I have 3 Aironet 1260's with the same SSID and set with Open Authentication with MAC Authentication. Can I designate one of the 1260's as the MAC Authentication Server? I have all 3 now working with MAC Address Authenticated ty Local List Only and have to put the new MAC address in all 3.
View 3 RepliesI have 3 Aironet 1260's with the same SSID and set with Open Authentication with MAC Authentication. Can I designate one of the 1260's as the MAC Authentication Server? I have all 3 now working with MAC Address Authenticated ty Local List Only and have to put the new MAC address in all 3.
View 1 Replies View RelatedI was wondering if its possible to setup the Cisco Aironet 1260 as a WDS master with radius and another Cisco Aironet 1260 as a slave for seamless roaming. How many slaves can a WDS master handle?
View 1 Replies View RelatedIs it possible to create a wireless site to site link using 1260 access points as bridges (like the 1300 series)?
Also if so, can you use 11n channel bonding on the bridge link?
I need to link 2 buildings together wirelessly approximately 70 metres apart. There is direct line of sight between them.
I have CISCO ACS 5.1 radius for VPN on ASA and tried to configure an NDG on it for AIRONET 1260 too and worked fine with IEEE 802.1x CISCO EAP-FAST authentication As I had some trouble to let users to authenticate only on VPN if are VPN users and only on CISCO AIRONET if need only WIFI AIRONET I tried exception policies rules but something not working. VPN was ok but not WIFI access denied for rule policy access I decided to install CISCO ACS 4.x on Windows 2003 that is on ACS 5 DVD I created NDG as done on ACS 5 put a shared secret , put on AIRONET too as done for ACS 5 but I receive an error against ACS 4.x To troubleshout it I tried [URL] but not work ! I think to have done all fine owever on ACS 5 it worked in 5 minutes I searched log inside ACS 4 and found "Invalid message authenticator in EAP request" and I found this: [URL]Changed shared secret more times but ever not workign with ACS 4 I need to have user and password prompt on client trying to authentincate on AIRONET WIFI and I need ACS INTERNAL USER no active directory, no LDAP , no external user database?
View 1 Replies View RelatedWe have three Access Points, two Cisco Aironet 1260 and one 1240AG. Originally, the SSID was hidden on all three AP's and users had to go to Other Networks and type in the SSID and password to access the WAN. About a few months ago, the network started broadcasting to the public. I am trying to make the SSID hidden again. I have tried going to the Security tab, choosing the SSID Manager and setting single guest mode to none but it has not worked.
View 4 Replies View RelatedI'm new to the Cisco Aironet Access Point. I got a new STANDALONE Aironet 1260 series access point device. The part # AIR-AP1262N-A-K9. The shipping package did not come with any guide, CD, and power adapter. I searched the Cisco sites, but could not find appropriate manuals. I did find a getting started guide but not for standalone AP, it's for Controller-based AP. Question - where can I find manuals / guides to set up and configure my new standalone Cisco Aironet Access Point 1260?
View 3 Replies View RelatedWe have been having issues with random packet drops and or some sort of radio lockup which happens a few times a day. I have a test AP setup with a few clients only a few feet away and I see this combination of messages. Should I be seeing these clients drop off and then reconnect immediately? Granted these test clients are not passing much data but my assumption is that they would not become deauthenticated because of lack of activity? This setup is using a radius server for authentication. I tested it before with just WPA2 PSK and only had a few disconnected over a number of days, compared with many a day with the Radius.
View 1 Replies View RelatedDo we have Option to add MAC address of specific laptop or Mobile to connect to the Access Point in cisco Aironet AP 1260 series in Autonmous mode
View 4 Replies View RelatedI would like to buy Cisco Aironet 1260 Access Points, i just want to use them independantly so i want to know do they work without the Wireless LAN Controller? or i have to have the controller for them to work? they will be in different locations so i cant have a controller per each location.
View 9 Replies View RelatedIs Aironet 1260 good for indoor LWAP or CAPWAP environment? Do we need external antenna for the Aironet 1260 access point when using it indoor?
View 1 Replies View RelatedI've set up a Cisco Aironet 1301 AP to be used for a guest network. I've got several other of the Aironet 1140-series around the business but none of them are in reach of this one at the moment.
The problem I have is that clients that try to connect to the AP are either not able to connect at all or lose their connection after some seconds. The config is more or less copied from the other APs with the same guest VLAN.
I try to setup a 1141 aironet AP to authenticate my user through our Ms Radius Server ( Win 2008 R2).Everything is fine with small Bussiness AP WAP4410N with the following configuration:But I can't setup successfully the aironet 1141 with the same settings and getting it works.Here is my configuration for the Aironet 1141 Vlan 1 is the ssid I want to get it work with Radius.
View 1 Replies View RelatedI have a Cisco Aironet 1140 with ENABLED broadcasting SSID, encryption is WPA2(personal). Ubuntu 12.04 and Windows 7 are authenticated, but MACBooks never be authenticated. Any specific configuration for MAC books?
View 6 Replies View RelatedIs there a way to configure client/user to AP authentication without using encryption for joining to an wireless network? What we need to do here is protect network access at our hotspots by enforcing a password to get connected. The other part is making it compatible with every possible device so we need to have encryption off. We have a mixed environment at this time until everything is upgraded. Aironet 1200 series and some new Aironet 1142 models. No controller, all standand alone AP's
View 2 Replies View RelatedI would like to be able to have a few "guest" users on the Wireless network for visitors. Is there any method to have a prompt for "Username / password"? I would like the user accounts to have different expiry periods if this is possible. My current config is attached. The SSID "test" appears on the network. The SSID "test111" does not appear.
View 1 Replies View RelatedI'm using the Express Security Set-up tab to configure an Aironet 1142 (stand-alone) access point with EAP.
Objective is to make it a RADIUS client and have laptops authenticate through this access point to a Windows 2008 NPS (Network Policy Server) using computer (machine) certificates - EAP-TLS.
When I select "EAP Authentication" under the "SSID Configuration" I was literally floored to see mention of WEP encryption (a security joke) and no possibility to prefer some variant of WPA (well, apparently not with EAP).
WPA2-Enterprise is what I've selected for "Authentication" and "AES" for encryption in Group Policy (so the laptop clients automatically connect to the access point).
WEP? I bought a Aironet 1142 access point for WEP encryption? How can I configure this securely?
These are currently configured settings as displayed under the "SSID Table" heading:
SSID - "MYSSID"
VLAN - none
Encryption - WEP Mandatory !!!
[Code].....
On an AIRONET 600 AP (officeExtend) with the remote LAN interface is configured to use 802.1x authentication:If a Cisco IP Phone is connected, 801.x authentication challenges for credentials. The AP does not seem to have a way to detect that this is an IP Phone and to skip the challenge (as Cisco switches/routers would do) Is there any way around this? Can the remote LAN interface be configured to skip authentication for IP Phone and only authenticate PCs etc..?
View 5 Replies View RelatedI am evaluating a Cisco wireless solution for our building. The building is occupied by two separate but related companies, which share some basic network infrastructure (some switches, an Internet connection, a DMZ environment), but which have two completely separate "Windows networks" with separate Active Directories. Each of these two networks are placed behind separate Microsoft TMG firewalls, each of whose external NIC are connected to the same DMZ network.
a) Acquire a set of Aironet 2600 APs and a controller, b) establish a BYOD SSID to be share between the two companies and guests, connected to the shared DMZ network, c) establish two additional separate SSIDs - one for each company’s staff, each authenticating against the appropriate AD-environment (incidentally, one is a straight Windows Server 2008 R2 environment with a TMG 2010 firewall and the other uses Windows Essential Business Server, so based on Window Server 2008).
Is that even possible with a single WLC?We are on 3 floors and about 60 people total. I am thinking that we can make do with 5 or 6 APs. Without having looked into it much, the 2500 controller looks good. Agree?
I am an IT professional that is installing my first extended range wireless AP in my companies warehouse. I am very excited!
Now I have set up many a linksys and repeater wireless networks, so when I was looking into the Aironet 1240AG I thought ?No Problem!?
And at first, it is not!
I have the AP and antenna set up here in my office before I take it out and mount it in the warehouse. And I can get connected to it, no security for now, no filters, I just want to connect and make it work.
I stay connected for maybe 3 minutes, I can get to the internet, I can ping all my servers. Full connectivity. But then for no reason the connection fails and I cannot reconnect.
The error I get in the log is
Interface Dot11Radio0, Deauthenticating Station 0006.2510.bbe3 Reason: Previous authentication no longer valid
So strange! So I have reset the AP to factory defaults and then set the SSID, and I can connect, again for a second, then nothing.
I have tried with multiple wireless cards, even laptops. Thinking maybe the problem was on the computer side.
We are using WLC4402 for our Aironet 1240AG access points. The clients are connecting to the access points and are authenticating to the RADIUS server. I am seeing the logs in Server 2008 but they are being rejected due to Network Policy on the NPS server.
Where do I see the Authentication Type on the WLC4400 or the 1240's? In order for the clients (authenticated via Active Directory user) I have to set the Authentication in the NPS Connection Request Policy to "Allow clients to connect without negotiating an authentication method".
I do not have a certificate on the server and my method options are MS-CHAP-v2, MS-CHAP, CHAP, PAP, SPAP, and allow without negotiating. This RADIUS server was moved from Server 2003 IAS to Server 2008 NPS and there were no issues in Server 2003 IAS. I have all authentication methods allowed and it still gives me the error below. Only when I check "Allow clients to connect without negotiating an authentication method" it allows the authentication to proceed.
Client Machine:
Security ID: NULL SID Account Name: Fully Qualified Account Name: OS-Version:
Called Station Identifier: 00-17-a2-87-54-00: SSID NAME
Calling Station Identifier: 00-41-96-b6-e3-27
NAS:
NAS IPv4 Address: 192.168.90.24
NAS IPv6 Address: -
[code]...
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
We have a business case where we have a group of ASA 5505's in 3 locations with anyconnect user licensing on all 3 for redundancy.The problem we are facing is that when we need to authenticate our anyconnect clients we use active directory servers located at site 1 and the other 2 sites need to contact these MS AD Servers over an already connected VPN tunnel to site 1 (IPSec l2l) but cannot.So the layout is as follows:Site 1 (houses AD servers) has l2l tunnels to site 2 and 3Site 2 (any connect essentials enabled) has l2l tunnel to site 1 and 3Site 3 (any connect essentials enabled) has l2l tunnel to site 2 and 3AD servers are ip'd as 10.1.1.11 and 10.1.1.4If I use anyconnect to site 1 it authenticates fine - as expected.Site 2 and site 3 fails to contact AD serverAny thoughts on how we can accomplish this(or is it even possible to do?) without exposing the AD server in a DMZ or via external ip?
View 1 Replies View Relatedwhich is the best RADIUS server for 802.1x wired authentication?
View 1 Replies View RelatedI use PIX 8.0(4) and ACS 4.2 for VPN authentication. I got error as below even I'm able to ping to ACS server from PIX
RADIUS_SENT erver response timeout
RADIUS_DELETE
ERROR: Authentication Server not responding: No error
I tested aaa command from PIX and check configure on ACS (key and IP address) include restart ACS. The output still timeout and not responding from server.
PIX config:
=========
aaa-server AAA-VPN protocol radius
aaa-server AAA-VPN (MANAGEMENT) host 172.20.0.9
key xxxxxxx
tunnel-group CGS-DR type remote-access
tunnel-group CGS-DR general-attributes
address-pool VPN-POOL
authentication-server-group AAA-VPN LOCAL
default-group-policy GR-CGS
Problem about authentication in VPN 3000 but until now I haven't had return on neither of the post maybe those I'm more clear than others.
I have a VPN 3000 with PPTP Tunnel VPN and the first authentication option is on Server Radius:
Configuration > System > Server > Authentication is firstly the Server Radius and after Internal ( Authentication on Base Group Internal )
But, when I configure a user in User Management > User it isn't work. I think that authentication order is firstly Radius and if it don't find the second option is processed which ( this case ) is Internal server. but don't occour the error in log is:
44 04/20/2011 00:00:08.550 SEV=3 AUTH/5 RPT=137 187.55.63.215 Authentication rejected: Reason = Authentication failurehandle = 299, server = (none), user = x1, domain = <not specified>
46 04/20/2011 00:00:08.550 SEV=5 PPP/9 RPT=135 187.55.63.215 User [x1]disconnected.. failed authentication ( MSCHAP-V2 )
how is the behavior the VPN 3000 when the firstly server ( this case a Radius ) don't be find ?? the second it's processed ??
Can the 2504 WLC be configured to work with one RADIUS Server for Authentication of Management Users and with a second server for 802.1x EAP-TLS certificate authentication for the end users.
Management Users will authenticate on RADIUS Server 1.Wireless End users will request 802.1x EAP-TLS authentication certificate from AAA server 2.
1 ) : Is it possible to do authentication with one ACS server while authorization with another ACS? Use case is if the user authenticated to one ACS server and then switch loses the connectivity to this ACS. Now command authorization requests will go to another ACS server since switch is not able to communicate to the 1st ACS.
2): How can the local database sync be acheived in distributed ACS deployments?
3): Are the accounting records are sync between different ACS? In other words can accounting be centeralised with ACS4.2
when we are configuring ASA 5510 8.2(5) for Authenticating with ACS 5.X Server is not authentication fail error.
View 2 Replies View RelatedWe got 2 Cisco ACS 5.2.0.26.10.Primary server as authentication server and log collector.Secondary server as authentication server. Replication is configured. url..."There are some exceptions to this usual setup, which you can handle as described below: If the ACS 5.3 primary server also functions as a log collector in your 5.3 deployment, you should promote any one of the secondary servers as primary server in the deployment. See Promoting a Secondary Server to Primary "
This exception matches with my case. I have to promote my secondary server as primary.I would have :Secondary server as authentication server and log collector.Primary server as authentication server. I think I have to deregister secondary from primary server..According to the guide, I have to upgrade the log collector server. "Step 1: Choose any secondary server to become a log collector:" I dont have another secondary server..
Can use ACS 5.2 as Guest user authentication server?
View 3 Replies View RelatedDoes Cisco Secure ACS 5.3 support LDAP authentication with Apple Mac OS X server? One of our clients require an access control system. The major portion of the network consists of Apple Mac OS X 10.7 (Lion) Server and clients. They were using MAC-address based authentication along with LDAP through Cisco Wireless LAN Controller. But now the number of users has exceeded the maximum number of MAC addresses supported by WLC (2048). Hence we suggested ACS appliance to overcome the limit. My doubt is whether ACS 5.3 appliance can communicate with the Mac server and perform LDAP authentication.
View 2 Replies View RelatedWe just got a new 5508 wireless controller and the question we have is : can we get wireless users to authenticate to an Active Directory server to get access to the network? I know we can get the authentication done with an RSA server, but what about plain AD?
View 9 Replies View RelatedI have a customer who used to own a 3750 with a older version of IOS. The switch he had used a three year old version of IOS which allowed him to browse to the switch IP and manage it via HTTP without entering a password at all. Now that he has a replacement switch with a new ver of IOS (since the previous switch died). We slapped the config on from the old switch but no matter what we do (understanding that new http aaa authentication commands were added) we cant get this thing to let him in without prompting him for a password. I understand this was an insecure config to begin with so I shouldn't be advocating using it in the first place, but this is what the customer wants.Basically what I'm trying to figure out is are we banging our heads into the wall for nothing as the "ip http server" will not allow an authentication method of "none" anyway? None of the offical documentation I have read for the http aaa authentication cmds shows this as an example nor have I found any blog posts on how to do it ether. Perhaps Cisco removed this by design.
Here is the config:
aaa new model
aaa authentication login default local
aaa authentication enable default none
aaa authentication login none none
ip http server
ip http authentication aaa login-authentication none
[code]....