Cisco Wireless :: Aironet 2600 / WLC With Authentication Against Two Separate Active Directories?

Feb 22, 2013

I am evaluating a Cisco wireless solution for our building. The building is occupied by two separate but related companies, which share some basic network infrastructure (some switches, an Internet connection, a DMZ environment), but which have two completely separate "Windows networks" with separate Active Directories. Each of these two networks are placed behind separate Microsoft TMG firewalls, each of whose external NIC are connected to the same DMZ network.
 
a) Acquire a set of Aironet 2600 APs and a controller, b) establish a BYOD SSID to be share between the two companies and guests, connected to the shared DMZ network, c) establish two additional separate SSIDs - one for each company’s staff, each authenticating against the appropriate AD-environment (incidentally, one is a straight Windows Server 2008 R2 environment with a TMG 2010 firewall and the other uses Windows Essential Business Server, so based on Window Server 2008).
 
Is that even possible with a single WLC?We are on 3 floors and about 60 people total. I am thinking that we can make do with 5 or 6 APs. Without having looked into it much, the 2500 controller looks good. Agree?

View 2 Replies


ADVERTISEMENT

Cisco Wireless :: Only 5.5 Mbit With Aironet 2600 AP

Apr 16, 2013

we have some (2) HP Notebooks with a Broadcon 4313 b/g/n WLAN Chip and use the latest drivers (2012). This Chip can provide up to 72 mbit/s with 2,4 ghz.
 
If we connect this notebooks to a Aironet 2600 AP (10 feet distance) the Windows 7 WLAN Dialog shows 72 Mbit/s for 3 seconds and than only 5.5 Mbit. Others (newer) Laptops show 450 Mbit. The WLAN works with WPA2/AES and PSK. The speed doesn't go up, if we copy a big file to the laptop.
 
Here is the Linktest from the AP to Client (from the WLC 2504 Webinterface):

View 12 Replies View Related

Cisco Wireless :: Does Aironet Autonomous 2600 Support WDS

Mar 20, 2013

Does Aironet Autonomous/Standalone 2602 support WDS (Wireless Domain Service)?
 
I noticed that Aironet Controller-based 2602 does not support WDS.  I would like to use 1242AG series but it will be going EOS soon.

View 3 Replies View Related

Cisco Wireless :: Aironet 2600 In Standalone Mode

Feb 18, 2013

I have to set up the AP in a standalone mode to support voice and data traffic through the wireless network. for this, i was trying to look for the config guide so i know how to go about it, but all the doc was refering to controller based setup. i followed this link URL

I have never worked on wireless in a standalone mode, so this is the first time i will be doing it.

View 22 Replies View Related

Cisco Wireless :: Aironet 2600 Series AP AIR-CAP2602E To Autonomous

Jan 27, 2013

I purchased the AP wrongly, instead of getting the "Standalone/Autonomous" (AIR-SAP2602E) version but I purchased the controller-based version (AIR-CAP2602E); my question is can I use "ap3g2-k9w7-tar.152-2.JB.tar" too flash it to a "Standalone/Autonomous" version?

View 21 Replies View Related

Cisco Wireless :: Aironet 2600 And 3600 / Determining AP Coverage

Feb 4, 2013

Aironet 2600 and 3600 series. I need to know their maximum distance (at least theoretically, in Line of sight, eliminating all other factors...) in order to choose the right number of AP to provide enough coverage for a specific area. If an exact number is not available then can you show me how to determine it?

View 8 Replies View Related

Cisco Wireless :: Setting Up Aironet 2600 APs With 2504 Controller

Mar 19, 2013

I've recently purchased a 2504 Wireless controller, and I have 10 2600 APs to deploy.  I think I've set up the wireless controller OK - there doesn't seem to be much that needs to be done!  But I just can't seem to register an AP onto the system.

Just to briefly outline what I have done, I have connected to the Wireless Controller via terminal emulator and run through the setup, then I have connected OK to the web interface, and I am able to view and amend the controller's configuration.  So I have setup a WLAN and thats about it.

Next up I have powered on one of my 2600 APs, and I am able to view it working via terminal emulator again.  But I am seeing it continually running the same routine to connect to a controller, and all the time it just fails.  Below is what I am seeing.
 
One thing that I am unsure about is that I am unable to connect to the AP config pages via web browser, using the IP 192.168.0.97 (although it does ping okay).  Is that odd?
 
And the main question - why doesn't the AP connect to the wireless controller?  Do the APs need to be authroized on the controller first?  If I check the controller's web interface, under Monitor - Statistics - AP Join, I can see the AP listed with Status "Not Joined" but I don't know what I need to do to make it join!
 
*Mar  1 02:28:54.579: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.*Mar  1 02:28:57.583: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.*Mar  1 02:28:57.651: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.0.97, mask 255.255.255.0, hostname APb0fa.eb56.5abf(code)

View 12 Replies View Related

Cisco Wireless :: DHCP Error With WLC 2504 And Aironet 2600 Setup Across Subnets

Apr 2, 2013

I have just setup a new WLC 2504 controller to manage a WiFi service that will span 6 geographic locations.  The local networks at each location are on different subnets (all 192.168.x.x) and are linked up via IPSEC VPN links, and there is Active Directory spanning the sites, with DNS and DHCP servers running at each location.
 
I tested the WLC at our main office with a single AP, and it worked fine.  The AP set itself up, and wireless devices connect with no probs. Great!  Yesterday I headed out to one of our remote sites, and connected an AP to their network - and that seemed to work fine too.  Within a few minutes I was able to see the WiFi network I'd setup, and my smartphone connected to it straight away (as I'd rpeviously connected at the main office), so I was pretty happy that all was working well.
 
This morning however I've had notification that wifi performance at the remote site isn't great.  I've got someone to check their ip address, and I've found that their IP address and default gateway match the LAN at the main office where the WLC is based - NOT the LAN where the wireless client is.  Obvioulsy this is not ideal!
 
(I guess I HAVE done something wrong!?).  And how can I get wireless clients at remote sites to pick up an IP from the DHCP server at THEIR site?

View 3 Replies View Related

Can RDP Be Active While A Separate VPN Activate

May 19, 2011

Sometimes I need to administer the server, but always need to VPN. Can RDP be active while a separate VPN is active?

View 3 Replies View Related

Cisco Wireless :: 1240AGs Active Directory Authentication Without WLSE?

Feb 28, 2013

I current have a network setup with five 1240AG access points. One is configured as a WDS. I also have a WLSE appliance. I have IAS configured on a domain controller running Cisco Secure ACS Agent. My setup works and my clients can authenticate with certificates to Active Directory. My problem is that I need to take my WLSE out of the mix - it is old and failing. I cannot afford a replacement. I know that in order to use WDS, I have to have a WLSE.
 
So my question is this. If I configure my APs so that do not participate in SWAN, and leave them setup to use EAP and point to my Windows IAS for RADIUS, running Cisco Secure Agent, will they be able to authenticate still.
 
To be honest, I set this up a long time ago and I cannot remember if the WLSE is required for domain authentication. I know if offered Domain Authentication and I have my Windows Server setup in there. So I am not sure if my APs can authenticate directly to the Windows Server without it.

View 4 Replies View Related

Cisco Wireless :: Radius Authentication With Aironet 1140?

Mar 28, 2012

I try to setup a 1141 aironet AP to authenticate my user through our Ms Radius Server ( Win 2008 R2).Everything is fine with small Bussiness AP WAP4410N with the following configuration:But I can't setup successfully the aironet 1141 with the same settings and getting it works.Here is my configuration for the Aironet 1141 Vlan 1 is the ssid I want to get it work with Radius.  

View 1 Replies View Related

Cisco :: Wireless Authentication Without Encryption Aironet 1200

Aug 14, 2011

Is there a way to configure client/user to AP authentication without using encryption for joining to an wireless network? What we need to do here is protect network access at our hotspots by enforcing a password to get connected. The other part is making it compatible with every possible device so we need to have encryption off. We have a mixed environment at this time until everything is upgraded. Aironet 1200 series and some new Aironet 1142 models. No controller, all standand alone AP's

View 2 Replies View Related

Cisco Wireless :: How To Set Up User Authentication On Aironet 1200

Jan 22, 2013

I would like to be able to have a few "guest" users on the Wireless network for visitors. Is there any method to have a prompt for "Username / password"? I would like the user accounts to have different expiry periods if this is possible. My current config is attached. The SSID "test" appears on the network. The SSID "test111" does not appear.

View 1 Replies View Related

Cisco Wireless :: Aironet 1142 With EAP Authentication But Why WEP For Encryption

Sep 14, 2012

I'm using the Express Security Set-up tab to configure an Aironet 1142 (stand-alone) access point with EAP.
 
