Cisco :: WLC 5508 Max-Login Ignore Identity Response Is Set To Enable
Sep 20, 2012
We`re using a WLC 5508 with SW 7.2.103.0.The most things are working fine, but i have a problem with the web auth.
Setup:
- Max Concurrent Logins for a user name is set to 1
- Max-Login Ignore Identity Response is set to enable
- Web Authentication Type is set to customized
The Problem:
- the user "test" is logged in at device1 (working), the same user "test" try to login at device 2 (is not working, fine!) -> login is not accepted, WLC redirects to the INTERNAL Web Login Page.The problem is the redirect to the internal web login page after failed login. If i try to login with a not existing user, the redirect is working perfect to the customized web login.
View 4 Replies
ADVERTISEMENT
Dec 30, 2012
I configured the below config in Routers it is working good , but when i do the same in SWITCH-2960 , i am getting a problem not able to login to enable mode ... i am getting the basic login only ....
Error msg : % Error in Authentication.
Need to be configured at TAFE Network Devices: Code...
View 4 Replies
View Related
Mar 17, 2011
I am using ACS5.1 connected to WLC (v7.x) and frequently see host auth requests in the ACS logs. I am not interested in seeing host auth requests at all. Is there anyway just to ignore these.The issue is that these will always fail. If I enable the lock out facility within WLC and a host continually tries to auth the WLC will lock-out that mac address meaning that when the user is ready to connect with their own credentials they are unable to as the WLC is blocking that mac address from connecting to the wireless network.I tried disabling the 'process host lookup' option, but this apparently only changes the type of request to appear like a standard PAP auth request which again fails, filling up my RADIUS logs and stopping me from enabling the WLC lookout feature.So, as I say, I want to simply ignore host requests. I have no control over the end points so am unable to go and update config etc of these devices.
View 4 Replies
View Related
Feb 11, 2013
I'm setting a Wireless Guest with a WLC 5508 (7.3) and ISE (1.1.2) -- (no anchor).It appears to work (still some adjustments are required), but I found when the guest user log in, it receives the successful login screen and inmediately the guest portal again. If another browser window or tab is open, the user can browse properly.
View 5 Replies
View Related
Jul 10, 2012
i have WLC 5508 showing the below Logs , which prevent the users from connecting to the SSIDs , also its disconnecting the associted users DHCP Socket Task: Jul 11 09:54:08.992: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'interface-02'. Marking interface dirty.*mmListen: Jul 11 09:54:08.638: %MM-3-INVALID_PKT_RECVD: mm_listen.c:7671 Received an invalid packet from 10.21.1.25. Source member:0.0.0.0. source member unknown.it shows 3 to 4 times durring 1 hour ,
View 2 Replies
View Related
Nov 1, 2010
I'm having issue with tacacs server(ACS 4.2), did the following test from the router:
Router1#test aaa group tacacs+ cisco cisco legacyAttempting authentication test to server-group tacacs+ using tacacs+No authoritative response from any server.I can ping the ACS server from this router though.
View 6 Replies
View Related
Feb 24, 2013
i have a wlc 5508 and 40 access point 1141n there are 1500 users connected with this controller 5508. but when i ping at my gateway ,there is a disturbance in the temp response. [code]
View 1 Replies
View Related
Sep 30, 2012
After implementing TACACS, one of our routers takes about 8 seconds to response to any CLI command. We have no problems with other devices in the same location with the same AAA configuration. The router is talking to the ACS server (ACS 5.3) and the logs on the ACS server look normal for the router as well.
View 5 Replies
View Related
Sep 28, 2011
Running ACS 5.1 appliance, and am seeing slow repsonse on TACACS authentications due to the ACS trying to reach overseas AD servers and failing. Is there any way to configure a /etc/host/ file locally on the ACS in order to force the appliance to use specific AD servers for authentication? As I understand the process currently, the ACS appliance will query the top-level domain and get a list of all the AD servers in DNS. In my case, this would include the AD servers overseas that we do not want to use.
View 1 Replies
View Related
Sep 11, 2012
Can we enable ssh on 3500 /3600 APs along with use radius for login authentication? idea here is to that ssh will provide another method to access the AP for troubleshooting purposes.I know with autonomous mode APs this should not be an issue but not sure with lightweight APs.
View 2 Replies
View Related
Apr 12, 2005
Is it possible to enable login by http (web interface) to catalyst 4006 switch with WS-C4006 Software, Version NmpSW: 6.3(5) ?
