Cisco Wireless :: Installation Of PFX Cert On AIR-WLC2125-K9 Controller?
Mar 7, 2012
I have a client that needs to update a certificate on their 2125 controller. They have created a .pfx cert that does not work because of file type. I wanted to see what the best pratice would be for me to follow installing this cert and do I need any additional cert like a CA. I found a document but am not so sure that it is exactly what I need.
AIR-WLC2125-K9 : JMX1248K0EL
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.188.0
RTOS Version..................................... 6.0.188.0
[code]....
View 2 Replies
ADVERTISEMENT
Oct 30, 2012
My client has on cisco 4402 controller running with 48 AP on this. Client requires to add another 25 AP but licence on the current controller is not supported client bought another controller 5508 with 25 AP.
I have been tasked to installe 5508 with conjestion of 4402. I have make the software version on both of them as below
AIR-CT5500-K9-7-0-235-3.aes
AIR-WLC4400-K9-7-0-235-3.aes
To match the same IOS version on both the controller. I have following challenges with me.
- 5508 will registered 25 AP while .. 4408 will continue with 48 AP.
- 5508 is going to be in DC and it will be directly connected to firewall as default gateway for guest SSID. 4402 is going to be on another building.
- How can I make sure that Users connected to AP registered with 4402 will have the same deafult gateway as 5508. Thre is no layer 2 connectivity between this two controllers.
- There is no romaing going to happen between this two controller as both are two different locations and user will leave one location will disconnect and it joines bak when it reach to another controller.
- Is there any way to configure 5508 as master and 4402 as slave kind of connections?
View 1 Replies
View Related
Dec 11, 2011
I have one AIR-WLC2125-K9 installed and controll 25 APs,
Now i want to add some APs, so i have asked my supplier and he propose to add an other AIR-WLC2125-K9, i will have all APs contrlled by 2 x AIR-WLC2125-K9.
How can i add the second controller to work with the first one?
View 2 Replies
View Related
May 6, 2013
I have a dell Inspiron laptop N4010 and my hard drive was crashed and I bough the new hard drive (Seagate 250 SATA/GB/GO) before I have a TOSHIBA Hard drive with 500gb.I have installed the Window 7 Home Premium but I was trying to install Network drivers(for wireless and LAN) but those drivers are not installed due to hardware not compatible . I don't understand what I am missing in this process.network controller - VEN 8086 DEV 0087.
View 1 Replies
View Related
Apr 1, 2013
I installed a chained SSL cert on our anchor/guest 4402 a few years ago.We now have a need to replace the 4402 w/ a 5508, and I got everything configured, ready to go, except that darn cert.I can no longer locate the private key that was used to sign the original CSR.Is there any way to export the current cert from the 4402, so that I can import to the 5508? Or am I SOL?
View 3 Replies
View Related
May 1, 2013
I am wanting to use a cert signed by a digicert or verisign on my ASA so that anyconnect doesn't frreak out with the untrusted cert. I have created the CSR, and I uploaded the certificate, but it is still showing the old self signed untrusted cert.
View 5 Replies
View Related
Aug 14, 2005
When trying to do a cut-n-paste enrollment of a cisco 3725 router with a microsoft windows server 2003 CA i get the following error on the CA.Certificate Services denied request 8675 because The request subject name is invalid or too long. 0x80094001 (-2146877439). The request was for OID.1.2.840.113549.1.9.2=rtr31slied3.unit4agresso.com. Additional information: Error Constructing or Publishing Certificate This is when i use the router or webserver certificate.The only template that does work is the user certificate but then you get error messages that the router name doesnt match the cert name.The 3725 is running ios version 12.3(14)T3.How can we get the right templates to work ?
View 3 Replies
View Related
Dec 5, 2011
how to install a wildcard certificate with only the .cer file. I've found quite a few things here in the forums, but everyone seems to also have a pkcs12 file, which I do not.
