Cisco :: ACS 3.3 / Configure WLAN Authentication On WCS To Prompt Users About Credentials
Aug 28, 2012
I'm trying to configure WLAN authentication on my WCS to prompt users about their credentials.I'm using a Windows 2008 NPS as Radius server but I can also use a Cisco ACS 3.3 if needed.With each setup I tried, the credentials are sent automatically to the Radius server using the Windows user session credentials.How can I force the WCS to ask for a username and password before sending them to the Radius Server ?
View 4 Replies
ADVERTISEMENT
Nov 13, 2011
What i want to do is simple. Being able for any member of Administrators group to authenticate on our ASA5510 based on the AD credentials.
What is correct CISCO procedure for that?
View 1 Replies
View Related
Jan 9, 2012
Having issue with WLC 5508 using ACS 5.2 tacacs+ protocol to do device management.The problem statement is after key in the username and password on the WLC login page, it is endlessly prompt for authentication on WLC. Whilst on ACS monitoring and reporting i able to see it is successfully authenticated, shown at AAA protocol > TACACS+ Authentication.On ACS, the shell profile for this is setting role1 , value = ALL.
View 3 Replies
View Related
Sep 19, 2012
My customer has multiple sites, each with a 2504 WLC.A data center with a 5508 in the DMZ acting as Anchor for the remote sites.ACS 5.x and NCS Prime.All guest users will egress to the internet via a Vlan in the DMZ.Authentication is currently web-auth on the Anchor, but will move to NCS once that is fully deployed.
Is it possible to put a printer in each site for Guest WLAN users to use?
View 3 Replies
View Related
Mar 19, 2012
How to configure the ACS5.0 radius for remote access VPN authentication.
And how could I implement the IP Pools for the VPN users.
View 4 Replies
View Related
May 19, 2011
I have a guest network and lately I have been experiencing troubles with some users.The symptom, as I create a username and password and type'em in a laptop the authentication fields in the web authentication page don't keep the data as if I didn't type anything
WLC 4402-50
Version 7.0.98.210
View 7 Replies
View Related
Apr 23, 2012
Do you know if it's possible to use ACS 5.x in such manner that the admin users (so not the end users, but the administrator users of ACS) are authenticated against and external database, like Active Directory?
View 2 Replies
View Related
Mar 14, 2013
I'm working with a cisco wlc and acs 5.3 . I have two profile or ssid's and one of them is working with web authentication and the accounts exists in the local database of cisco acs.
I'll would like to know how can i should configure mac authentication on the cisco acs 5.3?
My purpose is authenticate users first by mac, and second by the account of local users in the cisco acs.
View 10 Replies
View Related
Dec 22, 2012
Using Cisco ASA I want the ssl clientless vpn users to be authenticated through a local Radius-Server. but it does not work, and on asa while i want to see (Debug Radius) output, there is no debuging msgs displayed. When i try to test the user which i have created on the ACS-Server 4.2, the test gets successful. where i have made a mistake in my configuration ?
View 2 Replies
View Related
Aug 23, 2012
I am running Cisco ACS 5.1 802.1x with certificate based authentication for Wired and Wireless connections. The issue that I am having is that when a user comes in from home with their laptop the wireless connection works, they pass the authentication and have network access fine. But when the plug the laptop into a docking station the LAN connection fails and gets put in the Auth Failure Vlan. A reboot of the phone/ shut/no shut fixes this, but I really need to find a resolution.This is an intermittent fault and only effects users with both LAN and WLAN enabled. Running ACS 5.1.0.44, all Cisco 3750s - c3750-ipservicesk9-mz.122-55.SE.Certificates are issues by group policy and only using computer authentication.
View 2 Replies
View Related
Jul 4, 2012
I have Cisco WLC 2504.I was configured one wlan with external web-authentication.External web server is apache on freebsd.When user connect to wlan and open web browser, wlc redirects client to external web page, where client must input hist credentials.When client click "submit" button on external web auth page, wlc initiates RADIUS request to radius server.Radius server(freeradius) is on the same server, where apache running.
sometimes, when client enter credentials on external page and click "submit" button, wlc suddenly redirect client on internal default auth page.
View 14 Replies
View Related
May 20, 2013
I have a aeronet 1250 access point and i have a windows 2003 radius server configured to authenticate users. I need to configure the access point for radius authentication .
View 1 Replies
View Related
Jul 1, 2012
we have TACACS+ based AAA on our network equipment, authenticating against internal user database on a network of ACS 5.3s.What I want is to limit certain AAA users (namely automated tools) to be only permitted to authenticate from a list of known IPs.I can do this for authorization, easily, that isn't a problem. The problem is to only accept authentication attempts coming from certain IPs and ignore the rest. My problem is, as it is currently, the automated tools are prone to a sort of a DoS attack - if I attempt logging in to any device using the tool's user account and a wrong password, I can get the account disabled in five tries.
I want to ignore all authentication attempts, unless they are coming from well known source IPs.Ex: netmon user is the user for a tool running on server 10.20.30.40. If I try to log in from my own laptop with user netmon, it should fail, and the attempt ignored. Currently after five (or whatever is configured) failed attempts, the user will be disabled. Oly attempts from 10.20.30.40 should be considered for user netmon.I can't use ACLs on the devices, as I want other users to be able to log in from other IPs.
View 4 Replies
View Related
Feb 8, 2011
how to chance the web authentication certificte on WLAN 2100 controller. My users are complaining that they need to accept the security certificate before proceeding to the actual authentication?
View 4 Replies
View Related
Jul 18, 2012
I have a strange situation on my guest wireless LAN.The guest WLAN is configured as an SSID "GUEST" on Cisco 1142 lightweight APs, with WiSM controller and WLC software version 7.0.230.0.
For simple Internet access using this SSID, we have a web policy, which causes a web page to be displayed when the user opens his/her browser, and on this web page, the user must click on an "Accept" button in order to accept the terms and conditions of use. Once the user accepts, the browser will then go to the web site which the user wishes to open. When using this mode of access, everything is fine.
However, there is also a pre-authentication ACL, which allows certain types of VPN traffic to reach the Internet without the user being required to accept terms and conditions. The ACL allows ESP, IKE (UDP/500), IKE over UDP (UDP/4500), DNS, HTTPS/SSL (TCP/443), DHCP client and server (UDP/67,68).The pre-auth ACL actually works as intended; and the ACL traffic is NOT allowed when the ACL is removed. This is exactly as it should be.
However, when using, for example, a VPN client such as the Cisco VPN client, or the Cisco AnyConnect client, via this guest SSID without user acceptance, the WLAN regularly and predictably stops passing traffic. This is 100% repeatable and predictable; it happens every 300 seconds, or possibly slightly longer. I have only used my PC clock to time it so the timing isn't all that accurate but I'm sure it's within a few seconds.
Given that the problem happens at the same time interval and is constant, I guessed there must be some configuration item which needs to be altered, but I've looked extensively at the controller GUI (we actually use WCS here) and I can't see anything that looks even remotely related to this.
View 5 Replies
View Related
Apr 4, 2013
I have several 2602 AP's that I want to operate in FlexConnect mode. The WLC is at a central HQ and the Ap's are remote. There are central radius servers at the HQ for the wlans. At the remote lcoation, there is a local radius server we want to use for the primary radius server for these AP's. This radius server has been added to the WLC. I have setup a FlexConnect Group, designated the the primary and secondary servers, and then added the AP's to the group. It does not look like radius requests are being sent to the local controller.
For this to work, do we have to check the box under the wlan for FlexConnect Local Auth? Currently, we only have FlexConnect local switching selected.
View 8 Replies
View Related
Feb 26, 2012
I have a Linksys E3000 Duel Band router running on 12mbps of cable internet service. I just did an inventory of my household. I was in SHOCK!!! 20 frigging items that are setup to connect to the router.Items are: Wireless Printer, 3 Phones, 5 Laptops, 3 Ipod Touches, 2 Ipads, Nook, Kindle, Roku video streamer, Wii, Xbox 360 and one LAN wired desktop.I keep having issues with these in no particular order getting network error message and not working. I am rebooting the cable modem twice a day at times. Is this normal? Is there anything out thereconfigure my router for optimal performance and security. I would like to have the roku and xbox360 (espn live video) to have the most bandwidth so there is limited to no buffering for watching the video streaming
View 1 Replies
View Related
Mar 30, 2013
1 router 881w with a site-to-site VPN connected to a switch and a wireless which allows internal users to access the VPN via wireless (this is like a backup, if the switch fails, then they can use the wireless). Everything's working fine so far. Now I want to configure a second WLAN for guest but I'm not really sure if this configuration will work:
ROUTER:
ip dhcp excluded-address 192.168.100.1 192.168.100.200
!
ip dhcp pool GuestNetwork
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 8.8.8.8
[code]....
If it's not clear I want that everyone that is connected to the guest WIFI receives an IP address from the range I wrote before and then goes directly to the internet.
View 11 Replies
View Related
May 19, 2011
How can I configure the wireless not to be shown for users,but used by them? On a Cisco 1242AG I mean when someone do a wireless discovery not see my wireless name, but typing the name be able to connect it.
View 5 Replies
View Related
Jun 25, 2012
how can i configure the SSL VPN users connexion to connecte from my remote PC (Windosws 7 32 & Internet Explorer
View 1 Replies
View Related
Apr 16, 2013
I have ACS 4 integrated with RSA 6.1, where users of ACS can authenticate their passwords with the rsa server.I am migrating users to ACS 5, and I want to integrate with rsa.
I am configuring rsa as “rsa secureID token servers”.But how should I configure the users on acs to authenticate the password with rsa?
Previously on acs 4, on the user page, in password field, I select authenticate with external DB, Also, any guide for the config on rsa 6.1 side (with acs 5)
View 1 Replies
View Related
Aug 19, 2011
I need configuring Cisco RV042 dual wlan and port forwarding for 2 servers web and dns in LAN
View 1 Replies
View Related
Apr 24, 2012
i recently bought a hp 1219 model laptop with windows 7 ultimate...but i am not able to start wifi connections..i guess there is some installations for wifi drivers to make but when i tried it is not getting installed too.
View 1 Replies
View Related
Jul 26, 2012
I have an auditor wanting a screenshot of all users that have acces to configure our firewall, I am unfamiliar with 5.1. Is there a way of running such a report on a paticular device?
View 1 Replies
View Related
Mar 14, 2013
My client wants to test their new product with wireless authentication 802.1x EAP TTLS. They have CISCO WLC 2504. If CISCO WLC 2500 support EAP TTLS, if yes then how to configure.So far I have added Radius TTLS server into my WLC. Under Radius on WLC added radius server IP and key and created new SSID 802.1x WPA+WPA2 ( WPA policy2 and WPA encryption AES) after that under SSID AAAservers selected drop down same server IP.But user tried and didn’t work also we didn’t see any hit on radius server. Yea policy has added on radius.My client wants to use TTLS instead of TLS because in TLS you have to use client certificate on client side but on TTLS you can use certificate on client side but it is optional. So they want to stick with TTLS. But I am not seeing any documentation on TTLS with cisco WLCMy android phone galaxy II has TTLS option under EAP 802.1x, so android devices support TTLS.
View 2 Replies
View Related
Mar 13, 2012
Is there away to configure ACS 4.2 to only allow certain EAP-type of authentication per SSID? For example: SSIDA - only allows EAP-TLS and SSIDB - only allows EAP-PEAP on the same ACS server?
View 1 Replies
View Related
Jun 9, 2012
Can we configure the wireless controller 5508 to authenticate the clients using both of MAC address Filtering (layer 2 security) and Web authentication (layer 3 security). and what is the difference between (Web policy --> authentication) and (Web policy --> on MAC filter failure)
View 6 Replies
View Related
Feb 3, 2010
Wireless service on Dell laptop computer had been running fine for 4.5 months until underground Comcast cable failed, presumably due to freezing and thawing in cold New England soil. All Comcast service went out, TV, Internet cable modem, etc. Service was restored with above ground cable, and wireless service returned to other devices in household, but not the Dell laptop. I am wondering if my wireless card itself was damaged in the event, as no software fixes I have tried have worked. However, the device manager says the Dell Wireless 1397 WLAN Mini-card is working properly and the driver software for the service is up to date.
Some of the messages I have received from various command line and dialogue box attempted fixes:
Dell Wireless 1515 Adapter Device Not Found
There are currently no wireless adapters available and enabled
Cannot repair adapter because wireless service is not running
Windows could not start the WLAN AutoConfig service on Local Computer
Error 0xc00 ce508 : 0x00 ce508
There might be a problem with one or more network adapters on this computer
When I did this
>Set Autoconfig Enabled=Yes Interface=”Wireless Network Adapter” <enter>
The response was this
>The Wireless Autoconfig Service (WLANSVC) is not running
When I was in administrator mode and ran SFC/SCANNOW the response was this Windows Resource Protection found corrupt files but was unable to fix some of them Details are included in the CBS.Log WindirLogsCBSCBS.Log For example C:WindowsLogsCBSCBS.Log Other command line responses:
Wireless LAN Adapter Wireless Network Connection:
Media State… Media disconnected
Tunnel adapter Local Area Connection* 6:
Media State… Media disconnected
Tunnel adapter Local Area Connection* 7:
[code]....
Other information about the computer:
Inspiron 1545, Dell BIOS version A10, BIOS date 7/17/09, running Microsoft Windows Vista Home Premium, Processor Pentium (R) Dual-Core CPM T4200@2.00 Ghz, Network Card Adapter Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller, Wireless 1515 WLAN Half mini card (Atheros).
View 1 Replies
View Related
Apr 4, 2012
How does one configure the router so that Internet users can access internal company websites? The only thing that appears is the Cisco router login. Also I need to configure Terminal Services and its not on the list under Service.
View 2 Replies
View Related
Mar 14, 2013
My client wants to test their new product with wireless authentication 802.1x EAP TTLS. They have CISCO WLC 2504. Does CISCO WLC 2500 support EAP TTLS, if yes then how to configure. So far I have added Radius TTLS server into my WLC. Under Radius on WLC added radius server IP and key and created new SSID 802.1x WPA+WPA2 ( WPA policy2 and WPA encryption AES) after that under SSID AAAservers selected drop down same server IP. But user tried and didn’t work also we didn’t see any hit on radius server. Yea policy has added on radius. My client wants to use TTLS instead of TLS because in TLS you have to use client certificate on client side but on TTLS you can use certificate on client side but it is optional. So they want to stick with TTLS. But I am not seeing any documentation on TTLS with cisco WLC
View 8 Replies
View Related
Aug 18, 2011
how do i configure user authentication via TACACS on UCS 1.4 with ACS 5.2? My TACACs connection works, and my user authentication is successful, but i can only get read-only rights. I have tried several versions of "cisco-av-pair= role=admin" both as mandatory attributes named role and as cisco-av-pair=role , with "admin" as the value, and i still get read-only.
When i attempt to find any documentation, it only describes ACS 4.2, which is another problem i have with most documentation for new cisco products (i have this exact issue with my NAMs, nothing i do to change the attributes results in successfully logging into the NAM, and all config guides are written in 4.2 speak).
is there any possiblity cisco is going to release some documentation on how to convert 4.2 speak to 5.2 speak?
View 8 Replies
View Related
Jan 20, 2012
I have cisco aironet 1200 series Acess point i want to configure wep with mac authentcation .
If any document with GUI configuration
View 11 Replies
View Related
Mar 14, 2013
My client wants to test their new product with wireless authentication 802.1x EAP TTLS. They have CISCO WLC 2504. Will CISCO WLC 2500 support EAP TTLS, if yes then how to configure.
So far I have added Radius TTLS server into my WLC. Under Radius on WLC added radius server IP and key and created new SSID 802.1x WPA+WPA2 ( WPA policy2 and WPA encryption AES) after that under SSID AAAservers selected drop down same server IP.But user tried and didn’t work also we didn’t see any hit on radius server. Yea policy has added on radius.
My client wants to use TTLS instead of TLS because in TLS you have to use client certificate on client side but on TTLS you can use certificate on client side but it is optional. So they want to stick with TTLS. But I am not seeing any documentation on TTLS with cisco WLC?My android phone galaxy II has TTLS option under EAP 802.1x, so android devices support TTLS.
View 1 Replies
View Related
