Cisco :: 5508 - AD Authentication For Wireless Networks

Mar 12, 2013

We've recently boughten new equipment to upgrade/replace some of our aging wireless hardware. We're moving to a pair of 5508 controllers and changing over to ACS 5.4. Currently we're just doing MAC filtering with ACS 4.2 and local users. I'd like to move most of our SSIDs to some type of AD authentication. Are there any all encompassing guides that layout the design behind that? So far I haven't had much luck finding one!
 
Also, would it be possible to maintain some of the local ACS users/MAC filtering? We have some mechanical equipment that connects to our network (separate SSID) but cannot join a domain.

View 5 Replies


ADVERTISEMENT

Cisco :: 5508 - Put Wireless Networks On A Schedule

Nov 13, 2012

We have two 5508s in a boarding school environment and about 5 wireless networks. Administration wants to know how can we shut down the student networks @ 11:30pm and then have them come on @ 6:00am. Othern than doing it manually is there another way?

View 3 Replies View Related

Cisco Wireless :: WLC 5508 - Web Authentication With Gingerbread 2.3.6?

Jan 7, 2013

I having some troubles with Web Authentication in a WLC 5508 version 7.2 to make authentication with the corporative phones, ANDROID GingerBread 2.3.6 model SAMSUNG GT-S7500L. When I try to connect to the VisitorsWirelessLAN in order to authenticate with web authentication the page never comes, in fact the phone never gets the IP. I have an iPhone and I have not problems, I have a Samsung Galaxy S2 with ICS 4.0.1 and works perfect, is only with gingerbread

View 2 Replies View Related

Cisco Wireless :: 5508 - AAA Authentication Failure

Aug 3, 2011

I've set up several local network users (Security > Local Net Users) on the WLC (5508 running 7.0.98.0). Whenever I try to connect with one of these user accounts (I'm testing this out for now), the attempt is unsuccessful and I see an "AAA Authentication Failure for UserName: xxxxxxx User Type: WLAN USER" in the Trap Log. I thought that after trying to authenticate through a RADIUS server, the local user database would be polled and then a user account in that database would be able to authenticate.

View 1 Replies View Related

Cisco Wireless :: 5508 / How To Configure Web Authentication

Jun 9, 2012

Can we configure the wireless controller 5508 to authenticate the clients using both of MAC address Filtering (layer 2 security) and Web authentication (layer 3 security). and what is the difference between (Web policy --> authentication) and (Web policy --> on MAC filter failure)

View 6 Replies View Related

Cisco :: Wireless Controller 5508 Authentication To AD Server?

Sep 11, 2012

We just got a new 5508 wireless controller and the question we have is :  can we get wireless users to authenticate to an Active Directory server to get access to the network?  I know we can get the authentication done with an RSA server, but what about plain AD?

View 9 Replies View Related

Cisco Wireless :: 5508 - EAP-FAST Authentication In WLC With ACS-LDAP

May 9, 2012

We are using WLC-5508 in our corporate. For authenication we have implemented ACS with LDAP configured as external user database. We can able to get authenicated for Web based authenication. When it is configured for EAP-FAST, authenitication is not happening.

View 3 Replies View Related

Cisco Wireless :: 5508 Web Authentication With Encryption And LDAP?

Jul 18, 2012

From what I've read, it doesn't seem possible to use Web Authentication and obtain encryption unless using a Radius server.
 
I have a client asking for web auth, encryption, and ldap connection to their AD servers.

View 4 Replies View Related

Cisco Wireless :: WLC 5508 No Further RADIUS Authentication Requests?

Mar 18, 2013

I'm working on a project where a wi-fi client is tracked and located using RADIUS authentication requests. The problem I'm running into is that the WLC (5508) sends an RADIUS authentication request to my freeradiusd, which is ok so far, but if the client roams to another accesspoint (3602AG, 1131AG, 1252AG), the WLC does not send a further RADIUS auth. request - and the client is allowed to connect to the next ap.Is there an option like RADIUS-cache which I can disable, so that the WLC sends everytime an authentication request when a client tries to connect to an ap or roams from one ap to another one?

View 4 Replies View Related

Cisco Wireless :: 5508 Controller With Radius Authentication

Feb 16, 2012

I am setting up a WIFI network with a Cisco 5508 controller. I want  to configure a first WIFI network (WIFI1) that will authenticate my  business laptop based on the AD computer accounts and will access my  corporate network.I want to setup a second WIFI network (WIFI2) that will authenticate  my phones and tablets devices with AD user accounts and will be on a  separate vlan with only access to the Internet.I created 2 policies on the Radius server : one that authenticate  computers coming from wireless and a second one authenticating users  coming from wireless.
 
if a user manually creates the WIFI1 network on his phone  and enter his AD username, he is going to have access to the corporate  network.  I would like to be able to say that when a request is coming  from WIFI1, only the policy for authenticating  wireless devices with computer accounts will apply and the second  policy authenticating user wouldn't apply.

View 1 Replies View Related

Cisco Wireless :: 5508 - Mobility / Roaming And Web Authentication?

Nov 27, 2011

I have two 5508, no anchor, only one SSID with internal web authentication using radius server.Under "Configuring Mobility Groups", Cisco guide says: "If a client roams in web authentication state, the client is considered as a new client on another controller instead of considering it as a mobile client".
 
I understand that if a client that has already autheticated via web roams between two LAPs that are associated with different WLCs, it has to reathenticate.

View 6 Replies View Related

Cisco Wireless :: 5508 Mobility Group And Re-authentication

Aug 15, 2012

I have to WLC's a 4402 and 5508   in a mobilty group. they are both running 7.0.116.0. They are configured to use Web Authentication. We are having complaints that Users are having to re-authenticate when moving around the office. My theory is they are moving from one WLC to the other and then requiring to re-authenticate.

View 5 Replies View Related

Cisco Wireless :: 5508 - Multiple Web Authentication Pages

Jan 15, 2013

I have looked through the forum and think that I have found the answer to my question but I just need confirmation of my thoughts. We are using a 5508 W LAN controller running software ver 7.2.110.0 and LAP 1142n AP's.
 
What I would like to do is to configure multiple guest W LAN for each of our regional offices. Each of these W LAN needs to be configured with a Web Authentication page relevant to the office location. My question is this, can I have a Web Authentication page for each location or just 2, the default internal page and 1 customized page?

View 4 Replies View Related

Cisco Wireless :: Web Authentication On WLC 5508 Fails To Redirect / When Enter URL

Oct 19, 2011

I have a problem with a customer of mine. We have deployed two new WLC5508 running r7.0.116.0 and AP1142s, also WCS with r7.0.172. When we setup a "Guest Access" we ran into trouble.The problem is that we can associate to the SSID/AP and get an ip-adress. When we open the web- browser we do not get redirected to the virtual interface but instead the _hostname_ of the WLC. Like this: url...
 
I we manually replace "cisco6a19c4" with 1.1.1.1 it works as it should, the login page appears, we login and can access the internet.We have tested and disabled web-auth on the ssid an everything works, we can directly go out on the internet, DNS works without any problems. [code]Guest network (VLAN) is transfered from WLC via the trunk to the Cat4503 and then connected on a access-port to a separate broadband-router, then to the inetrnet.DHCP to guest-users from separate broadband-router which is def gwy and "DNS".On the virtual interfaces no hostname is configured.

View 6 Replies View Related

Cisco Wireless :: 5508 Can Migrate Web Authentication Certificate Used For Guests

Sep 3, 2012

I am planning to migrate from an old 4400 to a new 5508. I am happy with migrating the access points but I need to know if I can migrate the web authentication certificate used for guests.The new WLC will have the same virtual interface and DNS name to match the CN on the current certificate. Will this work or will I need a new certificate?

View 2 Replies View Related

Cisco Wireless :: WLC 5508 - Mapping SSID With Authentication Protocol

Aug 28, 2012

My customer wants to have mapping of WLAN SSID with   different authentication protocol as show below .
  
1: EMP-M for Mschap
2: EMP-G   for Peap GTC
3: EMP-T   for TLS
 
For example EMP-M SSID users should be connected with only PEAP(MSCHAPv2) and not on other methods like PEAP-GTC/EAP-TLS .
 
customer is currently having WLC 5508 and using ISE for AAA . Any tip how we can do the above requirement through WLC .

View 4 Replies View Related

Cisco Wireless :: 5508 - Local Switching & Central Authentication

Mar 27, 2012

Should I trunk the port to the AP or not. I have a WLC 5508 in the head office and have AP in the remote office. I do not want traffic in the remote office to traverse the wan back to the WLC. I want the users at the remote office to use the local sub net at the remote site.
 
Should I then trunk the AP port on the switch to the AP as I have multiple ssid's with different sub nets?

View 3 Replies View Related

Cisco Wireless :: 5508 WLC Excessive Client Authentication Association Failure

Jan 29, 2013

I have been noticing in my trap logs that there are an excessive amount of Client Association/Authentication Failures. I cannot figure out why. I have a Cisco 5508 WLC with 81 AP's (1131ag, 1142abgn, 1262N) models. The wireless devices are on a Windows Domain and use 802.1x EAP authentication, authenticating the user and computer info with a RADIUS Server. I look at the logs and all it can tell me is Reason:Unspecified ReasonCode:1. I read that the Reason Code is due to "Client associated but no longer authorized" but to be honest I am not sure what that means.

View 9 Replies View Related

Cisco Wireless :: 5508 Slow Roaming Or Re-authentication If There Is A Connection Error

Apr 29, 2013

I have a device manufacture there are requesting the following change on a customer's WLC 5508.
 
-config advanced eap identity-request-timeout 60
-config advanced eap request-timeout 60

I have studied many guides but I can't find out if there is a down-side to setting the timeout this high.Could it result in slow roaming or re-authentication if there is a connection error? The customer have large areas with high client density and some outdoor areas with low client density.

View 3 Replies View Related

Cisco Wireless :: New 5508 WLC And 3602i Access Points / Client De-authentication

Jan 25, 2013

Installed a new 5508 WLC last week, and finished bringing 68 new 3602i access points online in our College Dorms. We are seeing a lot of "Client De-authenticated" errors "Reason: Unspecified Reason: Code 1. Years ago I asked about error code 1. The reply from Cisco was: "The programers put the code in. It basically means we don't know what the problem is."Got a call from one of the dorms stating that students were getting knocked off the network while going to sites. If a student is wired, network is solid.Walked the dorm in question and was getting full bars of signals at all times, and was able to stream a movie from my Ultraviolet account without any break or slowdown as I moved from access point to access point. So.. my device, an iPad, was fully mobile and did not experience any disconnects.Did observe one student using a MacBook Pro. This student was constantly loosing connection to the access point. Checked the controller for the MAC of the student's computer. I did find deauthentication errors. BUT... this student's error was the computer was receiving an IP address from the DHCP that was already in use. At the computer the error message was a timeout issue.I am just learning the ropes on the 5508. Have used 3 4404s for the past six years.

View 2 Replies View Related

Cisco Wireless :: Set WLC 5508 To Allow Single Web-authentication User Account To Get Connected?

Aug 12, 2011

how to set WLC 5508 to allow single create web authentication user account to get connected in a same time. i found that i can use the same username and password combo to be login in 2 machine in the same time.

View 4 Replies View Related

Cisco Wireless :: 1552E / 5508 - Registration Process (AAA Authentication Error)

Dec 9, 2012

i have a problem with 1552E to register with 5508 WLC, and always got "AAA authentication error” in the WLC log, while AAA is not enabled.  so my question is , do i need to add the MAC address to the WLC MAC filter list even if i not enable the AAA server in the WLC.

View 9 Replies View Related

Cisco Wireless :: 5508 - Client Authentication Fails For Wrong EAP-type

Jan 16, 2012

I have setup the WLC to authenticate to a MS Server2008 NPS for a WPA2/AES SSID. The connection is successful, but client authentication fails for wrong EAP-type. I believe this indicates a Windows7 client issue. What is the required client setup to satisfy the MS NPS?

View 8 Replies View Related

Cisco Security :: OOB NAC And 5508 WLC Don't Get Any Authentication

Nov 22, 2010

I have a 5508 wlc trunked to a 6500 switch. Also trunked to the switch on both eth0 and eth1 is the CAS. The CAM is connected with an access port.

The CAS and CAM are on seperate VLANs and the CAS was added to the CAM without issue. I followed the example document for OOB WLAN (VLANs and mapping etc)  but I don't get any authentication going on. The client associates and the WLAN interface is the quarantine VLAN However it seems the client can connect to the network without issue (can web browse to a server internaly to the campus)
 
The client is shown in the wireless clients on the device page of the CAM, If i close down either of the CAS interfaces the client connectivity is broken.
 
Just once, randomly the Clean Access Login Page appeared on the client (battery had died and waited about an hour) but when I rebooted the CAS to check it was consistent it never came back.

View 6 Replies View Related

Cisco :: 5508 Web Authentication Timeout?

Aug 1, 2011

If any authenticated user uses protocol other than (http, https) within timeout period, that user #is deuthenticated

View 1 Replies View Related

Cisco :: 5508 - 802.1x Authentication On PSK Key Management?

Aug 20, 2009

I'm setting up a new 5508 WLC (the first wlc I have ever setup) and I have my WLAN setup with our existing WPA/TKIP ssid for transitioning our clients from our existing autonomous system to the wlc.  I have selected PSK as the key mgmt and I can get the client's to connect for a few minutes but I keep seeing these errors:
 
Fri Aug 21 08:50:05 2009 Client Excluded: MACAddress:00:21:00:f9:dd:50 Base Radio MAC :00:23:eb:27:e3:b0 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
 
I don't have nor do I want 802.1x enabled.  Is there something I need to disable either on the client or the controller?

View 20 Replies View Related

Cisco :: Web Authentication Over HTTP Instead Of HTTPS On Wlc 5508?

