Cisco :: 2504 Configured One WLan With External Web-authentication

Jul 4, 2012

I have Cisco WLC 2504.I was configured one wlan with external web-authentication.External web server is apache on freebsd.When user connect to wlan and open web browser, wlc redirects client to external web page, where client must input hist credentials.When client click "submit" button on external web auth page, wlc initiates RADIUS request to radius server.Radius server(freeradius) is on the same server, where apache running.

sometimes, when client enter credentials on external page and click "submit" button, wlc suddenly redirect client on internal default auth page.

View 14 Replies


ADVERTISEMENT

Cisco Wireless :: Setup A 2504 To Have One Guest WLAN And One Staff WLAN?

Jun 10, 2013

I would like to setup a 2504 to have one Guest WLAN and one Staff WLAN with a controller port for each WLAN connected to different devices.
 
I would prefer to connect the WLC Guest port to an ASA 5510 and the WLC Staff port to an internal 2960S switch. Will this work? I haven't setup a 2500 series controller previously.

View 4 Replies View Related

Cisco :: Can 3602 APs Be Configured By 5508 WLAN

Aug 23, 2012

Can the Cisco 3602 APs be configured by a Cisco 5508 WLAN controller to provide client isolation?

View 2 Replies View Related

Cisco VPN :: 851 - AAA Authentication - Not Configured

Jan 18, 2012

I have cisco 851 using ccp to configure EASY VPN
 
I click on TEST VPN SERVER then click start  the status shows successfull
 
when I tried to connect a client I get mm_no_state
 
When I reviewed the report from the test I found
 
AAA authentication : Not configured
 
My AAA
 
aaa new-model
!
!
aaa authentication login tgcsusers local
aaa authorization network tgcsvpn local(code)

View 24 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Configured Machine Authentication For A Windows 7

Aug 5, 2012

I am using ACS 5.3. I have succesfully configured Machine Authentication for a Windows 7 laptop using EAP-TLS. The ACS is configured with an Active Directory external identity store where the Windows 7 laptop is configured as part of the domain. I'm pretty sure that the ACS was using the AD to authenticate the laptop's name because at first the authentications were failing because I had the Certificate Authentication Profile configured to look at an attribute in the client certificate that was empty. When I fixed that, the authentication suceeded.
 
I started doing some failure testing so I disconnected the Domain Controller from the network. Sure enough, the ACS shows the Active Directory external store is in the Disconnected State.I then went to my Windows 7 laptop and disconnected the wireless connection and connected it again, expecting it to fail because the AD is down. But it succeeded! My Win 7 laptop is accessing the network wirelessly through a Lightweight AP and 5508 WLC. The WLAN Session Timeout was set for 30 minutes. So even with the AD disconnected, every 30 minutes, the ACS log showed a successful EAP-TLS authentication. I then changed the WLAN Session Timeout to 2 hours 10 minutes. Same thing, every 2 hours 10 minutes, a succesfull EAP-TLS authentication. I really don't know how the authentications are succeeding when the AD is not even connected. Is there a cache in the ACS?

View 7 Replies View Related

Cisco Wireless :: Not Able To Get DHCP IP Via 2504 WLAN Controller

Jan 7, 2013

I have a Cisco Wlan Controller 2504 with 1042N AP (3-nos) every thing was working fine from past 2 months. Now i am getting a issue with clients which are connected to the wireless AP, they are not able to get an dhcp IP address from the 2960 Switch (DHCP Server). The clients are getting IP address as 0.0.0.0. [code]

View 36 Replies View Related

Cisco Wireless :: 2504 - Reports On How Many Clients Using WLAN

Oct 1, 2012

Is there a way to generate historic reports on how many clients have been using a WLAN on Cisco 2504?

View 1 Replies View Related

Cisco :: Aironet 600 Can Remote LAN Interface Be Configured To Skip Authentication For IP

Feb 3, 2013

On an AIRONET 600 AP (officeExtend) with the remote LAN interface is configured to use 802.1x authentication:If a Cisco IP Phone is connected, 801.x authentication challenges for credentials. The AP does not seem to have a way to detect that this is an IP Phone and to skip the challenge (as Cisco switches/routers would do) Is there any way around this? Can the remote LAN interface be configured to skip authentication for IP Phone and only authenticate PCs etc..?