This is an ASA 5510 on ver 8.4.
View 6 Replies
View Related
Oct 14, 2012
I know that CSRs cannot be generated with multiple names, but if the SAN is added after the cert is ordered from Geo Trust, Veri sign, etc. can the CSS support using the cert?
View 1 Replies
View Related
May 29, 2012
I have a need to utilize two factor authentication using a machine certificate and users AD crednetials. What we would like to do is to have the ASA and AnyConnect verify the certificate exists, check against our in house CA for validity, if valid pass the user credentials to the AD servers and establish the tunnel. If not valid quarantine the session and pop a message to the user to contact the help desk ASAP. My guess is the following (using ASDM 6.6, ASA 8.6.1, ASA 5545-X):
1. under the connection profile I have select BOTH for authentication and added a AAA server group.
2. under Cert Management I have added the 3 certs that are present on all company mobile assets
- Cert America
- Cert Europe
- Cert Root
3. I have an identity cert installed from the company CA and it is selected as the device cert under connection profiles
4.Local Cert Authority is Disabled
5.Under Remote Access>Advanced>Certs for AnyConnect>
- I have mapped DefaultCertifiateMap pri 10 to Company_Cert connection profile
- The mapping is looking for Subject: CN: <Contains> (string) ----where string is a common component of each Cert listed in #2.
Question #1 - Is this correct for utilizing certs and AD auth or have a missed any steps?
Users are directed to a an initial installation URL - where the AnyConnect client performs the installation and passes down the intial AC profile which auths using only AD creds. On subsequent connections users who pass the certificate mapping check are migrated to the connection profile which uses the dual authentication method.
Question #2 - When I attempt a new installation of AnyConnect using the two factor URL . I receive an error "certificate validation error" and the installation fails - for the life of me I can not figure out why???? The machine has all three certs, using IE9 as the browser.
View 3 Replies
View Related
Apr 15, 2013
I am basically looking to install the wildcard on the outside interface for my ASA
View 1 Replies
View Related
Sep 24, 2012
I have a cisco 5508 WLC that I have setup WebAuth on and trying to install the certificate on. I have generated the csr and gotten my cert from Verisign (X.509, server platform=apache). I have followed the instruction via the cisco documentation url...I found an error in uploading and find out how to encrypt mykey: url...
I am also having exactly the same issue with a certificate from Thawte. I followed the unchained guide and have tried both with and without a password in the initial step key generation step, requesting a new cert each time. As with Jeensernchew's issue there are no errors in OpenSSL but when uploading the cert to the WLC get the following error. [code] The WLC is running version 6.0.196.0. I am using OpenSSL 1.0.0 29 Mar 2010.
When I requested the cert from Thawte I was asked to specify the device type, I chose Cisco, but as all the work and conversion is being done by OpenSSL, should I have chosen differently? When I do this I can load the cert in the 5508, but the controller fails and doesn't allow that VLAN or config access to the wireless network. I am at a loss of why I can load and it not work. I have verified my hostname and password and those are good.
View 1 Replies
View Related
Mar 29, 2006
We currently are using a self-signed cert (for PEAP machine authentication) that was created on an ACS 3.3 appliance. That cert was manually installed on our laptops when they were configured for wireless conenctivity.My problem is, that self-signed cert will soon be expiring and I am not sure what needs to be done to issue a new cert AND deploy it to my Windows XP Pro clients without a service interruption. If possible, I'd like to leverage our exsiting AD infrastructure for this, but I need some direction, and time is of the essence!!
View 2 Replies
View Related
Jan 21, 2013
I've seen a bunch of discussions on the untrusted server cert error with self signed certs. But I have a valid wildcard that I use on my ASA. How do I make that work with out the untrusted server cert error?
View 5 Replies
View Related
Apr 22, 2012
So since my web auth cert is expiring I got it renewed from VeriSign and they sent me back the file. Do I need to again combine the "myprivatekey.pem" file and the new one that I got and then load it on the WLC? Can't find any guidelines and instructions from Cisco on this. Or do I need to go through the whole regenration of CSR process again etc?
View 3 Replies
View Related
Aug 16, 2012
Am I able to use an SSL cert in the proxy list for the same VIP but on a different port?
View 1 Replies
View Related
Aug 12, 2012
I know that the 3600 series APs are not supported on the 4404 WLC. However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs. I ask because the APs do not need to join the guest anchor.
View 7 Replies
View Related
Jun 2, 2013
We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller. We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0. Will there be any issue if the anchor controller is not the same code as the foreign controller? Do I also have to upgrade the acnhor controller to 7.0.240.0?
View 2 Replies
View Related
Mar 31, 2013
We are trying to navigate the waters in choosing between a in-house, controller-based, wireless network solution or a cloud-based solution. We have been presented with the usual suspects in cloud-based (Aerohive, Meracki, etc) and with Cisco (5500) and Aruba on the other side. We are a multi-campus organization with approx. 200 APs.Any hard reasons why go with a controller-based vs. cloud-based solution? If we must keep the conversation limited to Cisco, why go Meracki over Cisco's WLC solutions or vise versa?
View 1 Replies
View Related
Dec 6, 2012
I am looking to configure a wired and wireless guest network. I have industrial barcode scanners that connect to one SSID and then there is the business network on the office SSID (no vlan seperation for these devices just different SSIDs). There is not really a need to seperate the business network from the scanners in any case. However, there are needs for a guest network and this needs to be seperated. At the bare minumum I would like to have the wireless guest network. Here is what I have: 2125 Wireless LAN controller managing 18 LAPs (1 indoor and 17 outdoors)Cisco Cat 2950 switches (2 x 24 port and soon to be replaced with 2 x 48 port 2960's with 802.1x capability) Sonicwall TZ210 firewallOne existing wired and trunked vlan for PLC infrastructure. One ESXi hosting Windows server guests (soon to be 2 with vMotion) The reason for the wired guest access network is tp prevent anyone from plugging into the wall jack in the office with thier home laptops or anyone else from being on the same subnet as our domain machines. Granted they would be unathenticaed but there would be no layer 2 seperation and that is what I think would be best.
How would I go about doing this on the wireless controller without an anchor controller just using my existing hardware? I would like to have the Guest SSID only availible in the front office. Is it possible to offer a guest network while still servicing the business network SSID on the same access point? Then might I be able to have the guest network be treated as it should at the controller? However this might present another issue altogether as the guest traffic will be over the same wire as the business SSID until it hits the controller for management.
View 1 Replies
View Related
Oct 20, 2012
We are currently evaluating ISE and I am stuck with the PEAP authentication (with Server side Cert).Our current setup consists of two 5508 controllers, 30+ access point. For authentication we are using PEAP with (server side Cert). We have an IAS server which is also acting as a CA server. We are using Cisco’s NAM as a supplicant on Windows XP & 7 workstations. I would like to use ISE for authentication. I would like to use PEAP with Server side Cert (similar setup like IAS). I want ISE to perform the same function in addition to profiling etc.....
I was able to integrate ISE with Active Directory but could not get it working with PEAP (server side Cert). I would also like to know if they used Microsoft’s CA server or Open SSL CA server or a third party CA server (Go Daddy, VeriSign etc.)Can you we ISE as a CA server just the way we used Microsoft’s IAS Server as a CA Server?
