I have a WLAN with 5 1200 Series AP (A/G) configured for Fast Roaming using the Cisco supplied documentation. Can I use one user name for all of my devices to connect to the Internal Radius Server? This would be similar to having a passphrase for WPA.
View 3 RepliesI have some aironet 1200 AP's. I want to use this with a windows 2008 radius server. I followed the guide on [URL]. Unfortunately I can not get this working. In the securtiy log of the event viewer there is always the message "authenication was not succesful because an unknown username or incorrect password".
- Is it possible to get this working?
- If yes, is there a manual how to configure the AP's and the radius server, or are there any hints?
- Is this the best way to setup a wireless network or is there a better way?
I saw there is also a local radius server inside the 1200. Can all the 1200's work together? I suppose that if I use the built-in radius server than I can't make a connection to my AD database, correct?
I would like to be able to have a few "guest" users on the Wireless network for visitors. Is there any method to have a prompt for "Username / password"? I would like the user accounts to have different expiry periods if this is possible. My current config is attached. The SSID "test" appears on the network. The SSID "test111" does not appear.
View 1 Replies View Relatedhow to set WLC 5508 to allow single create web authentication user account to get connected in a same time. i found that i can use the same username and password combo to be login in 2 machine in the same time.
View 4 Replies View RelatedWe have multiple RA VPN groups on a 3845 router.RADIUS authentication is currently happening between the 3845 and a single Windows 2008 server. We have a specific windows group that AD users are members of, and they are allowed to connect via VPN.
I'm creating a new RA VPN Group, which should only allow different AD users. Is it possible to create another RADIUS association to the same server, or do I need to authenticate against a different Windows server?
I have configure my ACS 5.3 to strip the prefix of the radius username (Domain week wang) it received and I also configured my ACS as the External Radius Server. However, this does not seem to work. The authentication protocol that I am using is PEAP Mschap v2.
I have read inside this forum that due to the fact that the radius username and password is transited inside the TLS tunnel of the PEAP MsChap v2 thus ACS is not able to do the stripping as it is not allow to touch anything inside the TLS tunnel.
Found you on Google and prays that the regulars here will take pity on a former Juniper admin. I've got a brand new shop to handle that is all Cisco including CUCM 8.x and I have zero Call Manager experience. How to enable international calling for a single user
[code]...
brief flow/steps for making sure a user can dial international? I figured it was as easy as making sure their DN CSS had the ability to do so, but apparently not.
I am having an issue with the user VPNs. For users connected via the AnyConnect VPN client, all of their Internet traffic goes out their local Internet connection, since I am using split tunneling. However, I need a specific public IP address to go through the VPN tunnel and out the DIA at the main office, rather than the user's local internet connection. I managed to have this IP address go through the tunnel to the ASA at the main office, but it appears that it gets blocked somewhere there, or maybe the return traffic gets blocked. I am using an ASA 5520 at the main office, with software version 8.3.
View 3 Replies View RelatedActually not randomly. It's normally after weekly reboots. This causes the Great Plains DB to be locked to 1 person, so other people get errors.
Sometimes I can just unrestrict access, other times it's grayed out and I have to drop the DB and restart the services to take it out of single user mode.
SQL 2k3.
In our environment we've got a Cisco ACS-Server providing Tacacs+ (mainly for access to routers/switches) and Radius (for 802.1x-validating end hosts) services.
Aside from our IOS-based switches we've got a SG200-18 acting as a workgroup switch.
I'd like to set up user authentication on the SG200 (i.e. authentication of users accessing the switch) as well as 802.1x validation of end hosts via our existing Cisco ACS 5.x.
Unfortunately the docs for the SG200 in the chapter "Configuring RADIUS Parameters" only mentions "...For the RADIUS server to grant access to the web-based switch configuration utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15.... - no examples etc.
Since the WEB-based SG200-interface is absolutely new to me I'm looking for some hints/examples on how to set up the Cisco ACS Radius Server in order to interact with the SG200.
I would like to configure the below setup:
End user client (Cisco Any connect/VPN client) -> ASA 5500 (AAA client) -> ACS server -> External RADIUS database.
Here ACS server would send the authentication requests to External RADIUS server.So, i have added the external user database (RADIUS token server) in ACS under External databases.I have added AAA client in Network configuration (selected authenticate using RADIUS(VPN 3000/ASA/PIX 7.0) from the drop down.
Here how do i make ASA recognize that it has to send the request to ACS server. Normally when you use ACS as RADIUS server you can add an AAA server in ASA and test it.But here we are using an external RADIUS server which has been configured in ACS, so how do i make ASA to send the requests to ACS server?
