Cisco Wireless :: 5508 / WLC Proxy ARP Fail
Jun 9, 2013
I have a lab network setup at my house with similar equipment to our office that I use for testing different features and functionality. Since I have had this installed (~ 2 years) I've had an intermittent but recurring problem with connectivity to various wireless devices that I have never been able to fully resolve.I have a 5508 Wireless controller with a handful of 3502i APs spread throughout my house. The controller is connected to a 3560X switch. And I have an ASA 5510 firewall as my Firewall/Internet Gateway. When I work from home I most often work from a desktop computer in my office and have a Windows RDP session to a laptop located in another room in my house on one of my monitors as a working space (I know this is weird but there is a good reason). This laptop is connected via WiFi at all times.Occasionally, I will lose connectivity to this laptop (or not be able to connect back to my desktop from it) and have to start an extended ping from the laptop to the desktop to re-establish connectivity. A while ago I performed some deeper analysis on what was happening and what I found is that when the connectivity breaks the problem is that the desktop is unable to resolve the MAC address of the laptop. It sends out ARP requests but never receives any reply back.
Why would the controller stop replying to ARP requests for the IP address of the laptop?If I log into the controller while this is happening it shows the laptop as a connected client, and has its IP address and MAC address listed fine in the clients section. In order to avoid getting up every time I need to reconnect, I normally hop to a system I control across one of my VPN tunnels via RDP, then connect BACK to the laptop and start the ping to re-establish connectivity back to my main desktop machine. This works because the firewalls ARP cache hasn't cleared yet. And then everything works fine again... unless I manually clear my ARP cache. Sometimes clearing the ARP cache will result in the exact same problem again and I will lose connection. Other times it seems to repopulate almost immediately and the connection doesn't drop.
A wireshark debug from the desktop reveals that ARP requests simply go out with no reply, confirming what is happening.As a note, I have set both the User Idle Timeout and the ARP timeout to 24 hours to try but this has not had any effect.This problem seems to go away and then come back. In fact, I havent been experiencing this issue for probably a couple months recently and then it just started again in the last few days which is why I am back to posting here. No changes to the network were made in the meantime that could account for this change in behavior. I am currently running version 7.2.111.3 but this behavior has persisted through at least four software upgrades so I don't think it's an issue with a specific version but I don't really know.I occasionally epxerience connectivity issues in my house to other devices as well that I use less often like a printer, network camera, apple tv so I now feel like these issues are likely all related.
View 5 Replies
ADVERTISEMENT
Sep 26, 2011
I just purchased 5 RV220W to act as internet/wireless router at a remote site. There is no VPN, just LAN and Wireless routing to the internet.I have setup remote management and it works fine when I am directly connected to the internet. However, everytime I try to connect through our HTTP/HTTPs proxy farm, it usually fails. Specificially, I get the log-in page and can log in. It starts to render the landing page but redirects to a page stating "Your session has been terminated." On rare instances the first page will appear, however within a few clicks I end up with the same terminated page.
As a test, I bypassed the farm and forced my browser to use one proxy exclusively. At that point I could access the HTTPS interface with no issue. I have not had any issues with other SSL sites with the proxy configuration in use.Is there some sort of MITM prevention I could be running into? If so, can it be turned off.I am new to the RV-series of routers. Is there any logging I could turn on that would provide insight on why the session may be getting terminated?
View 2 Replies
View Related
Mar 18, 2013
for some reason some AP's are terminating the association to either one of the controllers for a short period of time. When this happens and the AP re-associates itself with either of the active controllers, it looses the information of what group it previously belonged; and it gets dropped in the default group, broadcasting every single SSID available.
What I would like to see happen is that if for some reason an AP terminates association, but restablishes it shortly; it can automatically go to the correct group.
Both WLC are running the same version and have the same amount of licenses, they can hold all the AP's one of the WLC came down. Config-wise they are identical except that the groups are named differently but ultimately configured the same. If that is an issue we can change it no problem since it's only the name.
View 5 Replies
View Related
Mar 1, 2013
We need to create Guest WLAN on WLC 5508 which will be used for internet access only. My questions are:
1. Is it possible to use our external web proxy server to authenticate users?
2. Can we also forward all traffic to the external web proxy to filter the websites that can be accessed (without configuring it on the browser)?
3. Can this be achieved using the L3 webauth?
Our topology:
WLC -- Switch -- ASA Firewall -- Internet -- External Web Proxy
We are using WLC as DHCP server for Guest WLAN with ASA Firewall as the gateway.
View 6 Replies
View Related
Nov 10, 2011
Just recently upgrade our 2 5508 controllers from 6.0.199.0 to 7.0.116.0. Since that upgrade, I have a handful (8 to 10) of wireless laptops that now refuse to associate to any access points. The thing these laptops all have in common is some variation of the Intel Wifi Link AGN cards. I have about 200 other clients out there working just fine.
I've tried everything under the sun that I can think of. Patches, drivers, the whole sh'bang.
Is there a known issue with 7.0.116.0 and these particular cards?
View 17 Replies
View Related
Jan 17, 2012
In my lab I have a Guest Wireless network setup and fully functional. Here is a brief diagram:
Client -> AP -> LAN switch and WLC-Foreign -> Core router -> DMZ switch and WLC-Anchor -> Edge Router -> Internet
I have NME for credential management on the LAN as well.The WLC-Foreign is a 5508.In my DMZ, I have two networks - 1 for normal DMZ management and 1 for Guest Wireless.
I now have to add a Blue Coat web proxy appliance into the DMZ and have Guest Wireless traffic pass through it. I have tried multiple scenarios including connecting the WLC-Anchor to the Blue Coat directly and making the Blue Coat the gateway for my Guest Wireless network. Any good design for the DMZ networks and/or routing to enable the Guest Wireless traffic to go to the Blue Coat and then out to the Internet?
View 11 Replies
View Related
May 2, 2011
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide: For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
View 9 Replies
View Related
Dec 8, 2011
accounting in ACS 5.3. When I setup accounting on WLC 440x / 5508 ACS takes them as an authentication request and fail.
Here are some logs what I see in acsview:
Dec 9,11 6:05:11.783 PM
Radius authentication failed for USER: navrka2 MAC: a.b.c.d AUTHTYPE: Radius authentication failed
ACS Session ID:
dc2aaa1v/112555963/420
Audit Session ID:
0a9a01d7000001fd4ee23a3d
Tunnel Details:
[code]...
View 4 Replies
View Related
May 28, 2012
I would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:
Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B
View 1 Replies
View Related
Feb 22, 2012
We have two Cisco 2960 TT-L switches. I'd like to reduce single points of failure and have dual servers for most tasks. For example, two firewall servers and two web servers. Should one server fail the other will act as a failover.I'd like to extend the redundancy to the switches, and am thinking of connecting one web server to one switch, and one to the other. In the event a switch failed a set of servers would still run, and be able to talk to each other.I'd like to run two VLANs, one for the LAN, and one of the WAN, and connect the two VLANs on each of the switches with the associated VLAN on the other switch.
View 3 Replies
View Related
Mar 31, 2012
I access the internet from my company�s LAN, which has a restrictive firewall, so I cannot request the admin to open any ports manually for me. Hence I use a software called your-freedom. This proxy software supports both http as well as socks 4 and 5 proxy (by entering the proxy IP 127.0.0.1 (localhost) and Port 8080 for http proxy OR 1080 for Socks Proxy), and I have successfully been using web browsers and some other softwares that support proxy/ allow proxy info to be entered to login/ connect to the internet. Your-Freedom also supports port forwarding.However, the softwares I intend to use do not have any options to enter proxy methods or proxy ports (as far as I have noticed). I have tried to proxify these 2 softwares using softwares such as SocksCap and Free Cap, but either they don�t work, or my settings in proxifying are not correct. I believe I will have to do port forwarding or proxify the softwares, but have been unable to do so in the correct manner.
Following is the info on the 2 softwares:
1.NOW Trading terminal:[FONT=Times New Roman]Normally when I start the NOW or Zerodha software, the software starts and I get a login screen, but under firewall conditions, I get the initial Splash screen but then the software stops with the error: [b][u]NOW Initialisation failed for Interactive Engine << os error>>.
2.PowerIndia Bulls:The software is written in Java and starts with a batch file (PowerIndiabulls.bat) located in C:UsersDEFAULT_USERNAMEAppD..... I converted this batch file to .exe (with battoexe software) and then ran it through a proxifying software. The .exe start properly without proxifying software but not under proxifying environment. Basically the software needs to connect to the internet using Port 443. I am also expected to keep ports 443, 41599 and 59598 open. software's requirement is available at Indiabulls Securities: Indiabulls Securities is a leading capital market company offering securities broking and advisory services, depository services, equity research services to its clients in India. (item no. 5).To confirm, while the software is unable to connect through port 443, you will get an error message: "Connection to Login Server could not be established" when you try to login with any random Username and Password.To know that the software is able to connect properly, you will get an error: "This User ID is not enabled to be used with this product".
View 1 Replies
View Related
Jan 8, 2013
Anyone know the differnce between these two on a MLS? Seems that proxy arp as I know it works with or without the 'local' version.
View 7 Replies
View Related
May 19, 2012
i have 1262 LAP which is fail to boot and went to rommon mode
here are the logs
ap: boot
Loading ""...: permission denied
Error loading ""
[Code].....
View 5 Replies
View Related
Jan 12, 2012
I have problems in the following scenario. I attached an image with a summary diagram of the network in question. The problem is that on the 3rd floor of the site users connect via wireless fail to connect and receive an IP. But they can not navigate. The second and first floor itself. As you see in the diagram are 3 routers, one per floor. The first is the only router that provides DHCP the other two routers are as simple Access Points.
View 13 Replies
View Related
May 18, 2011
my computer cannot access Internet at all. It finds all the wireless routers and can connect to them, but says that the router cannot access Internet. However, it can. All other devices connected to the router have full Internet access. I've tries rebooting computer, rebooting router, reconnecting to router, reinstalling wireless Internet driver, but still nothing
View 4 Replies
View Related
Oct 29, 2011
We have found that only Cisco 1231 WAP are exhibiting this behaviour. Their Primary WLAN controller is Cisco1 WLC but they fail to register to Primary WLC and fall back to Cisco2 WLC. After about 200 sec , they attempt to connect to Primary WLC once again and fail. The whole cycle is repeated every 250 seconds.
View 3 Replies
View Related
Jun 22, 2011
I have a point to point link of 9.27 km using 1410 bridges and AIR-ANT58G28SDA-N antennas as per the documentation that would be an easy to deploy link and it should work at 54 Mbps, eventhough it drops the link, it's so slow and the power measurments indicate -70 dbm (aprox) right under the antenna which is at 9 m height.
This is not the first time I have troubles with 1410 bridges, the other two times I had to change them for 1310 bridges. I wonder if it has to do with some configuration tunning like, external antena gain, link distance or anything else? By the wat this is ocurring in México don't know if that might be worth of taking into consideration in order to deploy a 1410 link.
View 3 Replies
View Related
Jun 16, 2012
virus update conection fail how i solve it in windows8
View 1 Replies
View Related
Dec 12, 2012
Just upgraded to Win8 Pro last night by wi-fi. Cannot access internet router via ethernet cable. Cannot access wireless either.
Using Network & Internet troubleshooting for Internet Connections, I get:
Problem with wireless adapter or access point Not Fixed X "Local Area Connection" doesn't have a valid IP configuration Not Fixed X
If I do a ifconfig, I see that LAN has its media disconnected. But not wireless. HP Pavillion dv1190us Notebook PC.
View 1 Replies
View Related
Aug 29, 2011
I have a problem where wireless clients at a remote site cannot successfully authenticate through their WLC to my ACS 5.2 (Linux on VM). I have three sites where this authentication is functioning properly; at my fourth site the wireless clients fail with a PEAP error: "12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate". My wireless clients are Win7 using WPA2-Enterprise security type with AES encryption. The authentication method is set to Microsoft PEAP (EAP-MSCHAP v2) and the 'Validate server certificate' is not checked. My wireless access rules on ACS 5.2 are working well at three sites. My ACS 5.2 has a self-signed certificate that doesn't expire until August 2012. A laptop that can successfully authenticate at other sites cannot authenticate at the fourth site.
Phase one of the PEAP process is where the client authenticates the server certificate and the TLS tunnel is created so that in phase two user authentication credentials are sent through the TLS tunnel using EAP. My clients do not seem to be able to create the TLS tunnel because they reject the ACS local certificate; thus, user credentials are never passed and authentication fails. I have renewed the ACS local certificate and rebooted the ACS server but the problem persists. My WLAN on the WLC has its security policy set to [WPA + WPA2][Auth(802.1X)]. WPA uses TKIP and WPA2 uses AES; Auth Key Mgmt is set to 802.1X. The remote site where authentication fails is a different domain; the other three sites are the same domain.
I can see the failed authentication attempts in my ACS "Monitoring and Reports | Reports | Catalog | AAA Protocol | RADIUS Authentication" report. They all fail with the same PEAP error: 12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate. The ACS local certificate works fine at three sites--just not at the fourth. Is my problem the certificate or is it an 802.1X client problem?
View 4 Replies
View Related
Apr 11, 2013
I have a cisco AP1242AG-A-K9, I would like to set it up to connect to a proxy server inside of the US. Does any know if this is possible?
I would like my IP Adress through the router to be a IP Address based in the states, thus the proxy server would achieve that. I can do this on my PC, but I would like my router to do it, then all the devices on the network to do that.
View 2 Replies
View Related
May 16, 2012
I have a DHCP server on a WLAN that does not support Cisco's native proxy mode. I need to use DHCP bridge mode for that WLAN only.
How do I disable DHCP Proxy and switch to DHCP bridge mode for one WLAN ?
View 1 Replies
View Related
Jan 4, 2013
im moving over to VDSL.But now i cant open any ports on the E4200 no mather what i do.It worked with the previous modem, but now i cant open anything. all the ports seems to be closes, 80, 21 etc, and the ports i manually forrward.The previous modem was a ZyXEL P-2602HWT-F3, and the new one is a ZyXEL P-2812HNU-F3.If i connect directly into the ZyXEL P-2812HNU-F3, every ports seems to be open, port 80 is open, port 21 is open, but not on the E4200, and yes, i have tried open the FTP ports.I have tried the 30/30/30 reset on the E4200.
View 6 Replies
View Related
Feb 22, 2013
Region : China
Model : TL-WR740N
Hardware Version : V1
Firmware Version :
ISP :
tried to run the easy setup assistant but failed the connection test. The WLAN indicator did not flash or light up, don't know if that is the problem.
Have checked the cables and they are working fine. As this router is 3 yrs old, should I get a new one? Does it appear to be a hardware problem?
View 7 Replies
View Related
Dec 4, 2012
I purchased 3 AE2500s to connect 3 machines in my house.2 of the machines it works great. However on the 3rd machine, when I start browsing around (2.4Ghz or 5Ghz), things start going wonky and then the device basically loses connection, and the LED indicator starts flashing consistently indefinitely (with no connection).Removing and reconnecting the USB device will allow me to reconnect to my network and do stuff until it happens again. Speedtests on speedtest.net ALWAYS fail on upload test, I lose connection then.Streaming a movie across the network immediately causes this (exclamation mark on network icon) Regular browsing causes it also Checking event logs, I get the following error wlan extensibility module has stopped bcmihvsrv.dll The router is an E4200 I have tested all 3 AE2500s on this single machine, and they all do the same thing.Out of the 3 machines ONLY the one that doesn't work is Windows 7 32bit, the other 2 that do work are Windows 7 64bit Considering the event log is complaining about bcmihvsrv.dll, I know the 64bit version uses bcmihvsrv64.dll, could it be a bug in the 32bit drivers?I have attempted at trying different slots, uninstalling the drivers, removing and disabling any other network components in this single machine, lowering the power output in the advanced options, tried 2.4ghz and 5ghz, tried Wireless G only and then Wireless N only...
View 9 Replies
View Related
Sep 23, 2011
Use wireless router and can connect to internet on laptop. When trying with PC (windows xp software), I can't connect. Ran diagnostic, result: Your computer appears to be correctly configured, but the device or resource (web proxy) is not responding.
View 1 Replies
View Related
Jun 11, 2012
I have a new Dell Inspiron 14Z (purchased in February), it has been running great until recently, the internet connection (wireless) completely stopped working.When I try to connect through Internet Explorer, it says Internet Explorer cannot display the webpage. I Diagnose Connection Problems, and this is what I get:"Windows could not automatically detect this network's proxy settings." On Chrome, I got a long list of things to do (check DNS settings, LAN Network, etc. have tried every and all checked/unchecked box they advise.) This error shows up:Error 105 (net:: ERR_NAME_NOT_RESOLVED): The server could not be found. However, I accidentally uninstalled Chrome trying to fix this problem, so Internet Explorer is all I have.It's been about 2-3 weeks with no internet. Have tried connecting to 5+ different networks (Home- AT&T U-verse, University of Texas Network, restaurants, etc)tried restarting my computer, setting my LAN settings back to normal, and it still won't work. Other computers work on all of the networks I've tried, it's just mine that wont. [code]
View 13 Replies
View Related
Jul 2, 2012
While configuring a 5500 wireless controller, i came across this option of DHCP proxy under Advanced tab of Controller Option.It asks for the dhcp option 82 remote id format & the dhcp timeout.
1. What is the significance of this & when do we use it?
2. Also, under each wlan ssid that we create, there is an option of dhcp address required under the advanced tab. Do we need to use this option, if we are defining a normal dhcp pool in our controller for that ssid.
View 3 Replies
View Related
Mar 20, 2013
How to disable dhcp proxy on controller and what is the impact of doing it in the middle? We tried once by giving 'config dhcp proxy disable' command but seeing virtual ip again.(likely it gets back to proxy mode). We also have ip helper address on the L3 interface. We have only external dhcp servers configured..
View 5 Replies
View Related
May 13, 2013
Region : Others
Model : TL-WDR4300
Hardware Version : V1
Firmware Version :
wdr3500 problem with usb external hard drive when I try to transfer files from computer to usb on the router it'll work for small files like MP3. But files like MKV where they can be 1-2gb will cause a disconnect and fail to transfer the file. The whole drive would disconnect and windows will give an I/O error.
View 8 Replies
View Related
Sep 1, 2011
I can connect via to E4200 with old laptop via G. Great signal and speed (54mps).No such luck on same machine with AE2500(G adapter disabled). Can't find any but one network(neighbors).CD software can't find adapter.I install the adpter manually using normal xp device discovery steps.Seems like there is quite a few AE2500 issues. Should I ask for RMA return? No point in wasting more time in trying to fix Cisco's tech issue.
View 4 Replies
View Related
Jan 4, 2011
laptop message says cant detect proxy settings
View 5 Replies
View Related
Feb 23, 2011
I am having wireless modem to connect the internet of BSNL, I Want to connect internet by wireless lan to another pc
proxy settings for connection
View 1 Replies
View Related
