Cisco Wireless :: Aironet 1040 IP And Splash Page Redirecting
Mar 11, 2013
I am trying to create a welcome screen for people who join the guest network on my aironet 1040.Webpage pass-through is really what I want but I know that doesn't work on a 1040.What does: IP redirect, Conditional Web redirect or Splashpage redirect?
At present I have a WLC5508 as a guest anchor in a DMZ and a web-auth passthrough WLAN configured. There is a custom web bundle providing a terms and conditions page.
We want to start to capture the minimum data from a user that logs onto the guest wireless ( email address ) and would like to use the check email function on the controller - BUT - at the same time move from using the web bundle locally hosted splashpage on the controller to an external web server provided splashpage / walled garden.
From my understanding not sure that this is possible as the email check function is only valid in passthrough I think.
I have been racking my brain for a while and cannot figure out why I am not getting 144Mbps out of my Aironet 1040. I was reading a previous thread ([URL]) and set it up exactly like it said. I have set the encryption to Cipher AES CCMP and set the SSID to open authentication. I also set the SSID's key management to enable WPA (WPAv2).
I was reading that WMM has to be set. I have 3 options: Disabled, Legacy, and dot11d. If i chose dot11d I have to put in a coutry code. Problem is there are no options in the country code pull down. I cannot even manually type it in.
Another problem is that cell phones cannot connect. It keeps saying authentication fails in the log.
I am attempting to configure two Aironet 1040 series wireless access points for the first time and am having some difficulty. This office does not have a RADIUS server so I would like to set them up to use WPA2 with a pre-shared key. However just how this is accomplished is not immediately apparent. I have attempted using both the command line interface and the web interface, but I get errors in both places. It doesn't seem like it is all that difficult, we're just talking about a few lines in the configuration file.
This is what I have so far:
Current configuration : 1684 bytes ! version 12.4 no service pad
We are currently using several AP's in our organization. And in this one AP i want to give a user the power to change the password of the wireless network to prevent miss use. I was wondering if it was possible to create an account who only has the privilege to change the WPA key?? I want to prevent that he will accidently change other settings.
we have several AP1040 in the office, but the latter is a Dual Band 2.4 GHz and 5 GHz. And we have problems with all workstations MAC OS X gets a lot of disconnections during the day, the strangest thing is that the OS X community is aware of the problem, and their only recommendation is to buy the external Aironport has better hardware.
On my Accespoint i have 2 vlans: 1 for my wifi phones and 1 for my network.Wifi Lan has the SSID LAN with WPA enterprise authentication to a radius server(ms server 2008).Wifi Phone has SSID PHONE and vlan 50 with local radius authentication.This Works all fine, Except when i enable AP for my wifi phones. When AP is enabled the authentication for my lan doesn’t go to my server but local.How do I configure my accesspoints so that the cisco phones use the local radius server with AP and my windows computers connect using the ms radius server?
I'm working on setting up an Aironet 1040 Wireless Access Point for my company. It's my first time setting up something like this, and I've run into a bit of trouble.
I created my first SSID easily enough, following the manual and guides online. I set up VLAN 1 as my native VLAN and linked it to my SSID with the encryption and security that I was told to use and it works great. However, my boss asked me to set up a second connection as well for guests at the office, and this is where my trouble starts.
I created VLAN 2, and then another SSID which I linked here. I set up encryption and security the same way, and I can see the network when I open up my network and sharing manager. I can connect to the network as well, but I either get a spinning blue icon where my signal strength indicator is or a few bars with a yellow caution sign, and Windows says 'Identifying...'. I've compared the two SSIDs using the console and the GUI and I can't seem to spot any obvious differences between them.
We’re currently using 5508 WLC’s and leveraging Cisco ISE for radius/authentication rule sets.I’m trying to get a splash page to flash and then redirect to a website after a successful authentication to an SSID. Everything on the wireless side works with no splash page (users connect to SSID,authenticate with AD credentials using 802.1X PEAP to our Cisco ISE box, and gain access to the network).When I enable ‘Splash Page Web Redirect’ on the WLC (under L3 security), I’m unclear on the ISE box where I set this up. When I look in the Cisco documention it says:Splash Page Web Redirect—If you select this option, the user is redirected to a particular web page after 802.1X authentication successfully completes. After the redirect, the user has full access to the network. You can specify the splash web page on your RADIUS server. How I specify this on the ISE box? Or am I totally off base?
I have setup load-balancing on an ACE 4710 for HTTP for Sharepoint 2010. The Server Admin says that the IIS server will recognize the right site by DNS name. Problem is I have no clue how to make sure the servers get the DNS name passed to them. They says this is for a multi-homing setup so that we can run multiple sites using the same VIP to the same Serverfarm. How do I do this? I keep getting the IIS splash page since the real server cannot determine the IIS site that I am supposed to access.
I am administrating a wireless network consisting of 11 APs, ASA 5510, WLC 4402 and Router 1760.The network is sharing an internet connection to all guests without charge so I have no need for authorisation of guests.I would like to implement a splash page that would be shown to all clients when they first connect. The splash page is supposed have only the basic information about the provided service and no logon.Is there a way to do this without purchasing an ACS?
Every device I've tried to connect to my WiFi network have no issues connecting at all, except for, as far as I can tell, Samsung Android phones. My sample set is very small, but both a Samsung Galaxy S3 (both before and after custom ROM install) and a stock Samsung Galaxy Nexus.
I've tried setting a vlan up with no encryption and open authentication, and the phones just halt on "connecting". This issue is both on the 2.4Ghz and 5Ghz Radios.
What is working is various computers with both intel and broadcom adapters, a Brother printer, and a Motorola Droid 3 and Motorola Photon Q. I'm starting to think that it's an issue with the radio in the Samsung phones, but the S3 is 5ghz compatible and the Nexus is only 2.4, so they must have different radios. I'm also pretty sure that it's not software on the phones since the S3 had the same problem with stock ROM and CM 10, and the Nexus is Vanilla Google ROM.
I'm waiting to get a chance to upgrade to the new FW for my aironet 1040, and I'm going to fire up an old 1130AG as well as test with an iphone or ipod when I get the chance; I'd just really like to find out what the heck is going on with these samsung phones.
Current configuration : 13969 bytes ! ! Last configuration change at 10:18:26 MST Sun Dec 23 2012 ! NVRAM config last updated at 10:18:26 MST Sun Dec 23 2012
1. I have 1252 & 1142 AP's connected to the Wism (188.8.131.52 code) 2. FWSM I have a 4402 (184.108.40.206 ) appliance connected as my anchor. 3. ACS is ver 4.2
All of my wireless networks function as expected. I see the successful auth in ACS. I just built a new WPA2 network and set it up to use Splash screen redirect. It doesn't seem to matter what I do it just wont work. IE or Mozilla.Test 1 was to drop the users at the wism. There was no splash screen.There was no evidence of my url-redirect in the wireshark trace.Test 2 used the 4402 as my anchor point with the same results. In both cases the client was authenticated and was able to navigate the internet and other duties. The problem is apon opening the broswer there is no redirect.
I'm trying to upload some images for my job but everytime I hit the up load link to get the image loader I get a redirect to [URL]
What does this mean? I know its a router thing because I tried getting the image loader by using the computer directly from the modem and I didn't run into the issue. Do I have to open a port or something cause all I know is the router is on security lock down.
I´m looking to a project where we want to start using Autonomous AP with possibility to change to controller based on near future.
Will Cisco Aironet 1040 Series Access Points allow us to change from IOS to CAPWAP when needed? I read some posts about the oposite process (CAPWAP to IOS) so I think it´s possible on both way. Can some one confirm this to me?
Please find attached a simple BYOD/ISE document I uploaded to kick start my new Wireless setup. Its all configured on my ISE sever and Controller as per doc.My setup:
-3600 AP's -Internal 5508 Controller -DMZ 5508 Controller (acts as a DHCP server for wireless clients)
Controllers have established connectivity (mobility acnhors), as a client I can connect fine to my new SSID get a DHCP IP address back from DMZ WLC and at the moment can connect out to the Internet fine (using no WLAN Security as a test). So this part is working.I have now followed the document configured ISE, enabled AAA on the Internal WLC only and used the AAA override setting on WLAN as in the attached document.I connect to SSID expecting to be redirected to my ISE Guest Portal, nothing happens other than connecting to Internet WebPages.My question is, if I have followed this document correctly why is the Internal WLC not redirecting client requests to ISE, is this because my mobility anchors need to be re-configured, perhaps the AAA/ISE config needs to be applied to my DMZ WLC not internal WLC?
I would prefer the Internal WLC to redirect the login to ISE, doesn't make sense to traverse through the DMZ Firewall onto DMZ WLC back into the Internal Network again to the ISE to authenticate.Or am I missing something additionally to this document to make sure clients are directed to the ISE Guest portal login.
I've tried a few different ways unsuccessfully so thought I'd ask here.I'm trying to forward an outgoing port on a Cisco 800 series router. ie. When a user inside the network connects to the router on port 1234, it opens up the same port on a server on the Internet.
I study at University of Ostrava and currently I am working on my master thesis. Its content is realization of few attacks on network. Now I am trying to implement ICMP redirecting attack by using Intercepter program. Diagram of my netwok you can see on enclosed picture (Schema.jpg). Through Intercepter program I generate packets ICMP redirect (ICMP type 5), which are successfully sent from PC Attacker, but these packets do not arrive to PC Victim and Warshark shows me messages „ Destination Unreachable (Host Unrecheable).“ When I use instead of Cisco switch non Cisco switch (for example: Edimax) or hub, ICMP redirects packets arrive to PC Victim and I can continue in the attack?
SW: Switch is in the defautl setting Cisco Catalyst 2960 IOS: c2960-lanbasek9-mz.122-50.SE3.bin Router: Set only IP address on FastEthernet interfaces Cisco 2801 IOS: 2801-ipbasek9-mz 124.25f.bin