I have a Cisco ASA 5505 that I've setup with an SSL VPN. This is for personal use, and I therefore don't have need for anything more than local authentication. [code]
I'd like to have one profile/policy where I only encrypt data going to my split-tunnel ACL, and I'd like to have one profile/policy where I encrypt all traffic.
The issue ive been fighting is - it doesn't seem like its possible to associate more than one group policy per user. If it IS possible - can you tell me how I associate both groups to my local account?
We have several ASA 5510 firewalls which are being used as VPN gateways.RSA SecurID is the authentication mechanism using native SDI connectivity. No ACS server is being used.Is it possible to assign user Group and other attributes (such as ACL), using the SecurID RADIUS server? I know this is what the Cisco ACS is for, but is it possible using the RSA RADIUS server itself?
View 11 Replies View RelatedCan I use AAA Radius on a ASA 5505 to block outgoing user access by user name in a group?
View 2 Replies View RelatedWe have a 1200 Aironet just go down hard for no reason through out the day, we replaced the Power Injector with a C2960 POE Switch, we also replaced the cabiling. When it goes down hard all three lights are still green as if the AP is still up. We verified the IOS with other stores and everything is the same on the configurations, versions, and IOS.
View 35 Replies View RelatedIs it configurable to allow wifi user to user traffic on WLC 5508?
View 4 Replies View RelatedI got my final assignment from school, and my teacher asked me to configure 2 Access Points (1200 series) directly on a Wireless Controler (Cisco 2106). I can't ask my teacher for any questions, cause he doesn't know how to configure it also, THAT's why he's asking me to do it.I've learned a lot of things about the default static interfaces (the "management" and "ap_manager" interface), but i can't seem to fully understand how to configure it.I want to use the Internal DHCP server of the WLC. How I can get those 2 Access Points working on the WLC. I only seem to get DHCP issues.
This is what i've done:
- Leave the configuration of the "management" and the "ap_manager" default (172.16.1.30 and 172.16.1.30). Bound to port 1
- Made a new interface "AP1" with IP-Address 10.0.0.10 (/24), default gateway 10.0.0.1. Primary DHCP server: 172.167.1.30
- Made a new interface "AP2" with IP-Address 192.168.1.10 (/24), default gateway 192.168.1.1. Primary DHCP server: 172.167.1.30
- Made 2 DHCP scopes within the 192.168.1.0 and 10.0.0.0 networks.
For some reason, when i boot up both AP's, the won't get any DHCP address.
I have two wireless networks configured in the AP1200, both SSIDs are configured with WPA.
SSID 01: configured whit WPA
SSID 02: configured whit WPA
I have configured the access-list number 700, and I would like to apply to a single network. Achieving the following:
SSID 01 : WPA + Mac Filter, using the ACL number 700.
SSID 02: WPA
How I can apply the list 700 to the first SSID only ??
I am looking at deploying a Cisco Virtual Wireless LAN Controller (vWLC 7.3).Do I need Prime Infrastructure to manage the environment, or can I manage my AP's (1200 series) using the vWLC alone?
View 6 Replies View RelatedI want to disable the MAC authentication that is configured in my Aironet 1200 Cisco Access Point, now set to "Local list only". I want that any wireless device can connect if the user knows the wep password.
I cannot find the option to disable the MAC authentication.
I am using 5 Cisco 1200 Series APs with both an A and G radio. Is there a benefit/problem to running both simultaneously? I would have one SSID and is setup for Fast Roaming as well.
View 1 Replies View RelatedFor the past week, I've been looking to implement wireless technology at our educational site. We've conducted some tests with an AP1200 and we were satisfied with the performances of 802.11a standards.
Since one of our requirements is bandwidth, we are looking to implement a 802.11g standard for that need. Unfortunately, Cisco does not offer any client access adapter for that 11g standard as opposed of the competition. What kind of client adapter (PCMCIA) can Cisco recommend to work with AP1200 under the 802.11g ?
I have 2 Cisco 1200 G AP's connecting 2 different locations. Location A ( La ) I have a RVO82 router connected to a 50Mbit cable connection. I have an AP setup there using a 1 Watt booster and a 24db wire grid directional antenna. Only one antenna here, the other disabled.
At Location B (Lb ), about 1.5 miles away, with good to excellent line of site, i have the other setup as a WGB with a 15db wire grid directional antenna with a 1 Watt booster. Also only one antenna here, the other disabled.
WGB feeds a simple 8 port switch and in that switch i have a simple belkin wireless router setup as an AP for Lb's wireless access,
The signal strenght between the two locations is -49 to -52 db, depending on what time of day I check it.
I have had this setup for a couple of years now. I recently switched from a 3Mbit DSL connection to the 50Mbit cable connection hoping to increase my bandwidth with no luck.
.
When I first set this up i had a 6Mbit cable connection and it maxxed out at 5 Mbit at Lb. I thought i would be able to add more boosters and antennas as time went on to go from half duplex to full duplex (the way i think of it is one antenna receiving and the other sending, at both locations) so that when our ISP had faster rates available, i could upgrade. I recently read somewhere on the net that it is not possible to run full duplex in the AP to WGB setup i have. Is that true?
My main concern is increasing bandwidth on the WGB side Lb. When i upgraded to 50Mbit, i still only max out at 5mbit at Lb. Before i thought it was due to not being full duplex or weaker signal strengths (I've always had the 1watt booster at Lb, then i added one later to La with no benefit noticed except signal strength is better and uploads seem faster from Lb....)
I have two different LAP 1300 and 1200 in my network and I need to add theme to the WLC,I successes to add one of theme by the option 60 in the DHCP pool at the Core SW,How to use multiple VCI strings for lap 1300 and 1200 (option 60) in one pool?
View 4 Replies View RelatedIs there any detailed documentation on the Site Survey Client mode on the AP 1200?When using this mode I cannot see any indication that it has associated withthe root AP. I would like to be able to pass traffic from the ethernet port to the root AP VIA the AP in client mode. The Ap in client mode shows the radio in blocking when in client mode, is this normal? Is there a way to manually change this to forwarding mode?
View 4 Replies View Related I've got an iPad2, which works without issue at home (1130 AP/ASA5505), but at my office, we have a 1200 series AP. It's hit and miss, but other people who bring iPads in have noticed the same issue--our internal SSID is non-broadcast. Even though the SSID is previously configured and works on occassion, there are times where it won't even see the SSID at all to connect.
This happens with iPad and iPad2, iOS4 and iOS5...
LIke i said, works fine on my non-broadcast SSID at my home on an 1130 AP...
how i can limit the bandwidth for a all my client conect to the AP, i have a Aironet 1200 with the 12.2.15 code.
View 3 Replies View RelatedIs there a way to configure client/user to AP authentication without using encryption for joining to an wireless network? What we need to do here is protect network access at our hotspots by enforcing a password to get connected. The other part is making it compatible with every possible device so we need to have encryption off. We have a mixed environment at this time until everything is upgraded. Aironet 1200 series and some new Aironet 1142 models. No controller, all standand alone AP's
View 2 Replies View RelatedI have a office network that was setup before I started. We have a 172. subnet and a 10.2 subnet. When users on Wifi get a 10.2 address ( ran out of 172 address ) they are not able to get out to the internet. But if the laptop is connected to a LAN port and get a 10.2 address they are able to get to the Internet. Not sure if its the Aps I need to configure or the Pix seeing that if they get a LAN address of 10.2 everything works. This is becoming a bigger issue now that the company has out grown its main subnet (172.)
APs= AIR-AP1231G-A-K9
Vlan = 172.16.1.XXX
Vlan2= 10.2.0.XXX
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
We had two dozen Aironet 1200 access points and a controller donated to us from a local hospital that no longer needed them. My boss would like me to set one up with 3 VLANs:
- encrypted VLAN for staff
- encrypted VLAN for students
- unencrypted VLAN for guests
Ultimately, we'd like the staff VLAN to have access to all internal network resources, the student VLAN to have access to several pre-defined printers, and the guest VLAN is web-only access. Whether the controller we were given will accommodate that, we won't know until we get one Aironet 1200 programmed and connected to the controller. For the time being, I just want to get this access point programmed with the 3 VLANs.
I'm easily able to get it running a single SSID (non-VLAN) network and confirm that I can use that network fine. However, I need to set up these 3 VLANs. I can connect to it via telnet if that'll let me program it faster.
I am running the upgrade tool on Aironet AP1230B-A-K9. I can't join the controller by using the upgrade tool. the error is "AP does not have Supported Radio". What radio is the upgrade tool or controller look for on Aironet 1200 series? This AP is running 802.11b. However, I have several APs which the same model is running on the same one controller. The controller is model 4402.
View 8 Replies View RelatedI have cisco aironet 1200 series Acess point i want to configure wep with mac authentcation .
If any document with GUI configuration
Is it possible to setup a Cisco 1200 AP with 802.1x to drop users into the corprate network if they have a certificate or if not to put them on the guest network?
View 3 Replies View Related