Cisco Wireless :: Configuring RADIUS Server On 2500 Controller
Dec 3, 2012
We have recently installed Cisco for our wireless solution. We are an education and are looking to let staff and pupils bring their own devices. The route that we are planning to take to let them join the school's WiFi is to implement a RADIUS server so that they can authenticate with their Active Directory username and password. I have tried to test the solution but so far without any success. I am using a Windows Server 2008 R2 as my NPS server, I have setup the Cisco controller as per below:
Security Tab | RADIUS | Authentication - I added my windows server there and the preshared key, the Network User and Management is ticket and the server responds to a ping command,In the WLANs Tab, I selected my test WLAN and under Security | AAA Servers I selected the RADIUS server that I configured in the Security TabI then try to logon to my test WLAN and on the Cisco WLAN controller I get the following error: AAA Authentication Failure for UserName:test User Type: WLAN USER
Before trying to tinker with policies on the Windows Server I was wondering if the RADIUS is correctly setup on the Controller or have I missed something obvious?
View 6 Replies
ADVERTISEMENT
Mar 5, 2013
I have therefore 2504 Wireless Controller with a wireless access point AIR-CAP1602I-E-K9 (LWAPP image version 7.4.1.37) I saw that I needed to update the Controller in 7.4 for compatibility with my AP. Now when I connect my AP I get error messages:
*Mar 1 00:01:02.387: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
HCP.
*Mar 1 00:01:02.387: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
[Code]....
View 10 Replies
View Related
Apr 28, 2013
I would like to know if microsoft 2008 server RADIUS server could be use for authentication on Cosco 5508 instead of Cisco ACS.
View 4 Replies
View Related
Jan 25, 2012
Does anyone have or know of a tried and true method of configuring a Windows Server 2008 box to provide authentication/accounting services for Cisco devices. I've read a few websites already and a lot of them seem to be geared toward VPN and some of the settings each site goes through are different.I've got NPS installed and a RADIUS client configured with the shared key. Right now I'm in the process of creating the Network Policy which only allows a Windows "admin" group to log in. Curious about the "Constraints" section where the NAS Port Type is selected and the "Settings" section where the service-type and vendor specific options are configured.
View 18 Replies
View Related
Nov 20, 2011
I am having trouble adding a new controller(2500) to the WCS.
-My WCS version 6.0.196.0
-My WLC version 7.0.116.0
If i upgrade my WCS i may add the new contoller? Even if in cisco DATA-SHEET there isnt any mention regarding this WLC(basicly it says that the WCS does not support this WLC)
Monitoring and migration of selected Cisco Aironet standalone (autonomous) access points. Monitoring of the standalone access points of Cisco 800, 1800, 2800, and 3800 Series Integrated Services Routers.
View 3 Replies
View Related
May 10, 2013
By any way can I achieve HA in 2500 controller? I dont mind even I didnt get Stateful switchover.
View 5 Replies
View Related
Dec 7, 2012
i am having wirless controller cisco 2500 series. i want to know how many web authentication users i can create in the 2500 series controller with time out option for each users.
i know it will support the web authentication for internet access for the users but i need to know how many it will accept at a time with hours specification.
View 4 Replies
View Related
Nov 27, 2011
know if Cisco LMS will ever support the 2500 wireless controller ? I have just checked the supported devices for LMS 4.1 and the controller is not there.
View 1 Replies
View Related
May 18, 2013
I am developing CAP1602I & 2500 Controller.The CAP1602I-E-K9 can't register with the 2500 controller. [code] logging appears: capwap can't process uncryped data..I even didn't configure capwap on CAP1602.May I know if CAP1602 doesn't support LWAPP? Why LWAPP doesn't work?According to the logging, I also tried to configure the "Data Encryption" on 2500 controller ( according to 7.0.116.0 guide)
"Cisco 2500, WiSM2, WLC2—By default, these platforms do not contain DTLS. To turn on data DTLS, you must install a license. These platforms have a single image with data DTLS turned off. To use data DTLS you will need to have a license."Note If your controller does not have a data DTLS license and if the access point associated with the controller has DTLS enabled, the data path will be unencrypted. I should purchase a license? or, if I can configure the CAP1602I to don't encrypt data?
View 10 Replies
View Related
May 16, 2012
I have a Cisco 2500 Wireless Controller connected and controlling 5 Cisco AP's. Everything works fine except one device.
This device is used to connect to our AP wirelessly and then any of the wireless laptops can use programming software to connect to the device and program through it. I can successfully set up our device on the network and all PCs can ping it, but the programming software refuses to connect to it. I spent an hour and a half on the phone with the device people who assure me its the network. So, I bought in a cheap Linksys router, hooked one laptop up to it and configured the device wirelessly. With that, the programming software works.
what should I be looking for in the Wireless Controller that may be blocking direct connection to the device even though I can ping it?
View 10 Replies
View Related
Feb 14, 2013
We are currently using a Cisco 2500 (licensed for 50 AP's) WLAN Controller. There has been a lot of issues setting up the VOCERA wireless badges, thats on going. The question I have is all the AP's are showing as being on Channel 6, it was thought that the controller would learn the enviroment and move these to none overlapping channels, but has not. Is this right should they all be on the same channel and not 1, 6, 11 accordingly? it is also worth mentioning that the controller can see 61 rogue AP's, yes that is 61 other wireless networks!
View 2 Replies
View Related
Jul 27, 2011
give me the run down on the features removed from the 4400 series in the 2500 series? Obviously 4400 is now EOL, and so i cannot purchase new. Therefore I was looking at the 2500 for my implementation to save costs also.I would like to have two SSID's, running seperate VLAN's, one voice, one guest, trunk the link to the AP's, which will be 1131AG or newer, N possibly. Voice needs to be encrypted with WPA or WPA2, guest needs to be open using the guest access feature. Here's a sample but with EAP:
[URL]
Is this supported to have WPA on one SSID and Guest access on the other? i did spot a paragraph in the 4400 manual stating that certain restrictions apply regarding one SSID having encryption and the other being guest mode?I notice also in the WCS documentation, it doesn't explicitly state it supports the 2500 series under the managed devices section?
View 1 Replies
View Related
Dec 5, 2012
Can I connect various Aironet 1242 to Wireless controller 2500?
View 4 Replies
View Related
Jul 9, 2012
We have a Cisco 2500 WLC with 136 APs. Recently, we discovered eight APs that were not listed on the Wireless > Access Points > All AP list. These APs were once working and connected, but now they are no longer in the All AP list. I located one of these APs and found the green LED blinking. I power cycled the AP and it came back online with a solid green LED and was then registered on the All AP list. The All AP list will only show the connected APs. I would like to know if there is a method to show the APs that were once connected and are no longer registered so we can better identify when an AP is not working?
View 15 Replies
View Related
Apr 17, 2012
I have a customer whom has six LAP1131AG-K9 but no controller and they are interested in one of the new 2500 series, specifically a AIR-CT2504-5-K9 with a 5 AP add-on license to bring total AP capacity to 10. I can't determine clearly if this controller will work for these older AP's prior to them making the jump to 802.11n via the 3500 or 3600 series, looking to the community to confirm.
View 3 Replies
View Related
Apr 21, 2013
Looking for some training on the 2500 series controller and 1142 or 1040 AP's preferably.
View 10 Replies
View Related
Oct 25, 2012
when I did connect the AP to the switch and this is already connected to the WLAN 2500, I got this error message [code] And this AP is not joined to the WLAN 2500, but if I use one model of AP like LAP1120 it works, that mean, the wireless is able to see the Ip Address.How can I do to correct the problem with the AP 3600 series?
View 5 Replies
View Related
Apr 16, 2012
I setup cisco wireless controller 2500 connecting 2 Aironet APs, with windows 2008 NPS as radius server (server certificate installed), via
[WPA2][Auth(802.1X)], MAC Filtering
Now I have domain computer (laptop) connected to SSID which provides direct to the LAN dhcp server. That means my notebook got same ip range as when it connected to LAN.
The user used cached domain logon info to logon the computer, then the wireless profile started to connect with radius server which has User group policy.
Problem is the notebook (logon as normal domain user) browse \"domain name" or any \hostname will take 10 mins or more to pop up with "enter network password" or sometimes "The specified netwrok name is no longer avail". However ever if I simply \192.168.2.x which is the host's ip address, I got list of share folders instantly.
And when I disable the wireless and connect to the LAN cable, I had no problem to browse any shared folders.
