Is there any way to change a setting which causes a user logged in to the web browser interface (or connected via ssh) to have to re-authenticate. Im getting annoyed by being disconnected from the AP and having to re-authenticate.
View 1 RepliesIs it possible to Change IOS of 1252 LWAP AP to Autonomous AP? I have seen some documents for changing Autonomous AP to LWAP and change back procedures.
View 4 Replies View RelatedI am configuring a mobile van that is used for a mobile health clinic to drive to several locations and when pulling into an allocated parking spot the van will connect via wireless automatically. I am using autonomous 1252 AP's and am considering either briding or workgroup bridging.
The issue I am encountering is that the AP inside a van is a router that has to do DHCP across the wireless and because the ethernet interface between router and AP in the van never goes down the router does not know to re-DHCP. I remember from way back there was an IOS command to track a serial interface and drop the ethernet if the serial link goes down. Is there an equivalent command for AP's to drop the ethernet interface if the radio interfaces go down?
I have three Autonomous AP´s in a small office running voice applications, all of them are connected to the same infrastructure switch and they have same configuration, voice Vlan is configure to open authentication. I have two models of AP 1252 and 1262 and I paste Radio configuration below.
First issue: During calls users are facing problems when roaming between AP´s, and eventually calls are dropped.
Second issue: Sometimes one of these AP´s(1252) lose all transmit signal and when return I got authentication error on log.
I have a Cisco WLC 5508 managing several 1252s in lightweight mode. There is a portable across campus that has a standalone network but no cabling to tie in to the corporate network. I have another 1252 that is in autonomous mode. Could I essentially configure that as a bridge with the same security and SSID in order to bridge the corporate WLAN? If not, what are my options?
View 4 Replies View RelatedI am having some difficulties on finding information on how to setup two Cisco 1252 autonomous access points, via the command line. I am not having any luck finding steps on how to go about doing this and was curious if any one would be willing to give some insight. I am working on taking two of them setting one up as the root bridge and the other as non-root.
View 3 Replies View RelatedI have inherited the support of an ASA5520 running 8.0(3)12 code and I believe I have a pretty simple question here that I haven't been able to figure out on my own. I have a few users that connect to the box via IPSEC VPN client connections. They want to be able to leave up a RDP based connection, for monitoring purposes, for a most of the day, but thier RDP connection keeps getting discounnted after a few hours. The VPN connection never gets disconnected, just the RDP session running through it. I have another box running 8.0(4) code and they can leave up the RDP sessions as long as they like without getting disconnected from the server(s). I have compared the configs of both boxes and don't see any glsring differences in regards to the configuration that would cuase the RDP sessions to either to stay up or be disconnected after an inactivity type scenario.
What to look for in regards to identifying the timer that is disconnecting the RDP session after a period of time.
We are trying to configure our 2106 wireless lan controller to expire wireless users sessions so the user is not remembered indefinitely. We are using freeradius to validate the users login information and passing back a "session-timeout" avpair but the WLC seems to be ignoring this value.
How to configure the session expiration time of wireless users on a 2106?
We're having trouble trying to deploy 802.1x authentication on a brand new site.
Our primary and secondary ACS are located in Paris and the new site located in Toulouse, France. Both sites are connected through the WAN. Everytime a computer/user connects to this new site in Toulouse, ACS 5.2 sends a "5411 EAP session timeout" error message.
I have a DIR-825 with 2.60VT firmware (rented from Videotron).
Even though the manual says the stateful firewall should have a timeout on connections of 240 seconds or 7800 seconds, all of my connections start at a mere 120 seconds. I'm having trouble with IMAP IDLE pushing e-mails because the connections timeout so quickly (before any stay alive can be sent). A connection to the e-mail server gets opened on 143 (Videotron) or 993 (encrypted - google, e.g.), and I see the connection on the Internet Sessions page, the timeout starts at 120. When it hits 0, the connection is no longer displayed (it is not renewed), and the IMAP IDLE ****s out because the server can't find the client (i.e. the connection has been closed). But it's not just on those ports or servers. ALL of my TCP sessions begin at a mere 120 seconds! Even for a home router, isn't this way too low?
confirm that their DIR-825, on the Internet Sessions page, shows initial timeout values of greater than 120 for a TCP connection? I would love to see a picture of that screen showing higher values. Does it start at 240? Do you ever see a connection start at a timeout of 7800?
I see no way of changing the timeout value. Is it possible to force connections on certain ports to begin at a higher timeout value?
Per PCI & company policy all VPN users have a 12 hour session limit. They will disconnected after 12 hours regardless of use. Is there any way to send a message prior to the 12 hour limit to warn the users that they will be disconnected in x minutes? I'm running SSL VPN on a ASA 5520 ver 8.4(1)
View 1 Replies View RelatedWhat the command to prevent a telnet session to the 4400 controller from timing out is?
View 1 Replies View RelatedFor guest clients , we have configured guest vlan and applied external web authenication on WLC 5508 , the session timeout value is 2700secons . When a client open a browser to internet page , wlc will redirect to URL and get the login page . After completed the login , he can go to internet page .
We find the iPhone and ipad clients will get the login page again ahfter ~ 5 mins , it is mismatch with session timeout value 2700 sec (45 mins) .
Our company has installed ACS Version: 5.1.0.44.6 Internal Build ID: B.2347 with patches: 5-1-0-44-5, 5-1-0-44-6. The security policy of our company includes a password change every 3 months. Our programmers had written a script that allows us to do it. When testing revealed that the script does not work. This is due to the fact that it is not possible to enter the mode "acs-config". In determining the reasons it was found that to enter this mode there is a limit on sessions (6 sessions). When the number of connections becomes larger than 6 then the script does not work. The documentation says that the update is not active sessions is set with terminal session-timeout. In this case, the terminal session-timeout 30. But after 30 minutes of the session will remain active. It interferes with our script.
View 1 Replies View Relatedwhat would be causing my management HTTPS session to a SF200-24 to suddenly timeout? I receive "The session has been timed out. You may log in again" few mins after logging into to switch.Sometime it happens within 45seconds, other times after 3mins, timouts are not consistent. And, i was not idle when it timed-out. My HTTPs idle time-out is set for 10mins.
I had a continuous PING going to managment IP, and it did not drop any pings when session timed-out.Interface stats are also clean. I tried IE, FireFox, Chrome and all are timming out.
I've changed the HTTP default idle-time out from 1 to 10 and my HTTPs stopped timing out. Management Access Authentication is cleary set for HTTPs, and the Idle-timeout for HTTPs was set for 10mins since install. Yet, adjusting the HTTP idle-timeout cleared the issue.
I have an SG300-20 here for testing (firmware: 1.1.2.0, boot version: 1.0.0.4, language version: 1.1.1.6 English). Everything seems to work on it, except, that if I choose Radius authentication by mac address only, then the switch does not honor the Idle-Timeout and Session-Timeout attributes from the Radius server (freeradius).
The setup is the following: I have a no name access point plugged in to switch port gi1. The port gi1 is set up for Radius authentication by mac address only. The access point itself is authenticated, no problem with that. If I connect through the access point by (say) a mobile phone, it is authenticated, no problem. The radius server does send the Idle-Timeout and Session-Timeout attributes, I checked it by running "freeradius -X", both are set to 30 seconds. Then I turn off the wireless card in my mobile phone and check the dot1x users by "show dot1x users". My mobile phone's mac address remains there for 5-10 minutes, so the Idle-Timeout and Session-Timeout does not work.
Another way I could resolv this problem is by explicitely asking the switch to reauthenticate the user. Unfortunately there is no CLI command to do just that, I can do however a reauthentication on a port using "dot1x re-authenticate gi1" (for example). But it does not work as it is expected: the switch uses the stored mac-address to reauthenticate the user, so nothing changes on the port (unless something changes in the radius server). I think it should work like the following: remove the authenticated user from the port, and whenever that mac address makes some network traffic, then reauthenticate as if it were a completely new connection. BTW: it would work for me also if I could just remove an authenticated user from a port, but I did not find a command to do that.
