We need WiFi security on our corporate SSIDs locked down using certificates, we are using wlc cisco 2100 series. We need these on every workstation, laptops etc.
View 6 Replieshow to chance the web authentication certificte on WLAN 2100 controller. My users are complaining that they need to accept the security certificate before proceeding to the actual authentication?
View 4 Replies View RelatedI have a cisco 877 configured foir lan to lan between sites A and B. I have used vlan 1 but looks like i have to bvi1 if i need to use the wireless,what is the difference between bvi and vlan. if i wanted users on the same vlan and wireless what would be the base config ? at the moment all corporate traffic goes to site A and other traffic goes to internet. now would i be able to create two ssid, one for corporate to access corporate subnets and the other for guest access alone where the traffic goes out to the internet.
View 1 Replies View RelatedI have powered ON WLC(2100 Series) and connected LAN port from WLC to my PC. To access WLC GUI what is the factory default IP address?
I connected Console Port of WLC to Serial port of my PC. I have configured WLC as per the WLC quick guide.
Management Interface IP address :: 10.40.0.4
Management interface Net Mask: 255.255.255.0
[Code].....
The result is same even when below commands are used Configuration modeport adminmode all enablenetwork webmode enablenetwork secureweb enable
I have a problem with our WLC 2100 series (2125). Basycally internal DHCP server configured on WLC is not working. I have one AP connected to port no 7 (PoE) to bypass and eliminate problem with other equipment.
Port no 7 details:
IP Address: 192.168.30.10
Netmask: 255.255.255.0
Default router: 192.168.30.1
DHCP Server: 192.168.1.250(code)
I have a cisco wlan controller (2100) running software 7.0.235.0. I have the internal private wlan running off of port 1 and that is working fine with an internal dhcp server.Is it possible to setup another ssid (guest) and have the interface directly linked to a static ip on the WAN and also use the built in cisco internal dhcp server?
View 4 Replies View RelatedRecectly we replaced Cisco 2100 Series LAN controller to Cisco 5508 Wirless LAN controller , I downloaded WebAuth Bundle from my Old LAN Controller ,when i am trying to upload to my New Wireless LAN controller ,its not uploading and also it gave me uploading failure error message .
View 2 Replies View RelatedWe have 4 1142N LAPs that I want to divide between an internal wireless and a guest wireless network using the controller. Currently all of the APs are on an established internal network, but I want to migrate one over to a test guest network before buying more LAPs to augment the networks further. Currently the port connecting to the WCS from the 3560 switch is configured as an access port using VLAN 10. Whenever I make it a trunk port carrying VLAN 10 as well as the other ports we will be using for the guest and ap-manager networks, I lose connection with the controller. To me this implies that the port on the controller is configured as an access port as well. In the documentation I found for the controller it states that by default the ports are al configured to be trunks, but it appears as though something was changed by the previous tech. All of the APs are connected to other switches, not to the controller itself.
1) How can I get the port on the controller back to being a trunk port
2) Can I use the internal DHCP server for the guest network if the subnet is different than the management subnet, or will I have to use another external server and relay/proxy it through the controller to give guest clients IP addresses?
I'm trying to test fast roaming using a Cisco 2100 Series controller and 2 1140 APs. The initial authentication succeeds fine and the wireless connection works ok using WPA2+CCKM and LEAP with a Cisco ACS radius server.The problem is that the client does not attempt to preauthenticate with the other AP because the RSN Capabilities IE in the AP beacons and probe responses do not set the RSN Preauthentication capable bit. I can't figure out what it takes to get the APs to indicate to clients that it can do preauthentication. I'm been crawling through all the documentation I can find, to no avail.
View 1 Replies View RelatedWe have VPN IPSec tunnels on cisco routers between Remote/Central sites. I'd like to replace the old 2811 by 29xx on the remote sites.So I did export/import RSA key for the certificate as follows:On 2811,But the IPSec tunnel didn't go up, it stayed in MM mode giving "Bad certificate" message in the log.I ckecked and compared the RSA key and certificate between these routers; they are the same in characters.
View 1 Replies View RelatedThere is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
would it be the change on GUI? So now where i can import the CA certificate to ISE?
i have 1001 ASR which boots up ok but shows a warning "filesystem is not clean" and thereafter the image is validated well, it shows up the following two messages and just goes idle from there. [code]
View 6 Replies View RelatedWe do some remote work for our customers and often have to use their VPN in order to connect to their systems. We have had no problem utilizing the Cisco VPN with some of our customers unti recently. We picked up another customer that uses the Sonicwall VPN. If I sign onto the Sonicwall client, sign off, and sign into the Cisco VPN client, at the point that it makes the connection, it completely locks up my users' PCs. It happens to all of them.
I've discovered that from a fresh boot, I can get on and off the Cisco VPN all day, but as soon as I utilize the Sonicwall VPN, and then return to the Cisco VPN, it locks up every time.
All of my machines are Windows 7 and are using the Cisco VPN Client Version 5.0.07.0290.
I've got a RV220W that for some reason has started acting a bit strange. A couple of times a day the network stops functioning, both wireless and wired. At first I thought this had to do with my newly installed laptop, that it maybe caused some hickup that made the router reboot but even when it's turned off I can still read in the logs of my NAS server (Qnap TS-419P+) that "Lan 1 is down" followed by a "Lan 1 is up" a couple of minutes after.
The things connected to the network by wire is my Macbook Pro (2012), the Qnap and an LG home theater system and the wireless devices are a couple of iPhones and an iPad. The problems started after new years eve and I've been running the latest firmware (1.0.4.17) for a few weeks before that.
So we have this problem that just started, I can replicate the issue as well, if a user makes a mistake on typing there password after 1 attempt ACS sends 3 to AD locking out the user.
In a putty or secureCRT session after 1 password failed attempt, I am unable to retry with that same session.
The issue seems to be that after 1 bad password attempt, from the client side I am unable to get another try.
I can't seem to find any documentation to how to get this working. I'm trying to make it so that only users of a certain AD group are authenticated for my Anyconnect VPN on my ASA 8.2.2
I've found the documentation on how to prevent logins using the msNPAllowDialin attribute, but not how to base it on group membership (memberOf) [code] I need to do any kind of restrictions inside the actual group-policy TESTGROUP ?
I have the main router, which is SMC SMCD3GN from Rogers in Canada, and I have heard from MANY people that this router REALLY sucks..especially the range. And I myself also had problem with low signal in the 2nd floor of my house, so I purchased the wifi repeater (TP Link) to extend the range. I followed the guide given in the box, and everything was set up flawlessly. However, after a few hours of use, all my devices (laptop, tablet, phone) which are in the same room as the repeater decrease the signal again, to the point where it was before I purchased the repeater. Then if I disconnect the wifi and reconnect, the signal is full again. Sometimes I have to unplug the repeater from the wall and replug in order for it to work.
View 2 Replies View RelatedI am having issues with my freinds new DIR-825 Rev:B1 Firmware:2.02NA, The admin pages are intermittently slow to load and sometimes wont load until I power cycle the device. I am using IE8 on vista x64, and have the issue on all pc's on the network. Is there a work around for this?
View 7 Replies View RelatedJust upgraded from the base card to a Intel Centrino 622ANHMW 6200 wireless half mini card. The added speed is great, but the 1750 is locking up frequently. I installed the recommended drivers and install went fine.
View 3 Replies View RelatedHad a Sev 1 issue today. We have a bunch of Nexus 5ks connecting to some HP C7000 Chassis for the use of Virual environments. Engineers build and tear down servers during the day, however today, an engineer configured a virtual machine accidently with its IP address as the default gateway. Each pair of nexus switches has one physical SVI per vlan and a HSRP address for the vlan. Of course this engineer configuring the server IP address as the HSRP address killed the vlan... which lead me onto think... are they are tried and tested techniques to protect this from happening on the switch. Enforcing the ARP/MAC of the HSRP address and not allowing it to change or any other device to change it?
View 2 Replies View RelatedI am the CEO of a small company with 5 divisions, 2 of which are remote. There is also my home office that I wish to be on the company VPN.We can't afford an IT department, so it is up to me to ask for a network diagram (as specific as possible) that lays out all the hardware required.My plan is to eventually have an intranet web server, file server, and database server all for internal use. Our external webserver is hosted by a well-known company. Growth must be considered both in hardware and network.
View 4 Replies View RelatedI have cisco's CUCM version System version: 7.1.5.10000-12 when I do a corporate lookup (form my 7970 I hit Directories - 5) Corporate Directory) I see all sort of accounts that have no phone extensions I.E. our windows service accounts, our administrator accounts that have no number associated with them. is there a way for me to hide them?
View 1 Replies View RelatedI need information about the Aironet 600 access point.I got a customer who want to deploy a guest WLAN on branch office with an authentication with a captive portal that is centralized. I would like to use the OfficeExtend functionnality with Aironet 600 Acces point & WLC 5508 or 2504 to centralize the traffic from all access points on the controller.
On those branch offices, there were a few "free access desktops" that need a copper link. I want those devices to be also authenticated by captive portal, so I want to connect them on the four 10/100 port of the access point. But it seems that we can only use one port as "corporate remote LAN", the threee others are just for "home LAN". Is it correct ? Is there any solution to configure the four ports as remote LAN interface ?
My company uses an ASA 5520 to authenticate VPN using the Anyconnect client. We would like to deploy a second authentication method such as Host Scan (CSD.) Our ASA is currently running on a "Plus" license. As I understand CSD will only work with "Premium?" If this is correct are there other options for two part authentication? We're also considering using FOBs and have ruled out using the NAC.
View 3 Replies View RelatedI have a Belkin Wireless G Plus MIMO Router and had no problems connecting to corporate in the past until several months ago. I can connect just fine if I bypass the router and connect to the modem. I also have no problem if I go to places like Subway. There is no problem with the wireless internet connection, only a problem when I try to connect to corporate through the VPN.
View 3 Replies View RelatedLooking for routing with an SA540 router connecting to corporate VPN.We have an odd configuration that is beyond the scope of what I have configured previously with these devices..I am trying to configure the routing to the additional IP addresses listed for the HQ. The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing. The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel. The options I am unsure of for configuration of the SA540 router are: GW - I believe that I use the internal IP address of the 17.26.120.x router.Is this logical since the VPN tunnel. We are using NAT for the firewall internally.The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.
View 2 Replies View RelatedI have some trouble with the setup of an oeap 600 ap. The ap has joined the controller as it should and the remote-lan connection to my corporate network works well, but i can't connect to the corporate wlan.
When i check the event log on the ap it says:
"
*Oct 02 07:36:56.662: (Re)Assoc-Req from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:36:56.665: received assoc-rsp for wireless client, status=0011
*Oct 02 07:37:11.712: DisAssoc-Req/DeAUTH from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:37:11.713: WTP Event: Delete Mobile sent to wlc00:1a:73:d2:82:8c"
and a debug on the controller gives me:
apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Adding mobile
on LWAPP AP ec:c8:82:c2:3a:20(0)
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Association received from mobile on AP ec:c8:82:c2:3a:20
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Sending Assoc Response to station on BSSID ec:c8:82:c2:3a:20 (s
tatus 17) ApVapId 1 Slot 0
[code]....
erro came with 3722------however after checking date and time i was able to login. AZAD
View 1 Replies View RelatedI am trying to connect to my office wifi which uses a proxy server. Scenario 1: I am using Samsung Bada (wave 1), connected to the internet successfully and also any applications that require an internet connection including Samsung's app store. While, connecting via open networks like home wifi and other friends' wifi also worked without any issue. Scenario 2: Now I also have an android based Galaxy pocket: even after entering all the required proxy setting as mentioned above, I can access websites via browser but cannot access samsung's app store, google's play store, skype, sipdroid etc. I know it is nothing to do with the network administration as I am still accessing via my samsung wave but not via android. Is there anything like a network profile I need to assign for these applications?
View 1 Replies View RelatedHow can i to prevent the demonstration of a software in corporate network?
View 2 Replies View RelatedI have a computer that was previously connected on-site (hard wired) to a corporate network. I am now attempting to connect it on-site to my home network. While I have a live Internet connection going into the computer, I cannot connect to the Internet. Is there soem sort of setting adjustment that i need to make?
View 5 Replies View RelatedLooking for input on creating a guest VLAN for a client. The goal is to create a guest VLAN that doesn't have access to the corporate network using one DSL modem. They currently have a managed switch (3COM Baseline Switch 2928-SFP Plus). There are no existing VLANs or guest access. Additionally, they are looking for a WAP that supports captive portal.
View 10 Replies View Related