I have a new fresh 5508 release 7.0.98.0 When I try to download (I mean upload to the controller) a customized Webauth bundle in .tar format I have the following message error in the syslog :*TransferTask: Oct 29 12:56:08.894: %UPDATE-3-UNTAR_CMD_FAIL: updcode.c:2832 Error during untar of webauth bundle. Tar returned 256.
View 17 Replies
I have in the past downloaded the webauth bundle to a wlc 5508 running 7.0.98 successfully. I am trying to upload a new bundle after modifying the AUP but I get an error after the download to the wlc.
The error with FTP or TFTP is
% Error: Webauth Bundle file transfer failed - Unknown error - refer to log
I've tried to copy the unmodified bundle from the zip and get the same error so I don't think it's the login.tar file.
i am getting an error during the Upload of Login page for WLC 5508 customized.After the upload is completed i receveid the error "Error extracting webauth files."I tried to create the file *.tar with different program (winrar, 7zip, gnu tar, etc)
View 3 Replies View RelatedRecectly we replaced Cisco 2100 Series LAN controller to Cisco 5508 Wirless LAN controller , I downloaded WebAuth Bundle from my Old LAN Controller ,when i am trying to upload to my New Wireless LAN controller ,its not uploading and also it gave me uploading failure error message .
View 2 Replies View RelatedI would like to get webauth bundle sample to create custom page for our AP controllers but I'm unable to find the sample .tar within the WCS itself.Some other WCS manuals has references in them that says there should be link to download sample from WCS but clearly 2106 hasn't got one.There's one in download section "webauth bundle 1.0.2.zip" but this is for registered partners and costumers, we are not registered as partners and cannot download the sample ourselves.
View 2 Replies View RelatedI am using webauth and need to install a SSL cert to prevent the "There is a problem with this website's security certificate" message. I have a Wildcard cert that was issued by Network Solutions that I use on a couple web servers I run, and want to know if I can use that for the WLC? It's a pks cert and I think the WLC needs to use a pem cert, so I converted the wildcard to pem. Or do I need to purchase a cert that is not a wildcard and is in pem format?
View 7 Replies View RelatedWe have disabled the WebAuth SecureWeb on our 5508 WLCs so Guest users can access the guest splash page without the certifiacate error. The controllers are currently running 7.3.112.0. Everything works fine with the WebAuth SecureWeb enabled, but once we disable the guest users are not redirecting to the splash page anymore. I remember having to reload the controller in the past to disable HTTPS completely, but is this still the case? I don't see any documentation supporting the need to reload.
View 2 Replies View RelatedWe are trying to get the waep template (default no changes) from the Cisco WebAuth bundle to work on a 5508 controller.
We've setup the controller to use the custom login.tar that comes with the waep template folder in the bundle. We setup the WLAN to work off the global template and we used the config network web-auth secureweb disable command to allow only http rather than https (which is supposed to work in 7.2 code)
When we test with the custom bundle, we get no answer from the controller, just a url of [URL]
If we turn custom off, and use internal everything works...
Just to be clear.. we aren't looking for authentication (user and pass) we are trying to do the enter your email and click accept to the aup method.
I am trying to upload a customized web-auth bundle to a WLC 5508 and having some issues.I have downloaded the web-auth bundle from Cisco and used this as a template to create the web pages.I seem to recall that there is only a couple of Windows tools that you can use to TAR the file such as TUGZIP and IZARC. Anyway I have tried both and I still cannot get the file to extract. I have tried to strip the file out so that I only send up the login.html page and even this does not work.I am using a software release 7.0.220.0.
View 6 Replies View RelatedI am trying to apply WLAN template from NCS to two WLCs 5508 and I receive this message."Another WLAN with same SSID and either WPA1/ WPA2/ WPA1+WPA2 is enabled. Please change the Layer 2 security policy."The template has layer 2 security with WPA+WPA2 enable and 802.1x.I have other WLAN template with other name and other SSID with the same security policies with no problem to apply.