View 5 Replies View Related

Cisco :: 2504 Web-Auth Passthrough With External Redirect

Feb 6, 2012

I have a cisco 2504 running 7.0.220.0. I am trying to configure Web Auth for External Redirect, Passthrough. I have a page created on an external web server that was taken from the Web Auth Bundle and modified. It is a simple "accept" or "reject" on a Terms and Conditions page. I have a Pre-Auth ACL configured to only allow communication to the server the T&C page resides on.
 
When I connect to the SSID, the page redirects to the external URL and the the URL shows up in the browser window with all the variable data as a GET on the URL line, but the page never loads. It just hangs. I can copy the the URL data, paste that in once I am on-net, and the page loads just fine.
 
So, something is happening when the WLC is attempting to proxy-redirect the page back to the client.

View 7 Replies View Related

Cisco Wireless :: 2504 - Using Both External And Internal DHCP On WLC

Nov 25, 2012

I am wondering if the folowing is a valid configuration:

WLC2504
AP2600
 
I need 3 SSID/VLAN, 1 for corporate devices, 1 for coporate smartphones, 1 for guest.

Port 1 on the 2504 should be used for management and corporate devices and connect to the corp network. Port 2 is for smartphones/guest and will be connected to a Cisco ASA 5515 that is connected to a second ISP.
 
Corp devices should get IP from an Windows DHCP. Smartphones/guest should get IP from the WLC. Is this possilbe? I read this in a document "To use the WLC as a dhcp, you need to enable DHCP proxy as it is required." Some how I am imagining that this will mess with the Windows DHCP. Is it better to use the ASA as DHCP for smartphones/guest?

View 4 Replies View Related

Cisco Wireless :: Migrating WLAN Controller 2125 To 2504

May 29, 2012

I will migrate a Cisco WLAN Controller 2125 to 2504,So I have one question?I need to make all configuration into the new Wlan Controller or I can migrate with one tool or something else?

View 15 Replies View Related

Cisco Wireless :: Create A Maximum Of 16 WLAN SSIDs On WLC 2504

Jan 31, 2013

I seem to only able to create a maximum of 16 WLAN SSIDs on WLC 2504.Can this be added through licensing or a software upgrade.

View 1 Replies View Related

Cisco Wireless :: HTTP Redirect - 2504 WLAN Controller

Apr 23, 2012

I have a 2504 and my goal is to automatically redirect a users home page when they connect to a certain internal website. Authentication isn't a real concern just now.

Is it possible to simply have a users home page redirected when they open their browser upon connecting to the SSID? All of the documents available have stated to use 802.1x / RADIUS or other fancy tools.

View 3 Replies View Related

Cisco Wireless :: 2504 Client Unable To Get IP Address On Guest Wlan

Feb 23, 2013

I recently setup a 2504 WLC that has two primary WLANs (internal and guest) which get their IP addresses from a central DHCP server using the local router's broadcast forwarding.  Things seem to be working well for the internal wlan, but clients on the guest wlan don't seem to be getting IP addresses.  If I give the client a static IP they are able to communicate across the wlan okay.
 
It is worth noting that I am using LAG between the controller and router and this guest wlan is really just a regular wlan (with PSK) that has an access-list applied to force it to the internet only.  The access-list should be allowing dhcp requests through, but in any case, I removed the access-list and it made no difference.
 
Here is a debug client for a machine connected to the guest vlan (vlan 33).  The internal wlan is on the 10.10.10.0/24 network (same as wired and same that the AP's are connected to) and the guest wlan is 10.33.0.0/16. I don't understand why I am seeing the dhcp request come from the internal vlan/ wlan first and it gets an IP address on this network.  I then see a request on the guest wlan/vlan at which point it appears to get a valid IP address on the guest network (10.33.0.0), but the client never sees this.   [code]

View 4 Replies View Related

Cisco Wireless :: 2504 Printing Solution For Guest WLAN Users?

Sep 19, 2012

My customer has multiple sites, each with a 2504 WLC.A data center with a 5508 in the DMZ acting as Anchor for the remote sites.ACS 5.x and NCS Prime.All guest users will egress to the internet via a Vlan in the DMZ.Authentication is currently web-auth on the Anchor, but will move to NCS once that is fully deployed.
 
Is it possible to put a printer in each site for Guest WLAN users to use?

View 3 Replies View Related

Cisco :: WLC 2504 And LDAP Authentication?

Mar 29, 2012

i am trying to get ad authentication working on a WLC 2504, can I use the LDAP server configuration for authentication?

View 1 Replies View Related

Cisco Wireless :: Setup 2504 WLAN Controller And 1142N Access Point?

