Cisco :: To Configure WLC 2500 With Authentication 802.1x EAP TTLS
Mar 14, 2013
My client wants to test their new product with wireless authentication 802.1x EAP TTLS. They have CISCO WLC 2504. If CISCO WLC 2500 support EAP TTLS, if yes then how to configure.So far I have added Radius TTLS server into my WLC. Under Radius on WLC added radius server IP and key and created new SSID 802.1x WPA+WPA2 ( WPA policy2 and WPA encryption AES) after that under SSID AAAservers selected drop down same server IP.But user tried and didn’t work also we didn’t see any hit on radius server. Yea policy has added on radius.My client wants to use TTLS instead of TLS because in TLS you have to use client certificate on client side but on TTLS you can use certificate on client side but it is optional. So they want to stick with TTLS. But I am not seeing any documentation on TTLS with cisco WLCMy android phone galaxy II has TTLS option under EAP 802.1x, so android devices support TTLS.
View 2 Replies
ADVERTISEMENT
Mar 14, 2013
My client wants to test their new product with wireless authentication 802.1x EAP TTLS. They have CISCO WLC 2504. Does CISCO WLC 2500 support EAP TTLS, if yes then how to configure. So far I have added Radius TTLS server into my WLC. Under Radius on WLC added radius server IP and key and created new SSID 802.1x WPA+WPA2 ( WPA policy2 and WPA encryption AES) after that under SSID AAAservers selected drop down same server IP. But user tried and didn’t work also we didn’t see any hit on radius server. Yea policy has added on radius. My client wants to use TTLS instead of TLS because in TLS you have to use client certificate on client side but on TTLS you can use certificate on client side but it is optional. So they want to stick with TTLS. But I am not seeing any documentation on TTLS with cisco WLC
View 8 Replies
View Related
Mar 14, 2013
My client wants to test their new product with wireless authentication 802.1x EAP TTLS. They have CISCO WLC 2504. Will CISCO WLC 2500 support EAP TTLS, if yes then how to configure.
So far I have added Radius TTLS server into my WLC. Under Radius on WLC added radius server IP and key and created new SSID 802.1x WPA+WPA2 ( WPA policy2 and WPA encryption AES) after that under SSID AAAservers selected drop down same server IP.But user tried and didn’t work also we didn’t see any hit on radius server. Yea policy has added on radius.
My client wants to use TTLS instead of TLS because in TLS you have to use client certificate on client side but on TTLS you can use certificate on client side but it is optional. So they want to stick with TTLS. But I am not seeing any documentation on TTLS with cisco WLC?My android phone galaxy II has TTLS option under EAP 802.1x, so android devices support TTLS.
View 1 Replies
View Related
Jun 4, 2013
We are using WLC 2500 and AP 1041 with web authentication. Due to we do not have the trusted/public certificate and want to get rid of the certificate warning during the user login. Is this possible to change the web authentication method from HTTPS to HTTP.
View 1 Replies
View Related
Dec 7, 2012
i am having wirless controller cisco 2500 series. i want to know how many web authentication users i can create in the 2500 series controller with time out option for each users.
i know it will support the web authentication for internet access for the users but i need to know how many it will accept at a time with hours specification.
View 4 Replies
View Related
Jun 2, 2013
I have the problem with machine authentication, our customer using Wireless Controller 2500 Series and need implement machine authentication on IAS server. So, as my understand is our controller may not change anything with configuration but we may configure IAS for support machine authentication, correct? but my question is how to? and is it work ?
View 24 Replies
View Related
Mar 13, 2012
The users belong to Multiple AD domains. If we purchase WLC 2500 controller. Can I have one more WLANs authenticate to multiple radius or ad domains? I thought one WLAN/ ssid authenticate to single radius server.
View 4 Replies
View Related
Jun 27, 2012
I have a Cisco 4200 Wireless Router connected directly to my cable modem. To extend the wireless range I purchased a Cisco 2500 Wireless Router. As the house is "wired," I can connect the Cisco 2500 to the cable modem in a room separate from the Cisco 4200. My question is how do I configure the Cisco 2500 to connect to the network and provide wireless coverage from both routers.
View 6 Replies
View Related
Apr 18, 2012
I try to use EAP-TTLS on one of my wireless networks and the 802.1x authentification fails at this moment:
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.800: 00:16:cb:66:29:bc Processing Access-Accept for mobile 00:16:cb:06:09:bc
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.801: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.801: 00:16:cb:66:29:bc Resetting web acl from 255 to 255
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.802: 00:16:cb:66:29:bc apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 20, reasonCode 2
where I can find what are deleteReason 20 and reasonCode 2?
