Cisco :: AP1252 AG And Radius Server

Jun 8, 2011

i have problem with my 3 new cisco AP1252AG and Radius server (windows 2000 IAS).On the 3 AP, i have two ssid :,One with Wpa pre-shared key,the other one with EAP/radius,the one with preshared key works well  but the other have some trouble, here is the error message ,i have check the shared secret in radius and ap and it's ok.The error appears randomly.

View 1 Replies


ADVERTISEMENT

Cisco Wireless :: AP1252 Can't Join On WLC

Apr 8, 2012

WLC software 7.2.103.0
 
1. first problem: AP1252 can´t join on WLC. MAC was add on mac filter properly.
 
170Mon Apr 9 15:37:32 2012Mesh Node '2c:3f:38:be:53:ef' failed to join controller, MAC address not in MAC filter list.171Mon Apr 9 15:37:32 2012AAA Authentication Failure for UserName:2c3f38be53e0 User Type: WLAN USER172Mon Apr 9 15:37:32 2012Coverage hole pre alarm for client[1] 40:a6:d9:ef:87:68 on 802.11b/g interface of AP 2c:3f:38:bf:0c:80 (AP2c3f.38bf.0c80). Hist: 46 7 5 4 2 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0173Mon Apr 9 15:37:32 2012Coverage hole pre alarm for client[1] 8c:7b:9d:05:a0:67 on 802.11b/g interface of AP 2c:3f:38:bf:0c:80 (AP2c3f.38bf.0c80). Hist: 50 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0174Mon Apr 9 15:37:30

[code]....

Several APs can´t join on WLC and all are added on MAC filter, but they are showing this messages.  
 
2 . Second problem.:  Operational Status = UNKNOWN

Some Access Point are in UNKNOWN status. I tried but I can´t do the reboot. I can access Web config the APs using WLC, but when I applied the reset, it wasn´t working properly.

View 2 Replies View Related

Cisco Wireless :: AIR-AP1252-AG-A-K9 Access Point

Jan 16, 2012

have Cisco AIR-AP1252-AG-A-K9 Access Point and 5GHZ radios are not working but interface status showing is up and running but signal is very weak I think it's working through only internal antennas when i connect external antenna even the signal is very weak and i am using external antennas air-ant5135dw-r=.  What is the exact problem of that 5ghz radios.  I have tried through external antenna gain 9,11 and 27, and all i tested but not working.

View 7 Replies View Related

Cisco :: AP1252 - Authenticating Client Computers Onto Wireless Network?

May 22, 2013

I am having problems authenticating client computers onto the wireless network using a Cisco AP1252 via radius
 
Setup:

I have a Cisco AP1252 wireless Access Point connected to a Cisco ASA5510 on subnet X.X.5.Z    The access point ip address is X.X.5.101

The ASA on another port is also connected to the wired network on a different subnet X.X.0.Z
 
On the wired network are two radius servers - Ubuntus servers running freeradius which are running fine and reliably authenticate wired users for ssh connections to the ASA and importantly to the AP1252 as well (The radius servers ip addresses are X.X.0.191 and X.X.0.192)
 
Problem:

When a wireless user tries to connect to the wireless network via the AP1252 after being disconnected form it for a while (or after waking from a long sleep) they are never authenticated. They just try over and over and never obtain an IP
 
Interestingly in such a case neither Ubuntu server shows any sign of receiving an authentication request from the AP  - Both ubuntu servers are running in debug mode so they show any activity - there is none

Oddly:

If i try to authenticate a user wirelessly to the AP and leave it in the usual state of trying over and over (with no visible activity on the ubuntu servers) BUT then go to a wired machine and attempt to authenticate an ssh connection to the AP1252 using a terminal command     ssh user1@X.X.5.101   THEN as soon as I hit enter on that request (and before I enter a password for the ssh connection) THE WAITING WIRELESS USER IS IMMEDIATELY AUTHENTICATED (and the ubuntu server shows the authentication activity for the wireless user

I really do not understand this and cannot use this method to facilitate wireless user authentication 
 
What might be causing this behavior - it seems like the AP sleeping and the wired ssh request wakes it up so that it sees the pending wireless user waiting and then acts on that completing the wireless user authentication request.

View 11 Replies View Related

Cisco Wireless :: AP1252 Intermittently Blocks ARP Requests From Wired LAN

Jul 12, 2012

I am having connectivity/stability problems with wifi clients, using 14 accesspoints (Cisco AP1252). All wifi clients are impacted, no matter which AP they are associated with.
 
Symptoms :
------------------
- client associates to a ssid, everything runs fine
- all of a sudden, the client begins having problems contacting certain LAN servers, while others still work.
- after a little while, situation comes back to normal
 
After hours (and days..) of testing and troubleshooting, I have nailed the problem to be at the AP1252 level. When the client experiences problems, he does not receive Broadcast traffic (thus, he cannot respond to the ARP requests from the server he is trying to contact).
 
While the client was experiencing the problem, I have configured a port on same switch, to act as a monitor port for the AP he was associated to at the time :   it seems to me that the accesspoint DOES receive the broadcasts ARP at all times.  Only sometimes it prevents them from reaching the wireless clients.. I did a tcpdump on 2 different clients who were associated to the same accesspoint :  both were not getting the broadcasts from the lan.
 
Tcpdump arp from a wireless client (172.30.2.32) :

View 2 Replies View Related

Cisco :: Free Radius Server For Lab?

May 1, 2012

Any free radius server for lab purpose?

View 5 Replies View Related

Cisco :: Configuring RADIUS Server For It?

Jan 25, 2012

Does anyone have or know of a tried and true method of configuring a Windows Server 2008 box to provide authentication/accounting services for Cisco devices. I've read a few websites already and a lot of them seem to be geared toward VPN and some of the settings each site goes through are different.I've got NPS installed and a RADIUS client configured with the shared key. Right now I'm in the process of creating the Network Policy which only allows a Windows "admin" group to log in. Curious about the "Constraints" section where the NAS Port Type is selected and the "Settings" section where the service-type and vendor specific options are configured.

View 18 Replies View Related

Cisco :: How To Configure Radius Server

Oct 15, 2012

How to configure Radius server on router in packet tracer

View 1 Replies View Related

Cisco WAN :: Best RADIUS Server For 802.1x Wired Authentication?

Sep 2, 2012

which is the best RADIUS server for 802.1x wired authentication?

View 1 Replies View Related

Cisco :: WAP4410N Not Talking To RADIUS Server

May 13, 2013

I am trying to configure a WAP4410N, with latest firmware, for disabled security (i.e.: no WEP/WPA, user passwords etc) but enable MAC authentication control using RADIUS.If I test the WAP using disabled security and disabled authentication control, the WAP works fine. When I enable the RADIUS MAC authentication (ensuring I have entered the correct RADIUS server details) nothing happens, the WAP connection just fails. Also, the RADIUS server doesn't log any attempts from the WAP to connect.Is there a known problem with this WAP simply not working with RADIUS under this configuration?

View 1 Replies View Related

Cisco :: Can Aironet1040 AP Set Local Radius And Act As Server

Mar 7, 2012

I am testing a Aironet1040 in AP setting. During the process of trial run of GUI on this 1040, I saw a local radius setting and it can set something like FAST-EAP.
 
Is it after using this setting (plus other steps), I can set this Aironet1040 as an AP with the capability of simple Radius Server for authentication purpose?
 
If not by this way as I mentioned above, can Aironet1040 be set as simple Radius Server? This is because if it can set as simple Radius Server and not need to work with an external Radius Server, that would be great and save trouble to find another server.

View 5 Replies View Related

Cisco :: EAP-TLS With Radius Server Configuration (1130AG)

Jan 24, 2013

I am currently trying to get eap-tls user certificate based wireless authentication working. The mismatch of guides im trying to follow has me coming up trumps with success so far.
 
My steps for radius:- (i think this part ive actually got ok) [URL]
 
Steps for the wireless profile on a win 7 client:- this has me confused all over the place [URL]
 
My 1130 Config:-
 
[code]
Current configuration : 3805 bytes
!
! Last configuration change at 11:57:56 UTC Fri Jan 25 2013 by apd

[Code].....

View 14 Replies View Related

Cisco WAN :: 2811 How To Configure RADIUS Server Using CLI

Oct 28, 2012

I have a 2811 router and how to configure a RADIUS server using the CLI.

View 3 Replies View Related

Cisco :: 5500 - Changing Radius Server

Nov 19, 2012

We are retiring our current radius server. It is windows 2003 IAS server (also a DC) that we use for 802.1X authentication. We are moving to server 2008r2. I have already installed NPS and Network Authentication services on the server.

On the existing IAS server I exported the settings (using iasmig reader.exe) and was able to import the profiles (I see the 5500 as a radius client etc) Our 5500 is still pointing to the old server.
 
Is it as simple as changing the ip of the RADIUS server to point to the new server? It looks like I actually have to add the new server and create a new pres hared key on the NPS server but only find documents on adding a new 5500 (vs flipping it to a new NPS server).

View 9 Replies View Related

Cisco :: WLC 2504 With RADIUS Server Authentication And EAP-TLS

Mar 6, 2013

Can the 2504 WLC be configured to work with one RADIUS Server for Authentication of Management Users and with a second server for 802.1x EAP-TLS certificate authentication for the end users.
 
Management Users will authenticate on RADIUS Server 1.Wireless End users will request 802.1x EAP-TLS authentication certificate from AAA server 2.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: 5508-WLC Using MS NPS As RADIUS Server For EAP-TLS

May 18, 2011

getting a Cisco WLC to work with MS NPS server? We've done it before albeit with differnt code versions.
 
I have a Cisco 5508 WLC running 7.0.116.0 code hosting a WLAN configured for WPA2 with 802.1x for authentication.  I have two Windows NPS servers configured as the RADIUS servers for EAP-TLS authentication. Via debug info on the WLC I can see the 802.1x handshake take place with the wireless client and the WLC as well as a successful transmission of an Authentication Packet from the WLC to one of the RADIUS servers. However on the WLC I see repeated RADIUS server x.x.x.x:1812 deactivated in global list and on the NPS server I'm seeing event log errors indicating "The Network Policy Server discarded the request for a user"  along with the pertinent auth request info that I would expect the NPS server to receive from the WLC.  Based on the WLC debug info I'm never actually getting to the EAP-TLS certificate authentication part. It seems the NPS servers don't like the format of the initial RADIUS authentication request coming from the WLC and so don't respond whcih in turn casues to WLC to switch to the other NPS server which produces the same issue.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 / ISE As Standalone RADIUS Server

Apr 7, 2013

Is there any way to set up our ISE to provide Radius instead of acting as Radius Proxy? In our Company we use ACS 4.2 to provide AAA via Tacacs+ and this works proper with all our Cisco-Switches. Now we are testing the ISE 1.1.1 as NAC-Solution.
 
I know how to set up the ISE as 'Radius Proxy', configuring the Sequences and Policies, but till now we are using only Tacacs+ for AAA. The current version of ISE does not support Tacacs+ and I don't want to set up a Radius-enviroment in ACS if not necessary. Somewhere ( I think the specs) I read, the ISE is a merge of ACS and NAC. So in my Opinion there should be a way to provide AAA via Radius on the ISE without ACS and without 'Radius Proxy'.

View 2 Replies View Related

Cisco :: Possible To Have ASDM And SSH Authenticate Via Different Means On RADIUS Server

Apr 3, 2013

Is it possible to have ASDM and SSH authenticate via different means on a RADIUS server? In particular, I have a single aaa-server group that's used for both ASDM and SSH, but I want to limit ASDM access to only a particular group in Active Directory (for example). I looked at various different requests (from the server's perspective) to see if there was a way that they (ASDM requests and SSH requests) were differentiated but was unable to find any. It would be ideal if there was something inherent about the RADIUS request coming from ASDM vs SSH so that I could build that decision making into the RADIUS server.I know I could do this by just using a different aaa-server group for each access method, but I want to avoid that if possible.

View 7 Replies View Related

Cisco Wireless :: 5508 WLC With ISE As Radius And Also External Web Server

Jan 30, 2013

I am biulding a wireless network with 5508 WLC and trying to use ISE as radius server and also to redirect the web-login to it.I was trying to understand that to achieve the external web-login, do i need to use the raduius-nac option under advanced on the guest wireless where i am trying this out. and if not, where do i actually use it?So far what i have understood that i do need to have preauth ACL on the Layer 3 security, but the issue is there is no hit reaching the ISE.

View 9 Replies View Related

Cisco VPN :: ASA 8.4.x - Sending A Client Attribute To Radius Server

Dec 11, 2011

I'm using an ASA version 8.4.2 and a Radius Server.
 
Is-it possible to configure ASA for sending the name of the connection profile to the Radius Server ?
 
By default, the radius server doesn't receive this information.

View 1 Replies View Related

Cisco Wireless :: Radius Server Requirement With Wlc 2504?

Jul 12, 2012

I want to know if its nessary to install Certificate authority on your radius server. If we have a CA server already in the domain can we use that for this purpose or we have to install certificate authority on our DC. 

View 1 Replies View Related

Cisco Wireless :: Radius Server Authentication AIR-AP1231G-A-K9

Apr 30, 2012

Below is he output from debug radius authentication from my AP.
 
I can see request is forwarding from AP to radius but Radius is not sending any response.Not sure why its not responding.
 
I also did not under stand few out outputs also
no sg in radius-timers and
RADIUS/DECODE: parse response no app start; FAIL
what does it mean.
 
I  restarted radius server , changed secret key but no luck.
 
019639: May  1 16:15:08.727: RADIUS:  User-Name           [1]   32  "host/3KYGRH1.idcap.intdata.com"
019640: May  1 16:15:08.727: RADIUS:  Framed-MTU          [12]  6   1400
019641: May  1 16:15:08.727: RADIUS:  Called-Station-Id   [30]  16  "0012.01d6.f691"
[Code]...

View 4 Replies View Related

AAA/Identity/Nac :: Turn Cisco 877 Router Into RADIUS Server?

Apr 22, 2011

I was just wondering if it was possible to turn a cisco 887 Router into a RADIUS Server. What i wanted to do was setup my wireless AP to authenticate using RADIUS, but didn't want to setup another server for the purpose.

View 1 Replies View Related

Cisco Security :: AAA Authentication Radius-Server 3750e

Aug 13, 2012

I'm able to setup my 3750e switch to login through a radius server with my company user id and password but would like to be able to set it up that when I log in it drops me on the enable prompt. Right now I have to type >en.Then the enable password. 

View 1 Replies View Related

AAA/Identity/Nac :: Possible To Send VSA From Radius Server To ASA-5505

Oct 26, 2009

Wondering if it's possible to send a VSA from my radius server to my ASA-5505 that will instruct the ASA to use one of several split tunnel lists I have created, based on the user name supplied in the Radius request.For example, I can send a VSA of "ip:inacl#1=permit ..." and the ASA will dynamically create an access-list for that user.Is there a similar VSA for split tunnel?

View 8 Replies View Related

Cisco Wireless :: C1200 Client Authentication Is Against RADIUS Server

Jan 9, 2013

i am trying to connect clients to my AP1231 which is running C1200 Software (C1200-K9W7-M), Version 12.3(8)JED. Client authentication is against RADIUS server. [code]

View 3 Replies View Related

Cisco :: How To Set Up 2008 (NPS And NASs) RADIUS Server For 802.1X Wireless Clients

Sep 25, 2012

how to set up 2008 (NPS and NASs) RADIUS Server for 802.1X Wireless clients.

View 1 Replies View Related

Cisco Wireless :: Configuring RADIUS Server On 2500 Controller

Dec 3, 2012

We have recently installed Cisco for our wireless solution. We are an education and are looking to let staff and pupils bring their own devices. The route that we are planning to take to let them join the school's WiFi is to implement a RADIUS server so that they can authenticate with their Active Directory username and password. I have tried to test the solution but so far without any success. I am using a Windows Server 2008 R2 as my NPS server, I have setup the Cisco controller as per below:
Security Tab | RADIUS | Authentication - I added my windows server there and the preshared key, the Network User and Management is ticket and the server responds to a ping command,In the WLANs Tab, I selected my test WLAN and under Security | AAA Servers I selected the RADIUS server that I configured in the Security TabI then try to logon to my test WLAN and on the Cisco WLAN controller I get the following error: AAA Authentication Failure for UserName:test User Type: WLAN USER 
Before trying to tinker with policies on the Windows Server I was wondering if the RADIUS is correctly setup on the Controller or have I missed something obvious?

View 6 Replies View Related

Cisco :: WLC 2106 - Take Group B And Point It To A Radius Server For Authentication

Dec 13, 2011

In the WLC there are two groups (say A and B).  How would I take group B and point it to a RADIUS server for authentication? The server is ping reachable.  I have searched  but did not see any definitive answer.

View 3 Replies View Related

Cisco :: 5508 RADIUS Server Failed To Respond To Request

May 22, 2013

We are experiencing a lot of these RADIUS failed to respond messages on our WLC's leading to a lot of RADIUS server hopping within the WLC.We are using Cisco 5508's, 1142 AP's and a Microsoft NPS RADIUS backend. SSID is WPA2+802.1xThe first workaround to this problem was to disable aggressive failover on the WLC. But this is only a temporary fix, because in the end, there will be more than 3 consequetive clients, failing to authenticate to the WLAN network. As a result, the WLC will swap to the 2nd RADIUS server configured.When we dived into this a little bit more we saw the following messages being logged on the RADIUS backend at the time we saw the RADIUS messages on the WL:Event ID: 6274: Network Policy Server discarded the request for a user.

View 16 Replies View Related

Cisco AAA/Identity/Nac :: CiscoSecure ACS V4.2 RADIUS Logs Upload To FTP Server

Apr 24, 2013

I am using CiscoSecure ACS v4.2 appliance, in there any way that RADIUS logs upload to FTP server because it has limitation to store RADIUS logs.

View 15 Replies View Related

Cisco AAA/Identity/Nac :: Configure ACS 5.4 As Radius Server For Network Access

May 1, 2013

I'm trying to configure ACS 5.4 as radius server for network access (PPP connections).In monitoring and reports the users have green color , but the clients cannot send data. Auth method is CHAP/MD5.
 
Allowed protocols are set to CHAP and PAP only.

View 5 Replies View Related

Cisco :: WLC 4402 Web-authentication Fail With External RADIUS Server

Jul 3, 2007

I follow step by step the link bellow to configure web-auth with external RADIUS server but I receive a error on console debug of the WLC "Returning AAA Error No Server (-7) for mobile"My Radius Server is fine, because I can authenticate on WLC Web page with RADIUS user.  WLC 4402 version 4.1.171.0 [URL]

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved