Cisco :: WLC 5508 Max-Login Ignore Identity Response Is Set To Enable

Sep 20, 2012

We`re using a WLC 5508 with SW most things are working fine, but i have a problem with the web auth.

- Max Concurrent Logins for a user name is set to 1
- Max-Login Ignore Identity Response is set to enable
- Web Authentication Type is set to customized
The Problem:

- the user "test" is logged in at device1 (working), the same user "test" try to login at device 2 (is not working, fine!) -> login is not accepted, WLC redirects to the INTERNAL Web Login Page.The problem is the redirect to the internal web login page after failed login. If i try to login with a not existing user, the redirect is working perfect to the customized web login.

View 4 Replies


Cisco AAA/Identity/Nac :: 2960 - Unable To Login To Enable Mode

Dec 30, 2012

I configured the below config in Routers it is working good , but when i do the same in SWITCH-2960 , i am getting a problem not able to login to enable mode ... i am getting the basic login only ....
Error msg :   % Error in Authentication.
Need to be configured at TAFE Network Devices: Code...

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 / How To Ignore All Host Authentication Requests

Mar 17, 2011

I am using ACS5.1 connected to WLC (v7.x) and frequently see host auth requests in the ACS logs.  I am not interested in seeing host auth requests at all.  Is there anyway just to ignore these.The issue is that these will always fail.  If I enable the lock out facility within WLC and a host continually tries to auth the WLC will lock-out that mac address meaning that when the user is ready to connect with their own credentials they are unable to as the WLC is blocking that mac address from connecting to the wireless network.I tried disabling the 'process host lookup' option, but this apparently only changes the type of request to appear like a standard PAP auth request which again fails, filling up my RADIUS logs and stopping me from enabling the WLC lookout feature.So, as I say, I want to simply ignore host requests.  I have no control over the end points so am unable to go and update config etc of these devices.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: WLC 5508 (7.3) / Guest Portal Appears Again After Successful Login?

Feb 11, 2013

I'm setting a Wireless Guest with a WLC 5508 (7.3) and ISE (1.1.2) -- (no anchor).It appears to work (still some adjustments are required), but I found when the guest user log in, it receives the successful login screen and inmediately the guest portal again. If another browser window or tab is open, the user can browse properly.

View 5 Replies View Related

Cisco :: WLC 5508 / Failed To Get DHCP Response On Interface

Jul 10, 2012

i have WLC 5508 showing the below Logs , which prevent the users from connecting to the SSIDs , also its disconnecting the associted users DHCP Socket Task: Jul 11 09:54:08.992: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'interface-02'. Marking interface dirty.*mmListen: Jul 11 09:54:08.638: %MM-3-INVALID_PKT_RECVD: mm_listen.c:7671 Received an invalid packet from Source member: source member shows 3 to 4 times durring 1 hour ,

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 No Authoritative Response From Any Server

Nov 1, 2010

I'm having issue with tacacs server(ACS 4.2), did the following test from the router:
Router1#test aaa group tacacs+ cisco cisco legacyAttempting authentication test to server-group tacacs+ using tacacs+No authoritative response from any server.I can ping the ACS server from this router though.

View 6 Replies View Related

Cisco Wireless :: WLC 5508 And 40 Access Point 1141n Disturbance In Temp Response

Feb 24, 2013

i have a wlc 5508 and 40 access point 1141n there are 1500 users connected with this controller 5508. but when i ping at my gateway  ,there is a disturbance in the temp response. [code]

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Slow CLI Response After Implementing TACACS

Sep 30, 2012

After implementing TACACS, one of our routers takes about 8 seconds to response to any CLI command. We have no problems with other devices in the same location with the same AAA configuration. The router is talking to the ACS server (ACS 5.3) and the logs on the ACS server look normal for the router as well.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 - Can't Contact AD Server Slow TACACS Auth Response

Sep 28, 2011

Running ACS 5.1 appliance, and am seeing slow repsonse on TACACS authentications due to the ACS trying to reach overseas AD servers and failing.  Is there any way to configure a /etc/host/ file locally on the ACS in order to force the appliance to use specific AD servers for authentication?  As I understand the process currently, the ACS appliance will query the top-level domain and get a list of all the AD servers in DNS.  In my case, this would include the AD servers overseas that we do not want to use.

View 1 Replies View Related

Cisco Wireless :: Enable SSH On 3500 / 3600 APs Along With Use Radius For Login Authentication

Sep 11, 2012

Can we enable ssh on 3500 /3600 APs along with use radius  for login authentication? idea here is to that  ssh will provide another method to access the AP for troubleshooting purposes.I know with autonomous mode APs this should not be an issue but not sure with  lightweight APs.

View 2 Replies View Related

Cisco Infrastructure :: Catalyst 4006 - Enable Http Login To Switch?

Apr 12, 2005

Is it possible to enable login by http (web interface) to catalyst 4006 switch with WS-C4006 Software, Version NmpSW: 6.3(5) ?

View 21 Replies View Related

Cisco :: Can Enable LAG But Only Use 2-4 Of 8 Available Ports On 5508

Sep 25, 2012

I have a Cisco 5508 controller and am considering using LAG. Can I  enable LAG but only use 2-4 of the 8 available ports on the 5508? I am asking because currently I  don't have enough ports on my 3750G switch to accomidate all 8 ports on  the 5508.

View 2 Replies View Related

Cisco :: Enable MAC Filtering On WLC 5508

Jan 29, 2013

I am trying to block clients based on MAC addresses connecting to our Wireless Guest network.
My scenario is: We have 2 interfaces (corporate and a guest). Users are connecting to our guest network after they have automatically connected to our corporate network and logged into Windows. When they realise that things are not quite working in the way they want (access to servers etc...), they reboot and then find they cannot logon to the laptop at all. This is because the laptop has automatically rejoined the guest network and has no access to AD. I then have to locally logon to the laptop and remove the guest network.
It’s starting to become a bit of a pain as we are an educational establishment and... well... you would wouldn’t you
Hardware: WLC5508, Software Version 7.3
So far I’ve tried enabling MAC Filtering under “Security -> AAA -> MAC Filtering”, but found out that it’s a white list. The opposite of what I’m trying to achieve, but I like the fact you can link it to a specific interface.
I’m just looking at the “Disabled Clients” again under “Security -> AAA ->”, but think this is more a total ban as I cannot see a method at attaching it to an individual interface. I'm kindda stuck and my good old friend Google is not yielding great results.
I’m not by any means a wireless expert, so there is probably a better method. I would prefer to use the controller as a way of achieving this, but if you think I’m wasting my time and should be looking at a Windows Group Policy method then I’ll go with that?

View 3 Replies View Related

Cisco :: 5508 - Web Authentication Login Page Does Not Show

Oct 21, 2011

I am configuring my 5508 WLCs with SW version I configured a guest ssid with web-authentication enabled, but I cannot retrieve the login page on the controller. I configured the virtual interface with the addredd SSID Layer 2 security: None SSID Layer 3 security: Web Policy enabled
I join the ssid with clients, receive the IP address correctly however when I try to open a web page, the login page does not appear. When I check the client status I see that it stuck in WEBAUTH_REQD state.

View 16 Replies View Related

Cisco Switching/Routing :: Force Catalyst 2960 To Ignore Startup Configuration?

Feb 4, 2013

I was wondering if I can force catalyst 2960 to skip startup config stored in NVRAM and boot with no config everytime it is powered. I tried to find it on google and in cisco white papers but still no luck. I found only commands that begin with "set boot config-register ... ", but switch acts like it does not know these commands.

