Cisco :: 1240 / 4400 - Monitoring User Access
Mar 27, 2011Is there anyway to monitor client who is downloading , using the most bandwidth in Cisco wireless environment ? i have 1240 ap and 4400 controller environment.
View 1 RepliesIs there anyway to monitor client who is downloading , using the most bandwidth in Cisco wireless environment ? i have 1240 ap and 4400 controller environment.
View 1 RepliesWe currently have about 8 WLC 4400 series controllers deployed around the company, one of these controllers is acting as an Achor controller for GUEST wifi access for visitors to the company, as a result of this we have many users with "LobbyAdmin" access to setup users.
We have recently introduced a Cisco WCS to manage these devices but its not fully implemented/active to see all WLC's.I need to be able to report on the LobbyAdmin users to see who is setting up accounts and for who etc. Currently access to the WLC/WCS is done via Local admin accounts. All accounts for the LobbyAdmin people are setup on our anchor controller.
I have added the anchor controller for this to the WCS system but when looking in Administration/AAA/Groups the LobbyAdmin groups shows No Members.Is there a way that i can import the Lobby Admin names from the anchor WLC to the WCS so i can do reports/audit checks on these users?
Cisco 4404 WLC
AP 1240 - LWAP
Wireless client receives a DHCP address from central DHCP server fine. Unable to route outside of own subnet . Continuous ARP WHO HAS (Default Gateway addr) TELL (client IP) messages being received. WLC running OS 4.2.99.0.
(WLC 4400) which enables employees to browse to a custom made webpage, where they can create an account for company vistors to access the internet. It's important for the employees not use any login credentials, they arrive on a webpage where they specify the login & password which the vistor will enter to browse the internet. Is there any good link to documention about this topic?
View 3 Replies View RelatedI am looking into upgrading a customers wireless network and they are looking at using a few 1240 access points for both internal and external connections. Their question is can one access point support both channels simultaneously? They would like to connect an antenna on the inside of the building on the 5ghz channel and another externally on the 2.4ghz channel.
View 3 Replies View RelatedI just started a project to make a guest wireless network available at every site in my enterprise. Guest wireless networks are currently available at some sites. Two key goals of this project is to enable WPA/WPA2 encryption and to develop a web based registration/autentication solution. All of the sites have a mixture of 1230, 1240, and 1250 autonomous access points. What do I need to do/get in order to make this happen?
View 3 Replies View RelatedWe are running ACS 5.2 patch 6 and want to restrict access for users to be able to add devices to the system.For example, admin person in site A can only add devices into the site A group and cannot see/access other sites groups.
View 1 Replies View RelatedI have a Cisco Series 4400 WLAN controller and I'm trying to connect a lightweight AP to the controller. I have already assigned the switch port to use my wi-fi VLAN, and have connected the AP to the switch. After a few minutes, the light on the AP goes from green to light blue (indicating it's serving clients). When I log into he wi-fi controller to look for the Ethernet mac address of the new AP, I do not see its Mac Address. I want to be able to rename the AP to reflect where it will be used, but need to select the AP via its Ethernet mac address before I can make any edits like changing its name etc. I've gone through the "monitoring" menu, selected "All" and still do not see it in their via its MAC address. I also will select the "wireless menu" which lists all the AP's on my network, listing in order from on the longest running, to just powered on.Is there something I'm missing like a "re-scan" that scan's all devices?
View 5 Replies View RelatedWe have two 4400 controllers which support 50 Access points each and wcs with 100 base license.Now we added 5508 controller supports 50 access points.wcs is upgraded with another 50 ap license.The 5508 controller is joined to wcs and the licence showing permanent.WCS showing all aps and showing both 100 and 50 licence as permanent.But the issue is while loging into the wcs it showing the error message as"The system is in violation of license.The number of APs registered is greater then licensed."
View 5 Replies View RelatedIs there any chance to access files on 4400 with ssh (winscp etc.) clients ?
For example we upload webauth bundle and then we want to delete it and recopy another files..
I have my wlc 4400 configured with a secure wlan and a guest wlan. The guest wlan is switching traffic at the wlc to a separate guest-wlan interface. When a guest is associated and authenticated, they can access the management console of the wlc which is in a different subnet. As I understand, the wlc does not route traffic. So how could this be happening? the guest subnet and the subnet the wlc management interface is in are different and separated by a firewall. I have also tried applying access lists in the wlc to each interface without luck. How can i stop the wlc from providing access to guest wlan users?
View 3 Replies View RelatedI manage a wireless mesh solution (WLC 4404,4.2.176.51M (Mesh)) with some types of LAP, namelly,LAP1510, AIR-LAP1242AG-E-K9 and AIR-LAP1242G-E-K9.
We also use a freeware solution to have some graphs (collect by SNMP), namely for: Clients per AP, Noise and Interference, Channel Util, etc.
My question is about collect (by SNMP) the traffic (inOctets,outOctets) by access point, to have traffic utilization for both Radio (A and B/G) and ethernet interfaces of each access point... I can't find it on the MIBs... It´s possible?
on WLC 4400 Guest vlan is configured with local authentication, the users get disconnected after 10mins were should i disable the option of 10mins restriction
View 3 Replies View RelatedWe have a several cisco 4400 wireless controllers and a cisco WLC. All clients autheticate to an AAA server. Acces points are cisco LWAP 1242. Security is PEAP TKIP ms-chap. Machine and user authetication. Settings are pushed out through grou policy. A new user can log on to a laptop (without cached credetials) and get all their network settings....most of the time. Randomly we have laptops that after being restarted, recieve "yourdomain.com is not availalbe" error message. The laptops will work fine for weeks and then random laptops start to get this error. If we wire them into the network, run a gpupdate, they logon fine. Shutdown, unplug, and the wireless works fine again.. I am not sure if this is an ms group policy issue or a wireless issue. Any setting change or a gp setting that I may have missed??
Clients are mostly windows 7 some XP Domain Windows 2008r2
ACS 4.2
Group policy settings - wifi config settings enabled and configured correctly Always wait for network enabled.allow fast reconnect disabled (was recommended by a cisco tech) Disabled computer passwords for domain about 2 months ago to see if the computers reseting their passwords were an issue.
We have 30+ wireless access points controlled by a Cisco 4400 Series WLC (mostly AP1231's and some AP1242's). The WLC's system time is set by a network NTP server and is correct. However the APs clock is an hour behind that of the controller.
View 3 Replies View Relatedi have more then 25 Cisco WAP4410N AP put is our office. i put 4 AP in each floor.we are using signal SSID for all AP. I have two question
1: want to monitor all AP if any is down we can trouble shoot it .
2: with some user have problem before connecting it show full signal but after connecting signal is drop.some time
connected PC is automatically restart wireless connectivity.
As a Admin i want to monitor what is going on.
I recently upgraded our controllers to the latest version 7 software, as I read this was one of the requirements to get them to connect. But I am not having any luck getting into a controller. Normally I plug them in to the network, they pop into the controller listed as something like AP5057.a844.xxxx and then I can finish configuring them, but a static IP on them, etc. This is the first of this model AP I have tried to deploy, so I am wondering what is different with these. or what I might be missing in the default config in the WLAN controllers. Niether of which are set to "Master" either.
View 10 Replies View RelatedI have several autonomous 1240ag AP's that I need to enable a second ssid(Guest and VLAN2) for guest access and while I have configured the AP's according to the driections, I am not able to connect to the second ssid(Guest), but it is broadcasting. When I check the logs, I do not even see my laptop or any other device for that matter, trying to authenticate, what am I missing? I can see, connect and get an IP from the first ssid(Production and VLAN1), which is on the native VLAN and my 3COM 3C17203 switch port(14) is tagged for both VLAN's. Although I am sure that this would work better with a Catalyst switch, but it is not in my budget to replace all 4 of these, but I need this to work.
View 3 Replies View RelatedAP not booting and am not able to boot. Xmodem file system is available.flashfs[0]: unable to allocate available block.
The system has been interrupted, or encountered an errorduring initializion of the flash filesystem. The followingcommands will initialize the flash filesystem, and
[Code]....
In a multiple SSID setup, can Aironet 1240 & 1250 series AP supports different WEP key for different SSID
View 3 Replies View RelatedI am using asa 5520 and asa 5540 for remote access vpn connections. Is it possible to do active monitoring of my vpn connections so that there would be alerts for vpn tunnels that fail to establish due to other reasons other than user authentication?
View 5 Replies View RelatedI am working on setting up a new WLAN infrastructure. I have set up different SSIDs connected to different VLANs, in the AP. I also want to use Windows NPS for authenticating users on the different SSIDs, with different authentication methods based on which SSID the user/device is connecting to. To do that, NPS needs to get the SSID, but the Aironet 1240 only sends its MAC address in the Called-Station-Id. I have read a bit about this, and found out that if I have a WLC, it will add the SSID to to the Called-Station-Id. But since we do not have a WLC, I am trying to get this to work anyway. Is it possible to modify the Called-Station-Id to include the SSID on an Aironet 1240? If not, is it possible to send the SSID as a separate attribute that can be read by the NPS?
View 10 Replies View RelatedWe have four VLANs that need to be accessible to wireless devices. The VLANs serve the following groups: staff, student, guest, phone
We are currently using a WEP/MAC authentication for staff and phone wireless networks.
I am looking for what your recommendation would be to provide reasonable level of wireless security, particularly with the staff network, but at the same time not require a high level of management, ex. managing active and inactive MAC addresses for MAC authentication. We have the following components available - 1240 APS, Windows AD, a 4402 WLC, and 6 campuses, and outdated Cisco ACS.We need to provide connectivity to Cisco wireless phones, laptops, iPads, cell phones.
We successfully use this oid on our Aironet 1240 series AP's to list the dot11 associations to the AP:1.3.6.1.4.1.9.9.273.1.2.1.1.18 (cDot11ClientSubIfIndex).However, that oid does not work on our Aironet 1140 series AP's. Any equivalent oid?
View 0 Replies View RelatedI'm trying to find a document in Design Zone about configuring a Wireless AP and I wasn't able to find it. I have a good experience configuring switches, routers and firewalls in CLI and this is the first that I have my hands on APs (1240 AG).
View 2 Replies View RelatedWe have a small office and already have a firewall in place that uses content filtering. I am looking for a low cost wireless access point that I can place behind my firewall that will allow me to control access by a username and password list, not just the passkey.
Does this exist without having to go to an Aruba or Ruckus type enterprise WIFI product?
We are using WLC4402 for our Aironet 1240AG access points. The clients are connecting to the access points and are authenticating to the RADIUS server. I am seeing the logs in Server 2008 but they are being rejected due to Network Policy on the NPS server.
Where do I see the Authentication Type on the WLC4400 or the 1240's? In order for the clients (authenticated via Active Directory user) I have to set the Authentication in the NPS Connection Request Policy to "Allow clients to connect without negotiating an authentication method".
I do not have a certificate on the server and my method options are MS-CHAP-v2, MS-CHAP, CHAP, PAP, SPAP, and allow without negotiating. This RADIUS server was moved from Server 2003 IAS to Server 2008 NPS and there were no issues in Server 2003 IAS. I have all authentication methods allowed and it still gives me the error below. Only when I check "Allow clients to connect without negotiating an authentication method" it allows the authentication to proceed.
Client Machine:
Security ID: NULL SID Account Name: Fully Qualified Account Name: OS-Version:
Called Station Identifier: 00-17-a2-87-54-00: SSID NAME
Calling Station Identifier: 00-41-96-b6-e3-27
NAS:
NAS IPv4 Address: 192.168.90.24
NAS IPv6 Address: -
[code]...
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
I need to access remote users system for troubleshouting and I cannot ping or access anything on their laptop when they are connected to VPN. For example, a user would get an IP of 172.16.4.132 when logged into vpn but I cannot ping him from the CLI, or can I access his laptop via RDP. S 172.16.4.132 255.255.255.255 [1/0] via 207.x.x.x, dmz What could be the issue and how can I fix this? Im on 10.8.24.0/24 network S 10.8.0.0 255.248.0.0 [1/0] via 172.16.0.7, Internal which has a route to 172.16.0.0/16 C 172.16.0.0 255.255.0.0 is directly connected, Internal The ASA is 172.16.0.3 which i can ping from my desktop on 10.8.24.0. Device info: This platform has an ASA 5520 VPN Plus license. Cisco Adaptive Security Appliance Software Version 7.2(5) Device Manager Version 5.2(5) Hardware: ASA5520-K8, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz Internal ATA Compact Flash, 256MB BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
View 1 Replies View RelatedI have ACS 5.1.I have created the Identity Group 'Admin' and added 2 users in that, say User1 and User2.How do I permit only User1 to get authenticated when he logins in to the device?There is option to select 'UserName' while creating Service Access Policy , but I have observed that though I have mentioned only User1 in the rule, User2 is also getting permitted
View 1 Replies View RelatedI want to limit a local user's access to some specific groups of devices. In Role Management Setup I can define which service they can access, but I want to restrict it to a specific device as well.
View 3 Replies View RelatedWe're planning to ope a coffee house for teens at my church. We want the internet to be accessible to them but want to restrict what sites they can access so homework, games, etc. can be accessed but not the stuff rated for violent, rrisky behaviors.
View 1 Replies View RelatedWe currently have one Cisco ASA 5510 firewall at our mailn office. Our firewall does not let users access the internet. We currently have a web proxy that lets users access this. I need to let users access one website through the firewall without going through the firewall. I believe this is possible if I use dynamic NAT.
View 1 Replies View RelatedI am trying to create a user restriction to allow one user to access only two networks (10.192.3.0 and 10.192.5.0) I have range of networks but I want to permit only two networks for limited user and full access for the admins. I know this was possible with ACS 3.3 but I am not too sure if this is also applicable with ACS 5.2.
View 1 Replies View Related