Cisco :: Aironet 1040 And Radius Auth Failure?
Sep 24, 2011
I have setup a Cisco Aironet 1040 to connect to our Radius server which I have also configured.
I can successfully connect up any Iphone or Ipad but I cannot get any laptop to connect.
I have attached the logs showing the Iphone Successfully logging in and the Laptop Failing. Every single failure in the Event log for NPS comes up with
Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: scottd
Account Domain: AMSLAN
[Code].....
View 12 Replies
ADVERTISEMENT
Jan 8, 2013
everyone can connect to the 1040 ap except my laptop and another one. for some reason it stopped showing , it was working fine and out of the blue nothing.
View 2 Replies
View Related
Nov 15, 2012
I have been racking my brain for a while and cannot figure out why I am not getting 144Mbps out of my Aironet 1040. I was reading a previous thread ([URL]) and set it up exactly like it said. I have set the encryption to Cipher AES CCMP and set the SSID to open authentication. I also set the SSID's key management to enable WPA (WPAv2).
I was reading that WMM has to be set. I have 3 options: Disabled, Legacy, and dot11d. If i chose dot11d I have to put in a coutry code. Problem is there are no options in the country code pull down. I cannot even manually type it in.
Another problem is that cell phones cannot connect. It keeps saying authentication fails in the log.
View 9 Replies
View Related
May 24, 2012
I am attempting to configure two Aironet 1040 series wireless access points for the first time and am having some difficulty. This office does not have a RADIUS server so I would like to set them up to use WPA2 with a pre-shared key. However just how this is accomplished is not immediately apparent. I have attempted using both the command line interface and the web interface, but I get errors in both places. It doesn't seem like it is all that difficult, we're just talking about a few lines in the configuration file.
This is what I have so far:
Current configuration : 1684 bytes
!
version 12.4
no service pad
[Code].....
View 1 Replies
View Related
Jan 1, 2013
i have ~ 25 employees which are connected to the AP . I have a 2mb dl and 2mb ul microwave lease line.The AP disconnects ever couple of hours for a minute?
View 3 Replies
View Related
Oct 27, 2011
I am trying to configure Aironet 1040 access point. After systems get connect they immediately get disconnected. The error observed on the device is as below
%DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 000e.83c8.c88a Reason: Disassociated because sending station is leaving (or has left) BSS
and the ssid is not getting broadcasted. kindly let me what could be the cause.
[code]....
View 3 Replies
View Related
Nov 23, 2012
how i can set up access point aironet 1040 cisco?
View 2 Replies
View Related
Mar 11, 2013
I am trying to create a welcome screen for people who join the guest network on my aironet 1040.Webpage pass-through is really what I want but I know that doesn't work on a 1040.What does: IP redirect, Conditional Web redirect or Splashpage redirect?
View 1 Replies
View Related
May 22, 2012
We are currently using several AP's in our organization. And in this one AP i want to give a user the power to change the password of the wireless network to prevent miss use. I was wondering if it was possible to create an account who only has the privilege to change the WPA key?? I want to prevent that he will accidently change other settings.
View 5 Replies
View Related
Dec 26, 2012
we have several AP1040 in the office, but the latter is a Dual Band 2.4 GHz and 5 GHz. And we have problems with all workstations MAC OS X gets a lot of disconnections during the day, the strangest thing is that the OS X community is aware of the problem, and their only recommendation is to buy the external Aironport has better hardware.
View 3 Replies
View Related
May 21, 2012
I have a Cisco aironet 1040.
On my Accespoint i have 2 vlans: 1 for my wifi phones and 1 for my network.Wifi Lan has the SSID LAN with WPA enterprise authentication to a radius server(ms server 2008).Wifi Phone has SSID PHONE and vlan 50 with local radius authentication.This Works all fine, Except when i enable AP for my wifi phones. When AP is enabled the authentication for my lan doesn’t go to my server but local.How do I configure my accesspoints so that the cisco phones use the local radius server with AP and my windows computers connect using the ms radius server?
View 16 Replies
View Related
Mar 13, 2013
I'm working on setting up an Aironet 1040 Wireless Access Point for my company. It's my first time setting up something like this, and I've run into a bit of trouble.
I created my first SSID easily enough, following the manual and guides online. I set up VLAN 1 as my native VLAN and linked it to my SSID with the encryption and security that I was told to use and it works great. However, my boss asked me to set up a second connection as well for guests at the office, and this is where my trouble starts.
I created VLAN 2, and then another SSID which I linked here. I set up encryption and security the same way, and I can see the network when I open up my network and sharing manager. I can connect to the network as well, but I either get a spinning blue icon where my signal strength indicator is or a few bars with a yellow caution sign, and Windows says 'Identifying...'. I've compared the two SSIDs using the console and the GUI and I can't seem to spot any obvious differences between them.
View 4 Replies
View Related
Jun 11, 2012
I'm having trouble getting things working on a pair of ASA5510's using Cisco Secure ACS v5.1. We were previously using a much older version of ACS to these (and a lot of other) devices which worked OK for remote access for read/write use. Am in the process of migrating to the new ACS software and have got it working OK to everything (many Cisco switches and other IOS devices) except these ASA5510s.
I can get TACACS authenticating fine and am able to log on and go into enable mode. Any subsequent commands are then met with 'command authorization failure', including 'show run', 'conf t' and even 'exit'!
My ASA5510 config has not changed, other than to define the new AAA server, which leads me to think its something to do with how I have the ACS user profile set up. I have configured the ACS5.1 device administration Shell Profile to have the maximum privilege level (15) and the command set I'm using has the box checked 'permit any command that is not in the table below'.
View 7 Replies
View Related
Dec 26, 2012
Every device I've tried to connect to my WiFi network have no issues connecting at all, except for, as far as I can tell, Samsung Android phones. My sample set is very small, but both a Samsung Galaxy S3 (both before and after custom ROM install) and a stock Samsung Galaxy Nexus.
I've tried setting a vlan up with no encryption and open authentication, and the phones just halt on "connecting". This issue is both on the 2.4Ghz and 5Ghz Radios.
What is working is various computers with both intel and broadcom adapters, a Brother printer, and a Motorola Droid 3 and Motorola Photon Q. I'm starting to think that it's an issue with the radio in the Samsung phones, but the S3 is 5ghz compatible and the Nexus is only 2.4, so they must have different radios. I'm also pretty sure that it's not software on the phones since the S3 had the same problem with stock ROM and CM 10, and the Nexus is Vanilla Google ROM.
I'm waiting to get a chance to upgrade to the new FW for my aironet 1040, and I'm going to fire up an old 1130AG as well as test with an iphone or ipod when I get the chance; I'd just really like to find out what the heck is going on with these samsung phones.
Current configuration : 13969 bytes
!
! Last configuration change at 10:18:26 MST Sun Dec 23 2012
! NVRAM config last updated at 10:18:26 MST Sun Dec 23 2012
[Code].....
View 15 Replies
View Related
Jul 22, 2012
I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth. I know I can get around this by just creating two separate SSIDs. But the business is used to just having the one SSID for all guest traffic. Is this a known limitation when anchoring SSIDs to controllers in the DMZ ?
View 1 Replies
View Related
May 15, 2011
Im trying to configure a 7204 for radius login authentication, although the router is also configured with radius for VPN access. How can I configure it for both using 2 different raidus servers? the login via radius is working fine on another router, although that one is not doing VPN access so there's no conflict.
My config:
aaa group server radius RADIUS_AUTH server x.x.3.11 auth-port 1645 acct-port 1646
aaa authentication login networkaccess group radius local
[Code]....
For some reason, this does not work. I cannot access the router and authenticate via x.x.3.11 radius server. I think there's a conflict between the VPN and the login authentication but im unsure how to resolve this.
View 3 Replies
View Related
Jun 25, 2012
I can't figure out how to get the config right for the 802.11n channel to work.
View 4 Replies
View Related
Nov 1, 2011
I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth.
View 6 Replies
View Related
Dec 9, 2012
After upgrading from a 1231 autonomous to an 1142 autonomous AP some machines can no longer authenticate. AP logs show authentication failure and access reject coming from the Radius server. Radius server shows authentication failures but no specific reason. Using the same account on another machine works fine. Machine settings have been verified and if we go back to the 1231 all users authenticate fine. Below are the configs:
OLD AP:
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
[code]...
View 3 Replies
View Related
Jul 31, 2012
on the dashboard of the "Monitoring & Report Viewer" I see a lot of system alarms related to the database.The explanation of the alarm says to look at the Collector logs for the details.
View 3 Replies
View Related
Nov 22, 2012
I have defined Radius proxy on csg2 to external radius server, but pdp fails with Authorization failure message on GGSN and on Csg2 debut log I see “SAMI 3/3: Nov 23 15:11:43.937: RADIUS: Dropping the unsolicited RADIUS packet”
View 0 Replies
View Related
Jul 25, 2012
I have a question about ACS RADIUS authentication with Alteon 3408 L4 Switch.
I configured a ACS 4.2.1(build 15 patch 4) software for windows on Windows Server 2008 Server STD.TACACS authentication with CISCO product was successfully passed.but RADIUS (IETF) authentication with NORTEL 3408 Switch was failed. ACS Authentication Failure Code was a " ACS password invalid "
I read the post that RADIUS VSA is needed in my environment.but i can not search any sample Nortel VSA dictionary configuration. Need Notel specific VSA configuration.
View 4 Replies
View Related
Nov 18, 2012
I have CISCO ACS 5.1 radius for VPN on ASA and tried to configure an NDG on it for AIRONET 1260 too and worked fine with IEEE 802.1x CISCO EAP-FAST authentication As I had some trouble to let users to authenticate only on VPN if are VPN users and only on CISCO AIRONET if need only WIFI AIRONET I tried exception policies rules but something not working. VPN was ok but not WIFI access denied for rule policy access I decided to install CISCO ACS 4.x on Windows 2003 that is on ACS 5 DVD I created NDG as done on ACS 5 put a shared secret , put on AIRONET too as done for ACS 5 but I receive an error against ACS 4.x To troubleshout it I tried [URL] but not work ! I think to have done all fine owever on ACS 5 it worked in 5 minutes I searched log inside ACS 4 and found "Invalid message authenticator in EAP request" and I found this: [URL]Changed shared secret more times but ever not workign with ACS 4 I need to have user and password prompt on client trying to authentincate on AIRONET WIFI and I need ACS INTERNAL USER no active directory, no LDAP , no external user database?
View 1 Replies
View Related
Mar 4, 2013
I am working on setting up a new WLAN infrastructure. I have set up different SSIDs connected to different VLANs, in the AP. I also want to use Windows NPS for authenticating users on the different SSIDs, with different authentication methods based on which SSID the user/device is connecting to. To do that, NPS needs to get the SSID, but the Aironet 1240 only sends its MAC address in the Called-Station-Id. I have read a bit about this, and found out that if I have a WLC, it will add the SSID to to the Called-Station-Id. But since we do not have a WLC, I am trying to get this to work anyway. Is it possible to modify the Called-Station-Id to include the SSID on an Aironet 1240? If not, is it possible to send the SSID as a separate attribute that can be read by the NPS?
View 10 Replies
View Related
Mar 28, 2012
I try to setup a 1141 aironet AP to authenticate my user through our Ms Radius Server ( Win 2008 R2).Everything is fine with small Bussiness AP WAP4410N with the following configuration:But I can't setup successfully the aironet 1141 with the same settings and getting it works.Here is my configuration for the Aironet 1141 Vlan 1 is the ssid I want to get it work with Radius.
View 1 Replies
View Related
Mar 26, 2012
I have some aironet 1200 AP's. I want to use this with a windows 2008 radius server. I followed the guide on [URL]. Unfortunately I can not get this working. In the securtiy log of the event viewer there is always the message "authenication was not succesful because an unknown username or incorrect password".
- Is it possible to get this working?
- If yes, is there a manual how to configure the AP's and the radius server, or are there any hints?
- Is this the best way to setup a wireless network or is there a better way?
I saw there is also a local radius server inside the 1200. Can all the 1200's work together? I suppose that if I use the built-in radius server than I can't make a connection to my AD database, correct?
View 3 Replies
View Related
Jan 25, 2012
I bought 2 Cisco 1140 series Access Points a couple of months ago. We would like to use PEAP to autheticate with Microsoft IAS Radius Server & Active directory. I cannot find a document which describes how to setup this type of configuration. The only document which is close is how to setup LEAP & with ACS: [URL] I initially followed the 'TechReplublic's Ultimate Guide to Enterprise Wireless LAN Security' which has all the steps to setup Radius server, client side configuration, Certificates and finally a handy excel script to generate a config for the AP. This did not work. [URL] I am now trying to configure the AP using the Web GUI. I can see the network on the client machine but when I try to connect it timesout.
View 1 Replies
View Related
Oct 18, 2011
Does aps work with Wcs ?? .
View 4 Replies
View Related
Feb 1, 2011
I´m looking to a project where we want to start using Autonomous AP with possibility to change to controller based on near future.
Will Cisco Aironet 1040 Series Access Points allow us to change from IOS to CAPWAP when needed? I read some posts about the oposite process (CAPWAP to IOS) so I think it´s possible on both way. Can some one confirm this to me?
View 5 Replies
View Related
Apr 21, 2013
Looking for some training on the 2500 series controller and 1142 or 1040 AP's preferably.
View 10 Replies
View Related
Mar 18, 2013
I am running into an issue with disabling the web-auth secure web on an 5508 anchor WLC running 7.2.110. After the WLC rebooted, the guest authentication portal didn't show up...I could see the IE tab showed Web Auth Redirect though...Changed again the web-auth secure web to enable and rebooted the WLC fixed the issue.
View 4 Replies
View Related
Sep 17, 2012
I am currently trying to set up my old Dlink DIR-655 Router as an Access Point in my dorm room. We are only given one ethernet port in the bedroom and dragging a 50ft ethernet cable between the bedroom and the common area in the suite is no fun. I have tried to far unsuccessfully. I think the problem is related to the 802.1x authentication that is used on the network. How to get it to work? So far I have disabled DHCP, UPnP and then plugged the first client LAN port into the ethernet port that is provided. I can connect to the router and access the admin panel but there is no connection to the internet. It also did not work plugging my computer into a second LAN port instead of connecting wirelessly.
View 1 Replies
View Related
Aug 10, 2012
We are rolling out a new VPN infrastructure utilizing ASA 5520's (one active/standby cluster at each of our two sites) and making the conversion from the old IPsec client over to AnyConnect 2.5 clients. We do have AnyConnect Premium licenses at both sites, but are not utilizing ISE. What we want to do is first auth the machine that's trying to initiate the AC VPN session to determine if it a company-owned machine (with the idea that only co-owned machines can connect), and then auth the user using RADIUS, which uses attribute 25 to assign them into groups for policy application. We have the RADIUS piece working now, but is there a way to first do the machine auth, and then the user auth? We don't just want to use something like cert-based VPN because if the machine gets stolen (or a non-co user otherwise gets into the OS) then we don't want the non-legit user to be able to establish a VPN session just because they have access to a company machine. The other rub is that the machine auth solution must be cross-OS compatible (we use a mix of Windows, MacOS and Linux on the machines that should be allowed to VPN.)
View 7 Replies
View Related
