Cisco :: 5508 How To Grant Wire Access To A Wireless Ssid
Jul 25, 2011
I have a wireless lan controller (5508) broadcasting 2 SSID's, once is a secure vlan grabbing an ip address from a local dhcp server and getting access to the internal network, and the other ssid is for a guest vlan where the dhcp server is in a remote site and internet access is off a circuit in our data center which is accessed over a wan. The secure ssid's vlan is defined on the local switch, but the guest vlan is not defined on the local switch.the ap's in the respective sites are trunked to the core switch and the switchport config is : [code] it's trunked b/c we have both vlans going across this physical connection.I would like get the guest vlan a wired connection, ie. off a switchhub, but not sure how to do that as this guest vlan is not defined on our local network.
So I have this E1500 Router that worked fine for the past 5 months, then out of the blue, the wireless feature ceased to function... laptops were not being able to connect to the wireless, the router was also not broadcasting the SSID.So, here's what I have done so far:
1. Check the router software settings, all was good there.
2. Did a "hardware reset" pushing the red button. (now this solved the problem, BUT only for a day, when power is turned off for the night, the next day it's non-functional again. The cycle can be repeated daily, but its a pain to reset and set it up everyday)
3. Updated the Firmware, and this somehow solved the problem for 3 Days... and now it's back to non-functional, again out of the Blue.
Is the Router just busted and it's not remembering the settings?
I have a customer with an ASA5510. We have an SSL VPN (tunnel-based, or "SVC") that we use for remote access. That works great.They want to be able to use this same functionality, but add users who will not have the full access that the current SSL VPN users have. So in other words we currently have a small group of users who get full access to the LAN. Then they want to have a second group of users who will only have access to certain nodes.I'm wondering if there's some way to do this using LDAP between the firewall and the Radius server? The user gets put in a different tunnel group depending on what the FW learns from the server?We only have the Anyconnect Essentials license, so unfortunately we can't do a clientless SSL VPN, which otherwise might work well here.
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
I have an issue where I have an AP in one room and another in another.When I walk from one room to the other, I lose signal but manages to see the SSID and join.But, I cannot seem to surf the Internet, I have to manually disconnect and reconnect. Normal wireless routers I reconnect seamlessly without any manual disconnect & reconnect.Currently using cisco 5508 and ap2600.
we have two offices in same city at different location however we are planning to bring both the office at same location.Now lets say site A has controller 5508 configured with 24 AP's with 10.10.10.x subnet for internal SSID and Site B which is shifting to Site A campus has different subnet ( 10.10.20.x ) for same SSID.Site B has no controller since they had connection with H-reap and they were using different subnet for internal SSID ( 10.10.20.x ) .....Now i need to add their AP's in Site A controller which will be extended wireless LAN however we would like to keep same subnet ( 10.10.20.x ) what Site B has for wireless clients which is really confusing me ....I have already client subnet for site A with 10.10.10.x /24 subnet and nearly 200 users are already using this wireless client subnet.... How do i add their ( Site B ) subnet / 10.10.20.x with same SSID configured which is globally only one SSID ?
limitations :I can not create new SSID for site B since same will be broadcasting even in Site A AP's ?Is this possible to map one more subnet of site B to existing SSID with already different subnet ( 10.10.10.x ) ?
I have an issue where I cannot get clients to change SSID. I have two SSID, one WPA2 secure, one open guest. The secure is locally switched via Flexconnect and the guest is centrally switched. Both of them work. I have been able to test this and both work as intended. The problem is that once you connect to one of them, either secure or guest, you cannot then change to the other. The only way to change is to delete the dhcp entry from the scope and then do it.
Fast SSID change is enabled. I also have debug client output from when the client fails when you try to switch which I will include below. I also pulled some wireshark captures and those show me that the DHCP ack packets are trying to give the client the ip address from the incorrect/previous scope. So basically it's like FAST SSID change is not working and the client is never being disassociated properly??
I am totally stumped and even though the client will most likely not be switched between SSID that often I would still like to know the solution.
Cisco 5508 running 7.2.110.0 Cisco 3502 LWAPP windows server 2008 dhcp server
I have Internal DHCP Server configured on the Cisco WLC 5508 and all is working fine. DHCP Range is 192.168.1.100 to 192.168.1.245. Now I created another SSID but I want clients connecting to this SSID get specific IP's or from a specific range. WLC has no option to bind a DHCP pool to a specific IP so what I did I checked the option to "Override DHCP" and added the IP of my firewall WLC is connected to and setup a DHCP Pool on that firewall as 192.168.1.89 to 192.168.1.94 (192.168.1.88/29).
Client can connect to the second SSID but can't grab and IP address, what am I missing ?
I am setting up a Cisco 5508 wireless controller and was looking for some feedback or assistance. Basically I already have my guest SSID configured and functioning. Created an interface group containing my vlans and applied the created ACL "Guest Policy - internet only", which is also working.I want to setup a second SSID called "staffstudent" and use RADIUS for authentication. I have already created two separate network policies on the radius server: staff and student. Each only allows certain user groups. I want to be able to differentiate on the controller side which profile they are logging in on and then apply the correct ACL. I have two currently configured: one for staff and one for student. It appears to me that since you have to apply the ACL at the interface level I cannot use both since my interface is accepting both staff and students. Is there a way I can filter them using RADIUS so that when they login RADIUS can return a "student" value and then apply the correct ACL? Same for staff?
setup a WEP SSID on my 5508 controllers. THat being said, I have multiple sites with extremely old scan guns that only do 104bit wep. I plan on locally switching this SSID and using static WEP 104bit key with MAC authentication, and then ACLing to limit my inherent security issues/exposure once someone compromises my WEP key. [code]
On a wlc 5508-7.0.116, can I set up 2 ssids that map to one wlan/vlan/subnet. I thought you could but I don't have the means to test without breaking production.
I have Build a 5508-HA Cluster (7.4.100.0) , hat to reboot this cluster due to Licens install.After the reboot atleast one of the SSIDs was not broadcasting anymore, even the checkbox was checked.
What did I do:
Installed the Licenses @ Freiday 12:00 @17:15 reload active WLC, wait till controller is up again (a few minutes pingable) @17:25 force failover to first controller. check a few SSIDs but not all, those who where check are ok. @monday 07:00 clients complaining not seeing the SSID (some where connected)
on a 5508 WLC can we create new SSID for I PAD / IPHONE Users without having ISE, only I phone / I PAD are allowed to be authenticated rest all should be denied. IS this possible?
I have an open SSID on 5508 controllers - configured as anchors and need to redirect wireless clients to the wireless help page automatically once they have connected and opened their browser.I've read all through the web auth and pass through discussions on here but nothing seems to be quiet right for me - unless I am completely missing something.
I have two WLC-5508 for 50 AP's deployed. One is primary controller & other is secondary.Recently noticed an unknown "authorization failed, no sufficient privileges for user" message poping up while making configuration changes in WLC. Specificly when trying to create an new SSID. WLC Authentication is local. This message poped up earlier once or twice but it didnt prevent from making changes that time.
I have a 5508 WLC controller at the HQ with the employee ssid ,the dhcp scope on the ssid is 10.120.0.0/16 network.
However,I want this same ssid to be brodcasted to a remote site using HREAP access point but with different dhcp scope 10.102.0.0/16.
I have tried creating another interface for the remote site with a different dhcp scope(10.102.0.0) but the controller wont allow me create another wlan with same ssid that existed before to apply the new interface created for.
I need raise a especial configuration to 34 APs LWAPP associated to WLC 5508 with IOS 7.0.220
This is the Scenario:We have 34 APs LWAPP with 2 SSID (Corporative & Guest), with 2 DHCP different. The Guest SSID receive IP to DHCP from WLC while SSID Corporative receive IP from Microsoft DHCP. The AP On Site are Local and the Foreign AP are configured like H-REAP (H-REAP Local switching and Learn Client IP Address are marked)
Here is the thing, I need configure a new WLAN (Pruebas) for add to 34 APs (Local and Foreign) but this new WLAN must be receive IP from a New Microsoft DHCP
Firstly I configured a new Physical interface and linked to New WLAN (Pruebas) however i don't know how configure the AP and the DHCP because I want that the AP deliver IP addresses depending the Locality.The last because the SuperScope from DHCP is divided in various subnets and because the IP from the AP will be in another VLAN
i have two 5508 ver 7.3.0, one is the primary and one is the guest controller. mobility is up and running. i have an exising guest ssid working with wpa2-psk and web authentication and its working fine but i require a second guest ssid that only uses a wpa2-psk for ipod/ipads as i cant use passive client on primary controller. i presently have the one vlan range and dhcp setup on the guest controller to give addressing to either ssid. i know you can have multiple ssid setup on the guest controller but in other sites i have only had one guest connection comming from the primary controller, just a primary controller on each sites was only creating one link to the same guest controler.
