Cisco AAA/Identity/Nac :: ACS 4.2 And Aruba Mobility Controller?

Jan 3, 2012

I have recently installed an Aruba Mobility Controller and trying to authenticate WLAN traffic off to the ACS server, but using a valid 802.1x account the authentication process is failing.Which version of RADIUS should I be using?Is there any way to enforce the Aruba controller to use TACACS instead?

View 1 Replies


ADVERTISEMENT

Cisco Wireless :: Mobility Group Between Controller 4400 And Virtual WLC

Mar 7, 2013

I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.The command "config mobility group member hash" is totally missing. How to establish a mobility group between a 4400 controller and a virtual then ?

View 2 Replies View Related

Cisco Wireless :: Mobility Group Between Controller 4400 And Virtual Wlc

Sep 3, 2012

I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.
 
But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.
The command "config mobility group member hash" is totally missing.
 
how to establish a mobility group between a 4400 controller and a virtual then?

View 4 Replies View Related

Cisco Wireless :: 5508 - Mobility Groups / Sync Controller Configuration

Jul 7, 2011

I have 2 5508 controllers in a mobility group. Any good way to keep the configuration between the 2 controllers synched up?
 
I thought about copying the config from my primary controller to the secondary controller, but I would think there is a more elegant way to make this happen.

View 5 Replies View Related

Cisco WAN :: 2811 Router - DHCP Option 60 / 43 On IOS To Aruba AP

Oct 3, 2011

I'm trying to configure my Cisco Router 2811 which is also acting as the DHCP server for my branch office for DHCP option 60 and 43 so Aruba AP's at my branch can discover it's master Controller? What is the command I need to enter in the Cisco router?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ASC5.2 - How To Tell Which Domain Controller Request Is Sent

Sep 12, 2011

Within ACS 5.2, does any know of a way to see which specific domain controller a request is sent to?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Force ACS V.5 To Join Domain With Certain Controller?

Sep 5, 2012

I try to join an ACS v. 5.3 to the domain.  For my acs in Location A, I can join without problems using my account. When I try to join the ACS in location B to the same domain with the same account, it doesnt work.I looked at the debug log files for the ad client, and noticed, that the ACS in location B goes to a certain Domain Controller. However, I would have expected the ACS to contact another DC, which is located on  the same location as the ACS ... this doesnt happen.
 
My question:  How does the ACS determine what DC to contact ? Is it possible to force the AC to join by connecting a certain DC ?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.1.4 Any Version With Domain Controller On Windows Server 2008 R2

Feb 28, 2010

Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).

View 5 Replies View Related

AAA/Identity/Nac :: ASA5510 Entry For LDAP Object That Refers To Domain Controller

Feb 14, 2013

On our ASA5510 in the area AAA Server Groups, there is an entry for LDAP and an object that refers to our 2003 Domain Controller. This DC has LDAP over SSL enabled and I can see the DN and Password for a domain user account.I've created two new DC's, both R2 2008 but when I enable these in the same way it says it could not authenticate, ERROR auth server not responding, AAA group removed.I thought this had something to do with CA being installed on a DC, but it's not running as a service on the DC that was already referred to.

View 2 Replies View Related

Cisco VPN :: Any Connect Secure Mobility 800 Router

Jul 19, 2012

I have problem I want a remote opzeten with my 800 router I used AnyConnect Secure Mobility Client can not connect but you know someone that can do

View 0 Replies View Related

Cisco :: WLC5500 Mobility Group Fail-over

Mar 22, 2012

I have a Question i am testing  mobility group with Failover for redundend connection between 2 Cisco 5500 Wlc.On both the controllers i got the mobility working And both the controllers have the same version.And configuration. But when i unplug the main controller the access-Points don't convers to the second one .The just keep on creaming can't find the main controllerAlso with this thus the second wlc need to have the same.Interface ip address like management.

View 8 Replies View Related

Cisco VPN :: Secure Mobility Client Certificate

Jun 14, 2011

I am having a problem configuring SCEP for my secure mobility client.  I have created a connection profile to allow certificate requests but when I fill in the step-forwarding-url field I get an error. The CA we are using is an internal MS CA with SCEP already enabled.  This has been configured for a long time with our current Cisco VPN client using certificate authentication.  The ASA is running 8.4.1.Here is the error I get when I try to enter the command into the group policy associated with my certificate enrollment connection profile: group-policy SSLGP attributes. url...

