Cisco :: Any Chance Filtering Features On 5508 Controller Code
Aug 24, 2011Any chance the filtering features on the 5508 controller code will make it into WCS at some poiint? Being able to sort these lists would be invaluable.
View 5 RepliesAny chance the filtering features on the 5508 controller code will make it into WCS at some poiint? Being able to sort these lists would be invaluable.
View 5 Replieshow to chance the web authentication certificte on WLAN 2100 controller. My users are complaining that they need to accept the security certificate before proceeding to the actual authentication?
View 4 Replies View Relatedgive me the run down on the features removed from the 4400 series in the 2500 series? Obviously 4400 is now EOL, and so i cannot purchase new. Therefore I was looking at the 2500 for my implementation to save costs also.I would like to have two SSID's, running seperate VLAN's, one voice, one guest, trunk the link to the AP's, which will be 1131AG or newer, N possibly. Voice needs to be encrypted with WPA or WPA2, guest needs to be open using the guest access feature. Here's a sample but with EAP:
[URL]
Is this supported to have WPA on one SSID and Guest access on the other? i did spot a paragraph in the 4400 manual stating that certain restrictions apply regarding one SSID having encryption and the other being guest mode?I notice also in the WCS documentation, it doesn't explicitly state it supports the 2500 series under the managed devices section?
I am planning to get the following Hardware;AIR-CT5508-50-K9 5508 Series Controller for up to 50 APs AIR-LAP1262N-E-K9 802.11a/g/n Ctrlr-based AP; Ext Ant; E Reg Domain..During my design, i am considering to get the following security features.I don't have WCS and Mobility Services Engine (MSE). Managing Access Points at remote/WAN office.wIPS configuration (without WCS and MSE)How Rouge APs will be detected and Prevented. Can Automated prevention be implemented.Is wIPS (with WLC 5508) support to detect and prevent Rouge AP.Is Proxy Redirection supported on WLC so that the traffic from Wireless clients will automatically be redirected to Proxy (without adding the proxy in explorers of Wireless Clients).
View 7 Replies View RelatedI know that the 3600 series APs are not supported on the 4404 WLC. However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs. I ask because the APs do not need to join the guest anchor.
View 7 Replies View RelatedWe have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller. We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0. Will there be any issue if the anchor controller is not the same code as the foreign controller? Do I also have to upgrade the acnhor controller to 7.0.240.0?
View 2 Replies View RelatedI am trying to block clients based on MAC addresses connecting to our Wireless Guest network.
My scenario is: We have 2 interfaces (corporate and a guest). Users are connecting to our guest network after they have automatically connected to our corporate network and logged into Windows. When they realise that things are not quite working in the way they want (access to servers etc...), they reboot and then find they cannot logon to the laptop at all. This is because the laptop has automatically rejoined the guest network and has no access to AD. I then have to locally logon to the laptop and remove the guest network.
It’s starting to become a bit of a pain as we are an educational establishment and... well... you would wouldn’t you
Hardware: WLC5508, Software Version 7.3
So far I’ve tried enabling MAC Filtering under “Security -> AAA -> MAC Filtering”, but found out that it’s a white list. The opposite of what I’m trying to achieve, but I like the fact you can link it to a specific interface.
I’m just looking at the “Disabled Clients” again under “Security -> AAA ->”, but think this is more a total ban as I cannot see a method at attaching it to an individual interface. I'm kindda stuck and my good old friend Google is not yielding great results.
I’m not by any means a wireless expert, so there is probably a better method. I would prefer to use the controller as a way of achieving this, but if you think I’m wasting my time and should be looking at a Windows Group Policy method then I’ll go with that?
I am curious if I can do an either or sitution with a single SSID. If you are on the mac filtering list then you gain access to the network, if not then enter your WPA2-ENT credentials. I have a minimal ammount of users that need mac filtering, but do not want to give them there own SSID.
Cisco WLC 5508 7.4 code
we use wlc 4402 (Software Version 7.0.98.0) and want to allow only several wlan nic vendors to connect to a wlan ssid.According to this, is it possible to configure MAC Filtering with wildcards, e.g. aa:bb:cc:* ?