Objective is to make it a RADIUS client and have laptops authenticate through this access point to a Windows 2008 NPS (Network Policy Server) using computer (machine) certificates - EAP-TLS.
 
When I select "EAP Authentication" under the "SSID Configuration" I was literally floored to see mention of WEP encryption (a security joke) and no possibility to prefer some variant of WPA (well, apparently not with EAP).
 
WPA2-Enterprise is what I've selected for "Authentication" and "AES" for encryption in Group Policy (so the laptop clients automatically connect to the access point).

WEP? I bought a Aironet 1142 access point for WEP encryption? How can I configure this securely?
 
These are currently configured settings as displayed under the "SSID Table" heading:
 
SSID - "MYSSID"
VLAN - none
Encryption - WEP Mandatory !!!

[Code].....

View 6 Replies View Related

Cisco Wireless :: Aironet 1240AG Error - Previous Authentication No Longer Valid

May 8, 2007

I am an IT professional that is installing my first extended range wireless AP in my companies warehouse. I am very excited!
 
Now I have set up many a linksys and repeater wireless networks, so when I was looking into the Aironet 1240AG I thought ?No Problem!?
 
And at first, it is not!
 
I have the AP and antenna set up here in my office before I take it out and mount it in the warehouse. And I can get connected to it, no security for now, no filters, I just want to connect and make it work.
 
I stay connected for maybe 3 minutes, I can get to the internet, I can ping all my servers. Full connectivity. But then for no reason the connection fails and I cannot reconnect.
 
The error I get in the log is
 
Interface Dot11Radio0, Deauthenticating Station 0006.2510.bbe3 Reason: Previous authentication no longer valid
 
So strange! So I have reset the AP to factory defaults and then set the SSID, and I can connect, again for a second, then nothing.
 
I have tried with multiple wireless cards, even laptops. Thinking maybe the problem was on the computer side.

View 12 Replies View Related

Linksys Wireless Router :: E2500 Won't Share Directories Or Files

May 4, 2013

I replaced a WRT54G with an E2500. The wired PC is running XP SP3, the wireless PCs are (1) Win 7 and (1) XP SP3. Print sharing works fine, but all file shares on the "host" PC are failing. I ran "net share" and turned off all shared directories on the "host" and the same on the wireless PCs, then rebooted all. The Win7 PC sees the single directory I set up to share, but when I try to open it, I get a message that the directory is inaccessible (possibly because of permissions) and that "There is not enough server storage available to process the command".Wireless XP PC gives the same error, but can access the printer, and sees the directory share on the "host".

View 2 Replies View Related

Cisco :: Active Directory Authentication Failing?

Feb 16, 2012

I am not sure why but when I try to connect with my IPSEC VPN client, authentications are failing. The ldap test passes on the ASA but when I try to login, the VPN client gives me authentication failure even though debugs show authentication was successful.User 'test1' should be able to authenticate based on group membership.User 'test2' shouldn't be able to.I already removed the attribute-map to see if that was the problem but I am still failing authentication.

View 9 Replies View Related

Cisco :: Authentication With Aironet 1140

Aug 2, 2011

I've set up a Cisco Aironet 1301 AP to be used for a guest network. I've got several other of the Aironet 1140-series around the business but none of them are in reach of this one at the moment.
 
The problem I have is that clients that try to connect to the AP are either not able to connect at all or lose their connection after some seconds. The config is more or less copied from the other APs with the same guest VLAN.

View 2 Replies View Related

Cisco :: WLC 5508 - EAP-FAST With Authentication To Active Directory

May 10, 2011

I need to configure EAP-FAST without certificate and authenticate to the corporate Microsoft AD database, Do I need a Cisco ACS server in the middle to forward the authentication to the AD? Or I can do the authentication to the AD directly? I am using a WLC5508.

View 6 Replies View Related

Cisco :: Aironet 1260 Authentication Server

Sep 13, 2012

I have 3 Aironet 1260's with the same SSID and set with Open Authentication with MAC Authentication. Can I designate one of the 1260's as the MAC Authentication Server? I have all 3 now working with MAC Address Authenticated ty Local List Only and have to put the new MAC address in all 3.

View 3 Replies View Related

Cisco :: WLC 5508 Active Directory / LDAP Integration For Authentication?

