Cisco :: Radius Auth Fails For Some Machines After Upgrade From 1231 To 1142
Dec 9, 2012
After upgrading from a 1231 autonomous to an 1142 autonomous AP some machines can no longer authenticate. AP logs show authentication failure and access reject coming from the Radius server. Radius server shows authentication failures but no specific reason. Using the same account on another machine works fine. Machine settings have been verified and if we go back to the 1231 all users authenticate fine. Below are the configs:
OLD AP:
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
I can't seem to get the SSID RadiusTest to work properly.
Windows PC's show "Windows was unable to find a certificate to log you into the network". Macs don't authenticate either. Radius server isn't seeing any requests at all. Radius server is working because we are authenticating other things to it.
On my test 1231, IOS is 12.3(8) JEB1.
version 12.3 no service pad service timestamps debug datetime msec
I have setup a Cisco Aironet 1040 to connect to our Radius server which I have also configured.
I can successfully connect up any Iphone or Ipad but I cannot get any laptop to connect.
I have attached the logs showing the Iphone Successfully logging in and the Laptop Failing. Every single failure in the Event log for NPS comes up with
Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information.
Im trying to configure a 7204 for radius login authentication, although the router is also configured with radius for VPN access. How can I configure it for both using 2 different raidus servers? the login via radius is working fine on another router, although that one is not doing VPN access so there's no conflict.
My config:
aaa group server radius RADIUS_AUTH server x.x.3.11 auth-port 1645 acct-port 1646 aaa authentication login networkaccess group radius local
[Code]....
For some reason, this does not work. I cannot access the router and authenticate via x.x.3.11 radius server. I think there's a conflict between the VPN and the login authentication but im unsure how to resolve this.
We have a Cisco aironet 1162N connected to a Wireless Controller (LIGHTWEIGHT mode), the device failed and it needs to be replaced.We have a Cisco aironet 1142N in stock available to use.Can we proceed with the change just with disconnect the failed AP (model: 1162N ) and connect the new one (model: 1142N)? Or there is any other task to be done before the change? since the WLC manages the configuration for each AP.
I have to upgrade a couple of 4400s to support 1142 APs. The controllers currently support 1131s, and are on version 4.0.179.11. (I know, way back there...)
Seeing this huge gap between the level we're on and the most current version, thought I'd better find out what's recommended.
The available MD versions are 4.2 and 6.0 The available 4.2 versions are: 4.2.209.0(md) [code]....
I try upgrade ACS 5.3.0.40 to new version 5.4.0.46. Everything looks ok:
ACS-machine/acsadmin# application upgrade ACS_5.4.0.46.tar.gz rep01 Do you want to save the current configuration ? (yes/no) [yes] ? Generating configuration. Saved the running configuration to startup successfully
% CARS Install application required post install reboot...
Broadcast message from root (pts/0) (Thu Dec 6 23:36:41 2012):
The system is going down for reboot NOW!
Application upgrade successful
But ACS machine (vmware instance) can't boot with this result: Volume group "smosvg" not found. (for details see attachment)
I am trying to upgrade ISE from 1.1.0 to 1.1.2.145 but failed. Find the details below.
DR-ise-pdp-01/admin# application upgrade ise-appbundle-1.1.2.145.i386.tar.gz ISE1 Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration... Saved the ADE-OS running configuration to startup successfully Initiating Application Upgrade... Stopping ISE application before upgrade... Running ISE Database upgrade... % Application upgrade failed. check logs for more details.
I upgraded an ASA 5505 from 8.3(2) to 8.4(4) this evening. The 5505 is a backup and used to perform testing prior to production changes. After the upgrade was complete, a VPN tunnel began to fail. I did a limited search online to see if this was a known issue or something new. I also reviewed the release notes but did not see anything that matched the issue I received.
My concern is that this tunnel configuration is scheduled to be deployed to the production firewalls next week after their upgrade. But if it failed on the upgraded test unit, it may fail on the production units.
I downgraded the backup unit to 8.3(1) and verified that the tunnel indeed worked at that level.
I have a rv082 small business router and the current firmware will not apply. I downloaded the v4.04 firmware update and tried to apply it yet the update does not seem to work. I have downloaded it a second time and used the UPDATE FIRMWARE button to load and apply but no change.
I'm attempting to update the software on three aironet 1100 from System Software Filename:c1100-k9w7-tar.122-13.JA2 System Software Version:12.2(13)JA2 Bootloader Version:12.2(8)JA To the latest release or the 12.3x family and it fails."the software upgrade was interrupted and was not able to be completed" I also disabled the Radio braodcast?
Having problems losing connectivity so decided to upgrade firmware from v1.00.7 to latest version available.
Downloaded the upgrade file and log into web based administrator. Select file and click on UPGRADE button. A couple of clicks on timeline then: UGRADE FAILED
I am trying to upgrade the firmware on my Linksys v1 router from 1.0.02 to 1.0.03 over a remote 56Kb circuit. I appear to be having a timeout problem. The upgrade always fails. I have upgraded several E1200s in my office over ethernet, and the upgrade appears to finish when the progress bar is at 15%. However, on my remote upgrade, the progress bar gets to 98%, hangs for a few more seconds, and then pops up a window with "Upgrade failed".
I suspect that there is a timeout on the upgrade process, and that I can't upload the 3.8 MB firmware file fast enough. If so, is there any way to increase the upgrade timeout?
I have tried repeatedly to upgrade my firmware from 1.0.03 to 1.0.04, but it always fails with a message :cannot upgrade at this time..." I've tried both IE and FireFox, and both wired and wireless connection to my PC (Windows 7).
I'm trying to upgrade my frmware to the lastest one (classic firmware) I've downloaded this file multiple times [URL] When I try the firmware upgrade (manual upgrade) and select the file, it always complains about the file being corrupt (using the .ssa file in the zip).
I have a stack of 4 Cisco Switch 3750 (1 x WS-C3750G-24T, 2 x WS-C3750-48P and 1 x WS-C3750V2-48PS) and I want to do an firmware upgrade of this stack. Actually, all the 4 switches are at the firmware version 12.2(50) SE1 "IPBase" and I want to upgrade them to 12.2(55)SE5 IPBase. According to the release notes, all the switches in my stack are supported.
To upgrade the firmware, I use the command "archive download-sw /imageonly /overwrite tftp://IP_Address/c3750-ipbaselmk9-tar.122-55.SE5.tar" The firmware gets uploaded correctly but then I get the error message "There is insufficient space in flash: to install the required image. Clean up some old images, and try again."
When I do a "show flash", I see that the switch has 5650944 bytes free of 15998976 bytes.
How can i upgrade my switches? Is there an error in my command which I use? Do I need to add an other option?
The problem is, the switches are located in a branch office and there is no direct access to them. Everything must be done remotely.
If by mistake I have attempted to upgrade the firmware my router "WRT610N" via my wireless laptop and after 24 hours the same screen "upgrading router" continues displayed and the router does not respond, How do I fix this?
At work we have some older 1231 AG model access-points and a WLC with version 7.0. I was trying to convert them to lightweight and they will not join the controller without importing a .CSV file into the WLC. I cannot figure out to import that file, I cannot find any documentation on how to add the certificate with version 7.0.
I have four 1200 series AP. Part number of these AP's is AIR-AP1231G-A-K9. I am thinking to buy a new 2504 WLC with 5 AP licenses. Just wondering whether my AP's are compatible with WLC or not. These AP's are in close proxomity and start contending with each other if I configure the stand alone.
I cannot TFTP this tar file to both 1230 and 1231 APs. Both are lightweight APs that I've wiped to the rommon mode (ap>) and I issue the command:
tar -xtract c1200/k9w7-mx.123-8.JA 10.0.0.2
And I get a error saying: "permission denied"
Notes: The AP has defaulted to the 10.0.0.1 IP. My laptop is set to 10.0.0.2 255.255.255.0 IP My TFTP-Server is on and the root folder with the .tar file is in there. ether_init, flash_init, tftp_init (these commands have been executed) My firewall is disabled.
Converted a Cisco 1231 with the Update Tool to lightweight (used c1200-rcvk9w8-tar.124-21a.JA2.tar). It worked, but now the AP issn't joining the wlc: [code]
We have found that only Cisco 1231 WAP are exhibiting this behaviour. Their Primary WLAN controller is Cisco1 WLC but they fail to register to Primary WLC and fall back to Cisco2 WLC. After about 200 sec , they attempt to connect to Primary WLC once again and fail. The whole cycle is repeated every 250 seconds.
I have some old 1231 APs in the school in which I work.I would like to create a local network (no LAN, no internet, just a point to point wifi connection) managed by the access point (in DHCP).That's because we have an apple TV connected to a projector and some ipads. My idea was to put the devices locally in the same closed network for share via AIR Mirror the ipads on the apple TV.
I'm having little success migrating our older Aironet1231 to our new WLC 5508. The 1231 is currently registered as a LAP to a 4400 WLC and I'm in the process of moving away from this controller to the new one. I've pasted the output of the error messages I'm getting below. At this point, I'm stuck and not sure how to get around the "Failed to parse CAPWAP packet" error.
I'm getting these messages when I have: debug pm pki enable debug capwap errors enable
I initially got this error, but got passed it when I allowed SSC in the 5508 (Security -> AP Policies) sshpmGetIssuerHandles: SSC is not allowed by config; bailing...
Now I'm getting these: *sshpmLscTask: Jul 09 11:13:11.516: sshpmLscTask: LSC Task received a message 4
I have a problem where clients cannot roam between Cisco 1231g-e-k9 and recently installed cisco 1242g-e-k9 access points.. On looking at the CDP option on the 1231 and 1242 access points they are all aware of each other. However if I use the Network View option I see a different picture. All the 1231 access points can see each other but not see the 1242's. Network View on the1242 shows all the 1231's but none of the 1242's. The 1231 are running ver. 12.3(8)JEB and the 1242's are running ver. 12.4(21a)JA1.
I have configure my AP with to SSID (11 & 12), but I cannot connect to 12. It authenticates, and while trying to acquire IP address from 12, it fails and connects me to 11 (if I have already saved the SSID connection).
The following is my AP status:Product/Model Number:AIR-AP1231G-A-K9 System Software Filename:c1200-k9w7-tar.123-8.JEE System Software Version:12.3(8)JEE Bootloader Version:12.3(2)JA4
The SSID 12 already have 4 clients connected, And I am tring to connect a 5th one (smart phone), but cannot connect to 12, instead coneected to 11. Also tried with a laptop, but cant get the IP address, and give Limited Connectivity error.
AP with MAC 00:1e:13:10:40:59 (AIR-AP1231G-E-K9 ) is unknown.
I updated the AP to lightweighd firmware using upgrade tool. But upgrade tool generate the csv files empty so I had no idea about Hash key, so I resetted the APs to default values.
WLC still doesn't register them.
How Can I register the APs? The version of the WLC is 7.3.101.0
I have a (old) 1231 that I would like to reuse, but no one remembers the password. how to recover a password from this model AP or how to reset the device to factory default?
I have two 1231G Aironet's that work correctly when I connect them to my Catalyst 3548XL and my 3550-48-XL switches. When I connect them to the 3550-24-PWR switch I do see them when I issue sh cdp nei det. It shows me the IP of the wireless router. But when I ping the Aironet, I do not get any replies. If I plug the Aironet into my 3548XL and ping the IP, I get 5 replies. Here is the port config on both switches:
Customer is interested in deploying the 3600 AP's but will not be able to replace all his 1231's, any chance there is a release between 7.0.220.0 and 7.1.91.0 that will support both AP's?
I have one controller 2504 and some 1200 series access points.I am using 3 SSID .I want to use two ssid in HREAP mode but HREAP mode is not showinh in access point because multicast is enabled on AP mode. see the below picture
I have disabled the multicast globally from CLI. config network multicast global disabled
disabling the multicast so that i can set the access point in HREAP mode.
I am running into an issue with disabling the web-auth secure web on an 5508 anchor WLC running 7.2.110. After the WLC rebooted, the guest authentication portal didn't show up...I could see the IE tab showed Web Auth Redirect though...Changed again the web-auth secure web to enable and rebooted the WLC fixed the issue.