View 1 Replies View RelatedI have one instance of WCS 7.0.172.0 (on a Linux host) and a fleet of WiSMs that I'm upgrading from 7.0.98.0 to 7.0.116.0. Every time I run thru the upgrade process from within WCS (scheduled to run overnight, off peak hours) all of the controllers that were upgraded then show as "unreachable". Grepping thru wcs-0-0.log shows messages that the controllers are unreachable via SNMP but running an "snmpget" from the command line to any of the affected controllers works just fine. The only way I've found to remedy this is to stop and restart the WCS service. Considering how long that takes with my deployment...I'd rather not do that every time .
View 2 Replies View RelatedI am having a Wism on 6500 chassis with software code 7.2.103.0 Now......... I use to have 7.2.111.3 on the Wism before but for some reason I had to downgrade the code to an older version (some compatibility issues with the NCS)......
Now before all the APs were having 7.2.111.3 version running as soon as I downgraded the controller IOS most of them downgraded the code but a few still did not show up...... so I picked one of them and did a factory reset on the AP and was guessing that it might get the new code from the controller this way but unfortunately since than I have tried a lot of things but no luck. I have switches configured on layer 3..... other APs connected to this switch are working fine,........ when I reset the AP to factory default it doesnot take an IP obviously so I manually define the IP,,, you would find that configuration below too.... but than after a while it trys to locate the controller and could not find it.... where as, as i said other APs on teh same switch works fine......
the only thing i notice is that it does not release the IOS .. it is still having 7.2.111.3.....
using MCNG ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
[Code].....
I have 2 4402 WLC running 7.x.x.x code. I also have some 1510 Mesh- L WAPs that require an old version of code. I need 4.1.192.22M for those. Is it possible to bring up a 3rd controller running this old code with the other 2 4402's running modern code? What will break? I know that anchoring and mobility might get messed up. What are the other caveats?
View 2 Replies View Relatedl have implemented mac filtering auth on my wireless network, l have 2 WLC ( 1 WLC 5508 and 1 WLC 4402, and I wonder if you can migrate the mac address database of a WLC to another and how can l do this.
View 4 Replies View RelatedNeed to move a 5508 back a step to support some older AP's. Any concerns on reverting code, after the mandated FUS update?
View 5 Replies View RelatedI had configured one access point CAP3602E in flex connect mode through a WLC 5508 after deploying the access point in flex control mode the local mac-filering is not working. before it was working when ap was in local mode. any body have to know is the mac-filtering working in flex-control mode ?
View 2 Replies View Relatedi have cisco CAP 3602e series access point to work with 5500 series controller with code 7.0i did not find VCI option 60 for this type of APs to configure DHCP. How I can let these APs will join the controller, i mean through which process DNS discovery methode and what about if i need to configure option 60 and 43 in dhcp for ap joining process to controllers.
View 4 Replies View Relatedi'm going to upgrade a 5508 wlc code from 7.0.116.0 to 7.1.91.0 to add 3600 series access points having it all manageable via WCS ver 7.0.230.0 it seems to be possible, as it is explained in the compatibility matrix found on [URL]now I have to download the file to the controller...
AIR-CT5500-K9-SPECIAL-7-1-91-0.aes
(direct update possible)
before doing that I'd like to know if I will loose my configuration on the controller i'm concerned about that because the release document is not clear:
- We highly recommend that you back up your controller's configuration files prior to upgrading the controller software. Otherwise, you must manually reconfigure the controller.
- For busy networks, controllers on high utilization, or small controller platforms it is advisable to disable the 802.11a/b/g networks as a precautionary measure.
- Step 5 Disable any WLANs on the controller.
- Step 19 Re-enable the WLANs......
- Step 22 If desired, reload your latest configuration file to the controller. (reload config after reenabling wlans?another controller another question .....: a cisco wlc 2100
found 2 update files
AIR-WLC2100-K9-7-0-230-0-ER.aes
AIR-WLC2100-K9-7-0-230-0.aes
why 2 update files this time? what file to update first?
From 6.0.199.4 to AIR-CT5500-K9-7-3-101-0.aes. Get the error below halfway through download of file to controller.
*Dec 11 14:18:55.775: %UPDATE-3-FTP_TRANSFER_FAIL: updcode.c:4158 Error FTP file Transfer [ftp_get], <28>, No space left on device.
I have no idea how to delete files form the storage on the 5508? TFTP transfer gives me this error after the upload is done:
% Error: Code file transfer failed - Error while writing output file
*Dec 11 15:11:45.514: %TFTP-3-FILE_WRITE_FAIL: tftp_client.c:517 Error while writing 512 bytes to file. Tftp error.
*Dec 11 15:11:45.514: %TFTP-3-WRITE_NOCLOSE_FAIL: tftp_client.c:147 Error while writing the local file: No space left on device
*Dec 11 15:11:45.514: %OSAPI-3-FILE_WRITENOCLOSE_FAILED: osapi_file.c:582 Failed to write 512 bytes (FileDesc:64). file write no close failed
I search for the both files, because I want to configure one ASA with 8.2.1 and the other ASA with a 8.4.x image to see the differences between both versions. But I don`t have a account to download the ASA Image 8.4.x an the ASDM 6.4x to test it.Is there a chance to get those Images without a Account.
View 1 Replies View RelatedUsing Cisco Prime 4.1 and it looks like garbage in Safari. Any chance that there is browser support besides IE?
View 1 Replies View RelatedI want to use a 5508 as an anchor controller for a wireless guest deployment....but the client has internal 4402's controllers, with software version 7.0.235.0...is it possible tu mix these two controllers for a Wireless Guest Access Deployment??
View 3 Replies View RelatedA wlan on my controller is configured for WPA2, AES encryption and a PSK. A vendor will supply me with a wireless device for this wlan. The vendor asks if we use AES 128 or AES 256. I had always believed we use AES256 but I can't verify this. How can I verify this to the vendor?
View 1 Replies View RelatedSeems that all solutions are null and void for us because we are not using SNMP v3 or H.
We are using SNMP v2, We have upgraded our WCS to latest version as well as the controllers. I have 6 controllers currently added although they are on WiSM blades.
We are unable to add the 5508 Controllers, we keep recieving this error -
No response from device, check SNMP communities, version or network for issues.
I have confirmed all connectivity is working, even with a debug on the controller you can see it sending SNMP packets to the WCS, although still same error.
I have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .
------------------------------------------------------------
Nodes -->Switches-->ASA 5505-->Internet
-------------------------------------------------------------
Is there any chance to access files on 4400 with ssh (winscp etc.) clients ?
For example we upload webauth bundle and then we want to delete it and recopy another files..
I have a wireless controller 5508 and all my interfaces can be accessed via https or ssh from a wireless client. Management access from a wireless client is disabled so I don't understand why this is happening.
View 10 Replies View RelatedWe have a customer that is looking to allow only static IP addresses onto the wireless network via the new 5508 we are putting into place. I can see where to require DHCP but not the opposite.
View 4 Replies View RelatedIs it possible to block outside P2P traffic on a guest wireless network using an ACL on the controller? I know we can do it our firewall
View 6 Replies View Relatedi'am trying to configure an AP1121g on my controller wlc5508 7.2 but i'am facing a compatibility issue.
View 5 Replies View RelatedI have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch. Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch. Can I put the AP's on a different VLAN (10) without having any issues? I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
WLC Config
interface GigabitEthernet1/1/38
description WLC01
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 90
switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
switchport mode trunk
[code]......
Web Auth on 5508 running 7.2.103.0.
Issue 1: I have been trying to configured Webauth bundle however it seems that is not working.
1. login.tar created use picozip contains 3 files: login.html, terms.html, and logo.jpg.
2, uploaded via FTP to controller successfully..
3, no issue when i tried to preview on the controller
However users unable to see the login page when connected to guest wifi. when the user tried to connect cisco.com, on the browser address shows that the page redirected to url... however internet explorer / firefox display "Connection reset error".During this time, if i ask the user to type url... they can see the default login page, so no issue on connectivity to the service port.
Issue 2: Since i couldnt make that work, i have use default webauth internal. its all good. then when i tried to upload customlogo.jpg (18k size). User able to see the login page however not the logo. it shows broken image icon on the web browser. --> i can see the logo when i did preview on the controller.
Issue 3: last resort if i couldnt get the answer by sunday, how do i delete or remove the customlogo ?? so by monday users will not be seeing any errors on the page.
Cisco 5508 Series Wireless Controller for up to 100 APs 802.11a/g/n Ctrlr-based AP w/CleanAir; Ext Ant; E Reg Domain..For Mobility i want to settup the device such that the SSID would be the same with thesame security key and in different subnet.
View 5 Replies View RelatedI can not get our 3602i AP's to register with our 5508 controller which is running 7.2.103.0 code. We keep seeing an error in the log on the WLC "AAA Authentication Failure for UserName:c46413c08e92 User Type: WLAN USER" and on the Access Point we are seeing [code]
I entered the CAPWAP ap controller ip address directly into the AP so it shouldn't be an option 43 DHCP issue