View 21 Replies
View Related
Sep 25, 2012
I have a Cisco 5508 controller and am considering using LAG. Can I enable LAG but only use 2-4 of the 8 available ports on the 5508? I am asking because currently I don't have enough ports on my 3750G switch to accomidate all 8 ports on the 5508.
View 2 Replies
View Related
Jan 29, 2013
I am trying to block clients based on MAC addresses connecting to our Wireless Guest network.
My scenario is: We have 2 interfaces (corporate and a guest). Users are connecting to our guest network after they have automatically connected to our corporate network and logged into Windows. When they realise that things are not quite working in the way they want (access to servers etc...), they reboot and then find they cannot logon to the laptop at all. This is because the laptop has automatically rejoined the guest network and has no access to AD. I then have to locally logon to the laptop and remove the guest network.
It’s starting to become a bit of a pain as we are an educational establishment and... well... you would wouldn’t you
Hardware: WLC5508, Software Version 7.3
So far I’ve tried enabling MAC Filtering under “Security -> AAA -> MAC Filtering”, but found out that it’s a white list. The opposite of what I’m trying to achieve, but I like the fact you can link it to a specific interface.
I’m just looking at the “Disabled Clients” again under “Security -> AAA ->”, but think this is more a total ban as I cannot see a method at attaching it to an individual interface. I'm kindda stuck and my good old friend Google is not yielding great results.
I’m not by any means a wireless expert, so there is probably a better method. I would prefer to use the controller as a way of achieving this, but if you think I’m wasting my time and should be looking at a Windows Group Policy method then I’ll go with that?
View 3 Replies
View Related
Oct 21, 2011
I am configuring my 5508 WLCs with SW version 7.0.116.0. I configured a guest ssid with web-authentication enabled, but I cannot retrieve the login page on the controller. I configured the virtual interface with the addredd 1.1.1.1 SSID Layer 2 security: None SSID Layer 3 security: Web Policy enabled
I join the ssid with clients, receive the IP address correctly however when I try to open a web page, the login page does not appear. When I check the client status I see that it stuck in WEBAUTH_REQD state.
View 16 Replies
View Related
Feb 4, 2013
I was wondering if I can force catalyst 2960 to skip startup config stored in NVRAM and boot with no config everytime it is powered. I tried to find it on google and in cisco white papers but still no luck. I found only commands that begin with "set boot config-register ... ", but switch acts like it does not know these commands.
View 7 Replies
View Related
Jun 4, 2013
I am deploying Cisco 5508 with Cisco 1602 Access Points at one of my client's office. User authentication will be done through Microsoft IAS Server working as RADIUS Server. There is a requirement from my client is that the user over wireless can only be able to login to One device using its user ID. I want to inquire if this can be done through WLC or it can be restricted on the RADIUS server? Looking forward for comments.
View 4 Replies
View Related
Feb 12, 2012
how can I import a public or private key in a router? For example, a Cisco 3560th I have found some conflicting answers @ cisco.com . Background, I would like to login with PUTTY via ssh on a Cisco Router but without username and password.The login should be made with RSA Keys. For this I need to deposit on the IOS device's the public key and on my Client the private key. For this I've already created with PuTTYGen the two keys. The private is in the ppk format. I still need to convert this into a different format? Since there are PEM and PKCS. Below you can see what times I have entered. With the error message: "CRYPTO_PKI: Import PKCS12 operation failed, failure status = 0x705" With the following error message I can do anything?
View 2 Replies
View Related
Apr 24, 2011
I have two ACS 5.2 working in redundancy Primary and Secondary my question in when my primary ACS goes down i can´t see the log in the secondary ACS. I read in the documentación that only one ACS can be configurated for working like logg collector server. Now I configurated my secondary ACS like logg collector server now when my Primary ACS goes down i can see the logg. Finally when my Secondary ACS goes down i can modified the ACS Primary Configution by show me the logg.. Is possible to do this automaticaly for show me the event logg ? when the ACS that is configurate like logg collector server goes down pass the event other ACS automatically..
View 3 Replies
View Related
Jun 1, 2013
Few days ago in my wireless infrastrucer i deploy Cisco ACS 5.0 with Active directory integration. My wireless users are login through web authentication process. The authentication process is passed by AD & its working fine. But i want to do a work on my ACS 5.0 that a user cannot login simultaneously multiple device at a time.
View 21 Replies
View Related
Mar 18, 2013
I had configured one access point CAP3602E in flex connect mode through a WLC 5508 after deploying the access point in flex control mode the local mac-filering is not working. before it was working when ap was in local mode. any body have to know is the mac-filtering working in flex-control mode ?
View 2 Replies
View Related
Apr 7, 2012
i have a WLC (5508) - trying to enable AP group vlans based on instructions from: url...however, my problem is that i don't have the 'ap group vlans feature enable' checkbox.
View 1 Replies
View Related
Oct 19, 2011
I have WLC 4400/5508 I stumbled across this config paging disable command to stop page breaks, works great for the one session I am logged in but it do not work for other users..
View 1 Replies
View Related
Sep 27, 2012
I have several WLC 5508 with 7.2.110 firmware. My questions are:
(1) Is band select is enable by default on 7.2.110?
(2) All the variables settings on the band select, how do I set it up to make 5 ghz more preferable than 2 ghz?
View 3 Replies
View Related
Feb 2, 2012
We have an ACS 4.2 installation and we have users configured on the user setup, they authenicate using the windows database (AD). We ran failure tests and simulated AD failure but disabling the firewall rule. So the ACS server is up, AD is down. Tested user login to a switch and get the following error. External DB user invalid. It looks like as the ACS does not get a response from AD it rejects the user login.
What we want it to do is in the event of AD failure is to be able to login to the switch with the username configured on the switch. (as if ACS server does not respond)
Date Time Message-Type User-Name Group-Name Caller-ID Network Access Profile Name Authen-Failure-Code Author-Failure-Code Author-Data NAS-Port NAS-IP-Address Filter Information PEAP/EAP-FAST-Clear-Name EAP Type EAP Type Name Reason Access Device Network Device Group 02/03/201214:09:13Authen failedtest.testNetwork192.168.1.1(Default)External DB user invalid or bad password....tty310.0.0.1..........SWITCH30Office
View 3 Replies
View Related
Feb 27, 2012
Is it possible to track failed login attempts to ACS instances (both on CLI and web GUI) by snmp? unfortunately i haven't found such option in Monitoring and Reports > Alarms > Thresholds >
View 2 Replies
View Related
Nov 1, 2011
I have an ACS 5,2.0.26-8 running on VM intergrated with RSA. Users are able to login using their RSA passcode for network management utilizing TACACS. The problem seam to be related with RSA token caching. Once a user login sucessful on device A using current token he can not login with the same token on another device. User must wait for a new token and then he can login again. Before moving to ACS 5.2 we were using ACS 4.2 (intergrated with the same RSA) and back then ACS 4.2 cache passcode so user where able to login on devices using the same passcode. When the token change user have to use the new one. providing the same functionality like the "Token Card Settings" Durantion option under group properties, to cache token for a specific period. The global option for caching under RSA definition on 5.2 does not solve the problem.
View 4 Replies
View Related
Nov 4, 2012
I've configured three specific AD groups, Admin, Storage, and HelpDesk, with their own commands sets.
This seems to be working fine, but everyone can log into everything, but they can't do anything except exit.
My goal is to not allow anyone to login that is not part of the three AD groups I have specified with the respective command sets.
All the logins hit the Admin account, even though the id in AD is not in the that AD group. I have something screwed up.
View 6 Replies
View Related
May 28, 2012
(5508 WLC, 1142N APs).I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore.
View 9 Replies
View Related
Jul 18, 2011
Does WLC 5508 has capability to create login credentials with specific time of validity? Could it be used in hotel set-up to provide prepaid access account to guest?
View 2 Replies
View Related
Jun 4, 2011
I have created internal user on internal identiy store --> users with password & enable password , Similarly i have enabled max privilige level 15 under policy elements , authorisation & permission ,Device administration , shell profile .But i am unable to login into device using enable password , I am finding following error on my logg report
Failuire reason : 13029 Requested privilige level is too high .
View 3 Replies
View Related
Apr 22, 2013
How to see the ipsec vpn client users login history, they are authenticating to the local AAA, not to active directory. I am able to see current login session. by going to monitoring vpn statistics sessions this shows me current sessions but I would like to see for example logins for vpn client for the last month.
View 11 Replies
View Related
Jan 14, 2010
I've set up a ACS 5.1 Server an want to use it with our LDAP System. Therefor, I'm trying to login to a Cisco 1841 by using my LDAP Account, but it dosent work. The ACS seems not to know that it should use LDAP, because I get,"22056 Subject not found in applicable identity stores"LDAP is configured as Identitiy Store, the bind test works successfully and I created a sequence, where LDAP is at first position. What goes wron?? (TATACS for loal ACS Users works)
View 3 Replies
View Related
Jun 17, 2012
I have successfully set up a 5505 as a cut-through proxy so that wireless users are required to log in when they open a browser to access the Internet. Is there a way to take them to the original page they requested after the login is complete, rather than having it sit at the screen where it is says they are logged in?
View 1 Replies
View Related