May 18, 2011

I am deploying Redundant WLC 5508 with 4 VLANs and 4 SSIDs Match to it, Everything works Fine, now i need to do the below:
 
1. I need All Wireless Users need to authenticated with Existing Active Directory/LDAP

2. I will Create Guest Accounts in my AD , and pass to Guests, Then Guest should only Access Internet except Corporate Resources

2. How can i secure my Voice VLAN for Wireless Phones. I want only WIreless Phones to Connect to Voice VLAN.No internet Access on Voice VLan

View 4 Replies View Related

Cisco :: WAP Personal Authentication Of Aironet 1140 Not Work

Jun 3, 2012

I have a Cisco Aironet 1140 with ENABLED broadcasting SSID, encryption is WPA2(personal). Ubuntu 12.04 and Windows 7 are authenticated, but MACBooks never be authenticated. Any specific configuration for MAC books?

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 RADIUS Authentication Failing / Active Directory Agent

Mar 3, 2012

I'm somewhat new to ACS and am trying to complete a migration from 4 to 5.3.Currently, I've got ACS joined to my (2003) domain, and it shows status connected (although the test connect fails). I have aaa working without issue for TACACS, but all RADIUS authentication is currently failing. Logs show the message below:  "24401 could not establish connection with acs active directory agent"I'm not seeing anything telling in the logs on the domain controllers.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: WLC 7.4 / ISE Authentication Via Active Directory Based On SSID And AD Group?

Apr 15, 2013

I am deploying ISE with WLC 7.4. I have two SSID(s) running in my network 1. Corporate & 2. Services. I have a domain setup lets say "AD.com" with 4 groups 1. Corporate, 2. Services, 3. Employees, 4. Contractors.Here is an example of the scenario that I want:
 
AD.com Group : Corporate's User : 1. C_USER1
2. C_USER2
3. C_USER3
4. C_USER4
5. C_USER5

[code]....
 
Now what I want to do is have 802.1x authentication on my Corporate SSID that will check in AD.com, ONLY AND in ONLY corporate group for authentication. That is only C_USER1 to C_USER5 are allowed to connect to it. Users from any other AD group shouldnt be authenticated on this SSID.The same for the services group & SSID.

View 2 Replies View Related

Cisco :: Aironet 600 Can Remote LAN Interface Be Configured To Skip Authentication For IP

Feb 3, 2013

On an AIRONET 600 AP (officeExtend) with the remote LAN interface is configured to use 802.1x authentication:If a Cisco IP Phone is connected, 801.x authentication challenges for credentials. The AP does not seem to have a way to detect that this is an IP Phone and to skip the challenge (as Cisco switches/routers would do) Is there any way around this? Can the remote LAN interface be configured to skip authentication for IP Phone and only authenticate PCs etc..?

View 5 Replies View Related

Cannot See Shared Directories From Other Machines

Jun 25, 2011

On my home network, I have several shares on my PC. But I dont seem to be able to even view the shares from other machines. If I put the IP address into an explorer window (\192.168.0.4) on another machine I get the message: "\192.168.0.4 is not accessible. You may not have permission to use this network resouces. contact your network administrator etc etc". So I cannot even bring up a directory list. There are no problems for me connecting to network shares on other machines from this machine that is refusing connections. That has all happened since I reinstalled windows. I reformatted the system partition and since then I cannot get the shares working again (they used to work fine). The shares are in a data partition that was not reformatted. This is really winding me up, as there never used to be a problem, and I cant think of anything else to look into, short of delving into the registry, and I wouldnt know where to look.

View 3 Replies View Related

Cisco Firewall :: ASA 5520s From Active / Standby To Active / Active

Jul 17, 2012

I have a pair of ASA 5520s operating in failover pair as active/standby, having two contexts on them. I am planning to share the load and make it active/active making first context active on the primary unit and second context active on the secondary unit. My question is if this will disrupt any connectivity thru these firewalls when I do "no failover" on the active/standby and assign the contexts to different failover groups and enable the failover back.

View 6 Replies View Related

D-Link DIR-655 :: FTP Software Would Hang / Change Directories On Remote Server

Jun 17, 2011

One of the companies I work for uses a DIR 655 router. I'm having some trouble using FTP there.Initially the problem was that FTP software would hang or give errors when trying to change directories on the remote server. This problem went away when I switched from passive FTP to Active FTP.Now using Active FTP, the files appear to be uploaded with no problem. However, on closer inspection, the uploaded file has 0 bytes on the remote server.

We are uploading from a Windows 7 machine and uploading to our Web Hosting Company's Windows Server. I've actually written the one piece of software that is showing this problem but it uses a widely known open-source FTP library written in .NET. I've never encountered either of these problems with my software until I encountered the DIR-655.The other FTP software client I've tried is FileZilla. It has the same problem, 0 bytes files when using Active FTP.

One solution I've seen on DSLReports was to disable the Stateful Packet Inspection part of the firewall (known as SPI). This is really not a good solution for two reasons. Number one, I do not have access to the router's firmware/ configuration. Number 2, the company has a DIR-655 because they want the additional security. If we're going to disable SPI it just defeats one of the major purposes of owning the DIR-655.

View 1 Replies View Related

Separate Port 4 Into Separate Vlan?

Jan 16, 2013

My fiance recently signed up for the Screen-wise Panel for Google research. Basically they monitor your TV usage and your internet usage. As part of the program they installed a Cisco WIFI router. I've got no issue with them logging the sites visited etc but I'm a little worried about them possible collecting private information (banking / work related stuff) that I don't want going out there. According to what I've read what's supposed to happen is they replace your router with the new Cisco router.The "technician" who came in and installed the router was actually a builder and not an IT technician and rather than replace our router he connected the Cisco router into port 4 of our router... I wasn't in at the time.

What I was looking to do is separate Port 4 of my router into a separate VLAN that can access the internet, but not access anything on ports 1-3, or the wireless. However, I want to be able to see everything on port 4 from the other side (in other words I want to see "into" the port 4 VLAN, but don't want them to see out). I also wanted DHCP to assign IP addresses correctly depending on where you were plugged in. In this example the first VLAN (your current router ip address) is going to be on 192.168.1.1, and the second VLAN (the new on we create on port 4) is going to be on 192.168.2.1.This is exactly what I'm looking to do, I could then connect the kids machines / tablets / ipods to the Cisco router and have the main machine and my work laptop on the main router... but I don't have a clue how to do it. </quote> Is this something that I am able to do with the Netgear router I own and is it hard to set up?

View 1 Replies View Related

Cisco Firewall :: ASA 5585X Active / Active Failover Group Inter Routing

Mar 20, 2012

I am looking at deploying a pair of 5585X's in an active/active multiple context state.  I am creating Mulitple contexts that need to be able to route to each other.  I was going to deploy a type of Gateway context that has a shared interface to all of the other contexts, instead of sharing interfaces directly between the contexts, i beleive this will work as basically i am just cascadng the contexts and sharing interfaces.
 
The main problem i have come across, is that if i deploy active/active across two appliances using 2 failover groups i can not see a way to route between them, for example. 
 
I have Context 1, Context 2 and Context GW A including the shared interfaces of Con1 and Con2  in failover group 1 on appliance A with the respective standbys on Appliance 2. I have Context 2, Context 4 and Context GW B including the shared interfaces of Con 3 and Con 4 in failover group 2 on appliance B with the respective standbys on Appliance 1.
 
I need to be able to route traffic between Context GW A and GW B so that the contexts can communicate in normal operation and in failover.  I do not beleive that I can share an interface between contexts in two separate failover groups and to be honest without adding a L3 device between the appliances i am not sure if this is possible.

View 9 Replies View Related

Cisco Firewall :: ASA 5510 Configuration Modifications In Active / Active Mode

Dec 17, 2012

I have two ASA 5510s running in Active/Active mode. I need to make config changes on them. How do I go about it? Do I power off the secondary ASA and make the config changes on the primary and then power on the secondary ASA ? Or this another way to do this?

View 3 Replies View Related

Cisco Firewall :: ASA5520 - Active / Active Failover In Multiple Security Contexts With Dual ISP?

Jun 1, 2011

I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?

View 1 Replies View Related

Cisco Switching/Routing :: 6509 Series Switches Support VSS Active-Active Chassis

Feb 7, 2012

The 6509 Series Switches support the scenario VSS Active-Active Chassis, I would like to setup both switch's as one virtual switch but working at the same time, not with Active - Stand By Chassis.
 
My plans it to create PortChannel accross both Switches 6509 in order to have 2 links one connected to one slot/switch and the other connected to slot/switch in the second 6509 for servers redundancy.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved