Cisco :: WLC 5508 / Guest User Session Validation Failed

May 31, 2012

I am running a guest wireless network on a Cisco 5508 WLC with 6.0.202.0 code. My syslog is filling up with the following error message:

WLC: *May 15 12:32:59.244: %AAA-3-VALIDATE_GUEST_SESSION_FAILED: file_db.c:3968 Guest user session validation failed for guest_user10. Index provided is out of range..
 
The user that is assigned to the guest_user10 account works fine and has no idea this error is occurring.
 
This error message is occuring exactly every 15 minutes 24x7.
 
I believe I have a rogue user who has setup a device to try and login to the guest network automatically, every 15 minutes with the guest_user10 credentials. I need to track this device down. I need a way to find either the MAC or IP address of the device that is causing this error message. I have tried turning on AAA debugging on the controller but I dont get anything more than the above error. I have also tried using WCS to look at the client history but it only show the normal activity.

View 3 Replies


ADVERTISEMENT

Cisco :: Wireless User Session Authorization With WLC 5508

Oct 8, 2012

I have a user authentication issue with our WLAN deployment. My issue relates to the guest access WLAN. First a brief descrition of our setup. We have a local WLC in the branch office (5508) with two SSIDs configured, CorpNet for the internal network and GuestNet of external guest access. We also have a WLC (5508) in the DMZ to provide the guest access. We are using Cisco ISE server to authenticate guest users via a web portal.
 
The authentication process works as it should. An external client gets an IP in the DMZ and is redirected to the web portal to authenticate their account. When they do they are able to access and browse the internet. No problems. My issue is that if we disable their account (ie suspend or delete it) in ISE it does not seem to terminate the users session and they can continue to have internet access. What I would like to happen is that when the account is disabled in ISE then the associated device's access to the internet is removed.

View 2 Replies View Related

Cisco Wireless :: WCS Creates User Guest Access On WLC 5508

Feb 23, 2012

In my Wireless network, I have two appliances WLC 5508 running version 7.0.116.0.I have a WCS running version 7.0.172.0, deployed on a windows 2003 server.I've imported the two WLCs in my WCS in order to centralize the monitoring and the configuration tasks.Now I'm facing an issue when I want to create a guest user from the WCS, rather than creating this user access on each WLC. The creation of the user account is working good, the replication is done on the both WLCs, but on one of my WLC the guest user account is deleted after one hour(around).On the second WLC, the same user account remains during all its life time.In attachment a screen shot of the advanced parameter of the guest user.You can see that the user was created on the both WLC but is only active on one ... and unfortunately the wrong because the AP is associated with the other WLC.

View 2 Replies View Related

Cisco Wireless :: 5508 - Export Guest User Accounts To New WLC

Dec 19, 2012

I've got a WLC5508 (7.0.116.0) that is managed by WCS (7.0.172.0). I set up another WLC5508 with the same code and managed by the same WCS. Now I'd like to export all the 800 guest user accounts with the passwords from the old WLC and import them into the new WLC.

View 10 Replies View Related

Cisco Wireless :: 5508 - Bypass / Remove Certificate Page For Guest User WLAN

Jul 24, 2012

When a guest user first trys to access the "guest" WLAN, they are presented with a "certificate page" before the web athentication page / login  is presented.  The WLC forces an internal redirect to https://1.1.1.1 causing the certificate page to appear.  Can this be bypassed?    I am runiing 5508 with   7.0.220.0. 

View 12 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Import Template Gives File Format Validation Failed

Sep 21, 2011

Network Resources - Network Devices and AAA Clients- File Operations - Add - gives me File Format Validation Faliled. I am carefull to leave the header as it is. The header in the Import Template looks faulty, see attached. When exporting devices I also get the same header as attached. I also tried to change the header so its all in one column, but with same result.

View 1 Replies View Related

Cisco Switching/Routing :: GLC-T Error SFP Validation Failed On Nexus 5548

Oct 19, 2012

We inserted GLC-T modules and on Nexus 5548 they are showing SFP validation Failed  , as per Cisco doc GLC-T is support . Since we have 28 such modules and all after inserting showing same error. please see the below details. I also try configuring speed and inserting modules but no result ..let me know whether my GLC-T module is supported on Nexus 5548
 
INMUMFDS1SWCORE01# show module
Mod Ports  Module-Type                      Model                  Status
--- -----  -------------------------------- ---------------------- ------------
1    32     O2 32X10GE/Modular Supervisor    N5K-C5548P-SUP         active *
2    16     O2 16X10GE Ethernet Module       N55-M16P               ok
3    0      O2 Daughter Card with L3 ASIC    N55-D160L3             ok

[code]

View 6 Replies View Related

Cisco Wireless :: Error Message On WLC5508 - Validation Of STAT_PAYLOAD Failed

Oct 24, 2012

Upon checking the logs, I'm seeing a lot of these messages:

*emWeb: Oct 25 14:11:01.345: #LOG-3-Q_IND: spam_lrad.c:10136 Validation of STAT_PAYLOAD failed - AP  00:3a:98:09:4e:d0

Always the same MAC address, which I assume is a Cisco AP trying to join. The output interpreter/message decoder isn't much useful. 5508 Controller running ver 7.3.101.0.

View 11 Replies View Related

Cisco AAA/Identity/Nac :: %ASA-3-717009 / Certificate Validation Failed / Certificate Date Is Out-of-range

Jan 30, 2012

There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
 
     %ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
 
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?

View 3 Replies View Related

Cisco :: User To One Session At A Time In ACS 5.1

Apr 10, 2012

I have installed the ACS 5.1 and linked to my WLC, and when I enter my Logeo I agree Signature: User and password whenever you want from different devices, I want to do is only allow a user to one session at a time.

View 7 Replies View Related

Cisco Wireless :: Can WLC 7.0 Restrict Guest Session Time

Feb 5, 2013

We have Cisco WLC 7.0 with private and public accesses. Is it possible to limit guest session time? For example, any visitors’ connection will be disconnected after 1 hour. 

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - User Lose Session With Server While VPN Still Established

Jul 7, 2012

i have user connected to office using Cisco vpn client , Cisco asa 5520 acts as vpn gateway, frequently the users got disconnected from the server while the VPN still established and not disconnected!
 
what is the cause of the issue , where the fault is located ? how to start the troubleshooting to figure out the issue?

View 1 Replies View Related

Cisco Security :: 3845 - How To Configure Remote Access VPN User Session Timeouts

Mar 22, 2011

I am configuring remote access VPN on a cisco router 3845. Works fine.
 
I was looking for configuring session and idle time configuration for groups and eventually users.
 
I am using the following Cisco VPN remote access configuration :
 
crypto isakmp client configuration group mygroup
key xxx
pool mypool
acl 101
max-logins 3
banner ^CHelloo ^C

Is there any command in cisco ios similar to Cisco ASA  vpn group 1 session-timeout?

View 1 Replies View Related

Cisco :: Prevent Guest From Doing Peer-peer Communication On Guest 5508 Controllers

Jan 24, 2013

I want to prevent guest from doing peer - peer communication on my Guest (5508) controllers.  Is this a feature on the WLC or only by applying an ACL on the router interface?

View 2 Replies View Related

Cisco Wireless :: 5508 - Watching Debug Via Ssh Session To WLC

Jan 30, 2013

I am quite new to wireless side and had a small Q regarding watching debug output while i am ssh to the WLC? I tried the other day and did not see any messages, now this could be for the reason that nothing triggered or perhaps it needs something like terminal monitor?? i couldnt find any such command. my WLC is 5508 running 7.3 version.

View 2 Replies View Related

Cisco :: WLC 5508 External Web Authentication Mismatch With Session Timeout?

Aug 27, 2012

For guest clients , we have configured guest vlan and applied external web authenication on WLC 5508 , the session timeout value is 2700secons . When a client open a browser to internet page , wlc will redirect to URL and get the login page . After completed the login , he can go to internet page .

We find the iPhone and ipad clients will get the login page again ahfter ~ 5 mins , it is mismatch with session timeout value 2700 sec (45 mins) .

View 5 Replies View Related

Cisco Wireless :: WLC 5508 With 3600 And 2600 AP - Client Down / Session Timer Is Turned Off

Apr 9, 2013

I have a strange issue with clients connected to a WiFi network.I have configured AP in FlexConnect mode and 2 SSID's. After a reboot of the AP the network is stable for almost 45 mins. Then each client will go UP and Down, mostly with a delay of 5 mins.
 
What could be the source of this. The clients are Windows CE handheld with fixed IP adres. I already configure persitent client and have play arround with APR timers as well. Thereby an Windows desktop or an iPad has less connectivity issues but even they expert pakcteloss once in severall minutes.
 
Session timer is turned off
 
The iPad for example can play music, but each 5 mins you hear a little hickup and 2 subsecond ping are loss.
 
Controller version is 7.3

View 6 Replies View Related

No Wifi Connection For Guest User

Oct 30, 2011

i am loaning my laptop to a friend to use while traveling and I have created a "guest user" account so he doesn't have to go through my home pages and personal files. Well, whenever this account is being used, there is no WiFi connection logo and so it cannot be connected to the internet via WiFi...

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Authorization Failed By User That Doesn't Exist

Jan 8, 2013

I am getting Authorisation requests failed log entries for a user however there aren't any successful authentication logs.
 
The user would never be able to authenticate as it no longer exists in ACS (it was the user for someone who left the company 3-4 month ago)
 
The other wierd thing is that the caller-id is 0.0.0.0 BTW the NAS is a Cisco ASA firewall running 8.0(3)

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Can Use ACS 5.2 As Guest User Authentication Server?

Jun 5, 2012

Can use ACS 5.2 as Guest user authentication server?

View 3 Replies View Related

Cisco :: 2100 Can Create A Guest User Directly On ISE

Oct 10, 2011

I have an instance of ISE and NCS with a WLC 2100 plus a couple of LWAPs. This is an evaluation POC lab to sell ISE and NCS to our management to make our life easier.The problem I have amoungst many is I can create a guest user directly on the ISE and the guest can login, the ISE monitor shows the guest authenticates but the clients webpage passes them back to the login page not onto the original client url. The web auth is pointed at the ISE/guestportal/portal.jsp page.If I point the web auth at the internal WLC page using a WLC local user account it works.If I set the guest access to pass through it works without issues getting dhcp and dns. On the ISE is there a policy needed to say if guests are web authenticated give them access? The need is for AD authenticated users to be able tocreate guest users. The AD authentication works for sponsorship and guest creation its just the guest access redirection I am having issues with.

View 1 Replies View Related

Cisco :: WLC 4400 - Create Guest User Accounts

Jun 13, 2011

(WLC 4400) which enables employees to browse to a custom made webpage, where they can create an account for company vistors to access the internet. It's important for the employees not use any login credentials, they arrive on a webpage where they specify the login & password which the vistor will enter to browse the internet. Is there any good link to documention about this topic?

View 3 Replies View Related

Cisco Wireless :: WLC 2504 - Guest User Life Time?

Sep 19, 2012

Cant we create a guest user login with more than 30 days lifetime? In the lifetime field we can enter maximum 99 but it only allows up to 30

View 5 Replies View Related

Cisco Wireless :: AES128 - Traffic From Guest User Encrypted?

Sep 12, 2011

The design is typical Cisco unified wireless solution. In such a implementation, is the traffic from the guest user who has successfully authenticated via WEB-AUTH encrypted? If so, what is the standard used, AES128 or TKIP?

View 6 Replies View Related

Linksys Wireless Router :: Guest / User Authentication E2000?

Jul 7, 2011

E2000 has the guest account feature.  Not sure if all guests shares the same login credentials.  I would like to have guests account use seperate logins.  Is this feature available?  Another thing, I read the manual and it is indicated that only up to 10 maximum guest acccounts is allowed.  I am looking for more than 10 - kinda like a hotspot software.
 
I've been looking everywhere.  I've seen hotspot system, ddwrt, chillspot, etc.  But it's complicated as firmware needed to be flashed.

View 1 Replies View Related

Cisco :: Guest Access On A 5508?

Jan 25, 2012

We currently tunnel guests to a 4402 that sits behind our firewall and it's been working well for a few years but I am aware that the 4402 is now EoL so I am exploring alternatives:
 
We also have several 5508s deployed and I'm wondering if - in any new guest access config - I can allocate one of its free h/w ports to connect to the firewall, even though the 5508 is configured to use LAG.
 
To put it another way can I configure a new port to a seperate VLAN and not be part of the the LAG'd ports or are you tied to having all ports acting as a group if LAG is switched on?

View 6 Replies View Related

Cisco Wireless :: 3502 - WLC User Rate Limit On Guest SSID Anchor Controller

Jul 30, 2012

We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ. Both the foreign and anchor controller are here at my location.
 
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid. As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
 
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
 
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
 
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
      
Oh and here is my hardware & software levels.
 
5508wlc - forgeign
4402wlc - anchor
Software Version7.0.230.0

View 3 Replies View Related

Cisco Wireless :: Failed To Add Aironet 3502 To WLC 5508

Oct 7, 2010

I have a Cisco WLC5508 controller which I recently upgraded to software 7.0.98.0 because I tried to add a Aironet 3502 and it gave me an invalid software.  After the upgrade this is the error I get from the AP when I try to add.  [code]

View 5 Replies View Related

Cisco :: WLC 5508 / Failed To Get DHCP Response On Interface

Jul 10, 2012

i have WLC 5508 showing the below Logs , which prevent the users from connecting to the SSIDs , also its disconnecting the associted users DHCP Socket Task: Jul 11 09:54:08.992: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'interface-02'. Marking interface dirty.*mmListen: Jul 11 09:54:08.638: %MM-3-INVALID_PKT_RECVD: mm_listen.c:7671 Received an invalid packet from 10.21.1.25. Source member:0.0.0.0. source member unknown.it shows 3 to 4 times durring 1 hour ,

View 2 Replies View Related

Cisco Wireless :: 5508 - Failed To Do Data Gleaning

Apr 3, 2013

Seen this error on 5508 controller with 3600i APs? WLC is running v7.3.101.0
 
*apfOrphanSocketTask: Apr 04 09:44:41.444: #IPV6-3-INVALID_ADDR_ORPHAN: ipv6_net.c:715 Invalid ipv6 address ::, failed to do data gleaning.

View 1 Replies View Related

Cisco :: WLC 5508 With AD Rc 1005 LDAP Bind Failed

Oct 28, 2012

I am having problems with my WLC to connect in my LDAP (ActiveDirectory). I have 3 interfaces in the controller:
- Management  (vlan709): 10.41.200.253
- lan (vlan 1): 190.1.1.123
- guest (vlan 708): 10.41.222.253
 
My LDAP server is: 190.1.1.22
 
The controller could ping the LDAP Server. And LDAP Server ping WLC too. When the controller try to connect in the LDAP server, return this on debug:

ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
*LDAP DB Task 1: Oct 29 15:11:16.924: %AAA-3-LDAP_CONNECT_SERVER_FAILED:
*LDAP DB Task 1: Oct 29 15:10:52.932: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Oct 29 15:10:54.932: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Oct 29 15:10:54.932: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP_OPT_REFERRALS = -1

View 4 Replies View Related

Cisco Wireless :: WLC 5508 Guest Access Via WAN?

Jan 28, 2012

Is it possible to provide wireless guest access over the WAN from another office via the WLC. I have WLC 5508 in a central office and have other remote offices that have one Access Point in each office that are autonomous; I will be converting these to LWAPP. Is it possible to route guest traffic back to the WLC then forward this traffic out to the internet? How would I route this traffic out as well? install a secondary WLC in the DMZ and use anchor points. I only have one WLC

View 7 Replies View Related

Cisco :: 5508 - Monitoring Guest Wireless?

Jun 2, 2013

, I have a requirement by a customer that they will want to monitor the guest wireless access. Currently, we are proposing a Cisco Wireless Controller 5508 together with APs and the setup would be a dedicated VLAN for guest. I am wondering if Cisco ISE together with Cisco MSE would be sufficient?
 
Stuff to monitor and log are:
 
1. Guest username (I guess this would be self sponsored)
2. Company name
3. Websites accessed
4. Time, date and duration.
5. Logs are to be kept for 3 months at least.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved