Cisco Wireless :: Configuring Microsoft Radius Server For 5508?
Apr 28, 2013I would like to know if microsoft 2008 server RADIUS server could be use for authentication on Cosco 5508 instead of Cisco ACS.
View 4 Replies
ADVERTISEMENT
Cisco Wireless :: Configuring RADIUS Server On 2500 Controller
Dec 3, 2012We have recently installed Cisco for our wireless solution. We are an education and are looking to let staff and pupils bring their own devices. The route that we are planning to take to let them join the school's WiFi is to implement a RADIUS server so that they can authenticate with their Active Directory username and password. I have tried to test the solution but so far without any success. I am using a Windows Server 2008 R2 as my NPS server, I have setup the Cisco controller as per below:
Security Tab | RADIUS | Authentication - I added my windows server there and the preshared key, the Network User and Management is ticket and the server responds to a ping command,In the WLANs Tab, I selected my test WLAN and under Security | AAA Servers I selected the RADIUS server that I configured in the Security TabI then try to logon to my test WLAN and on the Cisco WLAN controller I get the following error: AAA Authentication Failure for UserName:test User Type: WLAN USER
Before trying to tinker with policies on the Windows Server I was wondering if the RADIUS is correctly setup on the Controller or have I missed something obvious?
Cisco Wireless :: 5508 WLC With ISE As Radius And Also External Web Server
Jan 30, 2013I am biulding a wireless network with 5508 WLC and trying to use ISE as radius server and also to redirect the web-login to it.I was trying to understand that to achieve the external web-login, do i need to use the raduius-nac option under advanced on the guest wireless where i am trying this out. and if not, where do i actually use it?So far what i have understood that i do need to have preauth ACL on the Layer 3 security, but the issue is there is no hit reaching the ISE.
View 9 Replies View RelatedCisco :: Configuring RADIUS Server For It?
Jan 25, 2012Does anyone have or know of a tried and true method of configuring a Windows Server 2008 box to provide authentication/accounting services for Cisco devices. I've read a few websites already and a lot of them seem to be geared toward VPN and some of the settings each site goes through are different.I've got NPS installed and a RADIUS client configured with the shared key. Right now I'm in the process of creating the Network Policy which only allows a Windows "admin" group to log in. Curious about the "Constraints" section where the NAS Port Type is selected and the "Settings" section where the service-type and vendor specific options are configured.
View 18 Replies View RelatedCisco Wireless :: WLC 5508 Support IPSec To Radius Server?
Jan 23, 2013I am trying to follow the Fips guide for the WLC5508 and it wants to encrypt the connection to the Radius, either with PSK key wrap or IPsec. I have the options for Ipsec only as the Windoes NPS does not support Key wrap from what a previous user confirmed for me here on the board.. But then found another post that states that the 5508 does not support IPsec?
View 5 Replies View RelatedCisco Wireless :: 5508 - RADIUS Server Activated / Deactivated On WLAN X
Sep 18, 2011Since I moved our WLC Controller ( 5508 ) from Version 7.0 to Version 7.2.111.3 I got above failure messages. Until now I changed the radius timeout from 2 to 10 seconds and also I disabled the aggressive failover without success. What else it could be ?
View 3 Replies View RelatedCisco :: Wireless AP1140 Radius Authentication With Microsoft IAS
Sep 3, 2011I have a Cisco C1140 Ap. I have cnfigured the device. Initially for testing i used WPA and authenticated locally. I have now setup a radius server and added my AP in as a client etc. I have changed my SSID's to authenticate with the radius server and i am having issues authenticating.I can connect via a PC and an iphone. They say that i am connected but i get no ip address and the debugs.
View 1 Replies View RelatedCisco AAA/Identity/Nac :: 5508-WLC Using MS NPS As RADIUS Server For EAP-TLS
May 18, 2011getting a Cisco WLC to work with MS NPS server? We've done it before albeit with differnt code versions.
I have a Cisco 5508 WLC running 7.0.116.0 code hosting a WLAN configured for WPA2 with 802.1x for authentication. I have two Windows NPS servers configured as the RADIUS servers for EAP-TLS authentication. Via debug info on the WLC I can see the 802.1x handshake take place with the wireless client and the WLC as well as a successful transmission of an Authentication Packet from the WLC to one of the RADIUS servers. However on the WLC I see repeated RADIUS server x.x.x.x:1812 deactivated in global list and on the NPS server I'm seeing event log errors indicating "The Network Policy Server discarded the request for a user" along with the pertinent auth request info that I would expect the NPS server to receive from the WLC. Based on the WLC debug info I'm never actually getting to the EAP-TLS certificate authentication part. It seems the NPS servers don't like the format of the initial RADIUS authentication request coming from the WLC and so don't respond whcih in turn casues to WLC to switch to the other NPS server which produces the same issue.
Cisco :: 5508 RADIUS Server Failed To Respond To Request
May 22, 2013We are experiencing a lot of these RADIUS failed to respond messages on our WLC's leading to a lot of RADIUS server hopping within the WLC.We are using Cisco 5508's, 1142 AP's and a Microsoft NPS RADIUS backend. SSID is WPA2+802.1xThe first workaround to this problem was to disable aggressive failover on the WLC. But this is only a temporary fix, because in the end, there will be more than 3 consequetive clients, failing to authenticate to the WLAN network. As a result, the WLC will swap to the 2nd RADIUS server configured.When we dived into this a little bit more we saw the following messages being logged on the RADIUS backend at the time we saw the RADIUS messages on the WL:Event ID: 6274: Network Policy Server discarded the request for a user.
View 16 Replies View RelatedCisco :: WCS 7.0.220.0 Authentication With RADIUS Microsoft NPS?
Nov 14, 2011I'm running WCS 7.0.220.0.I would like to authenticate users that are able to logon the WCS, through MS Network Policy Service (RADIUS).I would like all my domain users to be member of the local group on the WCS "Lobby Ambassador", so all domain users has access to generate guest access accounts, for the web auth... I can see under the WCS Administration under AAA that it should be able to use RADIUS - but i'm not sure how to setup the NPS policy?
View 1 Replies View RelatedCisco VPN :: AnyConnect And MSChap-V2 On Microsoft Radius With ASA5510?
May 13, 2013We have a Cisco ASA5510 configured to work with Microsoft Radius Server. VPN authorization and authentication is working well with L2TP over IPSec, and users are authenticating with MSChapV2 like we want them to.
Now we are trying to setup Anyconnnect to do the same. How do we tell AnyConnect to use MSChap-V2 versus PAP? using ADSM? I think I know how to do the Microsoft Part of it, but I don't know where to go in ADSM to configure this.
Cisco :: Setting Up Aironet 1140 AP With Microsoft IAS Radius / PEAP And WPA2?
Jan 25, 2012I bought 2 Cisco 1140 series Access Points a couple of months ago. We would like to use PEAP to autheticate with Microsoft IAS Radius Server & Active directory. I cannot find a document which describes how to setup this type of configuration. The only document which is close is how to setup LEAP & with ACS: [URL] I initially followed the 'TechReplublic's Ultimate Guide to Enterprise Wireless LAN Security' which has all the steps to setup Radius server, client side configuration, Certificates and finally a handy excel script to generate a config for the AP. This did not work. [URL] I am now trying to configure the AP using the Web GUI. I can see the network on the client machine but when I try to connect it timesout.
View 1 Replies View RelatedCisco Wireless :: 5508 Get Access To AP Via Radius
Feb 1, 2012i have configured 35 APs 3502i in 5508 WLC, now i want to get access to ap via radius. Currently i can connect to them via SSH with both user and password set in wireless> access point > global configuration, well, how do i configure the management AP user through RADIUS?
View 2 Replies View RelatedCisco Wireless :: WLC 5508 Radius Accounting
Jun 5, 2013I have a WLAN configured with 802.1x PEAP pointing to an external RADIUS server. It works fine for the most part, but I'm having problem closing accounting sessions in RADIUS. I've found this is related to the client table in the WLC. The user session does not end in RADIUS unless the WLC officially removes the client from the db, which takes 5-6 minutes from what I can see (probably due to the default idle timeout of 300 seconds).
For example:
1. I connect my tablet to the test WLAN. It associates and authenticates successfully and the WLC sends the accounting info to my RADIUS server, opening up a user session. If I turn off the wifi in the tablet, the client entry stays in the WLC client table until it times out. The WLC removes my tablet from the client table after 5-6 minutes, and then the session closes in the accounting table. I can force the session to close much earlier by manually removing the client from the WLC.
2. Same as #1, but this time instead of turning of the wifi in the tablet, I choose to connect to a different WLAN in the WLC. The user session in the accounting DB never closes. If I reconnect back to the original test WLAN with 802.1x, it opens up yet another user session in RADIUS accounting. Now I have a "dead" user session in accounting that is going to be open forever unless I delete it from SQL.
Is this an issue with the end user client not sending the disassociation frame properly, or a config problem with the WLC? How can I make it so that every time a client drops from an AP or moves to a different WLAN, the WLC would immediately send accounting updates to my RADIUS server and close the user session properly?
Cisco Wireless :: WLC 5508 No Further RADIUS Authentication Requests?
Mar 18, 2013I'm working on a project where a wi-fi client is tracked and located using RADIUS authentication requests. The problem I'm running into is that the WLC (5508) sends an RADIUS authentication request to my freeradiusd, which is ok so far, but if the client roams to another accesspoint (3602AG, 1131AG, 1252AG), the WLC does not send a further RADIUS auth. request - and the client is allowed to connect to the next ap.Is there an option like RADIUS-cache which I can disable, so that the WLC sends everytime an authentication request when a client tries to connect to an ap or roams from one ap to another one?
View 4 Replies View RelatedCisco Wireless :: Can Use WLC 5508 With OpenLDAP Directly (without Radius)
Dec 18, 2012Can I use WLC 5508 with OpenLDAP directly (without radius) ?
View 1 Replies View RelatedCisco Wireless :: 5508 Controller With Radius Authentication
Feb 16, 2012I am setting up a WIFI network with a Cisco 5508 controller. I want to configure a first WIFI network (WIFI1) that will authenticate my business laptop based on the AD computer accounts and will access my corporate network.I want to setup a second WIFI network (WIFI2) that will authenticate my phones and tablets devices with AD user accounts and will be on a separate vlan with only access to the Internet.I created 2 policies on the Radius server : one that authenticate computers coming from wireless and a second one authenticating users coming from wireless.
if a user manually creates the WIFI1 network on his phone and enter his AD username, he is going to have access to the corporate network. I would like to be able to say that when a request is coming from WIFI1, only the policy for authenticating wireless devices with computer accounts will apply and the second policy authenticating user wouldn't apply.
Cisco Wireless :: Does WLC 5508 (7.2) Support PEAP To MS Radius
Oct 9, 2012I'm running version 7.2.111.3 on my WLC 5508 and I try to figure out how I can set PEAP towards my configurerd Radius servers. On my Local EAP profile I can specify PEAP, but how is it default configurerd when you just specify the radius servers on the "WLANs > Edit Test > security > AAA servers tab ?
The MS radius logs tell me that it is EAP and not PEAP, so the questions is does the WLC support Microsoft: Protected EAP ???
Dot1x_NW_MsgTask_0: Oct 10 11:02:27.279: 24:77:03:07:75:28 AAA EAP Packet created request = 0x1bd4647c.. !!!! -> should be AAA PEAP ?
*Dot1x_NW_MsgTask_0: Oct 10 11:02:27.279: 24:77:03:07:75:28 Sending EAP Attribute (code=2, length=35, id=2) for mobile 24:77:03:07:75:28*Dot1x_NW_MsgTask_0: Oct 10 11:02:27.280: 24:77:03:07:75:28 [BE-req] Radius EAP/Local WLAN 3.
Cisco AAA/Identity/Nac :: Configuring 802.1x With ACS 4.2 (RADIUS)?
Mar 25, 2013I am trying to configure AAA authentication and authorization with Cisco 3725 (IOS 12.4(17)) for 802.1x and ACS 4.2 with VLAN assignment to my Windows XP client. (trying to assign VLAN 100 in my scenario).When user connects to the Router, it passes the authentication process (EAP-MD5). In my debug i see that Router recieves the Radius Attributes BUT does not apply anything!My running config:
Building configuration...
Current configuration : 1736 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
[code]......
As a result the vlan-switch data based does not change.
Cisco Wireless :: Configuring HA With WLC 5508
Feb 20, 2013I have a pair of WLC 5508's. I am installing 7.4.100 on them and they are properly licensed. I am looking to preconfigure these and ship them to our site. My questions are:
1) How much configuration do I need to setup on the secondary controller (ie. same SSID, interaces, ap group, etc...)?
2) Do I need to configure Mobility groups for this HA Cluster?
Cisco Wireless :: Configuring 5508 Via SFP Ports?
Feb 13, 2013Is there anyway to configure a 5508 via the SFP ports? Or do you have to use the service port for autoinstall or NCS auto provisioning? It looks like it grabs a DHCP address but it doesn't seem to like telnet,ssh ,HTTP or HTTPS.
View 2 Replies View RelatedAAA/Identity/Nac :: Configuring AAA Network Client On ACS V5.1 Using Same Radius
Feb 6, 2012I was wondering if i should use the same RADIUS VSA attribute on ACS v5.1 to authenticate AAA clients as those i was using on my old ACS v3.3 server.
Example : under ACS v3.3 i was using RADIUS (Cisco Aironet) attribute to authenticate AP & WLC, should i do the same under ACS v5.1 ?
Cisco Switching/Routing :: Configuring Radius On 2950G Switch With IOS 12.1?
Jul 20, 2011getting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1. I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands. Doing a debug radius says that the radius server is not defined.
View 5 Replies View RelatedCisco :: LMS 3.2 With Microsoft Windows 2003 Server
Dec 26, 2010In my organization we are having 12, LMS 3.2 servers deployed across the globe. As per Audit policy we need to deploy Microsoft win2003 server security patches on all servers using WSUS. Every month our server team sends us query before applying the patches regarding it's compatibility with LMS.
