I have a 4402 and recently I have not been able to access the device via the service-port interface. The service-port has an IP Address and it is connected to an access port in the Vlan which I am coming from, however it cannot even ping it's gateway, which as mentioned is within the same network. When I am at the console of the controller I can ping the service-port interface IP that I have assigned, just nothing else.
View 4 Replies
We have a WLC 4402, with interface Management, AP-Manager, and only the ap-manager interface is enabled for dynamic AP Management, how can i enable the dynamic AP Management for management interface also. Because i couldn't access WLC from via wireless, only able to access it via wired.
View 15 Replies View RelatedIs it possible to create a service which will forward public port 9010 to an internal IP address with port 23?First of all, I do not like to open the public Telnet port to the inside so I would use another public port and second my ISP does not allow some public ports beneath port 80?
View 1 Replies View Relatedwe are not able to access port 3389 on host 10.45.4.2 over our vpn connection. vpn is up and running and we can access othet tcp ports on the host but not 3389. hereunder part of the config:
ip http serverno ip http secure-serverip nat inside source route-map SDM_RMAP_1 interface BVI1 overloadip nat inside source static tcp 10.45.4.2 18330 94.229.51.184 18330 route-map SDM_RMAP_2 extendableip nat inside source static tcp 10.45.4.1 3389 213.148.231.156 3389 extendableip nat inside source static tcp 10.45.4.1 5800 213.148.231.156 5800 extendableip nat inside source static tcp 10.45.4.1 5900 213.148.231.156 5900 extendable!access-list 1 remark SDM_ACL Category=16access-list 1 permit 10.45.4.0 0.0.0.255access-list 100 remark SDM_ACL Category=4access-list 100 remark IPSec Ruleaccess-list 100 permit ip 10.45.4.0 0.0.0.255 10.45.1.0 0.0.0.255access-list 101 remark SDM_ACL Category=2access-list 101 remark IPSec Ruleaccess-list 101 deny ip 10.45.4.0 0.0.0.255 10.45.1.0 0.0.0.255access-list 101 permit ip 10.45.4.0 0.0.0.255 anyaccess-list 102 deny ip host 10.45.4.2 10.45.1.0 0.0.0.255access-list 102 permit ip host 10.45.4.2 anyroute-map SDM_RMAP_1 permit 1 match ip address 101!route-map SDM_RMAP_2 permit 1 match ip address 102!!control-plane!bridge 1 protocol ieeebridge 1 route ip
When I try to add new MAC entrys to the WLC I get the following message unable to add mac entry to database, reached max size the problem is when I look at the stats there is only 386 MAC entry and the databse size was set to 1024 entry..The work around was to increase the size of the database to 2048.Is there any why to clean up the database?
View 2 Replies View RelatedI'm trying to setup WLC for LDAP to authenticate the users. I have all the components required according to cisco's document. WLC4402, LAP1142N, 2008 AD serving as LDAP.
I'm configuring according to the document and also trying same settings from other users on this forum who (seems to) have got the WLC-LDAP up and working. My problem is that I'm receiving the below debug message on the controller and there is nothing on the internet on this error:
*LDAP DB Task 1: Apr 28 10:05:35.903: LDAP server 1 changed state to IDLE*emWeb: Apr 28 10:09:21.046: aaaLdapServerStateSet [1] changed state to 'DISABLED'.*emWeb: Apr 28 10:09:21.046: aaaLdapServerStateSet [1] changed state to 'ENABLED'.*LDAP DB Task 1: Apr 28 10:09:21.052: ldapTask [1] received msg 'CLOSE' (4) in state 'IDLE' (1)*LDAP DB Task 1: Apr 28 10:09:21.055: ldapClose [1] called lcapi_close (rc = 1008 - Invalid client handle)*LDAP DB Task 1: Apr 28 10:09:21.055: LDAP server 1 changed state to IDLE
I'm getting this error regardless of the authentication type, any username and attributes. So it makes me think WLC is not even trying to bind to LDAP. If the error was invalid credentials or something mismatch or something, it gives me some information to base my troubelshooting but I just can't find information on this (rc = 1008 - Invalid client handle) message.
For unknown reason I cannot get WLC to authenticate correctly with ACS 5.2. it's very strange in the sense that when I checked the log. ACS authenticates and authorized the WLC 4402 but I cannot log to the WLC. login screen appeared, if I typed user name it jumped to Controller> user: password:
No matter what I typed (internal or external users) nothing seems to work. This is my frustration, I have no problem authenticating routers and switches except WLC 4402.