Has anyone come accross a problem whereby an SSID becomes unavailable when selecting a Radio Policy of '802.11g Only'? The SSID is configured identically accross multiple controllers, but only works on the WISM's. The same WLAN profile on a 5508 is unavailable unless I select a Radio Policy of 'All'.
All controllers (WISM's and 5508's are running 6.0.188.0)The WLAN profile is using MAC Filtering[WPA2][Auth(802.1X)] as the security policy.
Today I replaced my motherboard to fix the graphics card issue on my Vostro 1400. After installing the motherboard I installed the driver's from Dell's site for the networking card.
I get an error stating device driver/software was not successfully installed. I tried a restore point, that didn't work either. I tried the original driver disc that came with the laptop - same problem.
In device manager it is showing: broadcom netlink adapter fast ethernet #2 - does that mean it thinks I have more than one network card? I'm not sure what to do next. I can't access any wireless from that laptop, not even from a hard wire.
I can connect to the internet via wireless just fine, and everything will be hunky-dory for a while. After a while, however (this varies anywhere from a day to a week), there will be a small hiccup on the connection, and then something fails in the Acquiring Network Address stage. My computers will get an IP, but they will not get the default gateway or DNS server.I have tried a plethora of fixes, from simple computer reboots to fiddling with all sorts of settings, and nothing works to reestablish the connection. My father has also tried fixing it, to no avail. I have to go and reset my router, which also interrupts TV service, because it is through AT&T U-Verse. Needless to say, this does not make other people in the household very happy, and I really shouldn't have to be resetting my router every couple of days like that. My PC uses a Netgear WG111v3 adapter and is Windows XP. My laptop has on-board Wifi and is Windows XP Professional.
I purchased Linksys (Cisco) EA2700. For the moment it is being used as an access point for a wireless network (WLAN) and an Ethernet switch. 4 laptops are being connected to it through the wireless network, the wire connects one computer and a separate ADSL modem (it is used for accessing Internet). As a result minimal ping to any of the devices in wireless network is 8 ms – the best result and sometimes rises to 20 ms. Consequently when working with local network resources one suffers from speed decrease. Ping to the access point through the wire varies from 1 to 8 ms. These delays are quite strange as even on cheaper routers ping does not rise above 2 ms (usually <1ms). Is it normal for the device?
We have a network of multiple WLCs: 5508, 4402, WISMs in two C6509 all running version 7 software. We have about a dozen SSIDs and we need to provide DHCP to the one public SSID (which like the other SSIDs span across all controllers) and to do so we thought of using a spare router, Linux workstation or DHCP server on the controllers. We are not sure if using the controllers is an option since we have multiple controllers. Is there a way to setup DHCP on a WLC and tell the others to use that WLC for DHCP for the one SSID?
I have a wireless network with LWAPPs and 1 WLC 5508. How to block communication between SSIDs (clients in different SSIDs bassically) and whether that is even possible from the controller? I'd like to mention that communication between clients whithin the same SSID is already blocked.
I am trying to set up a guest SSID which will be separate from other corp SSIDs. I have read about this auto-anchor feature and I have a basic idea. Here are some questions about the network design
1. Can Cisco 5508 with 7.2.111.3 code do NAT? I mean can I use the anchor controller also as a gateway to Internet or do I need another device such as FW or router to do the job?
2. I want the guests to get IP address in 192.168.0.0/24 range. On the anchor controller I will need an interface in this range, correct? However on the internal controller I won't need this interface. The guest ssid will be associated with the management interface on the internal controller, correct?
3. I want the guests to get IP address from general DHCP server. Does DHCP request have to come out of the new interface in the 192.168.0.0/24 range? However this interface will be connecting with the FW. It won't have connection back to the internal network to reach the DHCP server. The management interface will have the route to the DHCP server. Is it possible to use management interface for this SSID but still let traffic to pass through the Guest interface?
I started getting into IT (as a job) a little less than a year ago, though I've been working with computers for close to 20. So networking was never something I was into while working on computers at home. I've been handed a significant position at work and I am learning a lot as I go. I want to know how to grant permissions for a domain user to a directory without adding the user to all of the sub-directories and directories. The only way I've figure thus far is to grant permissions to said folder, then inside remove the "inherit permissions..." but then I have to manually remove the permissions to every other sub-folder.I want to add a single path to a folder by adding single permissions to each folder until the directory in question is reached.