Cisco Wireless :: 5508 Slow Roaming Or Re-authentication If There Is A Connection Error
Apr 29, 2013
I have a device manufacture there are requesting the following change on a customer's WLC 5508.
-config advanced eap identity-request-timeout 60
-config advanced eap request-timeout 60
I have studied many guides but I can't find out if there is a down-side to setting the timeout this high.Could it result in slow roaming or re-authentication if there is a connection error? The customer have large areas with high client density and some outdoor areas with low client density.
View 3 Replies
ADVERTISEMENT
Nov 27, 2011
I have two 5508, no anchor, only one SSID with internal web authentication using radius server.Under "Configuring Mobility Groups", Cisco guide says: "If a client roams in web authentication state, the client is considered as a new client on another controller instead of considering it as a mobile client".
I understand that if a client that has already autheticated via web roams between two LAPs that are associated with different WLCs, it has to reathenticate.
View 6 Replies
View Related
Dec 9, 2012
i have a problem with 1552E to register with 5508 WLC, and always got "AAA authentication error” in the WLC log, while AAA is not enabled. so my question is , do i need to add the MAC address to the WLC MAC filter list even if i not enable the AAA server in the WLC.
View 9 Replies
View Related
Apr 29, 2011
I installed NGS 2.0.2 for wireless guest user management and authentication. I implement webauth via webauth page on wlc deployed.One Branch with a WLC5508 version 7.0 wireless anchor controller is working on the NGS.But now I integrate next branch with WLC4402 version 6.0.188 and the authentication of users at the new branch gets an error, wrong user/password.
I double checked configuration and user/password but I can't find any configuration error. Also stopping and starting of radius service and reboot of NGS still does not work. I tried to debug the radius via web interface and watched for the loggfile and there is still a reject.I also tried the freeradius command radiusd -X but I got an error when starting the radiusd -X.
1.) How can I figure out, if I will get the correct password from my WLC ? Are there any debug options to see more ? e.g. some cli commands, radiustest utilities or how to get the received password from the chap challenge of the debug ?
2.) I have appended a part from my radius loggfile. How can I find the detailed error in the radius log file? Is it correct that the password in the debug file is empty ? raiuds logg line "[radius-user-auth] expand: %{User-Password} -> "
View 3 Replies
View Related
Aug 2, 2012
I have three Autonomous AP´s in a small office running voice applications, all of them are connected to the same infrastructure switch and they have same configuration, voice Vlan is configure to open authentication. I have two models of AP 1252 and 1262 and I paste Radio configuration below.
First issue: During calls users are facing problems when roaming between AP´s, and eventually calls are dropped.
Second issue: Sometimes one of these AP´s(1252) lose all transmit signal and when return I got authentication error on log.
View 4 Replies
View Related
Jul 21, 2011
I have more different client networks with one ssid, when a client is in another network gets an ip it still from the old network.
How can I to the wlc change this so he gets one right address. I have a Cisco WLC 5508 and 1262/1252 Access point
View 6 Replies
View Related
Feb 12, 2013
I have an issue where I have an AP in one room and another in another.When I walk from one room to the other, I lose signal but manages to see the SSID and join.But, I cannot seem to surf the Internet, I have to manually disconnect and reconnect. Normal wireless routers I reconnect seamlessly without any manual disconnect & reconnect.Currently using cisco 5508 and ap2600.
View 8 Replies
View Related
Apr 7, 2011
Currently have a 5508 in the lab and testing 4 AP's with it. Eventually there will be 18 AP's spread thru out different floor in our building.
So far access is working fine using WPA, 802.1x and the client configured to use windows logon credentials..But it doesn't seem to automatically transfer between access points.
View 1 Replies
View Related
May 27, 2013
I am having some troubles with client roaming on a 5508 controller running firmware 7.3.101.0. As soon as a client roams outside the range of an AP they lose data flow and do not seem to transition to another AP for about 1 minute.This is a small network with 6 x AIRCAP3502E-N-K9 AP's (running in H-REAP mode) on the same floor and clients are a mix of HP notebooks, Mac Books, iMacs, iPads and iPhones. There are several seperate SSID's setup and the problem occurs on all. All are WPA2/AES with either a PSK or 802.1X. Both 2.4GHz and 5GHz radios are enabled with auto power and channel selection.
I have tried changing the roaming settings from default and also playing with the AP power settings to no avail.Is this normal behaviour or is there something I can do to improve the reconnection speed?
View 11 Replies
View Related
May 22, 2012
I am running a WiFi network built on Cisco 1262 APs and Cisco WLC 5508. My APs broadcast two SSIDs, let call them "WiFi_Pay" and "WiFi_Free". I have a problem: when users migrate from "WiFi_Pay" to "WiFi_Free" (not moving, connecting to the same AP), the connection fails. If they try for second time, it is always successful. My task is to ensure that such migrations run smoothly and be successful from the first attempt.
View 2 Replies
View Related
Jun 3, 2013
Since two months they work full time with the new Dutch Electronic Patient Dossier.We installed 3 Cisco 5508 controllers, version 7.0.230.0 last year on a HP-switched network on a layer 2 mobility domain.Cisco 1041 AP are
The personnel works woth thin clients url... The one with the double antenna.This client has a Broadcom BCM943228HM4L 802.11 a.b.g.n (2x2) adapter.
On the client they have a connected RDP session to a server with the documents.Now they are walking from one patient to another patient. The problem they experience is a very late roaming. At the beginning of the corridor, the client will associate, but is going to roam at the end of the corridor. We installed 4 AP's on each corridor, so they signal is very well, maybe to well?
I disabled client loadbalancing and band select.The lowest data rates are also disabled. Mandatory begins at 12 Mbps. I can increase this to 18 Mbps.These clients work with PSK, with both methods (WPA-TKIP and WPA2-AES) enabled.We did this because of many old and new clients.
The customer tried to find out the problem with a smartphone, same issue. Very late roaming.I can upgrade the WLC to 7.0.240.0. The only problem I have is the WCS. When upgrading to 7.2 and higher I need to have NCS.
View 1 Replies
View Related
Feb 23, 2012
We have standart wireless deployment with 24 APs (1240G model) and wireless controller 4402-25 placed on same site.Most of clients (WMS RF terminals ) works with one WLAN (WPA2-PSK) and constantly roam over warehouse , and that works great.
But for better survivability(when controller dies) we are trying to configure HREAP on our APs with local swicthed local auth WLAN. And that also work , but client roaming occur much more slowly and RDP connection to WMS APP server sometimes stuck for 2-5 sec.Disabling "local switching" checkbox for WLAN make roaming almost momental.
And slow roaming are price for controllerless HREAP design ? And for fast roaming and survivability we must use N+1 wlc?
View 3 Replies
View Related
Jun 26, 2012
Is there any additional configuration to be done on the 5508 WLC for Wireless Laptop / Voice Roaming? I tested with Wireless IP Phone and found some blankness in voice , whereas i have other access point nearby , which wasn't switching over easily .
View 3 Replies
View Related
Apr 23, 2012
I'm trying to figure out if it is possible to configure in one site a wireless setup that goes like this:
One WLC (5508), multiple LAP's in H-REAP mode.
AP's will be splitted in multiple VLAN's belonging to different departments but with the same SSID.Each VLAN will have it's own DHCP scope. All AP's are located in the same site and I need to know if it is possible to roam between AP's that belong to different departments?
View 3 Replies
View Related
Feb 14, 2012
We recently did a forklift upgrade on our campus and installed 3502i's, 3502e's, and 11 5508 WLC's. Our students are complaining about slow connections in several areas of the campus.In our testing and basic trouble shooting our Apple laptops have no problems but our windows laptops are showing a very slow connection rates 264kbps downloand and 366kbps upload. The window device has current drivers installed.
View 14 Replies
View Related
Mar 12, 2013
We've recently boughten new equipment to upgrade/replace some of our aging wireless hardware. We're moving to a pair of 5508 controllers and changing over to ACS 5.4. Currently we're just doing MAC filtering with ACS 4.2 and local users. I'd like to move most of our SSIDs to some type of AD authentication. Are there any all encompassing guides that layout the design behind that? So far I haven't had much luck finding one!
Also, would it be possible to maintain some of the local ACS users/MAC filtering? We have some mechanical equipment that connects to our network (separate SSID) but cannot join a domain.
View 5 Replies
View Related
Jan 7, 2013
I having some troubles with Web Authentication in a WLC 5508 version 7.2 to make authentication with the corporative phones, ANDROID GingerBread 2.3.6 model SAMSUNG GT-S7500L. When I try to connect to the VisitorsWirelessLAN in order to authenticate with web authentication the page never comes, in fact the phone never gets the IP. I have an iPhone and I have not problems, I have a Samsung Galaxy S2 with ICS 4.0.1 and works perfect, is only with gingerbread
View 2 Replies
View Related
Aug 3, 2011
I've set up several local network users (Security > Local Net Users) on the WLC (5508 running 7.0.98.0). Whenever I try to connect with one of these user accounts (I'm testing this out for now), the attempt is unsuccessful and I see an "AAA Authentication Failure for UserName: xxxxxxx User Type: WLAN USER" in the Trap Log. I thought that after trying to authenticate through a RADIUS server, the local user database would be polled and then a user account in that database would be able to authenticate.
View 1 Replies
View Related
Jun 9, 2012
Can we configure the wireless controller 5508 to authenticate the clients using both of MAC address Filtering (layer 2 security) and Web authentication (layer 3 security). and what is the difference between (Web policy --> authentication) and (Web policy --> on MAC filter failure)
View 6 Replies
View Related
Sep 11, 2012
We just got a new 5508 wireless controller and the question we have is : can we get wireless users to authenticate to an Active Directory server to get access to the network? I know we can get the authentication done with an RSA server, but what about plain AD?
View 9 Replies
View Related
May 9, 2012
We are using WLC-5508 in our corporate. For authenication we have implemented ACS with LDAP configured as external user database. We can able to get authenicated for Web based authenication. When it is configured for EAP-FAST, authenitication is not happening.
View 3 Replies
View Related
Jul 18, 2012
From what I've read, it doesn't seem possible to use Web Authentication and obtain encryption unless using a Radius server.
I have a client asking for web auth, encryption, and ldap connection to their AD servers.
View 4 Replies
View Related
Mar 18, 2013
I'm working on a project where a wi-fi client is tracked and located using RADIUS authentication requests. The problem I'm running into is that the WLC (5508) sends an RADIUS authentication request to my freeradiusd, which is ok so far, but if the client roams to another accesspoint (3602AG, 1131AG, 1252AG), the WLC does not send a further RADIUS auth. request - and the client is allowed to connect to the next ap.Is there an option like RADIUS-cache which I can disable, so that the WLC sends everytime an authentication request when a client tries to connect to an ap or roams from one ap to another one?
View 4 Replies
View Related
Feb 16, 2012
I am setting up a WIFI network with a Cisco 5508 controller. I want to configure a first WIFI network (WIFI1) that will authenticate my business laptop based on the AD computer accounts and will access my corporate network.I want to setup a second WIFI network (WIFI2) that will authenticate my phones and tablets devices with AD user accounts and will be on a separate vlan with only access to the Internet.I created 2 policies on the Radius server : one that authenticate computers coming from wireless and a second one authenticating users coming from wireless.
if a user manually creates the WIFI1 network on his phone and enter his AD username, he is going to have access to the corporate network. I would like to be able to say that when a request is coming from WIFI1, only the policy for authenticating wireless devices with computer accounts will apply and the second policy authenticating user wouldn't apply.
View 1 Replies
View Related
Aug 15, 2012
I have to WLC's a 4402 and 5508 in a mobilty group. they are both running 7.0.116.0. They are configured to use Web Authentication. We are having complaints that Users are having to re-authenticate when moving around the office. My theory is they are moving from one WLC to the other and then requiring to re-authenticate.
View 5 Replies
View Related
Jan 15, 2013
I have looked through the forum and think that I have found the answer to my question but I just need confirmation of my thoughts. We are using a 5508 W LAN controller running software ver 7.2.110.0 and LAP 1142n AP's.
What I would like to do is to configure multiple guest W LAN for each of our regional offices. Each of these W LAN needs to be configured with a Web Authentication page relevant to the office location. My question is this, can I have a Web Authentication page for each location or just 2, the default internal page and 1 customized page?
View 4 Replies
View Related
Dec 19, 2012
When I get the web authentication dialog from 1.1.1.1 it starts of with a certificate error. Is there a way to prevent this certificate error while using the self signed certificate? I have not been successful installing certificates on my WLC - problems with OpenSSL and others. Want to get this deployed but don't want users to have to encouter that error.
View 1 Replies
View Related
Oct 19, 2011
I have a problem with a customer of mine. We have deployed two new WLC5508 running r7.0.116.0 and AP1142s, also WCS with r7.0.172. When we setup a "Guest Access" we ran into trouble.The problem is that we can associate to the SSID/AP and get an ip-adress. When we open the web- browser we do not get redirected to the virtual interface but instead the _hostname_ of the WLC. Like this: url...
I we manually replace "cisco6a19c4" with 1.1.1.1 it works as it should, the login page appears, we login and can access the internet.We have tested and disabled web-auth on the ssid an everything works, we can directly go out on the internet, DNS works without any problems. [code]Guest network (VLAN) is transfered from WLC via the trunk to the Cat4503 and then connected on a access-port to a separate broadband-router, then to the inetrnet.DHCP to guest-users from separate broadband-router which is def gwy and "DNS".On the virtual interfaces no hostname is configured.
View 6 Replies
View Related
Sep 3, 2012
I am planning to migrate from an old 4400 to a new 5508. I am happy with migrating the access points but I need to know if I can migrate the web authentication certificate used for guests.The new WLC will have the same virtual interface and DNS name to match the CN on the current certificate. Will this work or will I need a new certificate?
View 2 Replies
View Related
Aug 28, 2012
My customer wants to have mapping of WLAN SSID with different authentication protocol as show below .
1: EMP-M for Mschap
2: EMP-G for Peap GTC
3: EMP-T for TLS
For example EMP-M SSID users should be connected with only PEAP(MSCHAPv2) and not on other methods like PEAP-GTC/EAP-TLS .
customer is currently having WLC 5508 and using ISE for AAA . Any tip how we can do the above requirement through WLC .
View 4 Replies
View Related
Mar 27, 2012
Should I trunk the port to the AP or not. I have a WLC 5508 in the head office and have AP in the remote office. I do not want traffic in the remote office to traverse the wan back to the WLC. I want the users at the remote office to use the local sub net at the remote site.
Should I then trunk the AP port on the switch to the AP as I have multiple ssid's with different sub nets?
View 3 Replies
View Related
Jan 29, 2013
I have been noticing in my trap logs that there are an excessive amount of Client Association/Authentication Failures. I cannot figure out why. I have a Cisco 5508 WLC with 81 AP's (1131ag, 1142abgn, 1262N) models. The wireless devices are on a Windows Domain and use 802.1x EAP authentication, authenticating the user and computer info with a RADIUS Server. I look at the logs and all it can tell me is Reason:Unspecified ReasonCode:1. I read that the Reason Code is due to "Client associated but no longer authorized" but to be honest I am not sure what that means.
View 9 Replies
View Related
Jan 25, 2013
Installed a new 5508 WLC last week, and finished bringing 68 new 3602i access points online in our College Dorms. We are seeing a lot of "Client De-authenticated" errors "Reason: Unspecified Reason: Code 1. Years ago I asked about error code 1. The reply from Cisco was: "The programers put the code in. It basically means we don't know what the problem is."Got a call from one of the dorms stating that students were getting knocked off the network while going to sites. If a student is wired, network is solid.Walked the dorm in question and was getting full bars of signals at all times, and was able to stream a movie from my Ultraviolet account without any break or slowdown as I moved from access point to access point. So.. my device, an iPad, was fully mobile and did not experience any disconnects.Did observe one student using a MacBook Pro. This student was constantly loosing connection to the access point. Checked the controller for the MAC of the student's computer. I did find deauthentication errors. BUT... this student's error was the computer was receiving an IP address from the DHCP that was already in use. At the computer the error message was a timeout issue.I am just learning the ropes on the 5508. Have used 3 4404s for the past six years.
View 2 Replies
View Related
