I'm having some weird issues where I cannot ping from the WLC to the IAS RADIUS server. All of my clients cannot connect, but from the switch, router, RADIUS server, and hard wired clients, I can ping to the WLC and RADIUS server. The only thing that cannot ping the RADIUS server is the WLC itself. Nothing in the FW is blocking connectivity. [code]
View 11 RepliesI'm having issue to setup authentication with our external Radius server so I'm thinking whether the 2504 has inbuilt feature which I can configure as a Radius server? if so are there any guide for configuration?
View 1 Replies View RelatedCan the 2504 WLC be configured to work with one RADIUS Server for Authentication of Management Users and with a second server for 802.1x EAP-TLS certificate authentication for the end users.
Management Users will authenticate on RADIUS Server 1.Wireless End users will request 802.1x EAP-TLS authentication certificate from AAA server 2.
I want to know if its nessary to install Certificate authority on your radius server. If we have a CA server already in the domain can we use that for this purpose or we have to install certificate authority on our DC.
View 1 Replies View RelatedI configured the 2504 with 2 SSIDs for staffs and guests.I also configured the Lobby admin with web auth. But if a guest wants to connect our wireless he/she has to enter the PSK key and then only they are able to connect with the user id and password given by Lobby admin. Can we avoid this key and let the guests connect straightaway with the web auth?I’m planning to configure 802.1x & Radius dual authentication for staffs SSID..
View 5 Replies View RelatedI have a new 3560G to set up a small network for a remote site. I configured the vlan and an SVI as the gateway. The switch is also the DHCP server for the LAN. I configured Gi0/2 as L3 port, connecting to the nearest neighbor. My network runs EIGRP so i advertised the routes into the EIGRP process. The switch forms EIGRP neighbors and learns all routes in the enterprise network. The problems I'm having now are: 1. The switch learns all routes in my enterprise LAN and can ping devices in the enterprise LAN, but I can’t ping any interface on the switch from the enterprise LAN. 2.
View 5 Replies View RelatedI set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies View RelatedFrom My Router that connects to Cable modem i am unable to ping website 4.2.2.2I am able to ping all other websites fines.Same website i can ping from my pc and all other switches fine.Router has only 1 ACL thats for NAT.
View 25 Replies View RelatedWhen I ping an address from my windows machine, it succeeds, but when I ping to the same IP on my MAC OS X machine, it fails.
1. Why?
2. How to get successful ping on my MAC machine?
I installed window server 2003 in a old Pentium III server as a standalone test server. Now I want to use it as a print server and connected it to the domain. I can ping workstations and other servers from that test svr. But i cannot ping that test server from the work stations.
View 2 Replies View RelatedI had both a Westell 7500 and a Linksys Router working fine and had my 360 setup as an extender for Windows Media Center so I could stream TV, Music, Movies, etc from my desktop to the 360. Then I switched my modem/router out with a Zyxel PH5001Z
So now today I noticed that I can no longer find my desktop through the XBox. I have adjusted my firewall settings on the modem itself, even completely disabling it. UPnP is enabled for the 360 and the device is showing under my device table. At first I wasn't able to ping any network devices but after creating an ICMPv4 Firewall rule it worked fine. I've confirmed the XBox IP Address through Network Map, the Device Table on the modem and through Network Settings on the XBox. I've diabled my modem firewall as well as Windows Firewall, completely and I still can't ping my XBox or set it up as an Extender.
I have the XBox connected wirelessly using WPA2-Personal and it's operating in 802.11g/n mode.
Why a 2504 Poe? If it can not be used for AP.
View 10 Replies View RelatedSo I bought a 2504 AP. I also have some AIR-CAP3602I-A-K9. The WLC web interface sees them in the CDP neighbors. The devices get an ip address but I can't add them as access points. I think if I can do that I can get something simple going.
On the access points I get the stuff below. I didn't set it? At least not the
CISCO-CAPWAP-CONTROLLER
I'll be honest I've never set one of these up and I'm on a steep learning curve!
% Invalid input detected at '^' marker.
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar 1 00:00:50.167: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.33.0.75,
mask 255.255.255.0, hostname APfc99.47c8.518a(code)
I have a wireless controller that works perfect but because we have some new access-points 1602i that is only supported bij software version 7.4.100.0. So I need to upgrade the controller because I now have version 7.0.116.0. I have read in release notes of version 7.4.100.0 that I first need to upgrade to 7.0.240.0 to avoid losing those VLAN settings.
Note If you have VLAN support and VLAN mappings defined on H-REAP access points and are currently using a 7.0.x controller software release that is prior to 7.0.240.0, we recommend that you upgrade to the 7.0.240.0 release and then upgrade to 7.4.100.0 to avoid losing those VLAN settings.
But I also read something about Field Upgrade Software. If you are using a Cisco 2500 Series controller and you intend to use the Application Visibility and Control (AVC) and Net Flow protocol features, you must install Wireless LAN Controller Field Upgrade Software for Release 1.8.0.0-FUS. This is not required if you are using other controller hardware models. For more information, see [URL] .....
Here is the system information of my controller:
Manufacturer's Name.............................. Cisco Systems Inc.Product Name..................................... Cisco Controller Product Version.................................. 7.0.116.0Bootloader Version............................... 1.0.16Field Recovery Image Version..................... 1.0.0Firmware Version................................. PIC 16.0
Build Type....................................... DATA + WPS
System Name...................................... WIFI-WLC-01System Location.................................. System
[Code] ....
I was thinking of the following steps:
1. Backup the current config
2. Upgrade to version 7.0.240.0
3. Test and backup the config
4. Upgrade to version 7.4.100.0
5. Test and backup the config
6. Upgrade Field Upgrade Software 1.8.0.0
7. Test
I'm planning to upgrade our WLC 2504 from 7.2.111.3 to 7.4.100.0 but the cisco site says "WLC Version 7.4.100.0 will need Prime Infrastructure Version 1.3 to be managed, Version 1.3 is not yet available to download at this point of time" Is it something about NCS? we have only 1 cisco WLC 2504 and 6 1142APs.. Also let me know is it possible to go directly from 7.2 to 7.4 ?
View 8 Replies View Relatedwhat is the maximum number of APs supported on Cisco 2504 WLC?According to the Data Sheet it is 75:
[URL]
But according to the config guide it is 50:
[URL]
I believe the correct number is 50, but I just want to be sure.Is this a software limitation?
I've problem with a WLC 2504. Some Clients like phones and Thin Clients get an IP 0.0.0.0.Software Version is 7.0.235.0. Test with a Laptop seams to be OK. Some printers also got an 0.0.0.0.Around 30% are not OK. also had the log: Impersonation of AP with Base Radio MAC 00:yy:yy:yy:yy:yyusing source address of 00:xx:xx:xx:xx:xx has been detected by the AP with MAC Address: 00:yy:yy:yy:yy:yy on its 802.11b/g radio whose slot ID is 0 The problem is, I cannot go to 7.2 version because I have 2 x AP 1231 and 2 x 1242 AP's.1231 AP's are not anymore supported in 7.2 Version.
View 14 Replies View Relatedi am trying to get ad authentication working on a WLC 2504, can I use the LDAP server configuration for authentication?
View 1 Replies View RelatedI have two WLC 2504 controllers. These controllers are for two different buildings. But they share a VLAN, and network address range. How can I control the access points to the register selected only at a specific controller.
Example:
AP 1 -> WLC 1
AP 2 -> WLC 2
AP 3 -> WLC 1
Since the buildings also broadcast in different SSID. The two controllers are in a mobility group.
If we update our ios on WLC do we have to add the certificate for AP's again or we don't need to do that.
View 4 Replies View RelatedI have an allready configured WLC 2504 running in the network. Every LAP i add to the network joins imidiatly to the Controller. But not the AP1121G AP. It fails the Handshake everytime and the Controller shows me an failmessage at the statistics in the GUI. [code]
View 3 Replies View RelatedSome time ago I updated a WLC, model 2504, from version 7.3 to 7.4.100.0. I also update the FUS (Field Upgrade Software) to the latest release, 1.8.0.0. Now I need to downgrade the WLC back to 7.3 version.
My doubt is: Can I just take the normal processes and downgrade the WLC back to 7.3, even with the FUS in version 1.8.0.0?
I've read some conflicting things on the new 2504 WLC's. Some things indicate all 4 ports are fully useable, while others indicate perhaps only 1 or 2. I think I've read in product documentation that it support a max of two ap-manager interfaces. Does, for sure, all 4 ports are useable? I'm thinking of the following configuration:
Port 1: management interface and first ap-manager interface
Port 2: second ap-manager interface
Port 3: first dynamic/client interface
Port 4: second dynamic/client interface
I'm planning on deploying my ap's in h-reap mode with a max of 25 ap's per 2504. Since I'm using h-reap, bandwidth shouldn't be much of an issue so I'm also considering trimming it down to using just two physical ports as follows so I can take up fewer gig switchports which are scarce at many of my locations:
Port 1: management interface and first ap-manager interface
Port 2: first and second dynamic/client interface
I've always deployed 4400's and 5508's with LAG so I haven't had to think about this much until now.
I'm new in installing WIFI, I have WLC 2504 using 7.4.100.0. I have AP 1600 (AIR-CAP1602E-E-K9)
I installed the WLC and AP in a cisco poe switch, wlc and ap are in the same subnet and can ping ap from WLC, but the AP cannot join the wlc. i have this error message
(Cisco Controller) >show ap join stats detailed 00:06:f6:d6:03:f0
Sync phase statistics
- Time at sync request received............................ Not applicable
- Time at sync completed................................... Not applicable
Can a 2504 wlc use a vlan ids of 190X? I have found that it supports 512 vlans but I have not found any restrictions in the id used.Vlan id 190X is distributed by the isp (they have the ASAs in their central site) so if it is not supported I must prepare a vlan transfer between switches.
View 4 Replies View RelatedIs it possible to use a 2504 wifi controller to manage compatible AP's across different subnets ?
View 2 Replies View RelatedI have deployed a 2504 controller with EAP-TLS however we are receiving the following errors where it appears the EAP response timeout from the client is expiring and not receiving a reply, this is happening with all clients.
We have three SSIDs one with EAP-FAST working perfectly, and a third with WPA2-AES itis only this where we are seeing the response appear to expire. Running code 7.0.116.0 on a WLC2504. RADIUS shared secrets all ok.
*Dot1x_NW_MsgTask_5: Oct 17 11:16:16.207: 00:19:7e:c3:ab:35 Sending EAP Request from AAA to mobile 00:19:7e:c3:ab:35 (EAP Id 224) *osapiBsnTimer: Oct 17 11:16:46.036: 00:19:7e:c3:ab:35 802.1x 'timeoutEvt' Timer expired for station 00:19:7e:c3:ab:35 and for message = M0 *dot1xMsgTask: Oct 17 11:16:46.037: 00:19:7e:c3:ab:35 Retransmit 1 of EAP-Request (length 14) for mobile 00:19:7e:c3:ab:35 *osapiBsnTimer: Oct 17 11:17:16.036:
[Code]....
Trying to add Cisco 2504 Wireless Controller, Software Version 7.3.101.0, to Cisco Prime Infrastructure 1.2 (1.2.0.103), License Evaluation, with no success. When using Discovery, Discovery Job show Credential Errors: "Error occurred due to invalid SNMP credential"
When Add Device from Device Work Center I get: Reachability is "Unknown", Device Type is empty, Collection Status is "Managed with Warnings", with message "SNMP Failure: No Response for SNMP Get request.", Collection Time is empty.
I've tried with both snmp v2 and v3. I've tried to lower "Maximum VarBinds per Get PDU" to 10 or 20, cause I've read similar problem in NCS.
I am currently useing ACS 5.2 and have no problem using Tacacs+ with AD access.
But with Radius it seems I can only get the Local identity store to work, need to do something special to get Radius to work with active directory with Cisco ACS?
Cisco WLC 5508
Software Version: 7.4.100.0
Windows Server 2008R2
I've got everything setup on the Windows Server 2008 side of things (certificates, radius clients, etc). I added the radius server on the WLC, and configured a new W LAN to use it. Both are on the same sub net. When trying to connect to the W LAN it kept failing. I installed wire shark on the server to monitor the radius traffic, and to my surprise there was no radius traffic showing up on the server. The radius statistics on the WLC are at 0 as well, so it's like the WLC isn't even attempting Radius.
I re verified that the server was enabled on both the security tab and the W LAN itself on the WLC. Rebooted the controller and the server, all to no avail. I used a radius test client, and can successfully send radius commands to the server using that utility. Frustrated, I just kept trying to reconnect on my wireless device, and after about the 15th try, finally I saw radius activity on wire shark. It rejected my access, but at least I saw activity. It also registered radius statistics on the WLC as well.
So now if I keep trying to connect repeatedly, about every dozen or so times the WLC actually will send a radius request to the server.
I am running ASA version 8.4(1), and anyconnect version 3.0.1047. My SSL VPN works fine, but i run into an issue with one user . his account did not work , and everytime users logged in it got this message "VPN Server could not parse request".
I found the problem after getting a user information meaning his username and password. His password had "&" as one of the special characters. when we change it to something that does not have that , it works just fine.
We are using microsoft NPS server as radius. but when i run a test within CLI it works just fine, only when anyconnect asks to authenticate it fails.
I have a strange issue on my ASA 5510 (8.4). I can't ping or connect to the VPN clients but the VPN clients can ping/connect to any inside resources. I have checked all the NAT extemtion entries.
View 3 Replies View RelatedI want to secure our WLAN via Web Authentication with our new Cisco 2504 WLC. But where do i find user activity logs?
View 2 Replies View Related