View 4 Replies View RelatedCisco :: How To Use Microsoft Server 2008R2 NPS With Wlc 4400
Aug 20, 2011how to use Microsoft server 2008R2 NPS with cisco wlc 4400.am i correct, each LWAPP AP have to be connected to NPS . (this AP is also called access server)?when client tries to connect to the wlan, (in this case lets say we want a user in AD, after providing its creds, can access the network, internet etc) the auth req is sent from AP to NPS/RADIUS? where does WLC come into play here, what does WLC do?
View 3 Replies View RelatedCisco Wireless :: 5508 - Configuring Repeater To Wlan Controller?
Jan 1, 2013I have Cisco 5508 Wlan Controller Software version 7.2.103.0 and I have Cisco AIR-CAP3602I-E-K9 Lightweight Access Points network and its working fine now I want to configure the Repeater in this network. Because there is one area we cannot layout the cable. How to add the repeater and how to configure the repeater in wlan controller network.
Do i need the change the software of Wlan Controller to support Mesh Network or this version 7.2.103.0 can support the repeater because for 1 access point i dont want to upgrade the version.
Cisco Wireless :: 5508 - Configuring EAP-FAST To Use With Symbol MC3090
Aug 7, 2011I have configured EAP-FAST local authentication on a 5508 running 7.0.116.0. I am trying to connect using a motorola/symbol MC3090. In the handheld, It appears to be failing due to receiving no PAC. On the 5508, it just looks like a timeout. Are the PACs created on the 5508 automatically, or do I need to generate one?
View 1 Replies View RelatedCisco Wireless :: 5508 / 3600 / 2600 - Configuring HP Switches For FlexConnect?
Apr 27, 2013Configuring HP switches for Flexconnect. I am not sure if or not its doable? Access Points are 2600 and 3600 with 5508 as a controller. Idea is to keep the branch traffic local but the switches are HP.
View 3 Replies View RelatedCisco :: Getting AP1252AG-E-K9 Running Against Microsoft Windows Server 2008 R2 IAS?
Oct 28, 2011How to be able to get AP1252AG-E-K9 running against Microsoft Windows Server 2008 R2 IAS.I am getting these errors:
RADIUS/DECODE: convert VSA string; FAIL
RADIUS/DECODE: cisco VSA type 1; FAILRADIUS/DECODE: VSA; FAILRADIUS/DECODE: decoder; FAIL
RADIUS/DECODE: attribute Vendor-Specific; FAIL
RADIUS/DECODE: parse response op decode; FAILRADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
Cisco WAN :: PPTP Client From 1700 Router To Microsoft VPN Server
Aug 25, 2012I'm trying to configure 1700 K9 router to act as PPTP client and connect to Microsoft VPN server (in order to enable all clients on LAN to seamlessly access host on remote location). [URL]
I'm using GMS3 to test everything in lab environment. I managed to connect to Microsoft VPN server but the connection drops immediately. Below is debug info from router R1 (router R2 just simulates host on LAN) and configurations for both routers. The only clue I got from debug is that immediately before closing connection there's a message "CCP: Failed to negotiate with peer"...
R1#sh debug
PPP:
PPP detailed event debugging is on
MPPE Packet Details debugging is on
[Code].....
Cisco :: 5508 - NPS Radius
Apr 10, 2013Cisco WLC 5508
Software Version: 7.4.100.0
Windows Server 2008R2
I've got everything setup on the Windows Server 2008 side of things (certificates, radius clients, etc). I added the radius server on the WLC, and configured a new W LAN to use it. Both are on the same sub net. When trying to connect to the W LAN it kept failing. I installed wire shark on the server to monitor the radius traffic, and to my surprise there was no radius traffic showing up on the server. The radius statistics on the WLC are at 0 as well, so it's like the WLC isn't even attempting Radius.
I re verified that the server was enabled on both the security tab and the W LAN itself on the WLC. Rebooted the controller and the server, all to no avail. I used a radius test client, and can successfully send radius commands to the server using that utility. Frustrated, I just kept trying to reconnect on my wireless device, and after about the 15th try, finally I saw radius activity on wire shark. It rejected my access, but at least I saw activity. It also registered radius statistics on the WLC as well.
So now if I keep trying to connect repeatedly, about every dozen or so times the WLC actually will send a radius request to the server.
Cisco Firewall :: ASA5505 - Microsoft SQL Server And Anyconnect Remote Client VPN
Oct 29, 2012I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but: I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie - what rules or configs do i miss?
View 3 Replies View RelatedCisco Wireless :: Radius Server Requirement With Wlc 2504?
Jul 12, 2012I want to know if its nessary to install Certificate authority on your radius server. If we have a CA server already in the domain can we use that for this purpose or we have to install certificate authority on our DC.
View 1 Replies View Related