View 6 Replies View Related

Cisco :: How Many 5508wlc Be Added To Mobility Group

Jun 23, 2011

How many WLCs 5508 can you add to the mobility group?

View 1 Replies View Related

Cisco Wireless :: 5508 Mobility Groups

Sep 1, 2012

1) Is it possible for 2 WLCs installed in seperate data centres with L3 seperation to be joined in a mobility group? We will have aps in the branch offices split between controllers so we want to make sure roaming work ok. Also all guest access should be anchored to data centre 2.
 
2) in flexconnect local switching mode, do I need to create flexconnect groups if I'm only using radius servers in the data centre with no requirement to use local radius as a backup?

View 6 Replies View Related

Cisco Wireless :: WLC 7.3.101.0 Mobility Group Peer Cannot Up

May 19, 2013

It seems the 7.3.101 version Mobility group peer cannot up,: refer to the attach,
 
Peer 1: version: 7.3.101
Peer 2: version 7.0.98
Peer3: version 7.2.103 
 
Today we got new two WLC for Anchor use, and config the mobility group, but it's failed and cannot up, the ping is ok.

View 13 Replies View Related

Cisco VPN :: Connection With Anyconnect Mobility V3.03050 And IOS (151-2.T4)

Sep 15, 2011

On my setup SSLVPN tunnel fails with AnyConnect 3.0.3050 or above releases to UC520 platform running IOS(151-2.T4).
 
3.0.4235
3.0.3054
3.0.3050
 
Connection succeeds with all other versions below 3.0.3050. I’m using standalone client on my PC (tried Win7 and XP).I added my server to the trusted sites list on my IE.
 
When I tried with anyconnect-win-3.0.3050-k9.pkg which was installed on UC520, the client gets installed successfully and connection was established.When I disconnect the session (had an option to keep the client on PC) and tried to connect back, the connection failed after I have accepted the certificate.I don't see any webvpn debugs on the UC520.

View 1 Replies View Related

Cisco :: Using Active Directory To Login To Extension Mobility?

Jun 30, 2011

I have been rolling out new IP Phones that use extension mobility and the biggest issue Im finding is the need to log-in every day, People t like change and they hate the fact that they have to login every day.I have been to the people at the top and gave them the options of remembering the last user logged so users just need to enter their pin or have EM not log users out at all… both got rejected.

View 2 Replies View Related

Cisco Wireless :: Mobility Groups Between WLC 2106 And 5500?

Sep 10, 2012

Can I configure a mobility groups between 2106  Wireless LAN Controller and 5500 Wireless LAN Controllers?

View 8 Replies View Related

Cisco Wireless :: 5508 - Unable To Add New WLC To Mobility Group

Nov 30, 2011

I recently add a second CT5508 to the network, but when I tried to add the first 5508 to the mobilty group I received a message like this:
 
"error in creating member"
 
I've tried different mobility names, via GUI, via CLI and always the same error.
 
I've verified twice or more than twice connectivity issues or any error on the entering the MAC and IP of the controllers, everything is fine.
 
I'm using version 7.0.116.0

View 4 Replies View Related

Cisco VPN :: 5505 AnyConnect Secure Mobility Client

Nov 11, 2012

We currently have an ASA 5505 Firewall with VPN services configured.  The system is running ASA Version 9.0.0 and ADSDM 7.0.2.  I installed the "Cisco AnyConnect Sercure Mobility Client" Version 3.1.01065 on my Windows 7 Ultimate PC.  When I try to connect to my VPN service I ge the following message:
 
Security Warning: Untrusted VPN Server Certificate!  AnyConnect cannot verify the VPN server: XXX.XXX.XX.XX
 
-Certifiate does not match the server name
-Certificate is from an untrusted source.
-Certificate is not identified for this purpose.
 
Without purchasing a certificate from a 3rd Party vendor, is it possible to register a "Self" generated Certificate to get rid of this message?  If so are there any "Detailed" (e.g., simplified or not in Cisco-eeze language) instructions on how to setup the Firewall to "push" the certificate to the VPN client so the message doesn't come up for the user?

