Cisco :: 2500 Wireless Controller Blocking Traffic
May 16, 2012
I have a Cisco 2500 Wireless Controller connected and controlling 5 Cisco AP's. Everything works fine except one device.
This device is used to connect to our AP wirelessly and then any of the wireless laptops can use programming software to connect to the device and program through it. I can successfully set up our device on the network and all PCs can ping it, but the programming software refuses to connect to it. I spent an hour and a half on the phone with the device people who assure me its the network. So, I bought in a cheap Linksys router, hooked one laptop up to it and configured the device wirelessly. With that, the programming software works.
what should I be looking for in the Wireless Controller that may be blocking direct connection to the device even though I can ping it?
View 10 Replies
ADVERTISEMENT
Nov 20, 2011
I am having trouble adding a new controller(2500) to the WCS.
-My WCS version 6.0.196.0
-My WLC version 7.0.116.0
If i upgrade my WCS i may add the new contoller? Even if in cisco DATA-SHEET there isnt any mention regarding this WLC(basicly it says that the WCS does not support this WLC)
Monitoring and migration of selected Cisco Aironet standalone (autonomous) access points. Monitoring of the standalone access points of Cisco 800, 1800, 2800, and 3800 Series Integrated Services Routers.
View 3 Replies
View Related
May 10, 2013
By any way can I achieve HA in 2500 controller? I dont mind even I didnt get Stateful switchover.
View 5 Replies
View Related
Dec 7, 2012
i am having wirless controller cisco 2500 series. i want to know how many web authentication users i can create in the 2500 series controller with time out option for each users.
i know it will support the web authentication for internet access for the users but i need to know how many it will accept at a time with hours specification.
View 4 Replies
View Related
Nov 27, 2011
know if Cisco LMS will ever support the 2500 wireless controller ? I have just checked the supported devices for LMS 4.1 and the controller is not there.
View 1 Replies
View Related
May 18, 2013
I am developing CAP1602I & 2500 Controller.The CAP1602I-E-K9 can't register with the 2500 controller. [code] logging appears: capwap can't process uncryped data..I even didn't configure capwap on CAP1602.May I know if CAP1602 doesn't support LWAPP? Why LWAPP doesn't work?According to the logging, I also tried to configure the "Data Encryption" on 2500 controller ( according to 7.0.116.0 guide)
"Cisco 2500, WiSM2, WLC2—By default, these platforms do not contain DTLS. To turn on data DTLS, you must install a license. These platforms have a single image with data DTLS turned off. To use data DTLS you will need to have a license."Note If your controller does not have a data DTLS license and if the access point associated with the controller has DTLS enabled, the data path will be unencrypted. I should purchase a license? or, if I can configure the CAP1602I to don't encrypt data?
View 10 Replies
View Related
Feb 14, 2013
We are currently using a Cisco 2500 (licensed for 50 AP's) WLAN Controller. There has been a lot of issues setting up the VOCERA wireless badges, thats on going. The question I have is all the AP's are showing as being on Channel 6, it was thought that the controller would learn the enviroment and move these to none overlapping channels, but has not. Is this right should they all be on the same channel and not 1, 6, 11 accordingly? it is also worth mentioning that the controller can see 61 rogue AP's, yes that is 61 other wireless networks!
View 2 Replies
View Related
Jul 27, 2011
give me the run down on the features removed from the 4400 series in the 2500 series? Obviously 4400 is now EOL, and so i cannot purchase new. Therefore I was looking at the 2500 for my implementation to save costs also.I would like to have two SSID's, running seperate VLAN's, one voice, one guest, trunk the link to the AP's, which will be 1131AG or newer, N possibly. Voice needs to be encrypted with WPA or WPA2, guest needs to be open using the guest access feature. Here's a sample but with EAP:
[URL]
Is this supported to have WPA on one SSID and Guest access on the other? i did spot a paragraph in the 4400 manual stating that certain restrictions apply regarding one SSID having encryption and the other being guest mode?I notice also in the WCS documentation, it doesn't explicitly state it supports the 2500 series under the managed devices section?
View 1 Replies
View Related
Dec 3, 2012
We have recently installed Cisco for our wireless solution. We are an education and are looking to let staff and pupils bring their own devices. The route that we are planning to take to let them join the school's WiFi is to implement a RADIUS server so that they can authenticate with their Active Directory username and password. I have tried to test the solution but so far without any success. I am using a Windows Server 2008 R2 as my NPS server, I have setup the Cisco controller as per below:
Security Tab | RADIUS | Authentication - I added my windows server there and the preshared key, the Network User and Management is ticket and the server responds to a ping command,In the WLANs Tab, I selected my test WLAN and under Security | AAA Servers I selected the RADIUS server that I configured in the Security TabI then try to logon to my test WLAN and on the Cisco WLAN controller I get the following error: AAA Authentication Failure for UserName:test User Type: WLAN USER
Before trying to tinker with policies on the Windows Server I was wondering if the RADIUS is correctly setup on the Controller or have I missed something obvious?
View 6 Replies
View Related
Dec 5, 2012
Can I connect various Aironet 1242 to Wireless controller 2500?
View 4 Replies
View Related
Jul 9, 2012
We have a Cisco 2500 WLC with 136 APs. Recently, we discovered eight APs that were not listed on the Wireless > Access Points > All AP list. These APs were once working and connected, but now they are no longer in the All AP list. I located one of these APs and found the green LED blinking. I power cycled the AP and it came back online with a solid green LED and was then registered on the All AP list. The All AP list will only show the connected APs. I would like to know if there is a method to show the APs that were once connected and are no longer registered so we can better identify when an AP is not working?
View 15 Replies
View Related
Mar 5, 2013
I have therefore 2504 Wireless Controller with a wireless access point AIR-CAP1602I-E-K9 (LWAPP image version 7.4.1.37) I saw that I needed to update the Controller in 7.4 for compatibility with my AP. Now when I connect my AP I get error messages:
*Mar 1 00:01:02.387: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
HCP.
*Mar 1 00:01:02.387: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
[Code]....
View 10 Replies
View Related
Apr 17, 2012
I have a customer whom has six LAP1131AG-K9 but no controller and they are interested in one of the new 2500 series, specifically a AIR-CT2504-5-K9 with a 5 AP add-on license to bring total AP capacity to 10. I can't determine clearly if this controller will work for these older AP's prior to them making the jump to 802.11n via the 3500 or 3600 series, looking to the community to confirm.
View 3 Replies
View Related
Apr 21, 2013
Looking for some training on the 2500 series controller and 1142 or 1040 AP's preferably.
View 10 Replies
View Related
Oct 25, 2012
when I did connect the AP to the switch and this is already connected to the WLAN 2500, I got this error message [code] And this AP is not joined to the WLAN 2500, but if I use one model of AP like LAP1120 it works, that mean, the wireless is able to see the Ip Address.How can I do to correct the problem with the AP 3600 series?
View 5 Replies
View Related
Apr 16, 2012
I setup cisco wireless controller 2500 connecting 2 Aironet APs, with windows 2008 NPS as radius server (server certificate installed), via
[WPA2][Auth(802.1X)], MAC Filtering
Now I have domain computer (laptop) connected to SSID which provides direct to the LAN dhcp server. That means my notebook got same ip range as when it connected to LAN.
The user used cached domain logon info to logon the computer, then the wireless profile started to connect with radius server which has User group policy.
Problem is the notebook (logon as normal domain user) browse \"domain name" or any \hostname will take 10 mins or more to pop up with "enter network password" or sometimes "The specified netwrok name is no longer avail". However ever if I simply \192.168.2.x which is the host's ip address, I got list of share folders instantly.
And when I disable the wireless and connect to the LAN cable, I had no problem to browse any shared folders.
View 10 Replies
View Related
May 13, 2012
I have a couple 3600s that don't want to join. One i and one e that are both doing the something. It is able to find the controller via layer 3 discovery but it is acting like it is a mesh AP when it tries to join the controller.
From the 2500 controller (running 7.2)
*spamApTask2: May 13 12:03:05.272: f0:f7:55:ae:xx:xx Mesh AP username f0f755aexx xx.
*spamApTask2: May 13 12:03:10.739: f0:f7:55:ae:xx:xx spamProcessJoinRequest : RA
P, Check MAC filter
From the 3602i
flash:/mesh_start_cfg.txt: No such file or directory. The filesystem containing the variables may not be initialized yet.
I should note that 3500 APs are able to join this controller. The field guy is going to try to add the MAC address to the filter list when he gets back out on site to see if it allows it to join.
View 3 Replies
View Related
Feb 3, 2011
have a Dell Poweredge 2500, and it only has PCI slots, and i need to get a sata controller to add 1/2 drives to it, i am unsure what would be the best, but i am not looking to spend more than 60 or so for it, i am not worried about it being the greatest out there, as this server is going to be replaced in 6 mths, i am just outgrowing the 4-18.6 gig hot swap scsi drives, and my pockets arent deep enough to buy high capacity scsi drives, i will probably add 1, 1 or 2 Terabyte hard drive and a dvd-rw.
View 4 Replies
View Related
Dec 19, 2009
We are facing an issue with a customer where a Cisco 4400 Series controller is blocking the 802.11a/n Radio Interface of a 1250 AP. The radio shows as down on the controller GUI. The error message on the GUI is that the 'Regulatory Domain' is not supported. This can be seen from the attached screenshot. Also relevant parts of the WLC configs are attached. WLC: Cisco 4402 WirelessWLC Country: SADevice: Cisco Lightweight Access Point 1250 (LAP) is controlled through the 4402 Cisco Wireless LAN Controller (WLC)The operating system version of the LAP: c1250-k9w8-mx.124-18a.JA version of the WLC: Software Version 5.2.178.0 The problem is that the controller shows that the 802.11a/n Radio Interface in Radio Slot # 1 is always down , the customer tried to manually 'no shut' the AP interface from the console and it worked , but obviously this solution would not work as the configuration cannot be saved (LW AP).
View 12 Replies
View Related
Feb 15, 2013
networking but can understand with a bit of explanation.. I own a restaurant and provide free WiFi for my customers with a Cisco E2500, I am gettign bills that are through the roof, I contacted my ISP and was told users were accessing P2P downloads(uTorrent, etc.). How can I block these applications?
View 1 Replies
View Related
Oct 14, 2012
I have a LAN with several linux boxes (Fedora 17, both 32 and 64 bits), as well a a WInXP box. All of these are connected to the same switch, which is connected to the inside port of my PIX 515.
For a few sites (mozilla.org happens to be one of them), for http access, the tcp connection is established, but the "GET" request - or anything else for that matter - will not go through the PIX (from inside to wan). I have verified this by first, using wireshark to watch the packets being sent out from the client box, then by using the trace function in the PIX to see that the packets ARE arriving at the inside interface, but ARE NOT sent out of the wan interface.
This is for the linux boxes ONLY. When I do the same thing with my WinXP box, all works: in the PIX trace, I see the packets arrive at the inside interface, and leave the wan interace. And access to these sites are okay.
(What's a bit weird, although somewhat expected, when I connect my android phone to my LAN via WiFi, it too is unable to reach those sites - but then again, android is linux, right?)
In addition to the tracing, I have narrowed this problem down by connecting a linux box directly to my DSL router, then replacing the PIX with a simple router/gateway. Both of those solutions work.
Some background:
I have been using this PIX for about 10 years now, with the same configuration (except IP addresses). Only in the last several months has this problem started to show up.
I got this pix from a dead company at a really great price (free), so I'd like to keep it, and not have to spend money on something else. I don't have any support license, and have not been able to get any software upgrades. Here is its version info:
taz(config)# sho ver
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.0(2)
Compiled on Fri 07-Jun-02 17:49 by (code)
Serial Number: 405200362 (0x1826ddea)
Running Activation Key: 0x38ac31f3 0x0630df47 0x9a77b805 0x8bc39a60
PS: Since this PIX is at its end of life, I was wondering if any of the software upgrades would be now available without a license?
View 2 Replies
View Related
Apr 22, 2013
OK, I have a 2921 on 15.3-2T. ZBFW is working from the inside to the outside, but the DMZ is not being blocked at all to the inside. I am currently running with subinterfaces. All interfaces have zones attached. I have policies from inside to outside and DMZ to outside, those work fine. Without any policy from DMZ to inside, it can pass traffic freely from DMZ to inside. I have tried making an explicit policy to drop all to inside, still passes. I ended up just having to put an ACL on the interface
I already tried upgrading the IOS, that is how I ended up on the newest version. This is connected to a 2960S with a trunk port. Everything else works perfectly except for the DMZ security. I haven't had time to try to lab it up yet, but wanted to see if any reasons this shouldn't work, as all documentation says it should drop all traffic unless you make a policy to pass traffic.
View 5 Replies
View Related
Oct 25, 2012
I have a cisco ASA5505, it runs a wide site to site VPN network and has 4 servers connected to it
10.50.15.4 > fileserver
10.50.15.5 > domain controller (exchange)
10.50.15.6 > terminal server
10.50.15.7 > terminal server
Now yesterday i removed 10.50.15.6 and replaced it with a new terminal server with the same ip address, ever since the ASA is blocking traffic between it and the domain controller (example)
2Oct 27 201214:51:0510600710.50.15.655978DNSDeny inbound UDP from 10.50.15.6/55978 to 10.50.15.5/53 due to DNS Query What has me baffled is the only thing different between today and yesterday is the new server is windows server 2008 and the old one was windows server 2003. The new server has the same LAN ip address as the old one to make the changeover seamless for the users.
why all the sudden my ASA has decided to block the traffic between those machines? all the other machines can talk to it fine just not the domain controller, and seeing that this is a terminal server naturally you can see the problem i face!
this router has worked flawlessly for 2 years now without any config changes and i cant work out why its blocking traffic between those 2 machines.
View 15 Replies
View Related
Aug 21, 2011
I just made a move from a PIX 506 to an ASA 5540. I have a user that currently logs into a web portal and runs a job. It is now erroring out. When I run the test it gives me the following message:
Testing ports...
Port 1433: Failed
Port 1150: Success
Port 80: Success
Port 443: Success
One or more tests have failed
The computer we access this site from is on the inside network and the ACL says permit ip any any from the inside out so I am not sure why it is failing. Under the ASA Home screen I see the Top 10 Protected Servers under SYN Attack and it appears that the ASA thinks this is some sort of attack.
View 1 Replies
View Related
Apr 5, 2013
I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly.
View 2 Replies
View Related
Jan 7, 2012
Previous attempts to set up these NAT rules has been met with minimal success. We have been able to get the NAT rules created, and able to ping our inside servers and receivers from a different outside network, but every time we get that far our internal network crashes. Running the Packet Trace utility via the ASDM shows that internal traffic from the servers to the workstations is being blocked by the default implicit rule under the access rule heading that states "any to any, service being ip, action= deny". Reverse traffic from the workstations to the servers is being allowed though. In an effort to start over again, the Cisco ASA has been Factory Defaulted via the CLI, and has had it's Inside network, and Outside IP address set back up. DHCP pool has been setup for a minimal amount of addresses on the inside network, since most of our equipment will always be assigned statics. We reset our static NAT policies, and seem to be having the same problem. My partner and I have been working on this for some time now, and have ourselves so frustrated that I know we are missing something simple. [code]
View 10 Replies
View Related
Dec 28, 2012
I wonder if I can have a RV042 VPN Tunnel to a RV082, and in the RV082 block all traffic to the internet that comes form the PCs that are behind the RV042.
Remote PC -> RV042 -> VPN -> RV082 -> RV082 Firewall (block internet traffice, allow intranet traffic)
View 3 Replies
View Related
Apr 2, 2012
My internet link is connected on Internet Router & below downwards Cisco ASA 5520 is connected.ASA is connected with core switch cisco 4510 on downwards. our web based mail [URL] is hosted outside.
Lets suppose ISP pool is 4.4.4.0/28.suppose owa server is Static natted on ASA with 4.4.4.4. my machine traffic is going to internet with same ISP with PAT on Cisco ASA & internet is working on my machine. if i want to access {URL} or ip base for mail access, its not working & also it is not pinging. i suppose to ASA is blocking for returning traffic.
is there any way to traffic will go via same Firewall & comeback on same firewall port?
View 1 Replies
View Related
Apr 18, 2012
I have a 1921 K9 with a 4 port 10/100/1000 EHWIC switch.
Interface 0/1 = 192.168.1.0
EHWIC = 192.168.5.0
I have Active Directory setup on the 192.168.1.0 network. When I attempt to join the domain from 192.168.5.0 it joins but I get errors. After some troubleshooting using portqry I have found that the services related to class map DomainTrafficUDP are being reported by portqry as being filtered regardless of policy map settings (currently set to allow).
Building configuration...
Current configuration : 18833 bytes
!
! Last configuration change at 11:20:25 NewYork Thu Apr 19 2012 by dave
! NVRAM config last updated at 13:56:45 NewYork Wed Apr 18 2012 by dave
!
[Code].....
View 2 Replies
View Related
Mar 29, 2012
I've blocked all traffic on port 80 (Advanced-Access Control- Apply Advanced Port Filter- All IP range and Port 80 selected) to avoid any kind of Web Access. I won't use Web Filter because there are too many URLs to be blocked.
However I have a problem to keep Google Earth working, since it uses port 80.
Is there a way to keep Google Earth working, even blocking traffic on Port 80? I've tried configuring an application rule to let Google Earth working, but it didn't work (it seems that I can not create an exception for Filter Port) .
View 9 Replies
View Related
Sep 24, 2012
I inherited a Cisco ASA 5505 and am trying to piggy back the device off of an established Network. Here is the basic layout:
192.168.10.1 (Core Router - Handles DHCP/DNS)
192.168.10.9 (ASA 5505 - Piggy backing off of Network)
192.168.40.x (ASA 5505 - VLAN)
I'm able to get onto the Internet without any problems. Devices from the 192.168.10x Network can not ping the inside VLAN1 (192.168.40.x). However, I would like traffic going from the inside VLAN to the Outside VLAN to be blocked, except for 192.168.10.1 and 192.168.10.9. I've tried using ACL's but end up killing my Internet connection. 192.168.10.1 is the default route and is how I get out to the Internet. Is this possible? Essentially, I'm trying to set up a small Network that guests can connect to. The idea is that they can get to the Internet, but that is it. They can't get to internal resources on the 192.168.10.x Network
Here is the config:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password EeCsulrpu.9LalEE encrypted
[Code].....
View 5 Replies
View Related
Nov 26, 2012
I am attempting to block outbound traffic for a specific PC on my LAN using the ASDM.
View 2 Replies
View Related
Mar 18, 2013
We have been deploying Cisco SF200-24P switches for our systems for over a year now. They connect to a Cisco 881 router. In many cases we are also deploying Cisco AP541s.Over the last few months, on an intermittent basis, the switches will simply freeze, blocking all traffic flow. The power LED also goes dark. It appears the switch has frozen. The only thing that seems to revive the switch is a hard reboot by pulling the power cord. In the last couple of weeks, one site in particular has gone down a handful of times. That client of our is fed up. Our patience is running thin too.
I cannot see any indications in the logs to any event that might give a clue as to the problem. We definitely see this problem with the 1.2.7.76 firmware and the 1.2.9.44 (latest as of typing this). Not sure if with earlier 1.1.2 firmware.Without a fix, we likely will have to change switches and possibly vendors as we need a reliable switch.I see some vague references to a similar problem. And one reference to a SG300 series having what sounds like the same issue.
View 8 Replies
View Related