Jun 13, 2013

We are planning to setup a new WLAN using Cisco 2504 WLAN Controller and 1142N Access Point. Is it possible to create individual user accounts for the users those who all are connecting to this WLAN Network by using the 2504 WLAN Controller ?

View 1 Replies View Related

Cisco Wireless :: Redirect To Web Authentication WLC 2504

Apr 4, 2013

We have a WLC 2504, since a few months, it was working fine, we have a guest Wlan configure with web authentication and the DHCP scope for this in the WLC. The problem today is that its no redirecting the web browser to 1.1.1.1, we try it with 3 laptops and they recieve a correct IP from the DHCP but still can not get redirect to the web authentication portal. Have the default configuration Internal (Default).
 
In laptops we check the firewall, dont have a proxy activate and have google DNS.. 4.2.2.2 8.8.8.8. In fact this laptops connected to this ssid before.

View 1 Replies View Related

Cisco :: WLC 2504 With RADIUS Server Authentication And EAP-TLS

Mar 6, 2013

Can the 2504 WLC be configured to work with one RADIUS Server for Authentication of Management Users and with a second server for 802.1x EAP-TLS certificate authentication for the end users.
 
Management Users will authenticate on RADIUS Server 1.Wireless End users will request 802.1x EAP-TLS authentication certificate from AAA server 2.

View 5 Replies View Related

Cisco Wireless :: 2504 Controller / 1602E - External Or Integrated Antenna For Better Coverage

Mar 24, 2013

I'm planning to use these with a 2504 controller.  However, I cannot find a straight answer on whether or not the External Antennas provide better coverage than the Integrated Antennas?  These will be wall mounted in a combo office/warehouse environment.  Also, I cannot figure out if the External Antennas are even included with the 1602E (AIR-CAP1602E-A-K9)?  or what if any power adapter/ injector is included with the AP's?

View 14 Replies View Related

Cisco Wireless :: 2504 - 802.1x Radius Dual Authentication

Jun 20, 2012

I configured the 2504 with 2 SSIDs for staffs and guests.I also configured the Lobby admin with web auth. But if a guest wants to connect our wireless he/she has to enter the PSK key and then only they are able to connect with the user id and password given by Lobby admin. Can we avoid this key and let the guests connect straightaway with the web auth?I’m planning to configure 802.1x & Radius dual authentication for staffs SSID..

View 5 Replies View Related

Cisco Wireless :: Adjust Authentication Timeout WLC 2504?

Jun 12, 2013

I have 2504 WLC with a few access points. the problem is when the PC's go in sleep mode, the users have to re-authenticate when they log in again Is there any way to let the PC's automatically re-authenticate without the user having to type in the credentials again?I have web authentication configured for this SSID and authentication is using the WLC local Data base.

View 6 Replies View Related

Cisco Wireless :: WLC 2504 Certificate Error Web Authentication

Dec 19, 2012

When I get the web authentication dialog from 1.1.1.1 it starts of with a certificate error. Is there a way to prevent this certificate error while using the self signed certificate?  I have not been successful installing certificates on my WLC - problems with OpenSSL and others.  Want to get this deployed but don't want users to have to encouter that error. 

View 1 Replies View Related

Cisco Wireless :: WLC 2504 Authentication Based On AD / LDAP

May 17, 2012

What are the possibilities for configuring a WLC to authenticate WLAN users based on their Active Directory user account?
 
Is this possible by setting up local EAP on the WLC?
 
I’ am looking for a solution where there are no changes to the Domain Controller involved and also no setting op IAS/RADIUS.
 
WLC:2504

View 8 Replies View Related

Cisco Wireless :: 2504 -configure MAC Authentication With Certificate Based

Jan 8, 2013

I have cisco 2504 WLAN controller with 7.4 IOS. My query is can I configure the MAC authentication with certificate based. And without using any external servers like Radius, ACS and LDAP.
 
May I know, If there is a option on WLC…

View 4 Replies View Related

Cisco Wireless :: Guest WLAN Splash Page To External URL 5508

Feb 10, 2013

I want to setup a webpage for my guest network (no authentication) users. When the client connects to the open guest network and upon opening a browser they would be directed to a survey that I would like them to take, if they don't want to take it they can begin browsing to other sites without issue. How do I do this on a my 5508 WLC?

