Cisco :: WLC 2504 - 802.1X Failure On Win 7 Non-domain Clients
May 28, 2013
I have a WLC 2504(code 7.0.235) installed and two AP 3502 (local mode). RADIUS Server is a IAS runnning on my AD server.
I had a domestic AP before Cisco solution, using the same RADIUS server and everything was ok. After migration Windows 7 domain clients and Apple devices connects without issue. However when I try to connect non-domain windows 7 clients into wireless network (802.1X) and got failure. Apple devices out of domain can connect, certificate pop-up appears and connection flows.
I check certificates and everything looks ok for me. I remove a windows 7 client from domain and test it too, an got the same error. Certificate are install on windows 7 clients.
Could Cisco controller interfering in this authentication process ?
View 1 Replies
ADVERTISEMENT
Jun 9, 2013
2504 contrller with 1042N ap's. NPS and group policy (for computers) is setup. Certificates are setup.Logging on as a domain user I can connect to the wireless network but am only getting Internet access. I can not access any domain resources.DHCP is handled by a domain controller. I can ping servers and printers, but cannot access them. Can't map a drive, add a printer or access services on the network.
View 1 Replies
View Related
Jul 30, 2012
When attempting to log in to a computer (running Windows 7 Professional) here at the office using the network administrator account, I get the error message: "The trust relationship between this workstation and the primary domain failed." I wasn't here when this laptop was set up, and so I don't know if any local user accounts were made or what their passwords would be if they were there, so I can't think of any way to log in to the machine and disconnect/reconnect to the domain which is really my only idea on how to fix it. Finding out what would cause this to suddenly start happening would also be nice, but mostly I just need to figure out how to get reconnected so I can get this back up and running.
View 1 Replies
View Related
Aug 29, 2012
I've problem with a WLC 2504. Some Clients like phones and Thin Clients get an IP 0.0.0.0.Software Version is 7.0.235.0. Test with a Laptop seams to be OK. Some printers also got an 0.0.0.0.Around 30% are not OK. also had the log: Impersonation of AP with Base Radio MAC 00:yy:yy:yy:yy:yyusing source address of 00:xx:xx:xx:xx:xx has been detected by the AP with MAC Address: 00:yy:yy:yy:yy:yy on its 802.11b/g radio whose slot ID is 0 The problem is, I cannot go to 7.2 version because I have 2 x AP 1231 and 2 x 1242 AP's.1231 AP's are not anymore supported in 7.2 Version.
View 14 Replies
View Related
Oct 1, 2012
Is there a way to generate historic reports on how many clients have been using a WLAN on Cisco 2504?
View 1 Replies
View Related
Jun 8, 2012
I am playing around with a WS-C2950-24 running IOS 12.1(22)EA13. I would like to separate guest clients from domain clients on the network (for a start) so that guest clients only get access to internet and i have created three vlans for this purpose. Vlan 10 - internet, vlan 20 - internal, vlan 40 - guest. I have also set up a trunk link on the internal network.since the 2950 does not offer routing capabilities i assume i need to to the routing between these networks on another box. I am planing to do this on a linux machine. I have set up the same vlans on the linux box.
My question is how do I configure the cisco correctly so i can reach all the networks on the linux box. The cable that runs between the cisco and the linux box is connected to vlan 20 - internal and is defined as a trunk port allowing all vlans ( switchport trunk allowed vlan all ) with vlan 20 as native.it looks like only vlan 20 is using the cable that reaches the linux machine. 2950 ----- unmanaged switch (not replaced yet) ---servers
View 9 Replies
View Related
Jun 16, 2012
How to check applied group policy on the domain clients
View 1 Replies
View Related
May 29, 2013
While trying to connect to WiFi at remote sites APs, the connection is getting time out.User are getting error as 'Unable to connect to <WiFi-SSID>' The APs at corporate office are functioning properly and user are able to connect to the APs.
Wifi Controller: 2504 Software ver: 7.3.101.0
Authentication 802.1x
View 7 Replies
View Related
Jun 18, 2012
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
:
ASA Version 7.2(4)
!
hostname ASA
domain-name default.domain.invalid
[code].....
what I need to add to get the vpn client to be able to ping the router and clients?
View 3 Replies
View Related
Nov 5, 2012
We currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
My testing shows packets just dying in the 5520.
View 1 Replies
View Related
Feb 1, 2011
I have 4 desktops cat5 to Dlink DIR 615 router. All work fine. Any wireless clients, laptop or netbooks, see the desktop computers for a while then disconnect somehow. All machines can see the Internet through the router at all times. The desktops disappear from the laptop/netbooks but the wireless machines can be seen from the desktop computers but clicking on them gets 'Access Denied' message after a wait.3 desktops = XP, 1 98SE. All laptop/netbooks = XP
View 2 Replies
View Related
Jul 6, 2012
I have a Netgear WNDR4500 running the stock firmware, acting as a router for my home. I also have 2 routers that are flashed with DD-WRT (Linksys WRT54G and Asus WL-520GU) running as client bridges. The Netgear is 192.168.1.1 and the other 2 client bridges are 192.168.1.2 and 192.168.10.3. The Netgear router is performing DHCP giving addresses from 192.168.10.100 to 192.168.10.254. I have numerous machines connected to the Netgear, wirelessly and wired, and numerous machines wired to each client bridge. All machines have IP addresses that are 192.168.10.100, 192.168.10.101, 192.168.10.102, etc... Everything is working fine, but I have one question: When I access the Netgear router, it shows the client bridges as clients, machines that are wired and wireless to the Netgear router are listed as clients, but the client list does not show any clients that are connected to the client bridges. I assumed that since the router is performing DHCP that all clients would show up.