View 23 Replies
View Related
Mar 13, 2012
Is there away to configure ACS 4.2 to only allow certain EAP-type of authentication per SSID? For example: SSIDA - only allows EAP-TLS and SSIDB - only allows EAP-PEAP on the same ACS server?
View 1 Replies
View Related
Jun 9, 2012
Can we configure the wireless controller 5508 to authenticate the clients using both of MAC address Filtering (layer 2 security) and Web authentication (layer 3 security). and what is the difference between (Web policy --> authentication) and (Web policy --> on MAC filter failure)
View 6 Replies
View Related
Aug 18, 2011
how do i configure user authentication via TACACS on UCS 1.4 with ACS 5.2? My TACACs connection works, and my user authentication is successful, but i can only get read-only rights. I have tried several versions of "cisco-av-pair= role=admin" both as mandatory attributes named role and as cisco-av-pair=role , with "admin" as the value, and i still get read-only.
When i attempt to find any documentation, it only describes ACS 4.2, which is another problem i have with most documentation for new cisco products (i have this exact issue with my NAMs, nothing i do to change the attributes results in successfully logging into the NAM, and all config guides are written in 4.2 speak).
is there any possiblity cisco is going to release some documentation on how to convert 4.2 speak to 5.2 speak?
View 8 Replies
View Related
Jan 20, 2012
I have cisco aironet 1200 series Acess point i want to configure wep with mac authentcation .
If any document with GUI configuration
View 11 Replies
View Related
Jul 12, 2012
I want to configure managment-access authentication to the WCS via tacacs+. The AAA Server is Cisco ACS 5.2.I made it and it works, but only with PAP Authentication Type. Chap doesn't work 4 me.The Access Service is configured with allowed protocols PAP and CHAP.The ACS Monitor just display an error with these steps:Received TACACS+ Authentication START Request
View 1 Replies
View Related
Jan 8, 2013
I have cisco 2504 WLAN controller with 7.4 IOS. My query is can I configure the MAC authentication with certificate based. And without using any external servers like Radius, ACS and LDAP.
May I know, If there is a option on WLC…
View 4 Replies
View Related
Aug 28, 2012
I'm trying to configure WLAN authentication on my WCS to prompt users about their credentials.I'm using a Windows 2008 NPS as Radius server but I can also use a Cisco ACS 3.3 if needed.With each setup I tried, the credentials are sent automatically to the Radius server using the Windows user session credentials.How can I force the WCS to ask for a username and password before sending them to the Radius Server ?
View 4 Replies
View Related
Jul 18, 2011
I have some queries regarding on the report generation for on Cisco ACS v5.2.
1) Can we schedule to run a customized report on ACS and then email the report to the user?
2) Can we run a users authentication trend report based on the AD directory group rather than individual user.
3) Can we configure user authentication logs to be viewed on WCS.
View 6 Replies
View Related
Mar 12, 2012
I need to configure WPA or WPA2 authentication on cisco 1042N access points. But I believe that for this requirement I need to have either an internal or external RADIUS server, but my customer want to just a normal WPA/WPA2 authentication like what we configure on cisco WAP200 or WAP4410 accesspoints, is there any work arounds to configure WPA/WPA2 authentication in a simpler manner rather than configuring RADIUS server option?
View 2 Replies
View Related
Sep 12, 2011
Is there a decent guide on how to configure ACS5.2 for TACACS management authentication of WCS?
View 2 Replies
View Related
Oct 13, 2011
I am trying configure tacacs authentication for http in Cisco 2960 with IOS 15.0.1.SE. [code] But the device is not authenticating. It ask the credentials (user and pass) but not authenticates.
View 7 Replies
View Related
May 3, 2013
I am trying to configure 802.1x RADIUS Authentication on cisco 2950-24TT-L Switch. I am using following set of command as given below
Switch# configure t
Switch(config)# aaa new-model
Switch(config)# aaa authentication dotx default group redius
Switch(config)# dot1x system-auth-control
Switch(config)# inter fasteth 0/1
Switch(config)#dot1x port-control atuo
I am facing problem dot1x command is not working on interface.
View 1 Replies
View Related
May 14, 2011
Is there a way to configure an email notification for a specific authentication failure? Specifically, I'd like to see if I can have an email notifcation sent to me when failure reason is "13017 Received TACACS+ packet from unknown Network Device or AAA Client".
View 1 Replies
View Related
Aug 14, 2011
I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone. I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.
View 1 Replies
View Related
Jun 28, 2012
I am attempting to configure Radius authentication accross a site-to-site VPN for my ASA 5510-01 for remote access.