View 8 Replies
View Related
Nov 30, 2011
I have ACS4 and i am planning to upgrade to ACS5.I would like to have such a rules:I have user1, one ASA device which is VPN concentrator for remote users.ASA have two different tunnel-groups: one which allow for logging via certificate (with mandatory pki authorization thru ACS) with disabled Xauth,and second tunnel-group with allow login thru typical Xauth with authorization thru ACS which users external database (RSA Tokens).So i have one user1 which can login thru VPN using RSA tokencode or certificate.For example: on phone user1 uses certificate, and on PC station the same user1 uses token password.For tunnel-group with pki authorization ASA checks username in ACS and in typical scenario login="CN from certificate" and password="CN from certificate". So we would need "two credentials" for the user - one for pki authorization, and second one external database (RSA token).Is such scenatio possible under ACS 5 ? where one user uses different credentials based on tunnel-group usage ?
View 2 Replies
View Related
Apr 16, 2012
We've just purchased the a VM Version of MSE (L-MSE-C3-W25) installed on vSphere.Have followed the guide, gone to add this to WSE and it wont connect.Looking at the console it says to type /init.d/msed.start, I get -bash: /init.d/msed: No such file or directory Then type getserverinfo returns Health Monitor is not running.
View 2 Replies
View Related
Nov 19, 2010
Have a Linksys E-3000 router and a WAP-4410N which I wish to configure as a repeater to extend network coverage. E-3000 IP has been changed to 10.10.1.1. How do I do it ? What do I connect to what in order to configure the WAP-4410N to new settings? It will of course be located remotely from the router. At this time network consists of a main PC and 2 wireless laptops. I have read the manual and it doesn't answer the above described situation.
View 7 Replies
View Related
Oct 7, 2012
I have an interesting job where i am having to fit a wifi network through a large property. I was advised to use the Cisco 2504 WLC and 9 x Cisco AIR-AP1142N access points.I know that out of the box the AP's (in standalone versions) have the GUI enabled. Not being completley up with CLI etc, is the WLC GUI enabled straight out of the box? if not, is it complicated to get it up and running?
View 12 Replies
View Related
Jan 29, 2012
I have returnd my laptop (Fujitsu Siemens Amilo 2727) to factory setting, increased the memory and installed Windows 7. Wireless was working fine until I installed Windows 7. Everything works fine on the Ethernet cable, the usual way of turning on the wireless connection using Fn+F1 is not working.
View 5 Replies
View Related
Apr 22, 2007
How can I get a installation CD for a WRT54GX2 Wireless router? Can you download from internet?
View 3 Replies
View Related
Apr 18, 2012
So, I bought a used WUSB600N Wireless Adapter and am having difficulty installing it. Of course, there was no installation CD to go with it, so I went to the website to download the drivers and updates and still can't get it to install.
View 1 Replies
View Related
Aug 18, 2009
I bought a Linksys-Cisco wireless G Broadband Router model # WRT54G2 some time ago, and I never installed it. Now I cannot find the set up CD-ROM or the user guide CD-ROM. Is there a way to down load these from the product site...
View 9 Replies
View Related
Jul 22, 2011
A couple of questions about the AP541N:
1. How to get these installed and working properly, especially in a clustered environment? I have read so many comments about slow performance, no performace, bad coverage, etc... They sound like the perfect product for my intended use if they actually work as advertised.
2. what is the installation requirements for multiple units? (What is the minimum/maximum distance between units? How many units are needed for a certain area?
View 1 Replies
View Related
Oct 9, 2011
I am currently supporting an engineer onsite remotely and have come across a strange problem . I have installed a few controllers but none of them have behaved in this manner. The model is a WLC 5508-50k9 model wireless controller and software 7.0.98.0, I have seen as per installation guideline that amber means th following
Distribution ports 1-8 Off: Not present.
#Green: Indicates SFP port is active and link is established.
#Amber: Present with failure
This mean that so coherent fault lies as follows on Layer 1&2 . The switch port light does not go green either. We have used both xover and straight but no luck
View 3 Replies
View Related
Jan 10, 2013
I have a question if your Cisco 800 series wireless in a rack mount installation in racks to place the signal strength materials very well ?
View 0 Replies
View Related
Aug 1, 2012
canon pixma MX 715 network set up failed X P home edition
View 1 Replies
View Related