View 2 Replies
View Related
Feb 29, 2012
I have a strange issue on my ASA 5510 (8.4). I can't ping or connect to the VPN clients but the VPN clients can ping/connect to any inside resources. I have checked all the NAT extemtion entries.
View 3 Replies
View Related
Jan 10, 2012
I know that CW Common Services 3.3 does not work with pre-defined roles on ACS AAA. So I followed these forums and enabled non-ACS AAA and selected TACACS+. I have a single rule that is matching in my ACS (after looking at the audit trail):
Authentication Details
Status:
Passed
[Code]....
As you may have noticed even though it is matching an access service that allows Priv15. That doesn't seem to be passing through as you can see on top I am only receiving Priv 1. What can I do to properly pass through the access service profile?
View 2 Replies
View Related
Jul 16, 2011
In our company we are using Ciscoworks LMS3.0.( DFM 3.0.1, RME 4.1.1.) In DFM, every day at 8:00 PM we receive alarm authorization failure on Core switch ( source is cisco works server IP).
View 6 Replies
View Related
Jan 27, 2013
Whenever I try to open multiple sites, I will get a DNS lookup failure. Whenever I torrent something, websites give me a DNS lookup failure. Watch Youtube and open anoter site, DNS lookup failure. It seems that when I try to use too much internet I crash something... which doesn't make any sense because this problem has only come up recently. The only thing that I can think of is that I was messing around with the DNS to be able to connect to the American Netflix (I'm Canadian). I was using a site called "ZenOK" I believe, which gives you a server to connect to, and then a week later tells you it's no longer free (which they didn't mention in the signup)... so I removed the DNS number in my internet protocols, but I still get American Netflix.
View 14 Replies
View Related
Jan 1, 2013
I have a following question. I configured different authentication passwords in Master and slave VRRP setup.
View 2 Replies
View Related
Jul 12, 2011
we cant create EoX and PSIRT reports For Job-Log please see attached 1007.1.log.Patch lms40x-win-CSCto46927-0 has been installed already.CCO-Credentials + Proxy-settings in LMS must be oK, because we are able to auto download device packages for instance.
View 4 Replies
View Related
Nov 23, 2011
We have several unknown devices within our inventory. When running an inventory report the message I get back is "No Credentials available".
For inventory checks is it just SNMP that is used or is it the standard credentials that are needed ?
I am planning to edit the credentials for the single device manually to see if this makes a difference. Our integration is with ACS and we have a machine account with admin priveleges.
Device Verification for the device states "Device Not reachable" for SNMP and SSH. There are no drops on any of our firewalls but snmpwalk does work from the command prompt from the LMS server.
Are there any further checks I can make for these 2 messages:
* "No Credentials available". * "Device Not reachable"
View 2 Replies
View Related
Apr 19, 2012
I manage a small business with 10 computers running off my network. They are all connected to the internet through a RV016. We recently created a new website and purchased a new domain through In Motion Hosting. I have a randomly reoccuring issue, usually in the morning, that seems to resolve itself after a couple hours on it's own. I have dealt with tech support from In Motion Hosting and my ISP who have both come to the determination that the problem lies within my gateway.
When I attempt to log on to my companies website [URL] my browser is unable to locate the webpage. Also, if I try to access the website for In Motion Hosting [URL] or to access our webmail [URL]I am unable to do so because the DNS lookup failed. I can view any other web page on the internet without a problem. I can not ping or tracert either website successfully, however when I called In Motion Hosting and got the IP addresses for the two I was able to ping and tracert them without a problem.
As I said the problem happens randomly and seems to resolve itself within 2-8 hours. However we are unable to access our email during these "blackouts" which is becoming a huge problem.
Is there a setting within the RV016 that might be causing this to happen?
View 6 Replies
View Related
Jan 15, 2013
I have Samsung Tablet Windows 8 32-bit I installed VPN Client Version 5.0.07.0410 successfully installed, but I cant connect through the profile always got Driver failure 440.
View 3 Replies
View Related
Nov 14, 2011
Some times the ISP side interface remains up with a failure of internet. At those situation how we can efficiently track the ISP failure from asa 5510
View 2 Replies
View Related
Apr 15, 2013
I'm using the Cisco ANM 5.2 version and I'm trying to import the configurations from ACE modules of Cisco switches. The first step is to import the configuration from Cisco switch and the second one is to import the ACE module in the ANM software. I'm getting an authentication problem to import the configuration from Cisco switch and of course I cannot import the ACE as well. The switches and the ACE are using AAA authentication and I have created a specific username to authenticate and import the configurations in the ANM. If I remove the AAA configurations from the switches and ACE modules it works fine.
Is there some problem with the AAA configurations in the switches or ACE module?
View 7 Replies
View Related
Feb 20, 2012
After I upgrading all device packages, inventory collection failure to complete. All devices stuck on pending state and at the end of the job all devices are under not attempted and job result description ses " Timed out. Make shure that ICServer is running". I made sure that ICServer is running.
LMS runs on windows 2008 R2 server
View 10 Replies
View Related
Feb 20, 2011
I'm trying to upgrade a 3750-24TS from c3750-ipservices-mz.122-25.SEE2 to a more recent image. On the first pass, I got
Error: There is insufficient space in flash: to install the requiredError: image. Clean up some old images, and try again.
So I used the delete /recursive flash:image-dir-name to clean out the old files, but I'm still getting the same message after doing this. What's the problem? Now I have a switch with no IOS and need to at least get something on there.
Switch#sh verCisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Fri 28-Jul-06 08:46 by yenanhImage text-base: 0x00003000, data-base: 0x010CE290ROM: Bootstrap program is C3750 boot loaderBOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)Switch uptime is 1 hour,(code)
View 16 Replies
View Related
Mar 25, 2013
I recently bought a Cisco WAP 321 for my company, but when i connect it to the network, the switch on which I connect crashes, and I lose all connectivity to the network, (internet also). i have to unplug the WAP321 and wait for a few minutes to be able to use the network again.
I'm currently using a small 8 port switch, There are usually 3 or 4 users connected on it. When I try connecting the WAP321 on another switch, only connected to 1 computer, it seems to be working : I can access the configuration page, and make some modifications.
View 1 Replies
View Related
Jun 20, 2011
I recently tried to deploy an ACS appliance with version 5.2 installed on it for a customer.
After setting up the WLC to use the ACS as a radius server, and successfully testing connection from the ACS to the AD, I get an error message " 12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate" anytime a client tries to connect to the network.
This is surprising because I had already generated a certficate for the ACS from a CA and binded the CA signed certificate with the ACS, I also specified the CA in the client machine's wireless properties and checked the "validate certificate" button.
When I tried to connect using the internal identity store, the client was successfully authenticated without any certificate issues.
View 1 Replies
View Related
May 22, 2011
My company just upgraded our VPN software to use Cisco AnyConnect 3.0.1047. We were previously using 2.5.0217. I successfully upgraded the VPN client on my iMac. I am trying to do the same on my MacBook Pro but the process is failing. Both Macs are using OSX 10.6.7. Both use Chrome but I have reproduced the error using Safari and Firefox on the failing system.
On the failing MacBook, the IP address my IT department gave me produced this error:After the 26 second timeout completed, I was brought to this screen:
I clicked the "Mac..." link above and a file called "cstub" was downloaded. I could not execute the file directly as its permissions started at 644. I changed its permissions through the terminal to 755. I tried executing the binary but it failed returning error code 250.I tried uninstalling AnyConnect 2.5.0217 to see if that improved things. No change.
View 3 Replies
View Related
Oct 24, 2012
I am trying to get CiscoWorks LMS 4.0 to connect to my routers in order to back up configurations, but I am getting SSH authentication failures reported in the router logs (and archiving fails).
The credentials LMS is using is a username and password with priviledge 15: the account is established in TACACS+. I can log into the devices directly with this user account.However, I cannot TFTP from the routers to the LMS either (I get a permission denied message in the router).
LMS did manage to fetch some configs, but 90% of my devices are having this issue.
View 4 Replies
View Related
Nov 20, 2011
I'm having an issue with LMS 4 where it's failing to collection configuration from devices.
The following is the status of your Scheduled Config collection job:
Job ID : 1045
Status : Job Failed(111)
Description : System config collection job
[Code]....
I researched through this forum and found a thread where the ConfigMgmtServer server wouldn't run. Looking at the processes it says that this service is running normally.
View 1 Replies
View Related
Aug 14, 2011
we are running LMS 3.0.1. When I attempt to update the devices for RME I received the following error messages.
Number of Packages Selected for Install : 82
For Product(s) : Resource Manager Essentials
Install Invoked by user : admin
The Package(s) Selected for Install :
[code]....
View 1 Replies
View Related
May 2, 2013
i know in Cisco PIX til 8.2 OS, if i have Nat control disabled and ACL permitting connection from Low Secirity ( DMZ ) to High Secuurity (INSIDE) then connectino should be successful, and i dont need any STATIC identity nat of inside IP to be created.
But i have Cisco PIX 525 with Version 7.2(2) Which is not allowing connection from DMZ to INSIDE , although nat control is disabled. and giving RFP check failure, any thought?
PIT525PIXINET# sh running-config nat-control no nat-cont
packet-tracer input dmZ tcp 192.168.85.4 65000 10.34.21.25 3389
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
[Code]...
View 6 Replies
View Related
May 18, 2011
we have a problem with a Cisco 1841 router while booting. The router is loading the image from the CF card but gets stucked at this point:
This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be foundURL
View 1 Replies
View Related