As a last resort I can simply shutdown the port, bring it up again ("shutdown" and "no shutdown" in the interface config), then all users are removed from the port and they all mush reauthenticate. But it causes a network outage for a couple of seconds for all users on that port, on a busy access point it is quite disturbing, and it is not an elegant way to do this.
So my actual question is: is there a way to remove an authenticated user either automatically (Idle-Timeout and Session-Timeout) or manually from this switch?
I enclose the relevant part of the running config.
interface range gi1-2
dot1x host-mode multi-sessions
exit
vlan database
vlan 2-4
exit
[code]....
Just recently we replaced our HQ Cisco-Pix with Cisco-ASA 5510. where we have many branches connecting to our HQ through site-to-site vpn. Since putting this new ASA5510 at HQ , while we are getting a Remote-Desktop session into our branches clients, and at the time when even a single TIMEOUT occurs on the vpn-link so the remote-desktop session gets completely lost. then we have to re-connect the session.This issue happens as i said above when a single timeout occurs on the vpn link. What is the issue with the ASA5510. because with pix we didn't have this issue, remote-desktops were never getting lost / reset with single timeout
View 1 Replies View RelatedWhen a client connecting to a specific AP (example AP01), after every 1800 sec uptime it will reconnect and join other unit AP (example AP02)Both AP physically installed distance is around 6 meters from each other. I conduct the testing where i get myself sitting in middle between these two APs.
01. If i disable settsion timeout this feature, or setting the seconds become higher value, what's the performance and security impact? Is it recomend to change the default 1800 seconds session timeout?
02. Is there anyway i can tweak on WLC controller to prevent the client after session timeout then associate with another AP. This will lead major performance impact as the client woudl possibility connect to the weak signal AP and effect on the performance.
These are the details for reference:Client detail
- Dell DW1520 wireless-N WLAN card, with firmware version 5.100.235.12
- CCX version 4 supported
- Layer 2 security is WPA2 personal with PSK.
- wireless radio an
Controller detail:
model is AIR-CT5508-K9
software version is 7.2.110.0
For about a month or two now, I've not been able to connect to my router's admin page @ 192.168.1.1 I am using a D-Link DSL-2680 router.
Whenever I go to connect to 192.168.1.1 in my Web Browser, it just sits there trying to connect and does nothing. But eventually after some minutes I get the error: 'This web page is not available The web page at http://192.168.1.1/ might be temporarily down or it may have moved permanently to a new web address. Error 101 (net::ERR_CONNECTION_RESET): Unknown error.' Here is a screenshot:
I tried pressing the reset button on the back of my router, but it would just sit there with the green power LED and another green LED just flashing constantly (I assume this is the ethernet 1 cable LED) and this happens for more than 10 minutes.
All I want to do is just port forward my game servers again without the use of Hamachi or other programs
ASA 8.2(5), uauth absolute timeout is disabled and inactivity timeout is set to 48 hours:
timeout xlate 48:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute uauth 48:00:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
Users still get kicked out every 8 hours and they have to reauth. This is a logging message:
%ASA-5-109012: Authen Session End: user 'john', sid 839, elapsed 28801 seconds
I'm having an issue with a 1252 LAP that is connected to the WLC over a WAN link.Basically, it won't associate. The following is taken from a console into the LAP:
*Mar 1 00:00:07.799: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:08.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:26.851: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:27.003: Logging LWAPP message to 255.255.255.255.
[code].....
The ap-manager interface is configured correctly and there isn't a duplicate IP address. The LAP was initially stand alone and was converted to LWAPP.The MTU over the WAN link is 1500 bytes.All I'm getting from the WLC debugs is:
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx Received LWAPP DISCOVERY REQUEST from AP 00:22:xx:xx:xx:xx to 00:19:xx:xx:xx:xx on port '29'
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx LWAPP Discovery Request AP Software Version: 0x3003300
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx Successful transmission of LWAPP Discovery Response to AP 00:22:xx:xx:xx:xx on port 29
So basically the join messages don't seem to reach the WLC. In fact they don't even seem to reach the local router on the remote subnet. The discovery packets are seen on the local router but the joins don't seem to appear at all.I'm not sure if it's a latency issue. Average latency over the WAN link is under 70ms.I'm assuming the certificate on the WAP is MIC and the MAC details have been entered into the WLC AP Security policies for authentication. I'm not seeing any debugging messages relating to bad authentication at all.I can't debug from the LAP as it's LWAPP, obviously.We're running WLC version 4.2.130.0.
it is possible to wide the range of powerconsumtion on this switch from 15.4W up to 20W? We will rollout some accesspoints with 2 radiomodules on CISCO AP1252, but the Powerconsumtion of this AP then ist 18.5W. The max allowed from firmware is 15.4W like 802.11n-standard.
View 1 Replies View RelatedOkay, I'm working on a project and the company I work for wants to add 5 Ghz antenna's to their Aironet 1252's. Okay not a problem, except I've never worked with these routers before and I can't get the configuration set (). Once I get 'em on one I can get them all done.
View 14 Replies View RelatedI'm trying to configure my Cisco Aironet 1252's in my office to utilize their 5GHz antenna's but I've never worked with these routers before .
View 9 Replies View RelatedI have two cisco airenet 1252 autonamous access point that are configured as point to point bridge. Now I want to confiure AES encryption or WPA2 using a pre-shared key however I do not see the option to do this . The only option I see under ciphers are:
wep 128
wep 40
TKIP
[Code].....
Is it possible to use either AES or WPA2 using a pre-shared key on the 1252 autonamous access point? preferably using the web interface.
I have two Cisco Aironet 1252 that I want to configure as a point-2-point bridge. Now I want to know if this configuration supports the 802.11n protocol.
View 2 Replies View RelatedI am replacing an older AP with a new 1252 unit. I attached everything and powered it up, but my DHCP server does not appear to be finding it and assigning an IP address. The status light stays green and the ethernet light blinks randomly green. Seems to be connected fine, but without an IP I cannot configure it to use it.
View 2 Replies View RelatedI am trying to poll the 5 minute average CPU utilization of my Cisco Aironet 1252 (IOS version 12.4(25d)JA) using SNMP OID .1.3.6.1.4.1.9.2.1.58.0.However for some reason I am not getting any response back from the aironet. Note I am able to retrive the memory utilization without a problem.
View 1 Replies View RelatedI have Cisco 1252 APs in my network and also a WLC with software 7.0.98.0 and a WCS system. In certain areas I have an SSID with 2 or more APs configured as part of the group. Some users are connecting to the SSID on the weaker AP when there is a much stronger signal available from a different AP.I have looked into this issue before and have been told it's a porblem with the client's Wireless NIC or the drivers. The issue is I'm using the most updates drivers on some users and it makes no difference. Although it may be a problem with my clients I need to fix this on Cisco's AP side. What are my options? I believe MAC filtering is only per SSID so that would defeat the purpose, can I filter by specific AP and still allow the user to connect to the SSID? Or should I seperate the APs from the 1 SSID and create multiple SSIDs so the user can select the stronger network?
View 4 Replies View RelatedHow can i connect my laptop (11n supported) to LAP 1252 with WLC 7.0.116.0?Status: 11a enabled on wlcDCA channel list in 11a on wlc is showing only 149 153 157 161 channels.
View 6 Replies View RelatedI have a lightweight AP that boots into RoMmon, if i hold the reset button in for 10 seconds or so it will boot into the IOS and download the config from the controller but never registers. then once i reboot it it goes back to Romon unless i hold in the button again.
View 5 Replies View RelatedI have a used 1252 wireless AP. I can't get into it. How do I reset to factory default?
View 1 Replies View Relatedan Aironet 1252 which is failing on boot. When power on the access-point shows the error below.
WARNING: A memory error occurred during the system start-up self-test. The device must be serviced if the error persists.
The following commands can, optionally, be used to initialize the flash file system and the TFTP file transfer system:
But when this happen, I can start the IOS manually doing flash_init and boot in ROMMON. After do this commands, the access-point starts and works normally.
How can I check and correct the memory and solve this issue?