View 2 Replies View RelatedGetting a lot of the following errors on our 5508 form the same subnet: 10.20.0.1 255.255.248.0 . I tried researching and not getting much.
broffu_SocketReceive: Jul 17 10:11:10.068: %DATAPLANE-3-DP_MSG: broffu_fp_dapi_cmd.c:2891 FP0.09:(7089389)[cmdAddIpv4:2921]failed to find ipv4 10.20.6.58
[code]....
I am tryign to join my first AP to the 5508 and am gettign this error int he logs.
*Dec 07 10:42:31.067: %DTL-3-NPUARP_ADD_FAILED: dtl_arp.c:2280 Unable to add an ARP entry for 0:0.0.0 to the network processor. entry does not exist
The management Interface is on the the same vlan as the AP , both untagged ports. the AP gets an ip address from my dhcp server.
I installed NGS 2.0.2 for wireless guest user management and authentication. I implement webauth via webauth page on wlc deployed.One Branch with a WLC5508 version 7.0 wireless anchor controller is working on the NGS.But now I integrate next branch with WLC4402 version 6.0.188 and the authentication of users at the new branch gets an error, wrong user/password.
I double checked configuration and user/password but I can't find any configuration error. Also stopping and starting of radius service and reboot of NGS still does not work. I tried to debug the radius via web interface and watched for the loggfile and there is still a reject.I also tried the freeradius command radiusd -X but I got an error when starting the radiusd -X.
1.) How can I figure out, if I will get the correct password from my WLC ? Are there any debug options to see more ? e.g. some cli commands, radiustest utilities or how to get the received password from the chap challenge of the debug ?
2.) I have appended a part from my radius loggfile. How can I find the detailed error in the radius log file? Is it correct that the password in the debug file is empty ? raiuds logg line "[radius-user-auth] expand: %{User-Password} -> "
one of our customers wants to update the firmware of a 5508 wlc, but always gets the following error message:
Error Message %UPDATE-3-INV_FILE_SIGN: Error! Invalid image signature!. Image may be corrupt.
but the same image works fine on another 5508.the update was downloaded via a smartnet for the wlc, on which the update works fine. does the customer has to download another image for the second controller, or should the image work on both wlc?
I am facing problem with an outdoor access point AIR-1522-K-E series which is unable to join a wirless lan controller 5508. The wireless AP is able to get IP address from dhcp server and discover the Wireless controller IP address. After this i see following status messeges on the console of AP.
*Aug 27 11:04:19.767: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 27 11:04:21.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.2.64.50 peer_port: 5246
*Aug 27 11:04:21.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Aug 27 11:04:21.707: %CAPWAP-5-DTLSREQSUCC: DTLS connection created successfully peer_ip: 10.2.64.50 peer_port: 5246
[Code]...
I have a device manufacture there are requesting the following change on a customer's WLC 5508.
-config advanced eap identity-request-timeout 60
-config advanced eap request-timeout 60
I have studied many guides but I can't find out if there is a down-side to setting the timeout this high.Could it result in slow roaming or re-authentication if there is a connection error? The customer have large areas with high client density and some outdoor areas with low client density.
i have a problem with 1552E to register with 5508 WLC, and always got "AAA authentication error” in the WLC log, while AAA is not enabled. so my question is , do i need to add the MAC address to the WLC MAC filter list even if i not enable the AAA server in the WLC.
View 9 Replies View RelatedI an currently running Cisco (ACS 5.2.0.26.3) and attempting to get my Cisco 5508 WLC's (7.0.98.0) loaded into ACS for TACACS+ authentication for managment users.
However I keep getting the following error:
*emWeb: Sep 14 14:44:45.931: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed for the user:test_tac. Service-Type is not present or it doesn't allow READ/WRITE permission.
Now I've attempted the step-by-step using the following URL but to no avail.( there are some slight differences in ACS 5.2)
[URL]
Latest WLC configuration guide I could find (Software Release 7.0 June 2010) isn't much useful either.
I'm starting to see an error creep up that I havn't seen since 2003/2004 on my brand new 5508 controllers. I'm recieving the following from my WCS: Receive Multicast Queue is full on Controller and then on the controller itself RX Multicast Queue Full. I understand this used to be due to a large influx of ARP requests or CDP packets on older controllers but, this was supposed to be fixed in an update many years ago.
Has seen this on their 5508's. These were advertised as having the horsepower to handle our user loads which arn't really that high at 300 users at any given time max.
After reboot WLC , the switch port was err-disable , the cause is link flap after we reboot 3 times , the switch port link flap err-disable every time? We don't know why the WLC rebboot will cause it , it just normal action on device the WLC version is 7.4.100.0 link switch with access port , no port channel , no portfast.
View 11 Replies View RelatedI have 2 5508s (foreign and anchor both running 7.2.110.0) with an open WLAN configured via mobility anchors. This configuration works and has no problems. My next task is to incorporate a webauth page (accept/reject) to present the clients with AUP information, etc. On the foreign controller I created a test WLAN (open) and setup webauth Passthrough using the Cisco webauthbundle (wap.html), this works as intended, no issues. However I am at a loss as to how to incorporate the webauth Passthrough functionality on the WLAN that is configured for the mobility anchor.
View 2 Replies View RelatedI'm trying to install a webauth certificate -- it works fine when unchained, however once I add the additional information the installation fails. I am using the same root and intermediate certificate information as last year, and it worked fine then. I can recreate last year's pem file with the chained information and it installs fine, so it's only when I include the new device certificate information that it fails. The certificate installs fine when it's not chained, I'm not receiving any openssl errors, and I'm not using openssl 1.0.
View 1 Replies View Relatedi've upgraded our WLC 5508 from 7.0.220 to 7.2.115.1.For our guest WLAN we use web authentication with customized startpage, no login error page and no logout page. The customized login page is displayed correctly. After successful authentication the browser is forwarded to the default CISCO login page "login.html". No further autentication is possible, also no internet access.Reload the customized webauth bundle to the controller didn't change anything. Is there a change in the HTML/Java code of this controller version? I didn't find any hint in the release notes. Or do I need the newer web authentication bundle with version 1.0.2?
View 6 Replies View RelatedI understand that Cisco have at long last provided a facility to separate HTTP web authentication from HTTPS WLC management on WLC code 7.2.x for the new 5500 series WLCs.
My question is does Cisco intend to provide the same much needed functionality on the 4400 series WLCs that are running 7.0.x code? I was looking through the release notes for v7.0.235.3 code and that did not seem to mention this functionality. I know we can get around the problem by purchasing an SSL certificate so that guest users with web authentication do not have to see the same security warning each time they log in but the idea to separate the HTTP web authentication from HTTPS WLC management seems so much simpler.
I have a custom webauth page installed that I am using with web passthrough authentication on my WLC2006 in order to put up a acceptable use policy page. The WLC uses HTTPS to display this which causes a security certificate warning to appear if I go with the WLC's own self-signed certificate. Is there a way I can get the WLC to use plain HTTP to display this page instead so I can eliminate the warning? I have already tried installing a trusted 3rd party certificate on the WLC, but I have this very strange problem where mucking with the WLC's web authentication certificate in any manner causes all network activity on the WLC to break except for CDP and ARP, essentially leaving the WLC dead. Three weeks of troubleshooting with Cisco TAC has yielded no progress on that front so now I am trying to bypass the need for a security certificate altogether since I really don't need to encrypt my acceptable use policy page.
View 13 Replies View RelatedWeb auth redirect URL gets dropped if stateful firewall is between webauth host and switch management interface. Aaron at Cisco live london kinda hinted about maybe Cisco working on this ? We can't disable stateful inspection. Is there any other solutions or workarounds ?
