaid access account to guest?
View 2 Replies View RelatedI need to edit device information for multiple devices using feature Edit Credentials. I'm not able to overwrite all device credentials using a new set.
View 2 Replies View RelatedI recently tried to deploy an ACS appliance with version 5.2 installed on it for a customer.
After setting up the WLC to use the ACS as a radius server, and successfully testing connection from the ACS to the AD, I get an error message " 12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate" anytime a client tries to connect to the network.
This is surprising because I had already generated a certficate for the ACS from a CA and binded the CA signed certificate with the ACS, I also specified the CA in the client machine's wireless properties and checked the "validate certificate" button.
When I tried to connect using the internal identity store, the client was successfully authenticated without any certificate issues.
We just replaced our Cisco 1240 AP in one of our shops with a Cisco 1141 AP. This is not controller based.
We use several wireless (infrastructure mode) auto diagnostic tools which connect to the AP. We also have many laptops which run the diagnostic software.
We had no problems with our 1240AP. With our 1141, we cannot connect to the wireless tools if both the laptop and the tools are connected to the 1141. If I connect one to the 1240 and one to the 1141, they can see each other and work fine. IF they are both connected to the 1141, they show up as connected in the AP, they can ping each other, but the software does not communicate.
[URL]
I am setting up a new ASA. Actually it's an old 5510, but this is a new temporary install until the one we ordered comes in. Everything is working except for SSH. I have SSH open on the inside and outside interfaces and I get a prompt when I try to SSH to it from either the inside or outside. But after I put in my username and password it tells me that my credentials are invalid. I am using a local username/password, not AAA and it accepts that username and password for the console. Console and telnet (password only) both work so I can get in to make changes. When I debug SSH, the error states that my username and password are incorrect. But this happens even when I create a new, simple username/password to test. I've even gone so far as to copy/paste the username and password into the login window just to be safe (making sure I don't copy spaces, etc). Below is a copy of the SSH Debug output followed by a sanitized copy of the config. I have AAA configured for remote VPN users, but not for access to the ASA. Also, this problem existed before I created the AAA settings for the VPN users. Also, I have zeroized and regenerated the RSA keys a couple of times to no avail. [code]
View 2 Replies View RelatedI have a problem when doing this report. If I do a device credentials report on a user defined group (40 devices) 11 of these devices fails to connect via SSH. I can make an SSH connection to all 11 devices from the CiscoWorks server, but 11 devices still fails on the report
Device Name Read Community Read Write Community SSH
1. 149.212.XXX.164 Ok Ok Failed to connect.
2. 149.212.XXX.153 Ok Ok Failed to connect.
3. 149.212.XXX.152 Ok Ok Failed to connect.
4. 149.212.XXX.151 Ok Ok Failed to connect.
5. 149.212.XXX.150 Ok Ok Failed to connect.
[code]....
We have a Linksys WRT120N wireless router set up at one of our small offices. I noticed recently when trying to log in to the router to make some admin configurations that it will not accept the login credentials when trying to log in from IE10 browser. Works fine from Chrome, IE9, ect. logging in to a linksys router with IE10?
View 3 Replies View RelatedI am trying to copy a setup from a Nortel IAX100 where the carrier provides two ATM PVC's over ADSL - one for voice (VoIP) and one for data (IP). Relevant lines from the backup of the IAX's configuration include the following for the PPP authentication over the voice circuit:
<wan_8_32>
<entry1 vccId="1" conId="1" name="Voice" protocol="PPPOE" encap="LLC" firewall="enable" nat="enable" igmp="disable" vlanId="-1" service="enable" instanceId="1509949441"/>
</wan_8_32>
<pppsrv_8_32>
<ppp_conId1 userName="" password="" serviceName="" idleTimeout="0" ipExt="disable" auth="auto" useStaticIpAddr="0" localIpAddr="255.255.255.255" />
</pppsrv_8_32>
The null username and password for the PPP connection have me a bit stumped. Does the PPP connection not use any authenetication at all? (Is that possible/likely? How could I deubg it?) Or does does the IAX100 supply a chap/pap response with null credentails? (If so, how would I duplicate that using an instruction to a dialer interface?I am configuring an 877 with 12.4T and advanced IP services.
