Cisco :: WLC 5508 - Possible To Support 1 Certificate For Each WLAN
Mar 27, 2013
We are moving forward with a mobility project which requires our network to authenticate/authorize based on certificates.
WLAN_1 has 802.1x enabled passing the cert through to the MS CA which authorizes the cred, which in turn passes the AD creds of the user to the MS RADIUS server for authenticate/authorization.
Hardware: WLC 5508 running 7.2.110.0 3600 APs ACS 5.2 not used for AAA
1. As we turn up additional SSIDs, we need Mobile SSID to accept ONLY the Mobile Cert, our Internet SSID to only accept the Internal Cert and our GUEST SSID to deny ANY Cert issued by our CA.I know ISE makes this much easier, but I dont have it and need this to work as best we can until next fiscal cycle..
View 3 Replies
ADVERTISEMENT
Jul 24, 2012
When a guest user first trys to access the "guest" WLAN, they are presented with a "certificate page" before the web athentication page / login is presented. The WLC forces an internal redirect to https://1.1.1.1 causing the certificate page to appear. Can this be bypassed? I am runiing 5508 with 7.0.220.0.
View 12 Replies
View Related
Feb 8, 2011
how to chance the web authentication certificte on WLAN 2100 controller. My users are complaining that they need to accept the security certificate before proceeding to the actual authentication?
View 4 Replies
View Related
Dec 10, 2010
i have a Setup as Follows
- 5508/1142
- heterogenous Client with WZC, XP, SP3, SSO
- ACS 5.2, MS AD
Target is Songle Sign On wih Machine Cerificates against AD. For testing purpose we tested with EAP-PEAP/MS Chapv2 and Machine Auth, works fine. Now we installed a Machine cert in the Machine cert Store (no User Cert) and reconfigured the WZC for using certs and Machin Auth. What we see is an Error Message in the System Tray that there is no certificate available. We checked it again, the MMC shows us a Machine cert in the Store.
View 4 Replies
View Related
Jan 5, 2013
Have WLC 5508 running 7.4 code; have wlan setup to allow access to internal network. Users on ipads should be able to connect to this wlan and authenticated via certificate instead of PSK. We have setup laptops that are part of domain to use internal CA for authentication to WLAN. Ipads are not part of domain so we are not able to use the same model, or can we use the same model for authentication?How to setup WLC to authenticate ipad users via certificate instead of PSK while connecting to the WLAN?
View 1 Replies
View Related
Apr 10, 2013
get a installed certificate work on a 5508 WLC Controller without rebooting. Is there a way? Is it possible to just reload a process to get the certificate work?
View 1 Replies
View Related
Feb 12, 2013
I am using webauth and need to install a SSL cert to prevent the "There is a problem with this website's security certificate" message. I have a Wildcard cert that was issued by Network Solutions that I use on a couple web servers I run, and want to know if I can use that for the WLC? It's a pks cert and I think the WLC needs to use a pem cert, so I converted the wildcard to pem. Or do I need to purchase a cert that is not a wildcard and is in pem format?
View 7 Replies
View Related
Jul 1, 2012
I have two Cisco WLC 5508 controllers that I'm trying to set-up for our new corporate WLAN. I've gone through most of the configuration fine but have ran into an issue uploading a signed certificate to one of my controllers. I should point out that I have managed to upload the certificate successfully to one of the controllers, I just can't seem to upload it to the second.The issue is as follows:
- I've logged into the controller, gone to Security -> Web Auth -> Certificate -> Download Certificate
- I've specified my tftp server details and selected apply
- the process begins and I can see through my tftp client that the controller is attempting to copy and install the certificate
- The controller tries to install the certificate but fails, reporting the same
View 9 Replies
View Related
Sep 13, 2012
I have just setup a vWLC for lab purposes and it´s up and running. I have a few used 1131 LAP:s that tries to join the AP but I just get DTLS certificate errors like these:
*Sep 14 13:25:27.229: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Sep 14 13:25:27.258: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Sep 14 13:25:36.198: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 14 13:26:41.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.105 (code)
These AP:s (I have tried 2 so far) have earlier been in use connected to a cluster of 5508:s.
View 19 Replies
View Related
Sep 3, 2012
I am planning to migrate from an old 4400 to a new 5508. I am happy with migrating the access points but I need to know if I can migrate the web authentication certificate used for guests.The new WLC will have the same virtual interface and DNS name to match the CN on the current certificate. Will this work or will I need a new certificate?
View 2 Replies
View Related
Feb 13, 2011
I have 3 WLC 5508 and a NAC guest server. We want to download a wildcard certificate after a few seconds at the download of this certificate I got the failure message download failed.
Accept the WLC wildcard certificates or must I generate a SAN (Subject Alternative Name) Certificate.
View 5 Replies
View Related
Sep 25, 2012
Since the SW upgrade to version 7.3.101.0 (wlc 5508) i have the following issue. We have a W LAN with 802.1x (WPA2/AES) secured. Before the update the users need to enter user/ PW every time when they reconnect (W LAN switch off/ on again) to the W LAN. Now the users don`t need to enter user/ PW when they reconnect to the WLAN.
I could not find any setting on wlc to clear this issue.
View 9 Replies
View Related
Mar 26, 2013
We are deploying BYOD with Cisco ISE 1.1.2 and WLC (5508) using 802.1x authentication.Windows clients cannot connect to 802.1x SSID with the following error on ISE:Authentication failed : 12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate
The client doesn't have preconfigured wifi profile or root certificate installed.The concept of BYOD suppose that you can connect your device without any installed certificates and preconfigured wifi-profiles.
The problem is that Windows 7 supplicant does not send TLS alert in pop up window, when connecting to 802.1x SSID.If this alert is seen, than you can accept it and proceed the connection. After that you will be asked to install ROOT-cert, get your own cert and etc.So, the question is: how to make the windows supplicant to show the pop-up window with TLS alert?
p.s. the attached file shows the example of pop up TLS-alert window
View 6 Replies
View Related
Oct 25, 2011
I have few question with WLC 2504 with 25 License AP. Our customer have SSID around 30 SSID then, is it possible to create WLAN around 30 SSID on WLC 2504? becuase i had tried to do it on WLC4404-25 License that can do or create WLAN with 30 SSID.
View 12 Replies
View Related
Aug 23, 2012
Can the Cisco 3602 APs be configured by a Cisco 5508 WLAN controller to provide client isolation?
View 2 Replies
View Related
Feb 14, 2012
Strange issue that our support staff is seeing on our guest WLAN. I have 2 wlans, 1 is production and authenticates our Domain controllers, this is working fine. The other is a wlan that has restricted access internally, I allow http, https and VPN access out only.
It appears that on the guest wlan, after random amount of time an established VPN connection using Cisco VPN client disconnects. Wireless connectivity doesnt appear to go down, just the vpn connection.
On this guest wlan, I have configured QOS bronze and I read a link where this may be affecting the UDP conversation between VPN client and end point.
View 10 Replies
View Related
Aug 12, 2012
We have a 5508WLC recently updated to 7.2.110.0 since we are using CAP3602I-N-K9, this AP is intended to work as a H-REAP device and eventhough it is registering to the controller I can't get to see the WLANS on the list to map it to the local VLANS
I have verified and the WLAN is configured for local switching also have followed the steps listed here:URL
Still Can't see the WLANs under the Flexconnect tab on the AP?
View 2 Replies
View Related
May 7, 2013
I've been asked to generate some report data on a specific WLAN, a limited access WLAN that was added recently. We need to be able to report on "Average and Peak Number of clients (Total)" and "Total Bytes Transferred (all APs)" on a per site basis. The sites involved mainly use 4402 and 5508 WLCs managed by our WCS server. Is there anything on WCS where we can easily get this information (on a monthly basis).
View 1 Replies
View Related
Nov 8, 2012
I have a WLC 5508 with half a dozen LAPs (AIR-CAP3502I-E-K9).They have been working but sometimes clients detect conectivity problems with the wlan.Here is the message log I can obtain from the controller:
View 1 Replies
View Related
Aug 8, 2012
I am trying to apply WLAN template from NCS to two WLCs 5508 and I receive this message."Another WLAN with same SSID and either WPA1/ WPA2/ WPA1+WPA2 is enabled. Please change the Layer 2 security policy."The template has layer 2 security with WPA+WPA2 enable and 802.1x.I have other WLAN template with other name and other SSID with the same security policies with no problem to apply.
View 2 Replies
View Related
Jun 12, 2013
Is there any way to determine how much bandwith users on a particular WLAN (Guest) are using on the 5508 or by any other means?
View 9 Replies
View Related
Feb 6, 2012
I'm about to upgrade a 5508 controller so I can do the pre-download to the access points, but in every doc I find, it says to disable the WLAN's before upgrading. This makes no sense. I'm just moving code over, why do I have to disrupt my wireless network in order to move code?
View 7 Replies
View Related
Jul 2, 2011
I have one wlc 5508 running on latest IOS 7.116, there is one wlan abc which i have disable status and disable broadcast, but randomly still i can see from wlc dashboard there is one client connected to this wlan abc. The moment i check on the client details, there is no client connected to that wlan and when return to dashboard, no more client connected to that wlan abc.
View 3 Replies
View Related
Dec 12, 2011
We’ve recently installed a 5508 w LAN controller for my organization wireless network and each time devices connect to this wireless network they receive an ip conflict error. All devices conflict with the ip address of IP address 0.0.0.0 with mac address 00-00-00-00-00-00.
All devices event viewer has this TCP error: “The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.” We previously experienced the same ip conflict with 12000 w LAN network that he had used as proof of concept.
View 13 Replies
View Related
Sep 5, 2012
We are implementing a new corporate headquarters and have bought a Cisco 5508. I have two connections plugged into the 5508 in ports 1 and port 2. Port 1 is for all internally wireless networks and connects to our core 6500 and use an external DHCP server scopes. Port 2 is for our guest WLAN and connects directly to a public network switch in front of (outside) the firewall. For the guest network, I have setup a vlan on the controller for dhcp and the interface setup to that vlan and dhcp scope built on the controller. how or can I NAT the internally addressing for the guest network to the public IP address on the controller. Essentially I want to drop of guest network traffic outside the firewall and not have to deal with setting up the firewall for any aspect of guest network traffic.
View 1 Replies
View Related
Sep 26, 2012
On a wlc 5508-7.0.116, can I set up 2 ssids that map to one wlan/vlan/subnet. I thought you could but I don't have the means to test without breaking production.
My goal is this:
Ssid red open
Ssid blue wpa 2
But all clients on the same ip subnet
View 3 Replies
View Related
Jan 1, 2013
I have Cisco 5508 Wlan Controller Software version 7.2.103.0 and I have Cisco AIR-CAP3602I-E-K9 Lightweight Access Points network and its working fine now I want to configure the Repeater in this network. Because there is one area we cannot layout the cable. How to add the repeater and how to configure the repeater in wlan controller network.
Do i need the change the software of Wlan Controller to support Mesh Network or this version 7.2.103.0 can support the repeater because for 1 access point i dont want to upgrade the version.
View 22 Replies
View Related
Jun 28, 2011
I have 350 WAP (1142n) running of two WLC 5508 (IOS version 7). WLCs are not located on the same subnets/locations and are not configured as mobility groups. The vlan ids on both wlcs are not identical.
[Code].....
View 6 Replies
View Related
Mar 4, 2012
I've got a couple new 5508 controllers to replace my 4404's. Im wondering though if I throw them on the network to setup, will there be any conflict with the current access points? Will they try and join the new controllers for any reason automatically? Is there a better way, or a best practice to provision these new controllers?
View 3 Replies
View Related
Mar 15, 2013
I have Cisco 5508 WLAN controller v7.4 and i have lap 1310 and it is not joining to this lan controller. What to do? How to join this lap to this lan controller? or how to convert it to autonomous because i dont find mode button on this access point?
View 6 Replies
View Related
Feb 10, 2013
I have Cisco 5508 Wlan Controller and its having 6 Fiber Ports and I have AIR-LAP1131AG-E-K9 Access Point. Can this Access Point will work with this Lan Controller? Can i connect 3 switches to this wlan controller?
View 1 Replies
View Related
Aug 6, 2012
I have a wlc 5508 and I'd like to setup a network for visitors. They will connect to the WLAN, enter a password and then automatically get redirected to an external website. I understand the wlc 5508 supports this but I'm struggling to find out how to set this up I assume this can be done without having to customise webauth bundles?
View 2 Replies
View Related
Jan 15, 2013
I've seen a discussion about importing mac addresses into the mac filter db on a cisco controller but is there a way to export the mac filter db? I have a Cisco 5508.
View 2 Replies
View Related