Cisco Wireless :: 5508 - Virtual WLC - Certificate Errors
Sep 13, 2012
I have just setup a vWLC for lab purposes and it´s up and running. I have a few used 1131 LAP:s that tries to join the AP but I just get DTLS certificate errors like these:
*Sep 14 13:25:27.229: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Sep 14 13:25:27.258: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Sep 14 13:25:36.198: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 14 13:26:41.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.105 (code)
These AP:s (I have tried 2 so far) have earlier been in use connected to a cluster of 5508:s.
View 19 Replies
ADVERTISEMENT
May 15, 2012
My issue occurs on ALL of my home computers (MacBook and iMac using wi-fi) and ALL of my browsers (Safari, Firefox, Chrome).The problem:- Security Certificates: They pop up daily for Facebook mostly, but also Twitter. I will click Continue, which takes me to...- 404 Error/Page Not Found Error: After the Certificate error mentioned above, this happens. Mostly to YouTube. It will stay like this for a few hours. I've cleared cache, rebooted, etc. etc. Nothing works.- Images turn into little blue boxes with a question mark in them. **When this happens, it's an indication that a Certificate box will pop up out of the blue.- Even on Google.com, it will say: Invalid URLThe requested URL "/", is invalid.Reference #9.df260e6b.1336506889.420cf4fSo what can I do? It happens on both my Macbook Pro and iMac - both connected wirelessly to a Linksys router/cable modem. The router is Wireless-N Broadband Router WRT160Nv3 with Firmware Version: v3.0.02.
View 1 Replies
View Related
Mar 1, 2012
I got many certificates errors. When ISE Server tried to retrieve CRL: CRL verification failed - possibly signed by wrong or unknown CA,When client tried to connect using EAP-TLS: X509 decrypt error - certificate signature failure.
View 2 Replies
View Related
Jan 5, 2013
I like to use "URL Blocking" with keywords in the firewall properties. When I activate this feauture, I get errors from the router certificate when I browsing to any site in the Internet. Is there a way to manage this problem without using a public certificate?
RV180W-Firmware-1.0.1.9
View 8 Replies
View Related
Jan 2, 2012
I have set the RV042 up for QuickVPN access. The router config recommends turning HTTPS on in the firewall when using QuickVPN. The side effect to this is any web browser throws me certificate errors and warns me not to continue logging in to the router's config. How do I fix this so the browser does not throw these messages?
Router is Linksys-branded, using latest firmware for this hardware (1.3.13.02-tm)
View 12 Replies
View Related
Aug 7, 2012
After upgrading my 5508s to 7.2.110.0, they are reporting mobility data path errors to one of my WiSMs running 7.0.235.0.
I get these messages on the 5508s reporting that it can't send a ping to the affected WiSM:
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PKT_RECV_ERROR: ethoip.c:341 ethoipSocketTask: ethoipRecvPkt returned error
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PING_RESPONSE_TX_FAILED: ethoip_ping.c:312 Failed to tx a ping response to <ip address>, rc=5
But maybe there is another clue because I also see in the same log these errors referencing the same WiSM:
*bcastReceiveTask: Aug 08 21:15:45.310: %LOG-1-Q_IND: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
*mmSSHPeerRegister: Aug 08 21:15:44.829: %MM-1-SSHRULE_CREATE_FAILED: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
Why is the controller trying to SSH to another controller? Was some SSH related feature added to 7.2 that has been accidentally enabled?
View 4 Replies
View Related
Aug 16, 2012
I am having trouble with a newly configured install. Basically it seems that my centrally switched guest SSID is not functioning. As you change AP groups, which should change the interface associated with the SSID and also the dhcp client address, the client is retaining the original dhcp address from whichever AP group they first associated with.
I also have a locally switch WPA2 SSID at each location which is working fine. Clients are able to change dhcp address correctly as they move between AP groups. It just doesn't seem to be working on the guest network, which is odd because it was working earlier in the install. It has only started having issues yesterday afternoon.
The interface above is assigned to the guest SSID in one of the AP group. I assume this has something to do with it but I've been over my DHCP assignments on the core switch, local switch, controller, and dhcp server and can find no issue with the configuration..
I am not sure why as I am not using DOT1X at all. The guest is a pass-thru and the WPA2 network is just WPA + WPA2 with TKIP and AES. No DOT1X anywhere on the controller...
View 5 Replies
View Related
Jan 5, 2013
Have WLC 5508 running 7.4 code; have wlan setup to allow access to internal network. Users on ipads should be able to connect to this wlan and authenticated via certificate instead of PSK. We have setup laptops that are part of domain to use internal CA for authentication to WLAN. Ipads are not part of domain so we are not able to use the same model, or can we use the same model for authentication?How to setup WLC to authenticate ipad users via certificate instead of PSK while connecting to the WLAN?
View 1 Replies
View Related
Apr 10, 2013
get a installed certificate work on a 5508 WLC Controller without rebooting. Is there a way? Is it possible to just reload a process to get the certificate work?
View 1 Replies
View Related
Feb 12, 2013
I am using webauth and need to install a SSL cert to prevent the "There is a problem with this website's security certificate" message. I have a Wildcard cert that was issued by Network Solutions that I use on a couple web servers I run, and want to know if I can use that for the WLC? It's a pks cert and I think the WLC needs to use a pem cert, so I converted the wildcard to pem. Or do I need to purchase a cert that is not a wildcard and is in pem format?
View 7 Replies
View Related
Dec 6, 2012
We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and is this a supported deployment model.
View 2 Replies
View Related
Sep 3, 2012
I am planning to migrate from an old 4400 to a new 5508. I am happy with migrating the access points but I need to know if I can migrate the web authentication certificate used for guests.The new WLC will have the same virtual interface and DNS name to match the CN on the current certificate. Will this work or will I need a new certificate?
View 2 Replies
View Related
Feb 13, 2011
I have 3 WLC 5508 and a NAC guest server. We want to download a wildcard certificate after a few seconds at the download of this certificate I got the failure message download failed.
Accept the WLC wildcard certificates or must I generate a SAN (Subject Alternative Name) Certificate.
View 5 Replies
View Related
Jun 2, 2012
Seen Duplex MisMatch errors on a N7k with a LAG going to the 5508 WLC? WLC code is 7.0.203.0. I found a BUG that is private to Cisco ( CSCth11041 ) that looks like it, but I want to make sure.
View 1 Replies
View Related
Jul 24, 2012
When a guest user first trys to access the "guest" WLAN, they are presented with a "certificate page" before the web athentication page / login is presented. The WLC forces an internal redirect to https://1.1.1.1 causing the certificate page to appear. Can this be bypassed? I am runiing 5508 with 7.0.220.0.
View 12 Replies
View Related
Sep 13, 2011
I have a AIR-AP1121G-A-K9 running c1100-k9w7-tar.123-7.JA2 (Autonomous)We have monitoring setup with Orion NPM and we consistently see output errors, Transmit discards and big buffer errors The users at the site have not reporting any issues but was wondering how to prevent these or are these normal?What causes the output errors on Wireless Radio ? How to troubleshoot further ?
Radio0-802.11G
Total Output Errors 0 47749
Small Buffer Misses
4 misses
139 misses
[code]....
View 1 Replies
View Related
May 31, 2011
We are experimenting with virtual machines running on some laptops here as part of a future deployment.Equipment in use:
-5508 WLC
-1262 LWAP
The actual operating system has no issues connecting to the wireless. When you start the virtual machine on any client machine (OSX, Win 7, Win XP, anything) it is unable to get an IP through an external DHCP server when the VM is set up to use a bridged connection.This works fine with Autonomous access points and over cable all mapped to the same VLAN. Helper addresses are configured on the VLAN.Is this a limitation of the WLC where it cannot provide more than one IP address per MAC? Is it a limitation of CAPWAP? Or is there an option to turn of DHCP snooping (which I suspect to be the cause of the issue)?
View 3 Replies
View Related
Mar 27, 2013
We are moving forward with a mobility project which requires our network to authenticate/authorize based on certificates.
WLAN_1 has 802.1x enabled passing the cert through to the MS CA which authorizes the cred, which in turn passes the AD creds of the user to the MS RADIUS server for authenticate/authorization.
Hardware: WLC 5508 running 7.2.110.0 3600 APs ACS 5.2 not used for AAA
1. As we turn up additional SSIDs, we need Mobile SSID to accept ONLY the Mobile Cert, our Internet SSID to only accept the Internal Cert and our GUEST SSID to deny ANY Cert issued by our CA.I know ISE makes this much easier, but I dont have it and need this to work as best we can until next fiscal cycle..
View 3 Replies
View Related
Dec 10, 2010
i have a Setup as Follows
- 5508/1142
- heterogenous Client with WZC, XP, SP3, SSO
- ACS 5.2, MS AD
Target is Songle Sign On wih Machine Cerificates against AD. For testing purpose we tested with EAP-PEAP/MS Chapv2 and Machine Auth, works fine. Now we installed a Machine cert in the Machine cert Store (no User Cert) and reconfigured the WZC for using certs and Machin Auth. What we see is an Error Message in the System Tray that there is no certificate available. We checked it again, the MMC shows us a Machine cert in the Store.
View 4 Replies
View Related
Jul 1, 2012
I have two Cisco WLC 5508 controllers that I'm trying to set-up for our new corporate WLAN. I've gone through most of the configuration fine but have ran into an issue uploading a signed certificate to one of my controllers. I should point out that I have managed to upload the certificate successfully to one of the controllers, I just can't seem to upload it to the second.The issue is as follows:
- I've logged into the controller, gone to Security -> Web Auth -> Certificate -> Download Certificate
- I've specified my tftp server details and selected apply
- the process begins and I can see through my tftp client that the controller is attempting to copy and install the certificate
- The controller tries to install the certificate but fails, reporting the same
View 9 Replies
View Related
Mar 26, 2013
We are deploying BYOD with Cisco ISE 1.1.2 and WLC (5508) using 802.1x authentication.Windows clients cannot connect to 802.1x SSID with the following error on ISE:Authentication failed : 12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate
The client doesn't have preconfigured wifi profile or root certificate installed.The concept of BYOD suppose that you can connect your device without any installed certificates and preconfigured wifi-profiles.
The problem is that Windows 7 supplicant does not send TLS alert in pop up window, when connecting to 802.1x SSID.If this alert is seen, than you can accept it and proceed the connection. After that you will be asked to install ROOT-cert, get your own cert and etc.So, the question is: how to make the windows supplicant to show the pop-up window with TLS alert?
p.s. the attached file shows the example of pop up TLS-alert window
View 6 Replies
View Related
Jan 30, 2012
There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
View 3 Replies
View Related
Oct 19, 2012
i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
would it be the change on GUI? So now where i can import the CA certificate to ISE?
View 5 Replies
View Related
Nov 1, 2011
I have to bridge 1400 series which in the virtual interface has a CRC errors, i don´t the reason, maybe the link (point-point bridge) is misaligned.
View 3 Replies
View Related
Jun 13, 2010
I am getting error messages for clients:
11 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:13:ce:54:57:3c using WPA key on 802.11b/g interface of AP 00:16:9c:91:97:c0 12 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:16:6f:91:d8:60 using WPA2 key on 802.11b/g interface of AP 00:16:9c:91:97:c0
These are only occuring for clients that are disconnecting....
They can reconnect after a WLC reboot....
We have swapped APs.....
I have seen this error in other forums but it says not to worry about it. There has to be a connection between this and clients getting disconnected. We have anywhere between 10-50 clients on the system at any one time.Is this a client issue (nic firmware, version) or is this an error in the controller??
AIR-WLC2106-K9
IOS ver: 6.0.196.0
View 4 Replies
View Related
Dec 10, 2008
we see a strange message in our WLC logs, which occurs quite often (>10 times a day):Decrypt errors occurred for client [MAC-Adress] using WPA key on 802.11b/g interface of AP [MAC-Adress]The MAC-Adresses of the affected clients are varying as well as the APs reporting the error.The clients are Notebooks, Cisco IP-Phones and Nokia-DualBand-Phones.
Even more frequently we see the following message in the log:
%ETHOIP-3-PING_TRANSMIT_FAILED: ethoip_ping.c:227 send_eoip_ping: Failed to tx Ethernet over IP ping rc=5.
We use TKIP as Encryption and EAP-Fast as well as LEAP as Authentication (Cisco ACS).The WLC is an 2106, the APs are 1242AG. We don't recognize any problems placing calls or talking over these phones. It's just these messages in the log that concern me.
View 7 Replies
View Related
Mar 20, 2011
Recently i have been having LOADS of problems with my wireless router. Every now and then it will decide that 2 of my 3 computers will not be allowed to connect to the internet. and i will have to spend hours of resetting and rebooting computers to get it to work again.. only for the issue to start again a few hours later. I recently added the third computer but im not sure how that would be an issue.
the router is a Linksys (cisco) WRT54G2.. a
View 1 Replies
View Related
May 23, 2011
Im having dns problems ever since PSN went back online and i cannot connect to the internet with my PS3 or log onto PSN. At first i would get dropped as soon i joined an online game, and it was running very slowly, but now it wont connect at all.
View 4 Replies
View Related
Jan 16, 2013
I have a Vostro 3550 running Windows 7 Pro. It has a Dell Wireless 1702 802.11b/g/n card with an intermittent fault:The error messages that Device manager reports are:This device cannot find enough free resources that it can use. (Code 12)If you want to use this device, you will need to disable one of the other devices on this system.and also:This device cannot start. (Code 10)These both appear about 80% of the time while trying to use Wifi. A restart of the removes the error message and wifi can sometimes be used as normal for a short period before one of the errors reappears. When booting into a Linux live-cd the error messages also appear with ath9k drivers..
View 3 Replies
View Related
Mar 17, 2013
I am looking at deploying a Cisco Virtual Wireless LAN Controller (vWLC 7.3).Do I need Prime Infrastructure to manage the environment, or can I manage my AP's (1200 series) using the vWLC alone?
View 6 Replies
View Related
Feb 6, 2013
i have an AIR-LAP1131AG-A-K9 fresh from the box an was trying to register it to vWLC.I have them both on the same VLAN and these logs are showing on my WLC: [code]
The funny thing i have noticed is that both the WLC and the AP cannot PING each other.
View 14 Replies
View Related
Feb 16, 2013
Region : Poland
Model : TD-W8951ND
Hardware Version : V5
Firmware Version : 5.0.0 Build 120522 Rel.23978
ISP : Orange/TPSA
On my router TD-W8951ND constantly there are the same type errors, while using computer conected to the router:
Code:
2/16/2013 17:24:8> netMakeChannDial: err=-3000 rn_p=80544b08
2/16/2013 17:24:13> Last errorlog repeat 2 Times
[Code].....
View 1 Replies
View Related
Nov 24, 2011
I am directly plugged into the router on my computer, and it is used wireless for the rest of the computers in the house. Frequently (3-4 times a day usually, sometimes more like every 20 mins, other days not at all), the router and Network Magic will tell me my computer has lost internet connection, and browsers and any program I try to start won't be able to connect to the internet. However, I know the connection is still live because any program that was running and accessing the internet beforehand (multi player games and instant messaging programs, for example) still run fine with their connection and I can continue to play or chat online until I close that program.
Trying the 'Repair Connection' on network magic doesn't work, but unplugging and replugging the power cable to the router fixes the issue(again, so I know it's the router and not the internet)whatever reason the router is deciding to tell me it's not active and refuse access to the internet for new programs when existing connections don't show any problems.
View 3 Replies
View Related
