Cisco Wireless :: 1142 - 802.1x Authentication On Macbooks Running Lion
Dec 5, 2011
802.1x authentication on their Cisco Wifi network using Macbook Pro/Airs running Lion.
We have.. 2x Controllers with WiSMs running 7.0.116.0 A mixture of 1131 and 1142 APs.. ( APs mainly in HREAP mode with some APs located on the same local network as the Controller in Local Mode ) Macbook Airs/ Pro running Lion
[URL]
In summary, we are finding that when our MacBooks are coming out of sleep/standby or roaming between APs, the devices get stuck during the 802.1x authentication process and will either get the self assigned 169 address or continuously try to authenticate.
This can occasionally be solved by turning the wifi interface off and on or manually stopping and starting the 802.1x process on the Mac
From reading various online forums, we have tried the following to resolve this..
- Disabled WPA across our wifi network as we don't use it anymore.. We now just use WPA2 with AES and Dot1x authentication.
- Disabled Client Load Balancing on the SSID configuration… this does not seem to have made things any better or worse although we are seeing more Load Profile threshold notification alerts for some of our APs which are used heavily.
- The 802.1x time out is currently set at 20secs.
- Some APs which are in Local mode ( due to them being on the same local network as our wifi controllers ) have been changed to HREAP mode and assigned a static IP address.. We found that this was required at our spoke sites where we were originally experiencing issues with our old Windows based devices.. Incidentally, we have not experienced any of these delayed authentication issues with our Window laptops, all our problems seem to be with our MacBooks running Lion..
As I mentioned earlier, there seems to be many discussions online regarding problems with the Lion OS and 802.1x authentication..
View 4 Replies
ADVERTISEMENT
Sep 23, 2011
Apparently the setup cd does not work with Mac OS Lion. Anyone else out there is using this router on a Mac running Lion...if so, how did you set up the router.
View 3 Replies
View Related
Feb 20, 2012
Running an E4200 with Mac OS X Mountain Lion?
View 3 Replies
View Related
Mar 14, 2012
We have a problem with a manager who has upgrades his Mac to the latest Lion OS (64 bit), before uograding he could connect without any problem with his mac to our network and work on the terminal server. Since the upgrade he's not able to get it working in 64 bit (normal) mode.
This our setup
Cisco PIX 515
RSA Cisco Pix security Apliance.
View 1 Replies
View Related
Sep 14, 2012
I'm using the Express Security Set-up tab to configure an Aironet 1142 (stand-alone) access point with EAP.
Objective is to make it a RADIUS client and have laptops authenticate through this access point to a Windows 2008 NPS (Network Policy Server) using computer (machine) certificates - EAP-TLS.
When I select "EAP Authentication" under the "SSID Configuration" I was literally floored to see mention of WEP encryption (a security joke) and no possibility to prefer some variant of WPA (well, apparently not with EAP).
WPA2-Enterprise is what I've selected for "Authentication" and "AES" for encryption in Group Policy (so the laptop clients automatically connect to the access point).
WEP? I bought a Aironet 1142 access point for WEP encryption? How can I configure this securely?
These are currently configured settings as displayed under the "SSID Table" heading:
SSID - "MYSSID"
VLAN - none
Encryption - WEP Mandatory !!!
[Code].....
View 6 Replies
View Related
Jul 18, 2012
I have a strange situation on my guest wireless LAN.The guest WLAN is configured as an SSID "GUEST" on Cisco 1142 lightweight APs, with WiSM controller and WLC software version 7.0.230.0.
For simple Internet access using this SSID, we have a web policy, which causes a web page to be displayed when the user opens his/her browser, and on this web page, the user must click on an "Accept" button in order to accept the terms and conditions of use. Once the user accepts, the browser will then go to the web site which the user wishes to open. When using this mode of access, everything is fine.
However, there is also a pre-authentication ACL, which allows certain types of VPN traffic to reach the Internet without the user being required to accept terms and conditions. The ACL allows ESP, IKE (UDP/500), IKE over UDP (UDP/4500), DNS, HTTPS/SSL (TCP/443), DHCP client and server (UDP/67,68).The pre-auth ACL actually works as intended; and the ACL traffic is NOT allowed when the ACL is removed. This is exactly as it should be.
However, when using, for example, a VPN client such as the Cisco VPN client, or the Cisco AnyConnect client, via this guest SSID without user acceptance, the WLAN regularly and predictably stops passing traffic. This is 100% repeatable and predictable; it happens every 300 seconds, or possibly slightly longer. I have only used my PC clock to time it so the timing isn't all that accurate but I'm sure it's within a few seconds.
Given that the problem happens at the same time interval and is constant, I guessed there must be some configuration item which needs to be altered, but I've looked extensively at the controller GUI (we actually use WCS here) and I can't see anything that looks even remotely related to this.
View 5 Replies
View Related
Aug 30, 2012
Having an issue with Macbook authentication. All Macbooks at this one site, on same switch, going to same RADIUS server, work except for one. Looking at logs it appears server and client never exchange certificates. Attached is log for failed Macbook authentication.
View 4 Replies
View Related
May 2, 2011
i am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of EAP_TLS under golbal authentication setup .
I have downloaded client supplicant certficate file for my windows XP machine .When i tried to authenticated i am finding following error message under failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
View 2 Replies
View Related
Aug 3, 2011
I've just bought an E2000 and I Cisco Connect doesn't run on OSX-Lion, and I was unable to find it on support downloads. But this is only a comment, my concern is that I'm not able to see on main menu how many DHCP clients are connected nor of course to check their traffic. Other routers usually provide at least DHCP clients
View 4 Replies
View Related
Jan 10, 2012
I just purchased a new E4200 router. When I try to set it up, , it says that my software (Lion v. 10.7.2) is unsupported. Is there a download that will allow me to use this router?
View 2 Replies
View Related
May 29, 2012
The USB storage drive is not found when I attempt to map the drive on my Mac Mini Lion OS, it is not found. My question is, does the wrt160nl storage feature work with Mac OS? I have upgraded firmware to 1.0.0.3 and latest version of Lion
View 2 Replies
View Related
Dec 29, 2011
I just purchased a new E4200 router. When I try to set it up, , it says that my software (Lion v. 10.7.2) is unsupported. Is there a download that will allow me to use this router?
View 2 Replies
View Related
Aug 3, 2012
The latest Mountain Lion (OSX 10.8) update somehow broke the Cisco VUSB software. I downloaded and installed Mountain Lion yesterday, and now the VUSB software is not working correctly. When I try to connect to my printer, an error appears saying the connection failed, but the dashboard shows it's connected. When I try to print, the printer is shown as unavailable. I have Cisco VUSB version 1.0.0 for OSX and the EA3500 Router.
View 9 Replies
View Related
Dec 21, 2011
Since lion is there for a while, it is still not possible to make a time machine backup on an USB hdd that's connected to the router. is Cisco coming with an firmware update?
View 9 Replies
View Related
Aug 10, 2011
After a ugrade from Snow Leopard to Lion on my Imac, the software witch i have by mine E3000 router, works not longer anymore
View 1 Replies
View Related
Nov 24, 2011
does lion support hp 6840 can i install on mac i have lion
View 1 Replies
View Related
Nov 20, 2012
I am currently have a Cisco 881 router running EasyVPN server. I recently created come IPSec rules that allow trafiic to specific IP's for a specific security group:
access-list 105 permit ip host 10.1.0.5 any
access-list 105 permit ip host 10.1.0.15 any
access-list 105 permit ip host 10.1.0.16 any
access-list 105 permit ip host 10.1.0.32 any
This works as expected with our Windows users, however our Mac users (using native VPN Client) can only reach the FIRST ip in the string of access statements. When I was torubleshooting this, I moved .32 as the first statement and I could only reach it and none of the others.
View 2 Replies
View Related
Feb 12, 2012
I have a Cisco ASA 5510 8.2 (3) with clientless SSL VPN portal enabled with some bookmarks pointing to internal servers. I just installed a new Mac OS Lion Server 10.7 box and have a share on it using both AFP and SMB. My old Mac server is 10.6 with a similar share with both AFP and SMB enabled. When using the Portal browser (or bookmarks pointing to cifs://example/server), I get an error "Error contacting host" to the the 10.7 box, but browsing to the 10.6 box works fine.
I have double checked all settings on the 10.7 and permissions, everything appears correct. I can also browse internally via SMB from Windows XP/Windows 7 using default UNC paths \exampleserver, etc., to the 10.7 box.
From what I have read, the 10.7 has a completely different design to the SMB versus the earlier 10.6. [URL].
View 0 Replies
View Related
Dec 3, 2012
I'm using the Cisco AnyConnect VPN Client (2.5.3055) to connect to a server "A". It has worked fine. Then I tried to connect to the server "B" from the free university of Berlin and then this installed (3.0.08057) automatically without asking. Connecting to server "A" does not work any more. The error message is: "The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try again." So I tried to de-install the client with the shipped uninstaller and installed the previous 2.5 client again. but the Error message is still the same.so which files should I remove/edit to get it working as before. The network is OK, I tried it on a other computer under Windows Vista and there the freshly installed Client works fine. So I guess ther must be some files or configurations from the newer version in the way.
View 0 Replies
View Related
Sep 19, 2011
so i have a printer attatched to my mom's computer and it's set up for sharing. i can get to the printer through my macbook, but it's asking for a username and password to the network (which it didn't ask me to do when setting up the sharing settings on the windows pc) what do i need to do?
View 11 Replies
View Related
Oct 30, 2011
I recently bought a dell v313w and I finally managed to configure the printer with my mac via wifi.
I'm still very disappointed because I just can't figure out how to scan from my v313w to the mac as it doesn't appear in the possible destination hosts.
View 1 Replies
View Related
Jun 11, 2013
I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.All switches running default config no ip address assigned.
View 9 Replies
View Related
May 7, 2013
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies
View Related
Jul 16, 2012
I'm with one problem, my OS Lion don't authentication in the Secure ACS Version: 5.2.0.26.10.For the Mac Lion operating system to work you must put in execeção the MAC Address of your computer. I wonder how it could cause the OS to authenticate the ACS Lion.
View 1 Replies
View Related
Dec 12, 2011
get a status on Mac Lion and/or Windows 7 64-bit SSL VPN support for the RV220W? QuickVPN (for Windows 7 64-bit users) and IPSecuritas (for Mac Lion users) are our current workarounds, but for folks that use/own their own equipment we prefer SSL VPN. This is why we retired our WRVS4400N v2 for the RV220W.
View 3 Replies
View Related
Jan 25, 2013
I've been developing Node.js apps on my localhost on port 1337 for last two years with no problem as shown below.
$ node app
App started on port 1337
Today I wanted to test how things go with default port 80, so I did:
$ sudo node app
App started on port 80
But after that my network went crazy. Now I can't access any local address including localhost. When I ping to localhost it points to some weird public IP address (218.38.137.125) instead of 127.0.0.1.
[code]....
View 1 Replies
View Related
Jul 8, 2012
I have Cisco AP 1142 standalone and I want this one to operate with WLC.
I have searched in Google, they said I need to upgrade AP1142.
I don't know how to upgrade it.
View 6 Replies
View Related
Aug 26, 2012
i have a problem using my usb to serial cable connection, i can connect to one router on my work, but i can't connect to AP 1142, (i have tested also con AP 1231).i have a laptop running windows 7 64 bits, before i use a win xp 32 bits, and i didn't have problems.i am using putty, and have installed tera term 4.74 but the same.connection details, 9600, 8, 1, N, N.
View 5 Replies
View Related
Apr 29, 2013
I can't get connectivity from laptop to AP using cross over or straight through cable to do a tftp transfer from tftp server on laptop to ap.
I held the mode button on ap and powered on to get to rommon. The ap has no ios so it goes to rommon anyway. ap light is blinking red.
ap: set
DEFAULT_ROUTER=10.0.0.1
IP_ADDR=10.0.0.1
NETMASK=255.255.255.224
[Code].....
View 3 Replies
View Related
Feb 28, 2013
After AP is booted it shows the following message and cannot able to join in WLC:
*Mar 1 07:13:37.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.71.16 peer_port: 5246
*Mar 1 07:13:37.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
[Code].....
View 5 Replies
View Related
Jan 22, 2012
I just converted AP 1142 to LAP using the image "c1140-rcvk9w8-tar.124-21a.JA2.tar".
The WLC is a 5500 with 2 NIC : one on 192.168.0/24, one on a specific vlan 10.20/16
The main management interface is on 192.168/24 but we defined as management the interface on the 10.20/16 network.
For the access points, we use ports on a native VLAN on 10.20/16 with other available VLANS which are used for the wlan networks
We have 1152 APs which work fine on this config but that needed to be registered on the 192.168/24 network, then we moved them in their VLAN 10/20/16 and they work fine.
We also have 1142 APs which have been upgraded to LAP. These AP do not work with our architecture. They register correctly on the 192.168/24 network, but do not give access to the wlan VLANs. If they are moved in the 10.20/16 network, they don't register to the WLC (message : Timed out while waiting for ECHO repsonse from the AP). The AP do not get an IP.
is there a restriction with VALNs on these AP ? or is something false ?
View 11 Replies
View Related
Aug 28, 2011
I have an 1142 AP that I am unable to set back to factory defaults.Here is what I have done so far:
- boot AP while holding down the mode button
- ap: delete flash:private-multiple-fs
- yes
- ap: boot
- when the AP boots fully I try and enter any lwap ap commands and get "ERROR!!! Command is disabled"
- the AP name and password were reset to defaults but I am unable to get the IP address cleared.
I've also tried "clear lwapp private-config" and get an error saying the command is disabled.
View 4 Replies
View Related
Dec 9, 2012
I need to convert some 1142 APs to lightweight mode. They will connect to controllers running 7.3.101.0. I noticed there's two options of Lightweight IOS code available c1140-k9w8-tar.152-2.JA.tar and c1140-rcvk9w8-tar.152-2.JA.tar. Whats the difference between the two versions of code?
View 4 Replies
View Related