"Although this approach introduces additional hops in the return path from the switch to the host, it produces negligible load on the default router and intervening infrastructure since only the WebAuth traffic from the switch to the host follows this path. In campus designs that do not use SVIs on the data VLAN,6 a default route is typically already configured. In this case, no additional configuration is required to support WebAuth.
However, problems may arise in the case in which traffic to the default router is bridged through a stateful firewall. The original SYN packet in the TCP handshake is consumed by the access switch, so the first packet that the firewall sees is the SYN-ACK packet from the access switch. Stateful firewalls typically drop SYN-ACK packets if they have not seen the original SYN packet.In this case, you will need to turn off stateful inspection for ports 80 and 443 on the firewall."
I have been given a task to upgrade 8T1's bundle to DS3 Fractional circuit. We are currently using 2821 router with 4 VWIC-2MFT. What card/module I need to order for upgrading to fractional DS3. Also are there any compatability issues with ISP or local router.
View 6 Replies View Relatedhow can i remove webauth files from WLC?I have few versions of login.tar file used for web-authentication. After uploading a new login.tar file, the wlc still show old webauth bundle files. I tried to remove customized webauth login from wireless LAN, issue clear webauth-bundle and show>custom-web webauth-bundle WebAuth Bundle does not contain any files but when i upload new login.tar that does not include files from previous login.tar, i still get the old webauth. Is it possible to delete extracted webauth files from the controller using CLI?
WLC is running 7.0.116.0 code.
What is the command that can show the ACE Bundle (Like: ACE-4710-02-K9, ACE-4710-04-K9). We have ordered one ACE with 4G BW, and another one with 2G BW. But nothing shows this fact using "show hardware" and "show inventory" commands !
View 1 Replies View RelatedI need to understand security bundles. I purchased a Cisco Security Bundle, Advanced Security, 64F/256D. part number CISCO3825-SEC/K9. My expectation from this device was that I will get an IOS based firewall with no need for an additional firewall module. however, the supplier is telling me that I have to buy a firewall module to use the feature. Isn't the bundle supposed to come with all I needed since is a bundle?
Is there any command I can use to verify if this device is really what I paid for? what can can I check for in the sh inv and sh ver commands? I don't see any information from these commands.
To understand and configuring VPN setup to give secure access to my DB & Application Server exist in my Datacenter, to other Service Provider organisation. They need to access those DB & Application Server sitting at their company LAN itself.
My DC Setup :-
1. Core Router 7609 with SPA-IPSEC-SSC400-1 ( Cisco 6500/7600 IPSec VPN SPA Bundle 1 )
2. Core Switch 6513 with FWSM, ACE, SVC ( Network Analyser ), SUP 720
3. Distribution 6509 SUP 720
All the DB & Application Server connected to Distribution Switch in various VLAN,The Server support team from another company need the access to those, for that we will take MPLS link connecting out Core Router.
I'm going to be wiring a new (to me) house with a couple cat 6 runs to each room. The runs will all be brought back to an enclosed 6u rack and cat 6 110 style patch panel. This rack will contain:
- HP 2824 Switch
- PfSense router (Supermicro X7SPA-HF ITX board)
- DSL modem
Since the rack is completely metal and enclosed I'm going to put my Netgear WNDR3700 WiFi router (used as an access point only) on top of the rack. My question is, what the implications are in regards to placing a WiFi device right next to a bundle of ethernet cables?
We have ordered the following 10 line items , but only got 3 licenses , unless the 3 licenses somehow have all the licenses integrated into the 3 part numbers below, but I suspect not.
Licenses attached from Cisco:-
N7K-C7009-XL-SBUN Nexus 7009 Scalable Feature License x 1
N7K-C7009-SBUN-P1 Inc LAN,ADV,TRS,EL2,DCNM,DCNMSAN,MPLS,SAN,XL -Promotion x 1
[Code].....