View 7 Replies View Related

Cisco :: One UserID / Device Login Required On Wireless 5508

Jun 4, 2013

I am deploying Cisco 5508 with Cisco 1602 Access Points at one of my client's office. User authentication will be done through Microsoft IAS Server working as RADIUS Server. There is a requirement from my client is that the user over wireless can only be able to login to One device using its user ID. I want to inquire if this can be done through WLC or it can be restricted on the RADIUS server? Looking forward for comments.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: SSH RSA Login On 3560th?

Feb 12, 2012

how can I import a public or private key in a router? For example, a Cisco 3560th I have found some conflicting answers @ . Background, I would like to login with PUTTY  via ssh on a Cisco Router but without username and password.The login should be made with RSA Keys. For this I need to deposit on the IOS device's the public key and on my Client the private key. For this I've already created with PuTTYGen  the two keys. The private is in the ppk format. I still need to convert this into a different format? Since there are PEM and PKCS. Below you can see what times I have entered. With the error message: "CRYPTO_PKI: Import PKCS12 operation failed, failure status = 0x705" With the following error message I can do anything?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Can't See Login Secondary ACS 5.2

Apr 24, 2011

I have two ACS 5.2 working in redundancy Primary and Secondary my question in when my primary ACS goes down i can´t see the log in the secondary ACS. I read in the documentación that only one ACS can be configurated for working like logg collector server. Now I configurated my secondary ACS  like logg collector server now when my Primary ACS goes down i can see the logg. Finally when my Secondary ACS goes down i can modified the ACS Primary Configution by show me the logg.. Is possible to do this automaticaly for show  me the event logg ? when the ACS that is configurate like logg collector server goes down pass the event other ACS automatically..

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Login Limit Through ACS 5.0?

Jun 1, 2013

Few days ago in my wireless infrastrucer i deploy Cisco ACS 5.0 with Active directory integration. My wireless users are login through web authentication process. The authentication process is passed by AD & its working fine. But i want to do a work on my ACS 5.0 that a user cannot login simultaneously multiple device at a time.

View 21 Replies View Related

Cisco :: 5508 / Enable Mac-filtering On AP In Flex Connect Mode?

Mar 18, 2013

I had configured one access point CAP3602E in flex connect mode through a WLC 5508 after deploying the access point in flex control mode the local mac-filering is not working. before it was working when ap was in local mode. any body have to know is the mac-filtering working in flex-control mode ?

View 2 Replies View Related

Cisco Wireless :: 5508 AP Group VLANs Feature Enable

Apr 7, 2012

i have a WLC (5508) - trying to enable AP group vlans based on instructions from: url...however, my problem is that i don't have the 'ap group vlans feature enable' checkbox.

View 1 Replies View Related

Cisco :: 4400 / 5508 - Config Paging Enable / Disable

Oct 19, 2011

I have WLC 4400/5508 I stumbled across this config paging disable command to stop page breaks, works great for the one session I am logged in but it do not work for other users..

View 1 Replies View Related

Cisco Wireless :: WLC 5508 / Is Band Select Is Enable By Default On 7.2.110

Sep 27, 2012

I have several WLC 5508 with 7.2.110 firmware.  My questions are:

(1) Is band select is enable by default on 7.2.110?

(2) All the variables settings on the band select, how do I set it up to make 5 ghz more preferable than 2 ghz?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Simulate AD Failure - Cannot Login

Feb 2, 2012

We have an ACS 4.2 installation and we have users configured on the user setup, they authenicate using the windows database (AD). We ran failure tests and simulated AD failure but disabling the firewall rule. So the ACS server is up, AD is down. Tested user login to a switch and get the following error. External DB user invalid. It looks like as the ACS does not get a response from AD it rejects the user login.
What we want it to do is in the event of AD failure is to be able to login to the switch with the username configured on the switch. (as if ACS server does not respond)
Date Time Message-Type User-Name Group-Name Caller-ID Network  Access Profile Name Authen-Failure-Code Author-Failure-Code Author-Data NAS-Port NAS-IP-Address Filter  Information PEAP/EAP-FAST-Clear-Name EAP  Type EAP  Type Name Reason Access  Device Network  Device Group 02/03/201214:09:13Authen failedtest.testNetwork192.168.1.1(Default)External DB user invalid or bad password....tty310.0.0.1..........SWITCH30Office

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Login Snmp Tracking?

Feb 27, 2012

Is it possible to track failed login attempts to ACS instances  (both on CLI and web GUI) by snmp? unfortunately i haven't found such option in Monitoring and Reports > Alarms > Thresholds >

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Integration With RSA Allow Only One Login Every Minute?

Nov 1, 2011

I have an ACS 5,2.0.26-8 running on VM intergrated with RSA. Users are able to login using their RSA passcode for network management utilizing TACACS. The problem seam to be related with RSA token caching. Once a user login sucessful on device A using current token he can not login with the same token on another device. User must wait for a new token and then he can login again.  Before moving to ACS 5.2 we were using ACS 4.2 (intergrated with the same RSA) and back then ACS 4.2 cache passcode so user where able to login on devices using the same passcode. When the token change user have to use the new one. providing the same functionality like the "Token Card Settings" Durantion option under group properties, to cache token for a specific period. The global option for caching under RSA definition on 5.2 does not solve the problem.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - How To Only Allow Specific AD Groups To Login

Nov 4, 2012

I've configured three specific AD groups, Admin, Storage, and HelpDesk, with their own commands sets.
This seems to be working fine, but everyone can log into everything, but they can't do anything except exit.
My goal is to not allow anyone to login that is not part of the three AD groups I have specified with the respective command sets.
All the logins hit the Admin account, even though the id in AD is not in the that AD group.  I have something screwed up.

View 6 Replies View Related

Cisco :: 5508 Enable AP Mode To Rogue Detector From Details Page Of AP

May 28, 2012

(5508 WLC, 1142N APs).I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore.

View 9 Replies View Related

Cisco Wireless :: Does WLC 5508 Has Capability To Create Login Credentials With Specific Time Of Validity

Jul 18, 2011

Does WLC 5508 has capability to create login credentials with specific time of validity? Could it be used in hotel set-up to provide prepaid access account to guest?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Enable Privilege On ACS

Jun 4, 2011

I have created internal user on internal identiy store --> users with password  & enable password  , Similarly i have enabled max privilige level 15 under policy elements , authorisation & permission ,Device administration , shell profile .But i am unable to login into device using enable password , I am finding following error on my logg report
Failuire reason : 13029 Requested privilige level is too high .

View 3 Replies View Related

Cisco AAA / Identity / Nac :: How To See Login History On ASDM Or ASA5510

Apr 22, 2013

How to see the ipsec vpn client users login history, they are authenticating to the local AAA, not to active directory. I am able to see current login session. by going to monitoring vpn statistics sessions this shows me current sessions but I would like to see for example logins for vpn client for the last month.

View 11 Replies View Related

Cisco AAA/Identity/Nac :: To Login 1841 By Using LDAP Account

Jan 14, 2010

I've set up a ACS 5.1 Server an want to use it with our LDAP System. Therefor, I'm trying to login to a Cisco 1841 by using my LDAP Account, but it dosent work. The ACS seems not to know that it should use LDAP, because I get,"22056 Subject not found in applicable identity stores"LDAP is configured as Identitiy Store, the bind test works successfully and I created a sequence, where LDAP is at first position. What goes wron?? (TATACS for loal ACS Users works)

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5505 Cut Through Proxy And Redirection After Login

Jun 17, 2012

I have successfully set up a 5505 as a cut-through proxy so that wireless users are required to log in when they open a browser to access the Internet.   Is there a way to take them to the original page they requested after the login is complete, rather than having it sit at the screen where it is says they are logged in?                  

View 1 Replies View Related

Copyrights 2005-15, All rights reserved