View 10 Replies
View Related
May 13, 2012
I have a couple 3600s that don't want to join. One i and one e that are both doing the something. It is able to find the controller via layer 3 discovery but it is acting like it is a mesh AP when it tries to join the controller.
From the 2500 controller (running 7.2)
*spamApTask2: May 13 12:03:05.272: f0:f7:55:ae:xx:xx Mesh AP username f0f755aexx xx.
*spamApTask2: May 13 12:03:10.739: f0:f7:55:ae:xx:xx spamProcessJoinRequest : RA
P, Check MAC filter
From the 3602i
flash:/mesh_start_cfg.txt: No such file or directory. The filesystem containing the variables may not be initialized yet.
I should note that 3500 APs are able to join this controller. The field guy is going to try to add the MAC address to the filter list when he gets back out on site to see if it allows it to join.
View 3 Replies
View Related
Feb 16, 2012
I am setting up a WIFI network with a Cisco 5508 controller. I want to configure a first WIFI network (WIFI1) that will authenticate my business laptop based on the AD computer accounts and will access my corporate network.I want to setup a second WIFI network (WIFI2) that will authenticate my phones and tablets devices with AD user accounts and will be on a separate vlan with only access to the Internet.I created 2 policies on the Radius server : one that authenticate computers coming from wireless and a second one authenticating users coming from wireless.
if a user manually creates the WIFI1 network on his phone and enter his AD username, he is going to have access to the corporate network. I would like to be able to say that when a request is coming from WIFI1, only the policy for authenticating wireless devices with computer accounts will apply and the second policy authenticating user wouldn't apply.
View 1 Replies
View Related
Feb 3, 2011
have a Dell Poweredge 2500, and it only has PCI slots, and i need to get a sata controller to add 1/2 drives to it, i am unsure what would be the best, but i am not looking to spend more than 60 or so for it, i am not worried about it being the greatest out there, as this server is going to be replaced in 6 mths, i am just outgrowing the 4-18.6 gig hot swap scsi drives, and my pockets arent deep enough to buy high capacity scsi drives, i will probably add 1, 1 or 2 Terabyte hard drive and a dvd-rw.
View 4 Replies
View Related
Jul 20, 2010
I have several controllers, including a 4402 running 6.0.188.0 software and I need to modify the Radius servers that it uses. Currently I have three servers listed;
1 - 10.246.194.16
2 - 10.200.31.78
3 - 10.247.50.56
I would like to delete server 1 which is being retired and replace it with a new server 1. I suspect, once i get servwe 1 deleted, the server 1 option would become available when I create a new server. I went into the controller and disabled server one, but every time I try and delete it, I get the "Server in use either on a specific WLAN or Mesh Radius Server Configuration" error. I can't find anywhere this server is still in service and being used, either by a WLAN or a Mesh. I've tried several different variances to modify this. What I hope to avoid is the need to reset the controller. I have a total of seven controllers that I need to make this modification to, and It will be ugly if I have to reboot these units. Hospital mission critical stuff.
View 4 Replies
View Related
Apr 26, 2013
If I set a primary DHCP server in the interface configuration, or if I override DHCP in the WLAN Configuration.Which interface does the WLC use to try and connect to the DHCP on behalf of the wireless clients?IFA) The dhcp server is not on any of the configured subnets.B) The DHCP server is on a different interface's subnet.
View 4 Replies
View Related
May 15, 2011
I am planning to implement wireless network in my work place. Plan is to have two networks one for guests and one for employee. I am trying to find a guide for 2500 WLC but couldn't find one.I've been reading couple of articles about setting up radius server and CA. I want to know what the best way to approach this.In my environment I got a CA server windows server 2003 and current DC's are windows server 2008 R2.I got 2500 WLC with POE switch and 4 aironet AS 1142.
View 16 Replies
View Related
Jun 27, 2012
I am planning to implement wireless network in my work place. Plan is to have two networks one for guests and one for employee. I am trying to find a guide for 2500 WLC but couldn't find one.
I've been reading couple of articles about setting up radius server and CA. I want to know what the best way to approach this.
In my environment I got a CA server windows server 2003 and current DC's are windows server 2008 R2.
I got 2500 WLC with POE switch and 4 aironet AS 1142.
View 4 Replies
View Related
Mar 25, 2013
I am trying to configure AAA authentication and authorization with Cisco 3725 (IOS 12.4(17)) for 802.1x and ACS 4.2 with VLAN assignment to my Windows XP client. (trying to assign VLAN 100 in my scenario).When user connects to the Router, it passes the authentication process (EAP-MD5). In my debug i see that Router recieves the Radius Attributes BUT does not apply anything!My running config:
Building configuration...
Current configuration : 1736 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
[code]......
As a result the vlan-switch data based does not change.
View 3 Replies
View Related
Jan 1, 2013
I have Cisco 5508 Wlan Controller Software version 7.2.103.0 and I have Cisco AIR-CAP3602I-E-K9 Lightweight Access Points network and its working fine now I want to configure the Repeater in this network. Because there is one area we cannot layout the cable. How to add the repeater and how to configure the repeater in wlan controller network.
Do i need the change the software of Wlan Controller to support Mesh Network or this version 7.2.103.0 can support the repeater because for 1 access point i dont want to upgrade the version.
View 22 Replies
View Related
Oct 4, 2011
We have 4 1142N LAPs that I want to divide between an internal wireless and a guest wireless network using the controller. Currently all of the APs are on an established internal network, but I want to migrate one over to a test guest network before buying more LAPs to augment the networks further. Currently the port connecting to the WCS from the 3560 switch is configured as an access port using VLAN 10. Whenever I make it a trunk port carrying VLAN 10 as well as the other ports we will be using for the guest and ap-manager networks, I lose connection with the controller. To me this implies that the port on the controller is configured as an access port as well. In the documentation I found for the controller it states that by default the ports are al configured to be trunks, but it appears as though something was changed by the previous tech. All of the APs are connected to other switches, not to the controller itself.
1) How can I get the port on the controller back to being a trunk port
2) Can I use the internal DHCP server for the guest network if the subnet is different than the management subnet, or will I have to use another external server and relay/proxy it through the controller to give guest clients IP addresses?
View 2 Replies
View Related
Mar 21, 2013
I have to build a MESH topology with 1 Root Access Point and 4 Mesh Access Points which are 1552E.I have a wireless controller which is a WiSM 2 card into a 6500 chassis.I want to know if there is a pre-configuration to do on the AP before installing it, or if they are automaticaly discovered by controller (even for MESH AP which are NOT wired to LAN) ?
View 15 Replies
View Related
Feb 6, 2012
I was wondering if i should use the same RADIUS VSA attribute on ACS v5.1 to authenticate AAA clients as those i was using on my old ACS v3.3 server.
Example : under ACS v3.3 i was using RADIUS (Cisco Aironet) attribute to authenticate AP & WLC, should i do the same under ACS v5.1 ?
View 2 Replies
View Related
Jul 20, 2011
getting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1. I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands. Doing a debug radius says that the radius server is not defined.
View 5 Replies
View Related
Mar 13, 2012
I bought 6 air-lap1042n-a-k9 for our business. They are mounted. I bought a Cisco POE switch for them. I hooked them up and realized they needed a Wireless LAN Controller. I have never dealt with these before. From my research, I need to buy AIR-WLC2106-K9.Can I just connect my POE switch to the LAN Controller to configure all 6 access points that are connected to the POE switch?
View 6 Replies
View Related
May 6, 2013
I'm a trainee in Network and Telecommunication, and I have to do a "model" with a controller, an AP, and a RADIUS server. Communication and configuration of the lightweight AP has been done.
I use an autonomous access point 1220 as the RADIUS server (no considering it as an AP), and I'm a beginner in RADIUS configuration. I get a "Processing AAA Error 'No Server' (-7) for mobile 00:24:d6:8f:2c:7e" when I launch a debug targetting my PC, connecting to the LAP.
Precursory : 10.137.125.71 is the IP address of the ap1220, working as the RADIUS server 10.137.125.15 is the IP address of the controller. 00:24:d6:8f:2c:7e is the MAC address of my PC, connecting to the Wi-Fi. ping works to the RADIUS, to the controller. Each devices are connected by a layer 3 Switch, and ping each others. The Wi-Fi works when I don't use 802.1X (or when I don't use RADIUS authentication at all)
What I did on the RADIUS server (ap1220 autonomous) :
aaa new-model
radius-server local
nas 10.137.125.15 key password
[Code]......
View 5 Replies
View Related