I am unable to get my 4402 and 2504 to pair in mobility, I made short video to explain my issues.also do not worry there is no propritary information in this video, I am working on a lab that does not mirror any production networks.
View 6 Replies View RelatedI am in the midst of trying to update the controller firmware of a cisco wireless lan contoller 4402, and having some issues getting the file to transfer to the controller. i am currently running verison 5.0.148 on the controller and attempting to upgrade to the latest version of 7.0.230 and for whatever reason it continues to not transfer. I have tried all 3 methods of cli, gui and using wcs software. all the no avail , I have tried tftp32 and 3cdaemon with the same results.
The error that i am getting from 3cdaemon is got socket timeout aborting code 10054, failing at 66MB transfered. I increased the timeouts both on the wlc and the tftp client to no avail
the error i get on the wlc is Code file transfer failed - Error while writing output file
Receiving the following syslog message from a 4402 WLC:
%CAPWAP-3-AP_DB_ALLOC: capwap_ac_db.c:145
Unable to allot AP entry in database. We receive this message about once a minute on average. I can't find any documentation saying what it is. It looks like a database error, which makes think it might be a memory issue or an issue with having too many AP's on the WLC. However, that controller has less than 30 AP's on it.
I not able to access cisco 2811 router (AC operated) through console port when I try to access it by selecting COM Port, but I able to access by selecting the TCP/IP option.
View 5 Replies View RelatedIm having trouble with the topology service. Java is installed, but i cant start the topology service.
View 7 Replies View RelatedI currently have a vlan/SVI on my 6506 for the WiSM service-port. The WiSM has an address on the same subnet. To manage the WiSM, I either https to the Management interface address or use 'session slot X proc Y' from the the 6506. Since I am essentially only using two addresses from a subnet for this service-port I would like to free up the subnet. Can I keep my current functionality by having a vlan only (with the wism service-vlan XX command) with no SVI?
View 7 Replies View RelatedI recently configured CISCO 3310 box with MSE version 7.2. Services are up and running in the box, I could add the MSE to WCS and also able to track the location using WCS. However, I could not connect the third party software to MSE web services to get the location information there. When I hit the server url "https://<my mse>" I get list of possible services like:
Error 404 - Not Found.No service matched or handled this request.
Known services are:
http://my server:8880/hs/
http://my server:8880/mdp/
http://my server:8880/admin/
[code]....
I browsed through the documentation (CAS_71.pdf) and found a text saying:
Note Port 80 will be enabled on the MSE if the enable HTTP command was entered on MSE. Ports 8880 and 8843 will be closed on the MSE when the CA-issued certificates are installed on the MSE. I am running the test system so I do not really want to install CA signed certificate, so I used self signed certificate and restarted the server, but it did not work.
We are trying to set up Out of band connection for Cisco 5508 WLC and when we try to ssh to the Service port from a remote switch, this fails. SSH or Telnet to the Management IP address works fine. The Service port and Managment IP are in the same IP scope but different subnet..i.e 172.16.10 for Management and 172.16.99 for Service port. Also, as this set up will be HA (AP SSO) in future, for which DHCP is recommended for the service ports, just wondering if SSh will be possible.
View 7 Replies View RelatedSince a few days, when I go on Web with my cable connection, the pages of sites stay on a blank page and that does not connect. Having made diagnose, I had the following message:The distant ring road(peripheral) or the resource does not accept the connection.The ring road(peripheral) or the resource [URL] is not configured to accept the connections on the port " Web Service (HTTP) ".I phoned at my FAI ( Videotron) and having discussed for a long time, it happened at the conclusion that it was a problem of router (when I connect the computer directly on the modem, that works very well).Of an other one quoted(esteemed), a connection Wireless telegraphy works with no problem at all, fortunately because I shall not be here.I am to go to my router D-Link Dir-835 and I returned to the former(old) protection(saving) of the configuration. And now that re-works again. But the enjoyment was short-lived because this morning, the problem returned.What do you think about it? I Should make a reset of my router even if it means re-configuring everything again?
[URL]
I have a cisco WLC 4402, i have a problem with people trying to log into wlc 4402 GUI console with wrong pass. Are there any ways that I can allow certain IP to go to or see the log in page of WLC?
View 5 Replies View RelatedI am not able to configure Service policy output command in Cisco 2921 router.While configuring I am getting below error.Same config is working fine in Cisco 3845 router.I am suspectting the problem with license in IOS.
View 3 Replies View RelatedI am attempting to access the service port from a client pc on another network.