Mar 26, 2011

I have follow below URL to disable the https over web authentication:
 
[URL]
 
What i want to achieve is disable https over web authentication due to certificate issue, but it seems like even we have disable the http over web management as above URL describe, still https while doing web authentication. Or it is possible to configure use port other than 80, like 8080 for web authentication? (need to reboot the wlc?)Is there any bug that related to this CSCsy32145?
 
WLC Software Version                 6.0.196.0

View 8 Replies View Related

Cisco :: 5508 WLC - Concept Of Association And Authentication

Sep 15, 2010

We have a 5508 WLC with a few WAP's (1131's and 1242's).  Our wireless clients use certificate base authentication against our AD (i.e. both computer cert and user cert are required).  However, from time to time I see clients being associated but not authenticated as reported by the WLC.  Could it be possible, as some literatures indicate that a client can only be "associated" after it's successfully authenticated?  Perhaps I'm not quite clear about the concept.

View 7 Replies View Related

Cisco :: 5508 / Radius Authentication Not Working?

Apr 8, 2013

I have a 5508 controller running 7.4.100 and have a WLAN where I have radius configured. On my controller the client machine I'm using appears but the radius authentication doesn't appear to be working. Is there anything on the controller I can do to verify that the request is even being sent to my Microsoft IAS server? The log on the server doesn't show any requests from the controller so my early days guess is the controller isn't actually sending it.

View 3 Replies View Related

Cisco :: Controller 5508 With RADIUS Authentication

May 6, 2013

I'm a trainee in Network and Telecommunication, and I have to do a "model" with a controller, an AP, and a RADIUS server. Communication and configuration of the lightweight AP has been done.
 
I use an autonomous access point 1220 as the RADIUS server (no considering it as an AP), and I'm a beginner in RADIUS configuration. I get a "Processing AAA Error 'No Server' (-7) for mobile 00:24:d6:8f:2c:7e" when I launch a debug targetting my PC, connecting to the LAP.
 
Precursory : 10.137.125.71 is the IP address of the ap1220, working as the RADIUS server 10.137.125.15 is the IP address of the controller. 00:24:d6:8f:2c:7e  is the MAC address of my PC, connecting to the Wi-Fi. ping works to the RADIUS, to the controller. Each devices are connected by a layer 3 Switch, and ping each others. The Wi-Fi works when I don't use 802.1X (or when I don't use RADIUS authentication at all)
 
What I did on the RADIUS server (ap1220 autonomous) :
 
aaa new-model
radius-server local
nas 10.137.125.15 key password

[Code]......

View 5 Replies View Related

Cisco :: WLC 5508 And LDAP Web-Authentication (Routing)?

Aug 13, 2012

I have two WLC5508 controllers configured with multiple SSIDs and a VLAN associated to each of them. Now I am deploying a pilot for Web-Authentication and everything seems to be fine except for the LDAP authentication part. I have done all the steps for enabling anonymous bind on Active Directory (AD) and the configuration on the controller is properly in place. I know the configuration is working fine because I have isolated the problem to some sort of routing or communication problem:
 
Controller Interfaces:
 
Management Interface - Vlan 1, (X.X.148.99)
Student Interface - Vlan 2 (X.X.132.99)
Mobile Devices interface - Vlan 28
Web authentication interface - Vlan 31
 
AD is on Vlan 2 (Student Interface range)Each interface has its own IP in a different IP range.
 
If there is an IP address configured on the Vlan2 interface, LDAP wont work. If there isnt an IP address on the Vlan 2 Interface LDAP works!So you may think I just should not configure an IP for that particular Vlan, but if do this, the controller wont allow to associate any WLAN to that particular Vlan interface and unfortunately I am using it.
 
I think the Controller uses the Management interface to send traffic to the LDAP server and it gets confused of getting a reply from a device which belongs to the Vlan 2 Interface IP range (AD is on Vlan 2).
 
I know the controller is a Layer 2 device, so I am not sure why it should need an IP address to be configured for each interface, I read it is used just for roaming purposes but it seems to be somehow related to LDAP communication process as well.
 
The strange thing is that I can access the management interface IP from the Vlan 2 range and there is not problem at all.
 
PD: Controller 5508, Software version: 7.0.230.0

View 6 Replies View Related

Cisco :: 4400 / 5508 Controllers - 802.1x Re-Authentication

Mar 28, 2012

Currently in the process of migrating from psk to 802.1x radius environment using a mix of 4400 and 5508 controllers with WCS using Microsoft ias.  The problem I have is there is a lot of shared iPads and tablets in the environment.  Is there a way to force these user to relogin to radius after a certain time period so they are not  sharing unames and passwords?

View 1 Replies View Related

Cisco :: WLC 5508 How To Enhance Client Security Authentication

Dec 20, 2012

Security during client authentication is enhanced by applying both 802.1X and Web Authentication for a WLAN." 

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved