Cisco AAA/Identity/Nac :: MC75 Motorola Handheld Not Authenticating With ACS
Jun 6, 2011
I have deployed a Cisco wireless environment at one of our sites. The problem is that we are rolling out new motorola handhelds (MC75) are not authenticating with the ACS. I have copied the same config as it was with the exsisting wireless that was installed. Funny thing is we have another set of motorola handhelds (MC70) all use the same certificates and can authenticate without any issues.When i look at the ACS for logs I get the following error; EAP-TLS or PEAP authentication failed during SSL handshake.
View 6 Replies
ADVERTISEMENT
Apr 17, 2012
So if I do a static ip address it works fine, but if I turn off static, the machine authenticates fine, but is not assigned to the access vlan, and it does not get an ip address.now when I use static I notice in the ISE live authentication logs, 11213 No response received from Network Access Device, for the switch even though its configured correctly.
View 5 Replies
View Related
May 5, 2011
I've got a problem with Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance.
ACS4.2 has been configured to use both internal and external database. It's been working fine for a couple or years.
Recently we bought a Cisco 4710 ACE appliance. When I use ACS4.2 internal username and password to login the Cisco 4710 ACE appliance, I have no problem. I can also see the passed authentication log on ACS4.2. However, if I use AD username and password, I couldn't login in. The message is "Login incorrect". I checked the failed attempts log on the ACS4.2, there was no log regarding the failed attempt. My AD username and password works fine on all other cisco routers and switches.
I've posted my AAA configuration of the 4710 ACE below. ACE is running on the latest version A4(1.1).
tacacs-server key 7 "xxxxxxxxxxxxx"aaa group server tacacs+ tac_admin server xx.xx.xx.xx
aaa authentication login default group tac_admin local aaa authentication login console group tac_admin local aaa accounting default group tac_admin
View 2 Replies
View Related
Oct 16, 2012
Web clients are receiving login failed messages and VPN clients are getting disconnected by host messages. I am able to ping the server from the ASA5510. Users authenticate in AD. I am not sure if the problem is on the server or the ASA.
View 1 Replies
View Related
Jan 28, 2013
I am using ACS 5.3 What I am about is setting user authentication against existence of the user in specific AD group, not just being a member in any AD. What is happening now, users get authenticated as long as they exists in the AD, luckily they fail on authorization, as it is bound to specific AD group.
how can I bind the authentication aginst specific group in AD, not just using AD1 as the identity source.
View 1 Replies
View Related
May 12, 2013
For some reason, handheld devices cannot connect to our wireless dlink router. However, our HP laptop has no issue with connecting. Regardless of the make and model, no one else can connect at our home.
View 5 Replies
View Related
Dec 28, 2011
Three weeks ago I moved all the APs at one of our sites from WISMs (running 5.2.193) over to a pair of 5508s (running 7.0.220) and everything appeared to be fine through testing and implementation. We've got about 400 devices on this network and almost everything is working without issue, except for about 10 Honeywell Dolphin hand-held scanners that our distribution department uses. On occasion when the users go to use them, even when sitting 15 feet from an AP, the device will kick out an error that the "wireless network was not found - please move closer to an access point or return to cradle".
As much as I would love to say it's a device issue, they said the problem started the same day I moved the APs to the new controllers (they gave me the date they started experiencing the issue, I was able to link that back to the date I made the move). They worked without issue on the old controllers / code and, for the most part, both old and new controllers are configured similarly (except for enabling a few new feature that the new code supports like client-link and band-select). These are b/g clients and I did diable all .11b data rates when moving to the new controller. Also, this happens in multiple locations, not just in the receiving / distribution area.
Lastly, I'm at my wit's end on this. The issue is totally random and when they are having an issue I can't even see the device trying to connect (by debugging the client on the controller). One suggestion I've made is that we may need to upgrade the device firmware, but I'm not sure why it would work with the old controllers and not the new. I guess the worst case scenario is that I can move the couple APs they have in the receiving area back to the old controllers to see if the issue continues.
View 10 Replies
View Related
Jul 1, 2011
I just need a usb dongle to connect my acer n30 handheld to my internet
View 2 Replies
View Related
Sep 15, 2010
I have a 2125 WLC. I have some 1242 Access Point registered to the WLC. The problem is that the handheld connects to the WLC but sometimes it shows that it has lost wireless signal. Users say that this happens when they go from one site to another. I go to that specific site with my AirMagnet tool and it shows full signal. The customer is saying that WLC is not working with roaming properly.
The handheld is a Dolphin 7900.
View 4 Replies
View Related
Feb 18, 2013
We have cisco 5508 office extend in dmz running code 7.3.112. 1132 AP seems to register and authenticate fine but OEAP 600 series dont seem to authenticate. they seem to join the controller and download the SSID but just wont authenticate ? not even registering on the AAA server
View 9 Replies
View Related
Jul 12, 2012
how to Configure ACS 5.x so LMS 4 users can authenticate via TACACS+? I have ACS 5.x setup and authenticating to Active Directory. Have changed the LMS 4.x Authentication Module to TACACS+. Have gotten past the user / password problem by configuring a local user in LMS 4.x. Now, am hitting the Default rule in ACS and Shell Profile is deny access..
View 1 Replies
View Related
Feb 23, 2011
We are starting to roll out a few Win7 devices. Even on our Guest WLAN, they are taking longer to authenticate on the AP1231 than WinXP. The APs are controlled by a WLC, which connects to NAC?
View 3 Replies
View Related
Feb 3, 2013
Dell inspiron 1525 / Windows XP
Linksys/Cisco Router.
When trying to connect (wireless or wired), I can't get past the authenticating status. Have used this computer with same router for 3 years. If there was ever a problem, I would unplug/replug the router.I am currently connected through my neighbor's unsecured network.
View -1 Replies
View Related
Apr 2, 2013
A customer has RADIUS running on a Win Server 2008 R2 machine, has Autonomous 1140 APs and a mix of Windows 7 and XP Pro clients. Using PEAP as the authentication method the Win 7 clients can access the WLAN, but the Win XP clients cannot. The Win XP clients are at least SP2. I am doing some research before going to site on Friday and wanted to poll the community. I found an older post speaking to a MS Hotfix under KB#885453, but it referes to "third-party RADIUS servers," not MS servers URL.
View 14 Replies
View Related
Aug 22, 2011
I have a WAP4410n which I'd like to authenticate users against our corporate active directory. I would like to know how to achieve this - whether we require a dedicated RADIUS server, whether AD has a RADIUS engine which can be used, etc. Also, what would the pros / cons be of this setup versus using a WPA2 password?
View 2 Replies
View Related
Mar 15, 2012
My computers inability to connect to the internet. It is a 2006 Dell Inspiron 6000 with a 1370 WLAN card. I just moved into a new house and was able to connect to my roommates wireless connection with no problem. Then a couple weeks ago we both lost our ability to connect. When we disconnected the router and modum and then reconnected she was able to get on the internet again. I was unable to. A computer savvy friend came over and through some finagling was able to get my connection going again. I might try cleaning my computer up and putting stuff onto an external hard drive. Since then I have tried some different stuff I have seen on the internet, such as ipconfig to no avail, tried repairing the connections doesn't do anything.
View 11 Replies
View Related
May 22, 2013
I am having problems authenticating client computers onto the wireless network using a Cisco AP1252 via radius
Setup:
I have a Cisco AP1252 wireless Access Point connected to a Cisco ASA5510 on subnet X.X.5.Z The access point ip address is X.X.5.101
The ASA on another port is also connected to the wired network on a different subnet X.X.0.Z
On the wired network are two radius servers - Ubuntus servers running freeradius which are running fine and reliably authenticate wired users for ssh connections to the ASA and importantly to the AP1252 as well (The radius servers ip addresses are X.X.0.191 and X.X.0.192)
Problem:
When a wireless user tries to connect to the wireless network via the AP1252 after being disconnected form it for a while (or after waking from a long sleep) they are never authenticated. They just try over and over and never obtain an IP
Interestingly in such a case neither Ubuntu server shows any sign of receiving an authentication request from the AP - Both ubuntu servers are running in debug mode so they show any activity - there is none
Oddly:
If i try to authenticate a user wirelessly to the AP and leave it in the usual state of trying over and over (with no visible activity on the ubuntu servers) BUT then go to a wired machine and attempt to authenticate an ssh connection to the AP1252 using a terminal command ssh user1@X.X.5.101 THEN as soon as I hit enter on that request (and before I enter a password for the ssh connection) THE WAITING WIRELESS USER IS IMMEDIATELY AUTHENTICATED (and the ubuntu server shows the authentication activity for the wireless user
I really do not understand this and cannot use this method to facilitate wireless user authentication 
What might be causing this behavior - it seems like the AP sleeping and the wired ssh request wakes it up so that it sees the pending wireless user waiting and then acts on that completing the wireless user authentication request.
View 11 Replies
View Related
Apr 28, 2011
I will set up a Dhcp server on the inside interface of my pix. I would like to have the DHCP Server authenticate to the Active Directory Server that is located on the DMZ.
Inside --pix--dmz
Inside interface
Win 2008 DHCP
DMZ interface
Active Directory Server
What would be the issues that I could run in to when I try to authenticate this server from the inside interface to the dmz? I see that Dhcprelay option is available on the PIX 6.3 I'm guessing this is the only command that I need to use: dhcprelay enable dmz
View 3 Replies
View Related
Feb 18, 2012
I put a password on my WRT54GC ver 2.0. After that i couldn't access internet. It keeps authenticating and never connects.
View 2 Replies
View Related
Jun 24, 2007
Here at HQ we have a 4402 WLC. At our remote sites we have 1231G APs running in autonomous mode. I upgraded one of the APs -- IOS 12.4(3g)JA -- to run LWAPP. Per release notes I've read upgraded 1231's do not support REAP/HREAP mode, consequently, it's running in LOCAL mode.
The AP is managed by the WLC. I created a WLAN for the remote site and assigned it to the MGMT interface; the remote site subnet doesn't exist in HQ. The DHCP server for the remote site is presently at that site; AP and DHCP server reside at the same place.
Clients authenticate successfully to the remote site AP, however, they are not getting DHCP addresses assigned. Does the DHCP server for the remote site have to reside in HQ since the AP is running in local mode? If so, where is that specified, on the MGMT interface config?
View 4 Replies
View Related
May 27, 2013
i have 2 1260 Access points one is in root mode , one is wgb mode. Authentication is EAPFAST. There are 5 devices connected via WGB bridge to the rest of the network.
- If clients are sending some data , then WGB AP announces this client mac via IAPP to root AP and rest of the network sees them correctly
- If clients are "passive" , then after WBG AP announces them to root AP , they timeout after 6 minutes on root AP and obviously they are not pingable from the rest of the network. The only way to restore connectivity is to ping that device from WGB AP, then WGB AP announces via IAPP to root AP , then and only then they become visible from the rest of the network.
My question is related to this 6 minute timeout on root AP . Is it normal behaviour ?
View 5 Replies
View Related
Jan 23, 2011
where is the WEP located on my att Motorola router?
View 1 Replies
View Related
Jan 17, 2013
We have a Cisco 4500 core switch and 2 Motorola AP 6532 access points. From the Motorola side the goal is to allow my corporate users access to network resources meanwhile offering my guest users only internet connectivity. My thought is to create two separate VLAN’s on my Cisco switch ex: vlan 10 (Business) 192.168.50.x and create another vlan 20 (guest) 192.168.2.x, also I made the proper configuration changes inside my Motorola AP device as well. From the Motorola I can ping myself but not my switch?
View 2 Replies
View Related
Mar 23, 2011
I have a adsl setup from my ISP (TDC) and I would like to use my 887va as modem instead of the supplied Motorola Modem.I have the technical info on the connection: VPI = 0, VCI = 101 and RFC1483 AAL5snap. I have supplied the 887VA with an IP address on VLAN1. What is the right direction in terms of access-lists, dialer interfaces, routing etc.I have tried serveral guides on Cisco pages but have not managed to even ping google from my 887va.
View 1 Replies
View Related
Aug 12, 2012
how to get into Motorola WiAP100 to reconfigure?
View 10 Replies
View Related
Sep 4, 2011
I use Motorola SBG 900 Wireless Surfboard Gateway with Timewarner service provider. I have couple of problems....
Problem 1 : I use VOIP phone (Vonage) which connected to my Motorola wireless device, current when i call somebody using VOIP phone, they can hear my voice but i cant hear them... Last years i dont have any problem but last one month above problem exists.
Problem 2: I tried Speed test with cable (13MBPS download stream) but through wireless (6MBPS download stream)
View 2 Replies
View Related
Jun 1, 2011
My brother's Speedstream has died. Lights don't work, etc. etc. He has ATT DSL in Detroit; Detroit does not have an internet wireless service, so he has to deal with ATT. He's po'd that he's paying $92 a month for service that doesn't work. I told him he needed a new DSL modem.
View 2 Replies
View Related
May 28, 2011
I have a desktop, Sony VAIO laptop, and a Motorola router and modem combination. Both computers are running Windows 7 professional. The desktop is running the 32 bit version and the laptop the 64 bit software.When I first got my router, I could access my laptop from the desktop but after a crash on the desktop and reinstallation of everything, I can no longer access the laptop. I have set up file sharing on the laptop but it still will not allow access. Here is the message that appears when I try go access a folder on the laptop:"Windows cannot access \name-VAIOackups,You do not have permission to access \name-VAIOackups"
View 3 Replies
View Related
Jan 11, 2012
im trying to gain access to my router to make a port forwarding, so other ppl from the e-net can connect to my computer in that port. i have tryed to use my ip, my net-mask, everything but the webbrowser simply says it cant find the site im trying to connect to
View 6 Replies
View Related
Mar 4, 2012
The only way we can use our Motorola router is unencrypted. I have gone into the router numerous times and reset it, unplugged it, retyped the WEP key, tried to shift to WPA and nothing works. None of three computers in the house will connect unless all encryption is off. We live in a good neighborhood on a cul de sac, don't get a lot of traffic through here, and know the immediate neighbors, but nothing is stopping a stranger with a laptop from sitting on the street and using our wifi. I've talked to the Comcast tech. The trouble just seems to be our boxes won't get past the WEP encryption stage.
View 8 Replies
View Related
Jun 27, 2012
I'm using comcast broadband, motorola SB6121 modem and a edimax br-6424n wireless router.I set up everything myself and it worked great for 3 weeks.Usually, I have 2 laptops connected and iPad.[CODE]
View 1 Replies
View Related
Feb 2, 2011
I have second hand motorola surf board and it has been deactivated from the company. how can i reset it and activate it to my computer manually.
View 6 Replies
View Related
Jan 1, 2013
simbageo[at]sbcglobal.net I had a razr cell phone and it connected to ford sync in my 2012 escape correctly. I tried to connect my motorola cdm-9000 to ford sync and it tells me the phone is not found... I realize the Motorola is an old cell phone.. Doe's it even have a blue tooth capability? My understanding that the cell phone has to have bluetooth capability to connect to for sync.. Is that correct?
View 2 Replies
View Related