View 12 Replies View Related

Cisco Wireless :: 2504 Flex-connect Authentication And Switching Locally

Feb 15, 2013

We are planning to implement Cisco wireless in our central office and branch office using Cisco 2504 WLC and Cisco 1602i Ap. Our branch office is connected via ip vpn and a separate broadband connection for urgent requirements. Usually all users are allowed to browse through central proxy server.I have been trying to find any possibility of giving guest access (web authentication) for branch office guests utilizing only the broadband connection which is connected to the branch office. Is there a possibility that Central WLC is reached using NAT from the BranchOffice AP and allowing guests to authenticate and surf the web at times IP VPN is unreachable.

View 4 Replies View Related

Cisco :: 2504 LDAP Setting Up To Accept Authentication Based On Device

Aug 19, 2012

How can I setup the WLC to accept authentication based on the device itself and not a user?

View 7 Replies View Related

Cisco VPN :: 5505 Authentication Using External MS AD Server

Dec 29, 2012

We have a business case where we have a group of ASA 5505's in 3 locations with anyconnect user licensing on all 3 for redundancy.The problem we are facing is that when we need to authenticate our anyconnect clients we use active directory servers located at site 1 and the other 2 sites need to contact these MS AD Servers over an already connected VPN tunnel to site 1 (IPSec l2l) but cannot.So the layout is as follows:Site 1 (houses AD servers) has l2l tunnels to site 2 and 3Site 2 (any connect essentials enabled) has l2l tunnel to site 1 and 3Site 3 (any connect essentials enabled) has l2l tunnel to site 2 and 3AD servers are ip'd as 10.1.1.11 and 10.1.1.4If I use anyconnect to site 1 it authenticates fine - as expected.Site 2 and site 3 fails to contact AD serverAny thoughts on how we can accomplish this(or is it even possible to do?) without exposing the AD server in a DMZ or via external ip?

View 1 Replies View Related

Cisco Security :: ACS 5.1 802.1x Authentication Fails On LAN When WLAN Connected

Aug 23, 2012

I am running Cisco ACS 5.1 802.1x with certificate based authentication for Wired and Wireless connections. The issue that I am having is that when a user comes in from home with their laptop the wireless connection works, they pass the authentication and have network access fine. But when the plug the laptop into a docking station the LAN connection fails and gets put in the Auth Failure Vlan. A reboot of the phone/ shut/no shut fixes this, but I really need to find a resolution.This is an intermittent fault and only effects users with both LAN and WLAN enabled. Running ACS 5.1.0.44, all Cisco 3750s - c3750-ipservicesk9-mz.122-55.SE.Certificates are issues by group policy and only using computer authentication.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Authentication Using Multiple External Databases

Feb 7, 2012

We currently use ACS 4.2 for authentication of corporate users who are accessing the network in 2 different ways:
 
1) VPN client (via ASA5510)

2) Wireless (EAP-PEAP)
 
For all users who currently access the network via either of the above 2 methods, the Password Authentication under User Account settings in ACS is set to query an RSA SecurID Token Server.
 
We would like to try achieve the following in ACS:
 
IF an access request comes from the ASA (VPN clients), THEN we would like the user's password authentication to be handled by the RSA SecurID Token Server as it currently is. IF an access request comes from the Wireless LAN controllers THEN we would like to use EAP-TLS authentication. (We are aware that we would obviously need to configure the WLC, clients, PKI infrastructure etc accordingly for eap-tls). 

View 1 Replies View Related

Cisco :: 1231 / External RADIUS Attributes For MAC Authentication

Jun 21, 2006

We have a 1231 AP and a Freeradius Server.Now we are using MAc authentication.The thing is that the AP sends two parameters to the RADIUS:
 
User-Name = "000ff855df2e"
User-Password  =  "000ff855df2e"
 
both are the MAC of the wireless client.I want that the AP send:
 
User-Name = "00-0f-f8-55-df-2e"
User-Password  =  "mykey"
 
Note that the MAC is dash separated and the password is forced to the key that I want.

View 2 Replies View Related

Cisco :: ACS 3.3 / Configure WLAN Authentication On WCS To Prompt Users About Credentials

Aug 28, 2012

I'm trying to configure WLAN authentication on my WCS to prompt users about their credentials.I'm using a Windows 2008 NPS as Radius server but I can also use a Cisco ACS 3.3 if needed.With each setup I tried, the credentials are sent automatically to the Radius server using the Windows user session credentials.How can I force the WCS to ask for a username and password before sending them to the Radius Server ?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved