Cisco Wireless :: MSE 3355 Unable To Track Clients And Rogues
Feb 26, 2013
I have an MSE 3355 running 7.4.100.0, Cisco Prime Infrastructure 1.3.0.20 and 6 wism2 running 7.4.100.0. MSE was correctly added to Prime and assigned to maps and controllers. Context Aware Service is Enabled and Up and I have a permanent license installed with a limit of 3000 elements. The appliance is not able to perform client or rogue tracking. This is what I see under Services->Mobility Services Engines->Context Aware Service->General:
Version7.4.0.38 Operational StatusUpNumber of Tracked Wireless Clients0Number of Tracked Tags0Number of Tracked Rogue APs0Number of Tracked Rogue Clients0Number of Tracked Interferers0Number of Tracked Wired Clients0Total Elements Tracked0Tracked Elements (Wireless Clients, Rogue APs, Rogue Clients, Interferers and Wired Clients) Limit3000Tracked Tags Limit 3000
We got a 3310MSE that does not track clients.,rogues etc for some reason.
- there are no firewalls between PNCS and MSE - clocks are synced up with NTP - CAS is running on the MSE - I have added controllers and a test site with clients and is synced up with the MSE. - Have enabled tracking under tracking doe clients and rogues excluding adhoc rogue APs -we only have 100 element license.
The only other thing worth mentioning is that MSE is running version 6 firmware and the controllers are 7.0.220 but I do not think this should prevent MSE from tracking devices. [code]
I have configured 3355 NAC appliances in HA pair everything is running fine.But not able to Login through GUI (Virtual IP) which is used during the configuration of HA pair.
My current network has a Cisco WLC 4440 with a number of Aironets connected. I noticed that it says there are about 90% of my APs are rogues. closer investigation in the Rogue APs page shows SSIDs of a few businesses around. When i click on the mac address i see that the rogue is not on the wire but i have a number of APs dectecting each rogue.
Now the question is are my waps transmitting or repeating these rogues? If so how can i prevent it without sending a deauth to their wap which is not part of the good neighbour policy ( as i understand it)?
Not sure if this is part of the same question above too, but i do have a rogue client on an SSID that is not mine but shows up on my AP, what is legally right for me to do to prevent use of my network devices by the external client?
We have 3 AP1130AG installed on our network with 2 VLANs. The APs are set up with two SSID, one for each VLAN. If two devices are connected to the same SSID on the same AP, they are UNABLE to ping/communicate with each other. If two wireless devices are on the same SSID and different APs, they are able to ping/communicate with each other. When the two devices are connected to the same AP/SSID, I can ping both devices from a server that is wired connected. I need to figure out why I can't ping/communicate between two devices that are connected to the same AP and are on the same SSID/VLAN. Below is the current configuration of the wireless AP.
Building configuration...
Current configuration : 2897 bytes ! version 12.3 no service pad
I want to reinstall the MSE image that was sent to me by Cisco TAC Team, however when I try to reinstall the MSE Application, however when I try to install it, the CD boots and show me the Red Hat enterprise image, then sends me black screen with the message "Kernel alive, Kernel direct mapping tables up to 480000000 @ 8000-1b000" and it stay there.
I have 19 locations, each with 1 or more LAP1142N AP's in FlexConnect mode, AP's are primed using CAPWAP to my 5508 WLC at the datacenter. The AP's join the WLC without issue every time. I have two WLAN's, one guest and one staff, the guest network is open and obtains DHCP from a WatchGuard XTM33 firewall at each of the remote locations. The staff side is WPA2/RADIUS and DHCP is assigned from the WLC. Each AP is assigned a static IP that is not in the DHCP scope. For example: DHCP scope on the branch firewall is 192.168.1.10-250 the AP will be assigned static IP of 192.168.1.1.. The AP's are connected to a HP procurve switch that has a untagged VLAN, the firewall is using the native vlan 1 and so is the AP.
I have been running this network for over a year and it has not had a single issue until the last two weeks. Nothing on the network has changed or has been upgraded.The issue I am seeing is that clients are no longer able to connect to the AP and do not get DHCP assigned to them. I am able to get it working, if I remove the static IP from the AP, the AP will reboot, join the controller, then begin working, users can connect and DHCP is assigned from the firewall as it should. However, If the AP then reboots, the AP will join back to the controller but no clients can connect nor do they get a DHCP address. So, I then reassign a static IP to the AP again and it reboots, connects to the controller and clients then can connect and get DHCP.i've found several posts on this topic, in fact the patch of unassigning or reassigning static IP is one that I found. I am also waiting on my SmartNet to start up and will be contacting Cisco support as well.
I have a 5508 WLC and 40+ LAP1142N APs spread across 19 locations that allows staff to connect to our private network via wireless. I recently deployed about 40 new laptops all identical make and model HP ProBook 4530's and all have the same client setup for the wireless. Out of those 40 laptops I have 4 that will not connect to the private network. However, these same laptops will connect to my public, open wireless network without issue. In addition to the 4 that will not connect all the others will prompt twice for network authentication.Now, I have about 10 other laptops that are not the HP model and all connect without issue and without dual propt. I don't think this is a wireless network issue but could be some type of issue with this model of laptop.
While trying to connect to WiFi at remote sites APs, the connection is getting time out.User are getting error as 'Unable to connect to <WiFi-SSID>' The APs at corporate office are functioning properly and user are able to connect to the APs.
Very strange problem with an EA4500 running 2.0.37.131047. Set it up in no time with a Mixed network on WPA2 Personal, Internet's fine, but I can't see any of my wired clients. They don't ping at all. Even stranger, if I plug into another wired switch port with my laptop, I STILL can't ping the other clients. One is a NAS and one is a network printer so there are no firewalls involved. I power cycled the printer but in vain. I've already reset to factory defaults once, but that didn't work. I'm thinking I'll need to return it.
After I initial MSE with the wizard. MSE take so long to start the service (more than 1 hour) with "Starting MSE Platform, waiting to check the status"Then I decide to reboot the appliance, after that MSE shows the message "Traceback (most recent call last) File "/usr/sbin/yum-updatesd", line 40, in ?import gaminImportError: No module named gaming.
We want to deploy NAC for 500-600 users across WAN. We are planning for L3-OOB-Real Gateway central deployment Solution.We are having two NAC Server (3355) two NAC manger (3355) at HQ and 6 NAC Server(3315) at branch. We deployed NAC under VRF.How we can deploy NAC over WAN without NAC Server, need step by step configuration under VRF.
I have 4 desktops cat5 to Dlink DIR 615 router. All work fine. Any wireless clients, laptop or netbooks, see the desktop computers for a while then disconnect somehow. All machines can see the Internet through the router at all times. The desktops disappear from the laptop/netbooks but the wireless machines can be seen from the desktop computers but clicking on them gets 'Access Denied' message after a wait.3 desktops = XP, 1 98SE. All laptop/netbooks = XP
I had an unusual circumstance come up on an older PIX 525 (6.3(5))
On a recent remote site visit we made a connection to our main office using ver 4.9 of the Cisco VPN Client for OS X. While we were working on a server, the macbook went to sleep shutting down the network interface the VPN Client was using.
From that point forward we were unable establish any layer 3 connectivity to the LAN in out main office using that PIX as a VPN head end. Any connections that were attempted to that firewall would complete and be assigned a client IP from the correct pool but without access to the LAN on the inside interface.
We tested this from multiple external locations using multiple systems, cleared SA's and even debugged IKE and IPSEC using an alternate connection method. There were no errors reported on the firewall but there was also no connectivity.
I am setting up six ISE 3355 appliances 3 in one datacenter 3 in another. They have just installed a new server farm infrastructure using Nexus 5596 and Nexus 2248TP top of rack switches.I have been looking for documentation on how to do NIC teaming on the 3355 or some way to connect Gig0 to FEX101 and Gig1 to FEX102. Or do I just setup a port channel using LaCP between the two different FEX groups?
I have a cisco ISE 3355 and WLC 5508 and microsoft Active Directory 2008. I joind the ISE to the ADe successfully and I can see all groups on the AD, also I integrated the ISE with the WLC. my problem is when I created the Authentication policy on the ISE and joined to the AP by the PC nothing applied to the PC.
We are configured the Remote IPSec VPN on cisco 1800 series router.The Clients are able to login to VPN and access the local corporate network Servers . But VPN Clients are not able to communicate with other VPN clients using their VPN Adapter IP.
Components used : CISCO VPN Client 5.7 Router 1800 Series
I have to reset/recover admin-CLI password. I had posed the question in [URL]Now as per the CLI-admin password recovery procedure at [URL] I have inserted DVD in the hardware appliance, but I don't see any prompt with these options:
"Welcome to Cisco Identity Services Engine - ISE 3355 # To boot from hard disk press <Enter> # Available boot options: "
I just see login prompt ( and of course, I cannot login because I don't know the password). I am using serial console connection to the appliance.
Im facing with some DHCP lease issue and its like this,Our Cisco 2951 edge router is configured with local dhcp pool for a set of remote users when they connect through Cisco VPN which was working fine until we planned to change it to a Windows box that is configured for DHCP.The basic idea now is to relay the DHCP requests that are coming from the remote clients through Cisco VPN to the DHCP Windows server. So we added the scope on the server and changed the client config on the router as follows (highlighted is the dhcp relay config). [code]
I have a Cisco 1721 router with an ADSL wic. I have followed guides on the Cisco website so that I can connect the router to my home adsl connection. The router connects to my broadband provider and sucesfully obtains an IP address along with Dynamically assigned DNS servers. I am able to ping google.co.uk from the router but not from clients attached via DHCP.
I have noticed that if I ping the IP address of google.co.uk from a client it resolves but it will not resolve the name. This would lead me to believe that the problem lies with DNS resolution/forwarding but I do not know how to investigate further.
We have had an active ACS unit for many years now, and we've added a second one, both are 1121 Appliances. The newer one came with 5.4, so we upgraded the older one to 5.4.
We setup replication between the two, with the newer one primary and the older one secondary. Problem is, windows based clients are unable to authenticate to the older ACS appliance. The only problem we can see is that it indicates that adclient is not running, under Monitoring & Troubleshooting, ACS Health Instance Summary.
So... been trying to figure out how to correct this, yet have been hard pressed to find a knowledgebase article that works. So far, Cisco hasn't added my smartNet on the new box so I can get some support?
I am doing support for a library that has 2 WAP2000 devices that have no security. These are for the patrons to connect to the internet at the library. They want to track how many people are connecting to the internet. Can I log how many computers connect to these access points or get another WAP that will track how many computers connect to the internet?
I'm trying to track associations on one of my AiroNets (AP1041N) using the show dot11 associations command, but it does not show anything! e.g.AP1#show dot11 associations allAP1#show dot11 associations all-clientAP1#show dot11 associationsAP1# Is there something I need to enable in the configuration to track associations like this?
I am looking a solution to track login detail and visited web site on our public wireless network.We are using Cisco Wireless LAN controller 4400 series.
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
We currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
I have a Netgear WNDR4500 running the stock firmware, acting as a router for my home. I also have 2 routers that are flashed with DD-WRT (Linksys WRT54G and Asus WL-520GU) running as client bridges. The Netgear is 192.168.1.1 and the other 2 client bridges are 192.168.1.2 and 192.168.10.3. The Netgear router is performing DHCP giving addresses from 192.168.10.100 to 192.168.10.254. I have numerous machines connected to the Netgear, wirelessly and wired, and numerous machines wired to each client bridge. All machines have IP addresses that are 192.168.10.100, 192.168.10.101, 192.168.10.102, etc... Everything is working fine, but I have one question: When I access the Netgear router, it shows the client bridges as clients, machines that are wired and wireless to the Netgear router are listed as clients, but the client list does not show any clients that are connected to the client bridges. I assumed that since the router is performing DHCP that all clients would show up.
Im looking for some software to monitor general info on the computers in the office. I would like to be able to service a computer and be able to pull up service notes, info on hardware and just be able to keep track of what we have been doing to all of the computers [code]...
Trying to implement PBR in N7K? I found that there is not track mechanism can use in "set next-hop ip", so if the next-hop is unreachable that the route might be died.
I was just brushing up few things in GNS3 and after setting up an SLA.Now when I want to set the track ip I get not option for sla why??I am running c3725-adventerprisek9-mz.124-15.T5 shouldn't it be available?
