Cisco Routers :: PEAP Authentication Failure With RV120W
Jul 31, 2012
I have a Cisco Small bussiness RV120w and I setup the radius server , WPA2 Enterprise with a windows 2008 NPS radius server . The big problem is that the authentication fails .This is the error that I see in event viewer / server roles / Network policy and access services: reason-code 49 "The connection attempt did not match any connection request policy".The radius key is matching between the server and the client . The radius server is reachable and I don't find any routing issues .Does anybody tested this router with this type of wireless security?
View 3 Replies
ADVERTISEMENT
Jan 23, 2012
I have 802.1x/peap authentication in my wireless network with ACS 4.2 as the authentication server. I enabled PEAP machine authentication under the Unknown user policy --->database configuration sub-menu. I discovered that I was still able to access the wireless network on my android phone with my domain logon. I later discovered that there is an option in Group policy to force Windows XP clients to perform computer authentication. Now the problem is that windows 7 clients do not have the EAPOL option in the registry, hence the group policy object may not work. How to enforce machine authentication and stop unwanted devices without having to purchase a NAC server.
View 10 Replies
View Related
Jun 29, 2011
ACS 5.1 EAP-PEAP Machine Authentication,
I have configured ACS 5.1 to check AD domain computer accounts then permit access, the next rule authenticates AD domain users and checks machine accounts with WAS MACHINE AUTHENTICATED "TRUE" permit.
My dilemma - Windows XP supplicant work fine and I can see the host/machine (Wireless device) authenticating followed by user credentials, but when I use the Intel Pro/set supplicant version 12.1 the same device fails authentication due to ACS not being able to verify a good previous machine authentication?
Is this problem ACS related or down to the Intel supplicant.
View 3 Replies
View Related
Sep 11, 2011
Any good guide for configuring PEAP with Machine Authentication to allow for domain login?This is a clean install on a new 5.2 install.We are moving from 4.X to 5.2 and i want to make sure i dont miss anything.
View 3 Replies
View Related
Sep 26, 2012
we have acs 4.2 as our radius server, and 2 wlc 4404 with a wism2 for our wireless network. we have 2 SSID network, lets call them SSID A and B. A have a more restricted access to server than B.PEAP machine authentification is authorize on both network, to let our users laptop connect before the user login, this enable us to have our computer gpo deploy before the user logon, or have network access to authenticate a user to our directory if he had not logon previously on the laptop.
Users from group A can't logon to SSID B, they can only logon to SSID A, but we have some clever users from group A who have change they wireless setting to only send machine authentification (this can be done in the advance setting of a wireless network in windows 7) to connect to SSID B
We can't force the wireless config by GPO because we don't have an ad 2008 domain, we are still in 2003 soo we can't change the gpo for windows 7 wireless setting . I can't force user to require machine authentification and user authentification because we have a lot of ipad and iphone, and other mobile device that connect using only their user credentials.Is there a way I could configure this without having to disable machine authentification for SSID B?
View 7 Replies
View Related
Aug 19, 2012
Cisco 5508 wireless controllerCisco ACS 5.1LDAP connection I have setup the wireless controller to do RADUIS authentication with the ACS 5.1 using LDAP. The setup is currently working, Brief info below on setup.
I setup the PC client to use WPA2-Enterprise AES and authentication method CISCO PEAP. When I connect to the SSID this will prompt for a username and password. I will enter in my AD details and the ACS with the LDAP connection will authenicate and on the network I go.
Now I want to add machine authentication with CERTIFICATES, each laptop and pc in our network has CA certificates installed.
way that I can add these certificates into the ACS 5.1 so I pretty much want to import them into the ACS. Once they are imported inside I want the ACS to check that the certificates are on the PC and then prompt for the AD username and password, and only once it meets these two conditions it allows the workstation onto the network.So it will be a two form authentication one with certificates and the other ldap.
View 18 Replies
View Related
Oct 31, 2010
I replaced an ACS certificate that had been installed as follows:
1. Generate CSR file and private key file, then send CSR to GeoTrust (Key length: 2048 and Digest to sign with SHA1)
2. GeoTrust send me a certificate. Issued by "GeoTrust SSL CA".
3. Install the certificate on the ACS. Restart ACS service.
4. ACS Certification authority setup. Issued by "VeriSign Class 2 Public Primary Certification Authority - G3"
5. Edit certificate trust list and select "VeriSign Class 2 Public Primary Certification Authority - G3" as trusted.
6. Enable EAP-TLS, then restarted the ACS service. The problem is when i try to enable EAP i get the error msg:Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Install the CA certificate using "ACS Certification Authority Setup" page.I searched on cisco and it said to disable the CSA, but in fact there is no CSA installed on this server.
OS: Win 2003 sp2Cisco ACS: Release 4.2(0) Build 124
View 4 Replies
View Related
Feb 10, 2011
I have a WPA2/AES network with PEAP MsChapv2 authentication. I have 2 ACS servers for authentication. The problem I have is dropped clients. Both ACS servers are setup identical. The database replcation has been preformed.A series of 10 clients connects wirelessly and they are all successful. ACS server 1 is the primary and ACS server 2 is the backup. We verified that the 10 users authenticated to the primary ACS. My time out to reauth is 30 minutes on the WiSM. 10 minutes into the test we took down the Primary server. This should have had no impact on the clients. 5 minutes later the clients lost thier authentication and were dropped from the network. They were able to reconnect by shutting down thier wireless client and reconnecting. The authentications were seen on the Backup ACS server.on a test of falling back to the primary the same thing happened again to the clients.
View 2 Replies
View Related
Jan 1, 2013
I have a following question. I configured different authentication passwords in Master and slave VRRP setup.
View 2 Replies
View Related
Apr 15, 2013
I'm using the Cisco ANM 5.2 version and I'm trying to import the configurations from ACE modules of Cisco switches. The first step is to import the configuration from Cisco switch and the second one is to import the ACE module in the ANM software. I'm getting an authentication problem to import the configuration from Cisco switch and of course I cannot import the ACE as well. The switches and the ACE are using AAA authentication and I have created a specific username to authenticate and import the configurations in the ANM. If I remove the AAA configurations from the switches and ACE modules it works fine.
Is there some problem with the AAA configurations in the switches or ACE module?
View 7 Replies
View Related
Oct 24, 2012
I am trying to get CiscoWorks LMS 4.0 to connect to my routers in order to back up configurations, but I am getting SSH authentication failures reported in the router logs (and archiving fails).
The credentials LMS is using is a username and password with priviledge 15: the account is established in TACACS+. I can log into the devices directly with this user account.However, I cannot TFTP from the routers to the LMS either (I get a permission denied message in the router).
LMS did manage to fetch some configs, but 90% of my devices are having this issue.
View 4 Replies
View Related
Jun 13, 2012
Error: AAA Authentication Failure for UserName:radiususername User Type: WLAN USER
I am using a window radius server. I have added my WLC 4402 as a radius client on my radius server.
I followed the instructions on the MS link : [URL]
I want to use my windows raduis authentication for WLC management login and Web-Auth for guest WLAN user login.
View 2 Replies
View Related
Dec 26, 2012
I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
Then I have change the profile XML file of my anyconnect in this way: [code]
View 1 Replies
View Related
Aug 3, 2011
I've set up several local network users (Security > Local Net Users) on the WLC (5508 running 7.0.98.0). Whenever I try to connect with one of these user accounts (I'm testing this out for now), the attempt is unsuccessful and I see an "AAA Authentication Failure for UserName: xxxxxxx User Type: WLAN USER" in the Trap Log. I thought that after trying to authenticate through a RADIUS server, the local user database would be polled and then a user account in that database would be able to authenticate.
View 1 Replies
View Related
Aug 24, 2011
I've my ACS linked with AD to give administration access to few network devices and I've created an access policy to link my AD groups with those network devices and command sets.
Unfortunately I found I can use any user from my AD to login to my devices. Only LOGIN, the authorization definition is restricting the command set for those users.
How can I restrict the LOGIN to an specific AD group?
View 2 Replies
View Related
Nov 22, 2011
we have ACS 4.2 and 2851 router with IOS 15.0(1)M4. There is authentication failure with error no 254. Is there any compatibilty issue with 15.0(1)M4 IOS
View 1 Replies
View Related
Jan 29, 2013
I have been noticing in my trap logs that there are an excessive amount of Client Association/Authentication Failures. I cannot figure out why. I have a Cisco 5508 WLC with 81 AP's (1131ag, 1142abgn, 1262N) models. The wireless devices are on a Windows Domain and use 802.1x EAP authentication, authenticating the user and computer info with a RADIUS Server. I look at the logs and all it can tell me is Reason:Unspecified ReasonCode:1. I read that the Reason Code is due to "Client associated but no longer authorized" but to be honest I am not sure what that means.
View 9 Replies
View Related
Jul 25, 2012
I have a question about ACS RADIUS authentication with Alteon 3408 L4 Switch.
I configured a ACS 4.2.1(build 15 patch 4) software for windows on Windows Server 2008 Server STD.TACACS authentication with CISCO product was successfully passed.but RADIUS (IETF) authentication with NORTEL 3408 Switch was failed. ACS Authentication Failure Code was a " ACS password invalid "
I read the post that RADIUS VSA is needed in my environment.but i can not search any sample Nortel VSA dictionary configuration. Need Notel specific VSA configuration.
View 4 Replies
View Related
May 14, 2011
Is there a way to configure an email notification for a specific authentication failure? Specifically, I'd like to see if I can have an email notifcation sent to me when failure reason is "13017 Received TACACS+ packet from unknown Network Device or AAA Client".
View 1 Replies
View Related
May 3, 2012
Just installed 2 E4200v2's for a customer today. Was very optimistic because they worked great in my lab, both for my Win7 laptop a MacBook. And after installing 1 on-site and testing w/ my laptop, it worked fine.BUT problems arose when I installed both at the same time (I don't think I ever did this in the lab) and then I tested some computers. Every computer that I tested (except mine of course), cannot authenticate correctly using the WPA2 password.
For the Mac's they get the error "The wi-fi network... requires a WPA2 password" then after entering the *correct* pswd, it says "Invalid password". They're a Mac shop, but I did try one other Win laptop and that also had a problem, and the error was something like "security mismatch" although I was rushed and didn't write it down.
View 2 Replies
View Related
Feb 7, 2012
I would like to set up a site to site VNP connection between 2 RV120W routers, preferably via IPsec.
The problem is that I would like/have to use a 4G modem router (model TINY) which connects to internet in front of the RV120W (on the local side)
I have no problem with that on the remote site that RV120 connects directly to internet via a public IP address on the WAN port.
Local network 192.168.1/24-----RV120W----192.168.100.1—Tiny---Public IP--------INTERNET
INTERNET--------PublicIP—RV120W—Remote local network 192.168.2/24
View 1 Replies
View Related
Jan 12, 2012
I've a RV120W with the last firmware version (june 2011), i want to create two vpn tunnel:
- Professional: lan routing all packet for the 192.168.0.0/24 to the first VPN tunnel
- Other: all other address IP destination to a second VPN tunnel
The first tunnel (professional) is ok but what rules can i use to configure the second ?
View 2 Replies
View Related
Feb 8, 2012
What is the default login/pass of cisco rv120w for ssh access ?
View 1 Replies
View Related
Sep 24, 2011
Upgraded to 1.0.2.6 and all of a sudden SIP devices working over the VPN no longer work. Downgrade to 1.0.1.3 and they work again. My guess is that some ports are blocked over the VPN in 1.0.2.6
I thought the general idea was that firmware ugrades fixed bugs rather than introducing them.
Suggestion for Cisco:- Zip the firmware image downloads, or else have an upgrade process that includes a CRC check, that way at least the poor punter will have an indication if they have been corrupted. I had a subtle memory problem that was corrupting some files. The firmware upload appeared to complete properly and you could log on OK but some of the menu choices resulted in a hang with the "Please wait... the page is being loaded" message. Careful checking of file sizes revealed that the file I was uploading into the router was a few hundred bytes different in size to the one on the website, must have been corrupted during the download. But the upload proceeded normally with no indication of any error. It's a pretty basic safeguard that should be in there as a matter of course with the router performing a CRC check and showing an error if it fails.
View 2 Replies
View Related
Mar 31, 2012
I had WRT54G2 and recently switched to an RV120W. I have an Internet accessible camera system connected to my router. Before, this worked fine... there is a dns service (DynDNS.com) that is configured as part of the camera setup. I would then just enter [URL] and I would connect to the cameras. I install the new router (RV120W) and I can no longer connect to the cameras. I do not recall any configuring that I had to perform on the old router.
why the RV120W isn't letting me get to the cameras?
View 3 Replies
View Related
Sep 12, 2011
Rx:, recently I have perchase 2 RV120W routers thinking that it must be very easy to setup the site to site vpn. i cannot get my remore office to link to my main office and vice verser.
Scenaro
- I'm using 2 RV120W routers for each site.
- Site A using a subnet of 192.168.10.0 mask 255.255.255.0
- Site B using a subnet of 192.168.11.0 mask 255.255.255.0
I have setup the VPN using the wizard and I got site to site tunnels connected and show as 1/1 Connected (1 user) in the status he IPsec connection status show
--Policy Name: VPNA
--Endpoint : public IP address from my ISP 203.117.222.221
--Packets Tx:145 Rx:0 and Kbytes shows Tx: 29.55 Rx:0
Q1 why I cannot use dynamic DNS naming in the policy setting ? eg: aaa.dyndns.org, I have to use the ip address instead eg: 203.117.222.221
Q2. I cannot connect from Site A to Site B , I can't even do a ping to 192.168.11.1 from Site A. even though it show the Site to site tunnel is coonected.
View 2 Replies
View Related
Aug 6, 2012
I've just set up an IPSec VPN between 2 x RV120W which are both behind other router. Here's what we have :
RV120W #1 (192.168.1.254) --- (192.168.1.1) Office Router #1 (PUBLIC IP) --- (((Internet))) --- (PUBLIC IP) Office Router #2 (192.168.2.1) --- RV120W #2 (192.168.2.254)
It works great, tunnel is UP.
[Code]....
View 1 Replies
View Related
Nov 21, 2012
I've just set up an IPSec VPN between 2 x RV120W which are both behind other router. Here's what we have :
RV120W #1 (192.168.1.254) --- (192.168.1.1) Office Router #1 (PUBLIC IP) --- (((Internet))) --- (PUBLIC IP) Office Router #2 (192.168.2.1) --- RV120W #2 (192.168.2.254)
[Code]....
Now, I need to be able to reach the server (192.168.1.100) from a PC on LAN #2 with IP 192.168.2.50. So, I've created au static route on Office Router #2 (192.168.2.1) because of course it doesn't know how to reach private subnet 192.168.1.x. My static route looks like this :
192.168.1.0 / 24 (Destination network) --- 192.168.2.254 (Gateway)
...but it doesn't work, no ping. When I do a tracert to server IP (192.168.1.100) from PC on LAN #2 (192.168.2.50), the result is :
1st jump ---> 192.168.2.1
2nd jump --> 192.168.2.254
...and it doesn't go further.
View 3 Replies
View Related
Dec 21, 2011
I configured my RV120W (Firmware:1.0.2.6) to count the traffic on my network. I set the monthly limit to 99999 and did not change anything else.So after a few hours, the traffic counter shows 2048 MB for outgoing traffic. This is impossible, because the DSL-connection is too limited in upload to cause this huge outgoing traffic in 6-8 hours. When I reset the counter at night, the next morning the device shows 2048MB again (even if there was no traffic at all, just some clients syncing time with NTP). I did already reset the device to factory defaults and reconfigured everything from scratch.
View 0 Replies
View Related
Jul 5, 2012
I have a problem with firewall rules. If I set some rules for open communication and some for closed, so I cannot reorder from the end to begin.
Last rules are at the end of all. So I can only reorder in one pages.(I have about 33 rules = 3 pages of rules)
View 4 Replies
View Related
Oct 24, 2011
I was wondering if I could setup my router CIsco RV120W to be able to connect to a VPN serice for my internet connection. Looking to give my small home netwok more sercurity. Is it possible with the Cisco firmware to be able to setup a connection to VPN serice. Do I have the compabilites with this router?
View 1 Replies
View Related
Aug 22, 2011
The PPTP client from Windows 7 is not working with this router; therefore I would like to try the quickvpn.Is there any paper from Cisco explaining how to setup the RV120W for quickvpn ?
View 1 Replies
View Related
Apr 26, 2012
I need to configure a rv120w in order to make it work at the same time for data and digital tv. The fact is that the set top box for the idtv needs an IP address that will be delivered directly from the ISP. So I need to setup one LAN port that will be bridged to the WLAN connection (the stb will be connected to that lan port), and another port that will be connected to the LAN swicth so that the rest of the network has internet access. I can't see anywhere a way to create such a bridge. Quite disappointing as it's possible to do so on open source platforms such as openWRT..
View 3 Replies
View Related