How to upgrade from LMS 3.0 December 2007 update to LMS 3.1 or LMS 3.2. The problem is the large number of C2960S-24TS-L switches that my organization has and cannot managed them.. I tried to upgrade devices through Software Center but always Ciscoworks informs me with the following message."Error while downloading package information from [URL] for the selected products. See the log file for details". Also i can not run EOL/EOS inventory report. The message is " INVREP0102: Cisco.com user credentials are invalid. Enter correct credentials." I check my credentials and is right. The server has access to www through proxy without any restrictions. In the past I've already updated devices through the software center. Also in the past i ve run EOS/EOL inventory reports.The LMS 3.0 December 2007 has the following products LMS3.0.116 May 2008
CiscoWorks Common Services3.1.102 Jul 2009, 07:44:58 EEST2.Campus Manager5.0.511 Oct 2009, 07:36:10 EEST3.CiscoView6.1.702 Jul 2009, 07:45:05 EEST4.CiscoWorks Assistant1.0.102 Jul 2009, 07:45:05 EEST5.Device Fault Manager3.0.512 Jun 2010, 07:31:48 EEST6.Internetwork Performance Monitor4.0.102 Jul 2009, 07:45:11 EEST7.Integration Utility1.7.102 Jul 2009, 07:45:14 EEST8.LMS Portal1.0.102 Jul 2009, 07:45:16 EEST9.Resource Manager Essentials4.1.102 Jul 2009, 07:45:17 EEST
What i want to do is simple. Being able for any member of Administrators group to authenticate on our ASA5510 based on the AD credentials.
What is correct CISCO procedure for that?
We have a building with 6 Cisco Airnet 1140 connected to a Cisco 2100 WLC, all tied into a nice Central Certificate server and a Win2008 NPS/Radius server on a Win2008 AD. Our trusted PC wireless access is fine, with domain laptops with certificates authenticating with DHCP all round the building. We use GP to apply settings to an AD integrated Proxy server for internet access.
The problem I now have is with guest access...
We are an education establishment, so students could turn up with anything from a laptop to an iPad to an Android phone, which immediately rules out using proxy PAC files to configure the proxy.
What I really want is a method of using the radius to verify the guest user against their existing AD user account, which I believe is possible. The one snag we have is in order to avoid the user having to configure the Internet proxy we would have to switch it to a transparent mode, which immediately restricts our ability to report on AD username, we would only have an IP address to report on, which is next to useless!
We've looked at a Gateway product (Astaro), which integrates the Filtering onto the Gateway, but the downside is that you have to use their APs, so we would be replicating existing work, whilst also managing two filters.
I'm trying to configure WLAN authentication on my WCS to prompt users about their credentials.I'm using a Windows 2008 NPS as Radius server but I can also use a Cisco ACS 3.3 if needed.With each setup I tried, the credentials are sent automatically to the Radius server using the Windows user session credentials.How can I force the WCS to ask for a username and password before sending them to the Radius Server ?
View 4 Replies View RelatedI have been reading article url....wp1430161 and I am trying to get my head around the type of port authentication Methods & Modes I am going to require for a Proof of Concept using a Cisco ISE as the Authentication Server.
The switchport will have a single IP Phone in a Voice VLAN and then a Single host in a Data VLAN. Reading this article, I think I should be configuring "802.1x" authentication method using "Single Host" Mode.
However will that support a Downloadable ACL dependent on the user credentials? And will it allow a restricted ACL to be downloaded if authentication of the Machine or the User fails.? I dont really want to create & manage Guest & Remediation VLANs with thier respective ACLs on every switch in my enterprise, including our remote branch offices.
user can't login into domain with right credentials in active directory
View 6 Replies View RelatedWe are attempting to use LDAP for web authentication on a WLC 4402.
[URL]
You are able to connect to the SSID and it reidrects you to the login page as it should. When you enter your username and password you get a message that "the username and password combination you have entered is invalid." Based on the following log it looks like the LDAP bind is the issue.
*LDAP DB Task 1: Dec 19 11:19:26.584: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
We are able to test the following configuration with ldp.exe successfully,
Server: ***.***.***.***
Port Number: 389
Bind Username: CiscoBYOT
[Code].....
I have ACS4 and i am planning to upgrade to ACS5.I would like to have such a rules:I have user1, one ASA device which is VPN concentrator for remote users.ASA have two different tunnel-groups: one which allow for logging via certificate (with mandatory pki authorization thru ACS) with disabled Xauth,and second tunnel-group with allow login thru typical Xauth with authorization thru ACS which users external database (RSA Tokens).So i have one user1 which can login thru VPN using RSA tokencode or certificate.For example: on phone user1 uses certificate, and on PC station the same user1 uses token password.For tunnel-group with pki authorization ASA checks username in ACS and in typical scenario login="CN from certificate" and password="CN from certificate". So we would need "two credentials" for the user - one for pki authorization, and second one external database (RSA token).Is such scenatio possible under ACS 5 ? where one user uses different credentials based on tunnel-group usage ?
View 2 Replies View RelatedWe are using WLC-5508 in our corporate. For authenication we have implemented ACS with LDAP configured as external user database. We can able to get authenicated for Web based authenication. When it is configured for EAP-FAST, authenitication is not happening.
View 3 Replies View RelatedIs it possible to use both LDAP (to Active Directory) authentication for a WLAN defined on a 5500 series controller, and use the local user account database (AAA) for the guest vlan?
View 1 Replies View Related