View 5 Replies View Related

Cisco :: WLC 5508 Mobility Groups And Internal DHCP

May 6, 2012

How do Mobility Groups work with internal DHCP scopes on a WLC 5508?We have a WLC 5508 with two internal DHCP scopes which redirect to captive portals for authentication. I am looking at putting in a second WLC in a mobility group setup to provide some WLC redundancy. The LWAPs will be setup so that every second AP is on the has the second WLC as its primary controller. If the primary WLC fails we want the secondary to be able to take over and issue IP's from the internal scope. How do you set this up with a Mobility group so the second WLC does not act as a rouge DHCP server while the primary WLC is still active?

View 6 Replies View Related

Cisco Wireless :: 5508 - Mobility / Roaming And Web Authentication?

Nov 27, 2011

I have two 5508, no anchor, only one SSID with internal web authentication using radius server.Under "Configuring Mobility Groups", Cisco guide says: "If a client roams in web authentication state, the client is considered as a new client on another controller instead of considering it as a mobile client".
 
I understand that if a client that has already autheticated via web roams between two LAPs that are associated with different WLCs, it has to reathenticate.

View 6 Replies View Related

Cisco Wireless :: 5508 Mobility Group And Re-authentication

Aug 15, 2012

I have to WLC's a 4402 and 5508   in a mobilty group. they are both running 7.0.116.0. They are configured to use Web Authentication. We are having complaints that Users are having to re-authenticate when moving around the office. My theory is they are moving from one WLC to the other and then requiring to re-authenticate.

View 5 Replies View Related

Cisco :: 5508 - Mobility Group To Match On Internal WLC?

Feb 1, 2012

I am setting up officeexten. I have placed the officeextend wlc in the dmz with an mgmt ip of 192.168.10.2. in the process of anchoring this to the internal wlc. Also the ip on the firewall for this interface is 192.168.10.1
 
1. does the mobility group need to match the same on the internal wlc ?

2. Now do i need a NAT transnational on the firewall for the external WAN ip (AP primed address say 66.10.10.10) to NAT back to 192.168.10.2 ?

3. The 5508 WLC is running on ver6.0.199.4 (license level base) - will this support office extend?

View 14 Replies View Related

Cisco Wireless :: 2500 Series Support Mobility Groups?

Dec 1, 2011

Do you know if the new 2500 series controller supports things like mobility groups? Could I use 2 of these and do inter-controller roaming. Also do you know if this would work with a 2106 controller and a 2505 controller or are they 2 completely independent controllers only knowing about their own APs??

View 12 Replies View Related

Cisco Wireless :: Unable To Get 4402 And 2504 To Pair In Mobility

Jun 12, 2013

I am unable to get my 4402 and 2504 to pair in mobility, I made short video to explain my issues.also do not worry there is no propritary information in this video, I am working on a lab that does not mirror any production networks.

View 6 Replies View Related

Cisco Wireless :: 5508 - Mobility Ping And SSH Errors After Upgrade To 7.2.110.0

Aug 7, 2012

After upgrading my 5508s to 7.2.110.0, they are reporting mobility data path errors to one of my WiSMs running 7.0.235.0.
 
I get these messages on the 5508s reporting that it can't send a ping to the affected WiSM:
 
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PKT_RECV_ERROR: ethoip.c:341 ethoipSocketTask: ethoipRecvPkt returned error
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PING_RESPONSE_TX_FAILED: ethoip_ping.c:312 Failed to tx a ping response to <ip address>, rc=5
 
But maybe there is another clue because I also see in the same log these errors referencing the same WiSM:
 
*bcastReceiveTask: Aug 08 21:15:45.310: %LOG-1-Q_IND: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
*mmSSHPeerRegister: Aug 08 21:15:44.829: %MM-1-SSHRULE_CREATE_FAILED: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
 
Why is the controller trying to SSH to another controller?  Was some SSH related feature added to 7.2 that has been accidentally enabled? 

View 4 Replies View Related

Cisco Wireless :: Migrating 2 Standalone 5508 To One Mobility-group

Jan 23, 2012

for some reason our wlan-controllers were build up to be standalone instead of beeing one mobility-group. I would like to change this in order to use all features of HA.
 
let me describe our scenario: two WLCs 5508 running SW ver. 6

- same subnet

- both are running in master controller mode

- different hostnames, ip-addresses, etc

- all settings for WLANs and AP-groups (exept the APs themselves in these groups) are the same

- in total at this moment we are running around 100 LAPs configured one half on WLC#1, the other half on WLC#2
 
I don't know exactly why, but when that setting was installed, someone already configuredHA for each accesspoint... e.g.:

- AP#1 primary WLC#1, secondary WLC#2

- AP#2 primary WLC#2, secondary WLC#1 but without WLC#2 knowing the configuration for AP#1 it makes no sense, correct?
 
so my question is: how should I do the migration in the best way?
is it easy as:

- disabling master controller mode on WLC#2

- configuring both WLCs into one mobility group

--> WLCs are negotiating their configurations for the APs

View 5 Replies View Related

Cisco Wireless :: 602OEAP / Mobility Anchor And Remote Wired LAN?

Mar 10, 2013

deploying a DMZ wireless controller and I have a question regarding remote wired LANs. My 602OEAP APs support 1 or 2 of their LAN ports as being accessible across the DTLS tunnel.This works fine when they register across internet right to my internal WLC. However, now that I'm implementing a DMZ controller for this purpose, how will this work? I dont see the option for the Remote Wired LAN to be linked to a mobility anchor.Some of my users have printers connected to the LAN port on their 602OEAP and I need to maintain this functionality once I move their APs to the DMZ controller.

Software versions: 7.4.100.0
DMZ Controller: 2504
INT Controller: 5508

View 6 Replies View Related

Cisco Wireless :: 5508 Mobility Service Engineer / WCS Required Or Not?

Feb 4, 2013

I have Cisco Wireless Lan Controller 5508 with 35 (3600 Series Access Points.  Do i need to purchase Mobility Service Engine for this or no need?  Do i need WCS server for this or no need?

View 1 Replies View Related

Cisco :: 5508 - Failover For Multiple WLCs And Mobility Groups

Feb 14, 2013

We are in a warehouse type setting and have data centers on each side of warehouse with 5508 WLC's in each data center. Each side is on its own subnet with routing in between and a different set of SSID's for each set of WLC’s. Are goal is to have the ability to failover in the event that if one data center goes down AP’s will move to the controllers in the other DC and the clients will still be able to operate.
 
Our thought was to implement mobility groups between the controllers. While I saw documentation on setting this up when the controllers are on the same vlan, I didnt see any setup config when controllers are in different vlans. So I am wondering if mobility groups are even an option for what we want to accomplish. For the most part clients stay on their respected sides of the warehouse and so we are not necessarily needing roaming for clients between controllers in DC1 and DC2. But that does raise another question in that we do have a planned voice wlan that we would like to have the ability to roam between each side of the warehouse. But we have seen ip issues with this. In the past we have had both SSID's setup on each side and ran to issues with clients not renewing their IP address when moving to the controllers on the different subnets.
 
Can we setup mobility groups between controllers on different vlans/subnets? For failover purposes will mobility groups assist in our setup with 2 DC’s and different subnets/vlans? If the answer is yes we can setup mobility groups between different subnets, is there a way to setup the SSID's on all controllers and have the ability for clients to roam and renew their IP’s when moving to a different controller on a different subnet?

View 3 Replies View Related

Cisco Wireless :: 5508 - Mobility Group Same Ssid Multiple WLC

Apr 7, 2013

I have a 4400 and a 5508 WLC in the same location We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
 
Do I only need to create a mobility group and add both WLC then create only one WLAN on one of the controllers and it will be shared across bot WLC.

View 5 Replies View Related

Cisco VPN :: 5520 - AnyConnect Secure Mobility Client License?

Mar 1, 2011

I need to activate AnyConnect SecureMobility client on an IPAD. I have an ASA with the below feature licenses:
 
[code]...
 
This platform has an ASA 5520 VPN Plus license
 
As I've understood that I need the ASA-AC-M-5520 license for each IPAD used but they mentioned that we need also the Essential or premium license to be activated on the ASA as well. As shown above, I have the "VPN Plus license" activated on the firewall.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved