Cisco :: Radius Auth Fails For Some Machines After Upgrade From 1231 To 1142
Dec 9, 2012
After upgrading from a 1231 autonomous to an 1142 autonomous AP some machines can no longer authenticate. AP logs show authentication failure and access reject coming from the Radius server. Radius server shows authentication failures but no specific reason. Using the same account on another machine works fine. Machine settings have been verified and if we go back to the 1231 all users authenticate fine. Below are the configs:
OLD AP:
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
[code]...
View 3 Replies
ADVERTISEMENT
Jun 21, 2006
We have a 1231 AP and a Freeradius Server.Now we are using MAc authentication.The thing is that the AP sends two parameters to the RADIUS:
User-Name = "000ff855df2e"
User-Password = "000ff855df2e"
both are the MAC of the wireless client.I want that the AP send:
User-Name = "00-0f-f8-55-df-2e"
User-Password = "mykey"
Note that the MAC is dash separated and the password is forced to the key that I want.
View 2 Replies
View Related
Jan 12, 2011
I can't seem to get the SSID RadiusTest to work properly.
Windows PC's show "Windows was unable to find a certificate to log you into the network". Macs don't authenticate either. Radius server isn't seeing any requests at all. Radius server is working because we are authenticating other things to it.
On my test 1231, IOS is 12.3(8) JEB1.
version 12.3
no service pad
service timestamps debug datetime msec
[Code].....
View 2 Replies
View Related
Sep 24, 2011
I have setup a Cisco Aironet 1040 to connect to our Radius server which I have also configured.
I can successfully connect up any Iphone or Ipad but I cannot get any laptop to connect.
I have attached the logs showing the Iphone Successfully logging in and the Laptop Failing. Every single failure in the Event log for NPS comes up with
Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: scottd
Account Domain: AMSLAN
[Code].....
View 12 Replies
View Related
May 15, 2011
Im trying to configure a 7204 for radius login authentication, although the router is also configured with radius for VPN access. How can I configure it for both using 2 different raidus servers? the login via radius is working fine on another router, although that one is not doing VPN access so there's no conflict.
My config:
aaa group server radius RADIUS_AUTH server x.x.3.11 auth-port 1645 acct-port 1646
aaa authentication login networkaccess group radius local
[Code]....
For some reason, this does not work. I cannot access the router and authenticate via x.x.3.11 radius server. I think there's a conflict between the VPN and the login authentication but im unsure how to resolve this.
View 3 Replies
View Related
Jun 14, 2012
We have a Cisco aironet 1162N connected to a Wireless Controller (LIGHTWEIGHT mode), the device failed and it needs to be replaced.We have a Cisco aironet 1142N in stock available to use.Can we proceed with the change just with disconnect the failed AP (model: 1162N ) and connect the new one (model: 1142N)? Or there is any other task to be done before the change? since the WLC manages the configuration for each AP.
View 8 Replies
View Related
Jun 26, 2011
I have to upgrade a couple of 4400s to support 1142 APs. The controllers currently support 1131s, and are on version 4.0.179.11. (I know, way back there...)
Seeing this huge gap between the level we're on and the most current version, thought I'd better find out what's recommended.
The available MD versions are 4.2 and 6.0
The available 4.2 versions are:
4.2.209.0(md)
[code]....
The next MD release is 6.0.202.0 .
View 12 Replies
View Related
Dec 6, 2012
I try upgrade ACS 5.3.0.40 to new version 5.4.0.46. Everything looks ok:
ACS-machine/acsadmin# application upgrade ACS_5.4.0.46.tar.gz rep01 Do you want to save the current configuration ? (yes/no) [yes] ? Generating configuration. Saved the running configuration to startup successfully
% CARS Install application required post install reboot...
Broadcast message from root (pts/0) (Thu Dec 6 23:36:41 2012):
The system is going down for reboot NOW!
Application upgrade successful
But ACS machine (vmware instance) can't boot with this result: Volume group "smosvg" not found. (for details see attachment)
View 3 Replies
View Related
Jan 30, 2013
I am trying to upgrade ISE from 1.1.0 to 1.1.2.145 but failed. Find the details below.
DR-ise-pdp-01/admin# application upgrade ise-appbundle-1.1.2.145.i386.tar.gz ISE1
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Upgrade...
Stopping ISE application before upgrade...
Running ISE Database upgrade...
% Application upgrade failed. check logs for more details.
View 2 Replies
View Related
Jun 6, 2012
I upgraded an ASA 5505 from 8.3(2) to 8.4(4) this evening. The 5505 is a backup and used to perform testing prior to production changes. After the upgrade was complete, a VPN tunnel began to fail. I did a limited search online to see if this was a known issue or something new. I also reviewed the release notes but did not see anything that matched the issue I received.
My concern is that this tunnel configuration is scheduled to be deployed to the production firewalls next week after their upgrade. But if it failed on the upgraded test unit, it may fail on the production units.
I downgraded the backup unit to 8.3(1) and verified that the tunnel indeed worked at that level.
View 2 Replies
View Related
Sep 4, 2011
I have a rv082 small business router and the current firmware will not apply. I downloaded the v4.04 firmware update and tried to apply it yet the update does not seem to work. I have downloaded it a second time and used the UPDATE FIRMWARE button to load and apply but no change.
View 1 Replies
View Related
Sep 27, 2011
I'm attempting to update the software on three aironet 1100 from System Software Filename:c1100-k9w7-tar.122-13.JA2 System Software Version:12.2(13)JA2 Bootloader Version:12.2(8)JA To the latest release or the 12.3x family and it fails."the software upgrade was interrupted and was not able to be completed" I also disabled the Radio braodcast?
View 1 Replies
View Related
Jan 8, 2013
Having problems losing connectivity so decided to upgrade firmware from v1.00.7 to latest version available.
Downloaded the upgrade file and log into web based administrator. Select file and click on UPGRADE button. A couple of clicks on timeline then: UGRADE FAILED
View 5 Replies
View Related
Apr 13, 2012
I am trying to upgrade the firmware on my Linksys v1 router from 1.0.02 to 1.0.03 over a remote 56Kb circuit. I appear to be having a timeout problem. The upgrade always fails. I have upgraded several E1200s in my office over ethernet, and the upgrade appears to finish when the progress bar is at 15%. However, on my remote upgrade, the progress bar gets to 98%, hangs for a few more seconds, and then pops up a window with "Upgrade failed".
I suspect that there is a timeout on the upgrade process, and that I can't upload the 3.8 MB firmware file fast enough. If so, is there any way to increase the upgrade timeout?
View 2 Replies
View Related
May 25, 2012
I have tried repeatedly to upgrade my firmware from 1.0.03 to 1.0.04, but it always fails with a message :cannot upgrade at this time..." I've tried both IE and FireFox, and both wired and wireless connection to my PC (Windows 7).
View 4 Replies
View Related
Nov 24, 2012
I'm trying to upgrade my frmware to the lastest one (classic firmware) I've downloaded this file multiple times [URL] When I try the firmware upgrade (manual upgrade) and select the file, it always complains about the file being corrupt (using the .ssa file in the zip).
View 6 Replies
View Related
May 9, 2012
I have a stack of 4 Cisco Switch 3750 (1 x WS-C3750G-24T, 2 x WS-C3750-48P and 1 x WS-C3750V2-48PS) and I want to do an firmware upgrade of this stack. Actually, all the 4 switches are at the firmware version 12.2(50) SE1 "IPBase" and I want to upgrade them to 12.2(55)SE5 IPBase. According to the release notes, all the switches in my stack are supported.
To upgrade the firmware, I use the command "archive download-sw /imageonly /overwrite tftp://IP_Address/c3750-ipbaselmk9-tar.122-55.SE5.tar" The firmware gets uploaded correctly but then I get the error message "There is insufficient space in flash: to install the required image. Clean up some old images, and try again."
When I do a "show flash", I see that the switch has 5650944 bytes free of 15998976 bytes.
How can i upgrade my switches? Is there an error in my command which I use? Do I need to add an other option?
The problem is, the switches are located in a branch office and there is no direct access to them. Everything must be done remotely.
View 3 Replies
View Related
Feb 22, 2009
If by mistake I have attempted to upgrade the firmware my router "WRT610N" via my wireless laptop and after 24 hours the same screen "upgrading router" continues displayed and the router does not respond, How do I fix this?
View 9 Replies
View Related
Aug 7, 2012
At work we have some older 1231 AG model access-points and a WLC with version 7.0. I was trying to convert them to lightweight and they will not join the controller without importing a .CSV file into the WLC. I cannot figure out to import that file, I cannot find any documentation on how to add the certificate with version 7.0.
View 2 Replies
View Related
Jul 11, 2012
I have four 1200 series AP. Part number of these AP's is AIR-AP1231G-A-K9. I am thinking to buy a new 2504 WLC with 5 AP licenses. Just wondering whether my AP's are compatible with WLC or not. These AP's are in close proxomity and start contending with each other if I configure the stand alone.
View 3 Replies
View Related
Jan 22, 2013
I cannot TFTP this tar file to both 1230 and 1231 APs. Both are lightweight APs that I've wiped to the rommon mode (ap>) and I issue the command:
tar -xtract c1200/k9w7-mx.123-8.JA 10.0.0.2
And I get a error saying: "permission denied"
Notes:
The AP has defaulted to the 10.0.0.1 IP.
My laptop is set to 10.0.0.2 255.255.255.0 IP
My TFTP-Server is on and the root folder with the .tar file is in there.
ether_init, flash_init, tftp_init (these commands have been executed)
My firewall is disabled.
View 18 Replies
View Related
Oct 1, 2012
Converted a Cisco 1231 with the Update Tool to lightweight (used c1200-rcvk9w8-tar.124-21a.JA2.tar). It worked, but now the AP issn't joining the wlc: [code]
View 8 Replies
View Related
Oct 29, 2011
We have found that only Cisco 1231 WAP are exhibiting this behaviour. Their Primary WLAN controller is Cisco1 WLC but they fail to register to Primary WLC and fall back to Cisco2 WLC. After about 200 sec , they attempt to connect to Primary WLC once again and fail. The whole cycle is repeated every 250 seconds.
View 3 Replies
View Related
Sep 12, 2012
I have some old 1231 APs in the school in which I work.I would like to create a local network (no LAN, no internet, just a point to point wifi connection) managed by the access point (in DHCP).That's because we have an apple TV connected to a projector and some ipads. My idea was to put the devices locally in the same closed network for share via AIR Mirror the ipads on the apple TV.
View 3 Replies
View Related
Jul 8, 2012
I'm having little success migrating our older Aironet1231 to our new WLC 5508. The 1231 is currently registered as a LAP to a 4400 WLC and I'm in the process of moving away from this controller to the new one. I've pasted the output of the error messages I'm getting below. At this point, I'm stuck and not sure how to get around the "Failed to parse CAPWAP packet" error.
I'm getting these messages when I have:
debug pm pki enable
debug capwap errors enable
I initially got this error, but got passed it when I allowed SSC in the 5508 (Security -> AP Policies)
sshpmGetIssuerHandles: SSC is not allowed by config; bailing...
Now I'm getting these:
*sshpmLscTask: Jul 09 11:13:11.516: sshpmLscTask: LSC Task received a message 4
View 3 Replies
View Related
Oct 31, 2011
I have a problem where clients cannot roam between Cisco 1231g-e-k9 and recently installed cisco 1242g-e-k9 access points.. On looking at the CDP option on the 1231 and 1242 access points they are all aware of each other. However if I use the Network View option I see a different picture. All the 1231 access points can see each other but not see the 1242's. Network View on the1242 shows all the 1231's but none of the 1242's. The 1231 are running ver. 12.3(8)JEB and the 1242's are running ver. 12.4(21a)JA1.
View 2 Replies
View Related
Apr 22, 2013
I have configure my AP with to SSID (11 & 12), but I cannot connect to 12. It authenticates, and while trying to acquire IP address from 12, it fails and connects me to 11 (if I have already saved the SSID connection).
The following is my AP status:Product/Model Number:AIR-AP1231G-A-K9 System Software Filename:c1200-k9w7-tar.123-8.JEE System Software Version:12.3(8)JEE Bootloader Version:12.3(2)JA4
The SSID 12 already have 4 clients connected, And I am tring to connect a 5th one (smart phone), but cannot connect to 12, instead coneected to 11. Also tried with a laptop, but cant get the IP address, and give Limited Connectivity error.
View 3 Replies
View Related
Apr 28, 2013
WLC shows the next error.
AP with MAC 00:1e:13:10:40:59 (AIR-AP1231G-E-K9 ) is unknown.
I updated the AP to lightweighd firmware using upgrade tool. But upgrade tool generate the csv files empty so I had no idea about Hash key, so I resetted the APs to default values.
WLC still doesn't register them.
How Can I register the APs? The version of the WLC is 7.3.101.0
View 4 Replies
View Related
Sep 17, 2012
I have a (old) 1231 that I would like to reuse, but no one remembers the password. how to recover a password from this model AP or how to reset the device to factory default?
View 1 Replies
View Related
Oct 30, 2012
I have two 1231G Aironet's that work correctly when I connect them to my Catalyst 3548XL and my 3550-48-XL switches. When I connect them to the 3550-24-PWR switch I do see them when I issue sh cdp nei det. It shows me the IP of the wireless router. But when I ping the Aironet, I do not get any replies. If I plug the Aironet into my 3548XL and ping the IP, I get 5 replies. Here is the port config on both switches:
switchporrt trunk encapsulation dot1q
switchport native vlan 100
switchport allowed vlan 1,69,100,125,200,1002-1005
switchport mode trunk
spanning-tree portfast
Here is the sh cdp nei det results:
Device ID: North_AP.mtd.home
Entry address(es):
IP address: 192.168.100.104
Platform: cisco AIR-AP1231G-A-K9 , Capabilities: Trans-Bridge
Interface: FastEthernet0/3, Port ID (outgoing port): FastEthernet0
[code]....
I have tried two versions of the IOS on the 3550PWR switch. Right now its: c3550-ipservices-mz.122-44.SE6
View 5 Replies
View Related
Dec 4, 2011
Customer is interested in deploying the 3600 AP's but will not be able to replace all his 1231's, any chance there is a release between 7.0.220.0 and 7.1.91.0 that will support both AP's?
View 6 Replies
View Related
Jan 23, 2013
I have one controller 2504 and some 1200 series access points.I am using 3 SSID .I want to use two ssid in HREAP mode but HREAP mode is not showinh in access point because multicast is enabled on AP mode. see the below picture
I have disabled the multicast globally from CLI. config network multicast global disabled
disabling the multicast so that i can set the access point in HREAP mode.
View 3 Replies
View Related
Mar 18, 2013
I am running into an issue with disabling the web-auth secure web on an 5508 anchor WLC running 7.2.110. After the WLC rebooted, the guest authentication portal didn't show up...I could see the IE tab showed Web Auth Redirect though...Changed again the web-auth secure web to enable and rebooted the WLC fixed the issue.
View 4 Replies
View Related