ASA5510-1 currently has a live site to site to ASA5510-2.
ASA 5510-1 - 10.192.0.253
ASA 5510-2 - 172.16.102.1
DC - 172.16.102.10
ASA5510-01 can ping the DC and vica versa but is unable to authticate when i perform a test. ASA5510-01 can authenticate to a DC on it;s own LAN but not on the remote LAN that DC sits on.
I have double checked the 'Server Secret Key' and ports as well as various users which all work locallly. ASA5510-02 authenticates to DC with no problems.
View 3 Replies
View Related
Feb 16, 2012
I'm having a little trouble with a router I have got my hands on to practice for my CCNA.Im connected via serial>USB adapter and via XP HT on Win7. Router boots and I then break the boot sequence with ctrl-break. But then it does not go into ROMMON mode. It simply says this:
-System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
-Copyright (c) 1986-1995 by cisco Systems
-2500 processor with 2048 Kbytes of main memory
How I get it into ROMMON to reset the password on it.
View 7 Replies
View Related
Nov 20, 2011
I am having trouble adding a new controller(2500) to the WCS.
-My WCS version 6.0.196.0
-My WLC version 7.0.116.0
If i upgrade my WCS i may add the new contoller? Even if in cisco DATA-SHEET there isnt any mention regarding this WLC(basicly it says that the WCS does not support this WLC)
Monitoring and migration of selected Cisco Aironet standalone (autonomous) access points. Monitoring of the standalone access points of Cisco 800, 1800, 2800, and 3800 Series Integrated Services Routers.
View 3 Replies
View Related
Jan 3, 2012
I have a scenario where we have
Cisco 1300 Outdoor APs
Cisco 3600 Indoor APs
WLC 2500
Now i need to integrate the WLC with Windows 2008 AD for authentication.The idea is to let the users authenticate via AD for accesing the wireless network.
Will the integration work with NPS?
View 2 Replies
View Related
Feb 15, 2012
I'm configuring a 2500 series WLC to test some wireless configuration changes we'd like to make on our 5500's that are currently in prodcution.
The 2500 and the 5800's interfaces are configured as a LAG.
One of the primary goals of these configuration changes is to move the LAPs from their current VLAN (the same subnet as our primary WLAN) to two separate VLANs. Were choosing to move the LAPs to 2 APs based on the WLC best practices document's suggestion to limit the number of LAPs per vlan to 60-100. We've had several issues in the past with LAPs failing to join with their static IPs, releasing them and then joining with DHCP addresses.
LAP's will be on separate vlans using subnets 10.10.10.0/25 and 10.10.10.128/25. WLC management interface is in the 10.10.1.0/25 subnet.
Should we continue using static IPs for the LAPs or DHCP?
What subnet should the AP management interface be on?
Is it possible to have mutiple AP management interfaces with LAG?
View 4 Replies
View Related
Feb 4, 2013
I’m going though dot1x implementation using Cisco WLC 2500 series and ACS 4.2 but I have problems with joining to the SSID. I revised the configuration many times as attached but don’t know what is wrong
log 2013.02.05 17:34:02=
(Cisco Controller) >
(Cisco Controller) >debug dot1x all enable
(Cisco Controller) >*apfMsConnTask_2: Feb 05 07:27:19.865: 00:26:c7:3b:dc:d8 apfMsAssoStateInc
*dot1xMsgTask: Feb 05 07:27:19.867: 00:26:c7:3b:dc:d8 Station 00:26:c7:3b:dc:d8 setting dot1x reauth timeout = 0
*dot1xMsgTask: Feb 05 07:27:19.867: 00:26:c7:3b:dc:d8 Stopping reauth timeout for 00:26:c7:3b:dc:d8
[code]...
View 6 Replies
View Related
Jan 31, 2012
Ive used an old 2500 in the past with multiple serial connections to achieve console connections to all my devices in remote offices. What to use now a days? I dont want to put in an old 2500, i would rather use something more modern. Ive seen a lot of devices out there.
View 1 Replies
View Related
May 10, 2013
By any way can I achieve HA in 2500 controller? I dont mind even I didnt get Stateful switchover.
View 5 Replies
View Related
Mar 28, 2012
which differences exist between 7.0 and 7.2 firmwares? I have to decide/choose which of them to run, before continuing to configure my WLAN infrastructure.
View 3 Replies
View Related
Aug 2, 2011
We are looking at MAC address filter on the WCS (Limted to 2500?) for the machine then a rule on the ACS pointing to an AD group.
View 1 Replies
View Related