Service port = 10.100.2.1/16
Client IP = 10.1.1.10/16
I know you cannot put a default gateway on the service port, but the documentation says you can add a static route for remote management. So I tried...
config route add 10.1.0.0 255.255.0.0 <gateway.ip>
It does not take the command and says something to the effect of. "ip address/netmask conflicts with the configured ip address of the service port"
We have two WLC 4402 WLC in active-active mode in our setup. The issue we see is that a user/laptop gets connected and gets the ip address but there will be no network access. We see a yellow exclamation sign at this time in network icon in tray and we can not ping gateway at this point. We have run debugs at this time for the machine and we could see that was in "RUN" state its only that the machine can not access network.
View 11 Replies View RelatedWe have a 4402 wlc setup for guest network access. We are using the local net users to provide access to our guests. We have an issue where if a user signs in through the web, sometimes but not always, they are then forced to keep signing back in almost every 30-60 seconds.
View 8 Replies View RelatedI am trying to set up a custom service on my netgear configuration page. I have a netgear router model# Wnr834m. every time i click the "add custom service" button the page redirects to "system authentication failed" and logs me out. What can i do to set up the new port?
View 1 Replies View RelatedI've been configured my device to forward FTP service to my server, however, I can't access this service outside from my network. I used Single Port Forward and not worked, after, I've used Port Range Forwarding starting in 20 to 21 and not work again.I've sniffed my computer and I've found just 3 outsides packages without response.I've tried with directly IP ADDR and DYNDNS ADDR, but neither one or other worked.
View 1 Replies View RelatedWe are expanding our wireless infrastructure by adding further access points AIR-AP1242AG-E-K9.We use four WLC 4402 running version 6.0.188.0 as a fail over pair.What is the maximum limit the WLC can handle ?What is the recommended limit one WLC can handle ?We can divide the load on the controllers but in case of a failover one WLC will manage all access points.
View 4 Replies View RelatedI need Some information for Connecting my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) ControllerIn our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC,My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective),I need to Know what I need to do in AP to connect to the Controller,Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
View 38 Replies View RelatedI am working in an environment with 6 4402 all running 6.0.119.4 code and WCS 6.0.196.0. I keep getting an alert from WCS that the controllers cannot be reached "Controller '10.x.x.x' is unreachable. - Controller Name: 'Name'"
Now when I go to access the WLC through HTTPS I have no access at all but controller still responds to ICMP, HTTP, Telnet, SSH. I know I should have HTTP and Telnet disabled but since HTTPS keeps failing I would have no way to get into the controller. Is this a known issue in the 6.0.199.4 code? should I consider upgrading? The only fix I have found to work is to disable HTTPS reboot controller enable HTTPS and reboot again.
need an access point configured in the user minimum because I was looking and some had up to 49 LAP connections at the same time. I have a WLC 4402 VERSION 7.0.98
View 1 Replies View RelatedI would like to know if exists some configuration using a WLC 4402 that deny network acces to smartphones but not to netbooks and laptops.
View 1 Replies View RelatedThere is one guest interface, one guest WLAN. The WLAN is set with a DHCP override address of the guest interface. But it no longer allows this as I found out. Anyway, I can get the client to now receive an address from the internal pool on the WLC, but it will not route to the authentication page. I noticed that the WLC excludes the clients attempting to connect on the guest WLAN due to failed 802.1x authentication! the WLC never even gave me the chance to authenticate using an account created either through the lobby ambassador or creating one directly on the controller.
View 3 Replies View RelatedWe have WLC 4402 and LWAP 1510In access control list menu, all needed rule added and the last rule deny any to any We use Ethernet bridging on LWAP and some clients connect with wire network that associated with Ethernet bridge LWAP, Now when deny rule applied the client that connect with wired network couldn't established VPN connection or another service to the routing and remote server, I create rule that permit any to routing and remote server.
View 1 Replies View RelatedI have a WLC of 4402 and AP's of AIR-LAP1142N-E-K9 . Where am getting problem of that users are complaining that they cannot connect it some times and they used to get disconnected in between.
View 1 Replies View RelatedExample config
int g2/24
service-policy output test
#and/OR
int g2/24.10
encap dot1q 10
ip address 10.1.1.1 255.255.255.0
service-policy output test
I want to be able to gather some time metrics based on source IP, and destination port. Is it possiable to track how much time a user spends using a service based on it's port number. I have figured out how to capture all the data, and I can then look at timestamps, but I would like a better way if possible. Can this be done at the firewall, or do I need a different appliance?
View 1 Replies View Related
