Cisco Switching/Routing :: AP1142N Radius To Access Web Interface
Dec 13, 2012
I currenly have a cisco AP1142N configured to work with our radius server (It was already configured when I took over the network). I order two additional access points for building coverage on multiple floors. Currently, I uploaded the config of the orginal access point to the new device and I can access the device via web and the ssid is being broadcasted. I then added in the access point into IAS with the radius secret key to our Radius server. When I go to connec to the new access point w/ domain credentials I am not able to establish a connection. I am not very familiar with CISCO products. I followed a video to get the access point up and running w/ an IP from CLI so I could access the web interface and upload the edited config.txt file. Are there any issues with setting up multiple access points w/ a single windows radius (IAS) server?
View 7 Replies
ADVERTISEMENT
May 13, 2012
I installed two AIR-AP1142N-E-K9 access points, running a fairly simple config, WPA2 PSK, with AES cipher, both the same SSID.The two access points are connected to Cisco 2960G switches, which are in turn connected to each other, again without any fancy config options, no VLAN's ed.
After a random while, varying from 30 minutes to 15 hours, the access points will stop sending/recieving traffic on the ethernet interface.The units don't stop at the same moment, this also varies seemingly random. It's not related to load or the amount of clients (1 to 15).Only turning on one unit doesn't make any difference.
The units keep sending out their SSID, you can associate to them, but the DHCP requests aren't passed on to the DHCP server which is connected to one of the 2960G's.If you wirelessly connect to the AP and set a manual IP adress you can reach the webinterface and telnet/ssh to the access point. The ethernet link is reported as being up on the access point. Also the switch reports a link on the port to which the access point is connected.Resetting the link does have no effect. The log doesn't mention any errors or warnings.Power cycling or reloading the access point will put it back in working order for a varying amount of time.
Access point version:
Cisco IOS Software, C1140 Software (C1140-K9W7-M), Version 12.4(21a)JA1, RELEASE SOFTWARE (fc1)
Access point config:
!
! Last configuration change at 14:41:40 +0100 Sat May 12 2012 by admin
! NVRAM config last updated at 14:41:40 +0100 Sat May 12 2012 by admin
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
[code]...
View 13 Replies
View Related
Aug 23, 2012
My configuration:
radius-server host 10.138.44.57 auth-port 1645 acct-port 1646 key 7 ******
!
aaa new-model
!
aaa authentication dot1x default group radius local
[code]....
View 2 Replies
View Related
Apr 15, 2013
I can't accsess web-interface on SF-300-24. My computer is on the same subnet. Can only access by RS232. The Switch doesn't answer on ping either. In the manual it says the switch has ip-adress 192.168.1.254.
View 4 Replies
View Related
May 24, 2012
Got a shiny new SG 200 26P which seems to work fine operationally.owever, when I am trying to access the web interface from a different IP subnet, the web brower just times out.If I put my PC on the same IP subnet, it works just fine. From the other subnet, I can ping the switch fine. The default gateway is set on the switch, and from the web interface I can ping and dns resolve other hosts and on the internet. I've tried to create a management profile to 'allow all from everywhere' basically, but still no luck.I'm completely stumped. I've tried to reset to firmware defaults, and I'm now runinng the latest firmware. I woudl suppose that the switch would allow itself to be managed via the web interface from all subnets by default. Any thoughts? The fact that the switch can ping internet hosts makes be believe it's own default gateway and IP are all ok and working.. (and I can ping it from anywhere in my network).
View 4 Replies
View Related
Dec 28, 2010
I'm a networking newbie, but I bought the SG 200-08 switch to do Link Aggregation with and I can't access the web interface. I'm on a mac running 10.7.3, and I've tried Firefox and Safari. I've also tried on a friends PC with Internet Explorer 8.On the mac, I can go into the terminal and can see that the switch has the correct IP address and is seen on both ethernet ports.
View 2 Replies
View Related
Dec 3, 2012
I'm a networking newbie, but I bought the SG 200-08 switch to do Link Aggregation with and I can't access the web interface. I'm on a mac running 10.7.3, and I've tried Firefox and Safari. I've also tried on a friends PC with Internet Explorer 8.
On the mac, I can go into the terminal and can see that the switch has the correct IP address and is seen on both ethernet ports:
? (192.168.1.254) at 2c:36:f8:4f:fc:8 on en0 ifscope [ethernet]
? (192.168.1.254) at 2c:36:f8:4f:fc:8 on en1 ifscope [ethernet]
either accessing the web interface or with setting up the Link Aggregation on the switch some other way.
View 4 Replies
View Related
Jun 9, 2013
I configured a Switch Cisco 3560X with a basic configuraction, My problem is that when I access Web interface by http://X.X.X.X an login after the image that I attached.I tried restore the default configuration, also tried with different navigator, chrome, Internet explorer, fireffox, safari, change laptop... and update the java client.
View 3 Replies
View Related
Nov 14, 2011
I have one computer connected to the 4506 that management does not want this PC to have access to anything on our network except our DHCP server and the one printer that resides on our network. I created an extended access list as follows. Our network is the 10.10.x.x and the external addresses the PC needs to access is 11.1.x.x. Once this PC is rebooted, it is unable to access DHCP to get the needed IP address it bounces back to a 169.x.x.x address and stops working.
Extended IP access list 2000
permit tcp host 10.10.200.242 host 11.1.200.1 (gateway)
permit tcp host 10.10.200.242 host 11.1.2.151 eq smtp (access from the pc to external server for smtp)
permit tcp host 10.10.200.242 host 11.1.2.149 eq 5721 (access from the pc to external server for remote access)
[ code]...
Then I applied the access-group 2000 on the interface the PC is connected to. What am I missing for DHCP to work and for this PC to always get the ip address that is reserved?
View 3 Replies
View Related
May 20, 2012
just i have purchased new cisco air-ap1142n-a-k9 wireless access point, trying to configure the wpa2 configuration for security reason, but unable to configure in any security mode. So currently my AP is working no security / encryption mode.
View 16 Replies
View Related
Feb 6, 2013
I am trying to harden my Nexus box and I am not able to ACL assigment command. Following are the commands I am trying to add.
interface cmp-mgmt module 5
Ip access-group NETWORK_MANAGEMENT_ACCESS in
View 1 Replies
View Related
May 26, 2013
We are having issue with all our Cicso wireless devices (AIR-AP1142N-N-K9) when connected to Windows 8 Pro users. When copying large files, the connection changes to limited access. The initial connection to the access points is also slow for both windows 7 and windows 8 pcs.
View 3 Replies
View Related
May 1, 2012
I have a Cisco ASA 5505 and I have my internal and external interfaces configured but I currently cannot ping from the inside to an IP Address on the outside. I had this setup and working and I have another set of equirement that I am replacing that is working with my service provider so I know it is a configuration issue. When I ping 4.2.2.2 for example I get:
Destination host unreachable
Do I need to add a static route from my inside interface to my outside interfaces?
: Saved
:
ASA Version 8.2(5)
!
hostname pxasa
[Code].....
View 2 Replies
View Related
Aug 15, 2012
We are using mac authentication, it is working fine on all of the other 3560's except this new one.
Mac address shows up completely different (very long hex, doesnt even look like a mac address) on ACS compared to what its showing on the switch in the mac address table.
Im stumped, config matches every other 3560 in the building, has something changed in the v2 software compared to the older 3560's ?
View 5 Replies
View Related
Feb 13, 2012
A Cisco 3560V2 was bought to complete a project at my company. I noticed the IPBase IOS Image was installed. I was unable to configure RADIUS. I upgraded the IOS to the Latest Release of the IPServices IOS Image. I still dont have the capabilities of configuring RADIUS.
View 4 Replies
View Related
Jul 20, 2011
getting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1. I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands. Doing a debug radius says that the radius server is not defined.
View 5 Replies
View Related
Mar 21, 2013
I went to configure RADIUS on my 3750X with IOS 15, and lo and behold it is not where it used to be. Did it get moved somewhere else that I can't seem to find very easily?
View 2 Replies
View Related
Apr 3, 2012
I'm about to configure radius on a 2960 and 2955 switch as I have been testing this on a 1841 router and to my dismay I can't see the options to configure radius, do these L2 switches not supoprt radius?
edit - apoligies I forgot the "aaa new-model" all ok now
Although when I added:
radius-server host 10.1.1.1 auth-port 1645 acct-port 1646 key 123456789
radius-server host 10.1.1.2 auth-port 1645 acct-port 1646 key 123456789
radius-server vsa send accountingradius-server vsa send authentication
I got this:
Warning: This CLI will be deprecated soon. Please move to radius server <name> CLI.
And what woudl the above look like if I configured it that way?
View 6 Replies
View Related
Jan 19, 2013
I am facing issue with nexus 7010 login authentication by radius server. I have two nexus 7010, one of them is working perfectly. Other taking long time to authenticate. If i use local database to login it works perfectly. It works fine also if i login from console using radius for authentication.
View 1 Replies
View Related
Jul 26, 2012
I have Cisco 2960 switches deployed in my environment along with radius server authentication. Now i need to assign some roles to particular users (shutdown port, description) so what i need to do for this task so not all users have same privileges.
View 1 Replies
View Related
Nov 9, 2011
We faced with problem after upgrade ASR from 12(2) 33 XNE2. I know that this is an old XE release but our Radius deny authization from ASR with more new XE version. Here is our radius attribute configuretion:
!
radius-server attribute 44 include-in-access-req
radius-server attribute nas-port format d
radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard
[Code]....
How can I add in my configuration that ASR send necesserry NAS-Port-Type - VPDN
I couldn't found out any info ((( for radius-server attribute 61 extended
View 1 Replies
View Related
May 3, 2013
I am trying to configure 802.1x RADIUS Authentication on cisco 2950-24TT-L Switch. I am using following set of command as given below
Switch# configure t
Switch(config)# aaa new-model
Switch(config)# aaa authentication dotx default group redius
Switch(config)# dot1x system-auth-control
Switch(config)# inter fasteth 0/1
Switch(config)#dot1x port-control atuo
I am facing problem dot1x command is not working on interface.
View 1 Replies
View Related
Dec 18, 2011
I'm using a radius server to authenticate ssh when connecting to my company's switches (a 3560 + several 2960s).
Everywhere I've looked claims that using the line 'transport input ssh' in my switch config should disable telnet access and allow ssh only. But after changing 'transport input ssh telnet' to 'transport input ssh' I can still connect to all of the switches from telnet. I can't block telnet with ACLs either because my company uses a telnet based terminal client to do most of their work.
I don't have much experience with radius. How do I stop telnet connections when using radius to authenticate?
View 5 Replies
View Related
Jul 22, 2012
I´ve a little problem with the aaa authentication over RADIUS with a Cisco 3560G-48PS - IOS 12.2(58)SE2. When I try to log in to the Switch per Telnet, it didn`t works and my windows domain account is locked. Here the aaa config:
aaa new-model
aaa authentication login default local group radius
aaa authorization config-commands
[Code].....
View 1 Replies
View Related
Jan 14, 2012
I am using radius authentication on C4507R+E with supervisor card 6L-E and IOS 15.0.2(SG1). It works perfectly but all radius messages appear in the console. Radius is very verbose, I can't use console because of the significant number of messages and I am worried about switches performances. I add that all debug commands are disabled.
View 1 Replies
View Related
Feb 12, 2012
I have a Cisco 4402-25 WLC with the below information that is having an interesting issue. When you log into the GUI interface with the local account and click on WIRELESS, then choose a accesspoint it brings up a menu where you have three buttons below for the following options (Hardware Reset - Reset AP Now), (Set to Factory Defaults - Clear All Config), and (Set to Factory Defaults - Clear Config Except Static IP). The problem I am having is we access all of our WLC's using Radius and when you enter your AD username and password and go to bounce a access point the GUI interface is missing the buttons, they however appear fine when logged in with the local account.
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.220.0
RTOS Version..................................... 7.0.220.0
Bootloader Version............................... 4.0.206.0
Emergency Image Version.......................... 5.2.157.0
View 2 Replies
View Related
Feb 22, 2013
I came across an interesting issue and thought I would see if anyone else has encountered it before contacting TAC.I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54).
View 2 Replies
View Related
Apr 23, 2012
I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54). With the background set, one switch reports the following:SwitchA (config)#r?radius-server redundancy regexp represourc rmon route-map router.
View 4 Replies
View Related
Mar 12, 2013
Quick question here. Using 3750E series switches with multiple VLANS configured. These switches serve as our 'core'. I have SVIs configured for the different VLANs and add inbound ACLs in each of the SVIs to control traffic between VLANS. This switch also terminates a P2P Ethernet link which connects to our Colo facility. The port used for this is configured as an L3 port. I noticed today that I was able to send traffic across this L3 link that I thought should have been blocked by an ACL I had in place but it wasn't. So the traffic flowed from a port in say VLAN 20 across this L3 link (assigned with an IP address). Would this traffic flow not cause traffic to be checked against an ACL applied in the inbound direction on the SVI of VLAN 20 (int vlan 20)? Traffic does get checked when routing between SVIs. Why would it not get checked when routing between SVI and L3 interface?
View 2 Replies
View Related
Mar 7, 2012
On a pair of my CISCO7609-s (engine:sup720-3B IOS Version:12.2(33)SRD4),some interfaces is configured as routing interface but also them are attend MSTP caculation and i really caught BPDU packet go out from these ports. [code]
View 1 Replies
View Related
Feb 26, 2013
We got a layer3 switched network, with one vlan for every switch, routed by a cat4006. [code] So can we put some ports on different switches in, let`s say vlan 50, with different ips? For example, Port 0/3 on Switch 1 and 0/8 on Switch 2, but keeping the ip of the "old" vlan? Or is it necessary to configure a specified vlan interface with ip-adress for every vlan if i want to route it?
View 4 Replies
View Related
Jan 7, 2012
I am a recent student to Cisco products and I have purchased some (what I thought was good) lab equipment to learn with on a budget. What I have is a 2948G switch and a 2620 router. My issue is this: the router has only one fast Ethernet port. Is it possible to use V LAN's and V LAN Interfaces on the router and switch to somehow emulate a second interface to connect to a WAN or sub net?
View 11 Replies
View Related
Oct 14, 2012
I would like to have a support on AIR-AP1142N-E-K9 configurations.How I can config this AP?
View 1 Replies
View Related
