Cisco Wireless :: OEAP 600 Cannot Join WLC With Authentication List Enable
Mar 17, 2012
I've got a strange problem here. In the office, my OEAP 600 can join WLC if there is no MAC authentication. When i enable MAC authentication at WLC, AP will fail to register. However, I try it at home and it works with both MAC authentication enable or disable. I suspect it is because of firewall in my office, but there shouldn't have any different in discovery and joining procedure for AP with MAC authentication enable or disable.
View 18 Replies
ADVERTISEMENT
Jul 15, 2011
I've got a weird problem that I can't figure out. I've de-authorized the switch in the RADIUS server to force an ERROR status to test the backup entries in the AAA authentication method list. However, after I do that and try to log in (through ssh), it just prompts me for my username's password and not the enable password. Here's the debug output:
1d02h: RADIUS: Marking server xxx.xxx.xxx.xxx:1812,1813 dead
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No valid server found. Trying any viable server
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No response for id 10
[code]...
View 14 Replies
View Related
Sep 11, 2012
Can we enable ssh on 3500 /3600 APs along with use radius for login authentication? idea here is to that ssh will provide another method to access the AP for troubleshooting purposes.I know with autonomous mode APs this should not be an issue but not sure with lightweight APs.
View 2 Replies
View Related
Feb 24, 2013
We would like to enable IS-IS HMAC-MD5 authentication on an production network for LSP authentication including LSP, CSNP and PSNP. The problem is that when we are applying the command "authentication mode md5" under the isis process there is authentications failure and the router loses all routes from routing table. Is there any way to enable authentication without the router losing the routing or to "delay" the authentication until all routers are configured.
key chain IS-IS
key 1
key-string xxx
[Code]....
View 3 Replies
View Related
Feb 8, 2012
how to Config the ACS 4.2 server runs in TACACS + mode (users accounts configured the ACS) mode to authenticate enable mode password on the asa using the same AD account?
View 10 Replies
View Related
Jan 12, 2012
We have ASA configured in multi context mode, with software 8.4(2) configured for AAA Configuration is admin context as follows:
aaa-server TAC protocol tacacs+
aaa-server TAC (management) host 10.162.2.201
key *****
aaa authentication enable console TAC LOCAL
aaa authentication http console TAC LOCAL
aaa authentication serial console TAC LOCAL
aaa authentication ssh console TAC LOCAL
Because of multiple context, after logging in we enter System context. Console port authentication is working fine except access to privileged mode while connecting over console port. After issuing "enable" command ASA accepts only configured enable secret in system context and changes user ID to enable_15, so we are unable to do user-level command authorization and accounting.It seems that ASA in system context is not aware of any AAA configuration, and there isn't any command to configure AAA in system context.Is there any way to configure enable authentication over AAA in system context?
View 3 Replies
View Related
Jul 4, 2012
It´s possible to enable unconditional machine authentication in ACS 5.3.
View 1 Replies
View Related
Feb 18, 2013
We have cisco 5508 office extend in dmz running code 7.3.112. 1132 AP seems to register and authenticate fine but OEAP 600 series dont seem to authenticate. they seem to join the controller and download the SSID but just wont authenticate ? not even registering on the AAA server
View 9 Replies
View Related
Dec 5, 2012
I successfully authenticate through ACS to my Identity Store, but only get dropped into a non-enable prompt: ciscoasa> How can I get an Authenticated user directly into enable mode?
View 3 Replies
View Related
Aug 20, 2012
I have found that there are only few configuration to the Cisco Aironet 600 OEAP. The settings are just for basic configuration for a wireless network when it is in autonomous mode.
A need for a Wireless LAN Controller to perform advance settings.
Also, there are no firmware available in Cisco. No upgrade/downgrade firmware avalaible for download.
View 4 Replies
View Related
May 20, 2013
Here's the list of equipments:
Pool of oeap 600 aps
1x 2504WLC as OEAP WLC (@DMZ)
1x ASA 5515
Scenario:
My OEAP WLC located at ASA - DMZ is NATted to a public ip (primary internet ISP), then my pool of OEAP-600 were configured to communicate with this OEAP WLC.
My question is:
I want to automate the failover of OEAP-600 (I don't know if this is possible) to the secondary internet ISP whenever the primary internet ISP fails. The secondary ISP is terminated on the same ASA 5515-X doing PBR and IP SLA stuff.
I know that OEAP 600 can only be pointed to one WLC ip address I know that the WLC can only be NATted to one public IP address.
What would be the best solution to perform the OEAP backup connectivity? Or just buy another set of WLC/ASA then just manually configure the OEAP-600 APs to point to the secondary ISP.
View 6 Replies
View Related
Sep 23, 2012
I have a customer looking to deploy OEAP & wants to know if it possible to disable the local ports 1-3? Reason being, they don't want the home user connecting devices & causing more support tickets to troubleshoot an Xbox or Google TV just b/c it's connected to a company provide AP/Switch. I have read all the docs & it makes no mention of this.... I can see in 7.2 the ability to disable the local SSID but no mention of the ability to shutdown ports 1-3..Also see support in 7.2 for Dual RLAN... but that still leaves 2 local ports.
View 5 Replies
View Related
Oct 1, 2011
I have some trouble with the setup of an oeap 600 ap. The ap has joined the controller as it should and the remote-lan connection to my corporate network works well, but i can't connect to the corporate wlan.
When i check the event log on the ap it says:
"
*Oct 02 07:36:56.662: (Re)Assoc-Req from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:36:56.665: received assoc-rsp for wireless client, status=0011
*Oct 02 07:37:11.712: DisAssoc-Req/DeAUTH from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:37:11.713: WTP Event: Delete Mobile sent to wlc00:1a:73:d2:82:8c"
and a debug on the controller gives me:
apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Adding mobile
on LWAPP AP ec:c8:82:c2:3a:20(0)
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Association received from mobile on AP ec:c8:82:c2:3a:20
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Sending Assoc Response to station on BSSID ec:c8:82:c2:3a:20 (s
tatus 17) ApVapId 1 Slot 0
[code]....
View 3 Replies
View Related
Apr 17, 2012
Possible to assign reslient WLCs to an OEAP 600?
The web GUI of the OEAP itself only has a single field to enter the address of a single controller.
But, I wonder if once the OEAP is talking to your WLC across the Internet, you can allocate HA settings to the OEAP so that it can fall back to a secondary WLC if your main WLC fails.
This is sort of hinted at in the docs I have read, but I have not been able to find it explicitly stated anywhere.
It would be nice to have 2 DMZ-based WLCs at two different data centres to allow remote users to have a fail-over solution, but I need to be sure that this is supported before implementing.
View 7 Replies
View Related
Mar 7, 2013
I have a TAC case open, but it doesn't seem to be making any progress.I upgraded my 5508 controller from 7.2.111.3 up to 7.4.100.0..Most of my APs are fine. 3500s, 1100s etc.except for 602i APs. The APs associate, they update software etc, but they won't broadcast the WLAN.An interesting thing, on the 602 AP, in the log, I see this:*Mar 06 15:08:12.667: SSID remote, WLAN Profile Name: RemoteOEAP, added to the slot[0], disabled..So the AP is definately talking to the WLC and being pushed the correct WLAN profile.On the controller, the AP shows the the Admin status of the radios is showing DOWN, but the Admin status on the AP itself shows UP
I've done a factory reset on the APs to no avail. I have a 2504 WLC as well that i'm in the process of implementing in a DMZ specificially for these APs, and for testing purposes, I associated the 602 Ap to that WLC as well. This one is running 7.4.100.0 too, same results. It would appear to be a problem with this version of software?
View 6 Replies
View Related
Sep 12, 2011
Only fifteen users are allowed to connect on the WLAN Controller WLANs provided on the 600 series at any one time. A sixteenth user cannot authenticate until one of the first clients de-authenticates or a timeout occurred on the controller. Note: This number is cumulative across the controller WLANs on the 600 series. For example, if two controller WLANs are configured and there are fifteen users on one of the WLANs, no users will be able to join the other WLAN on the 600 series at that time. This limit does not apply to the local private WLANs that the end user configures on the 600 series designed for personal use and clients connected on these private WLANs or on the wired ports do not affect these limits. This is from the Configuration Guide for teh 600 series Office Extend AP. Is this count per AP or total per WLC? If I have 10 APs deployed to our remote users, can each AP support two simultaneous users? Would I need to use separate WLANs for each OEAP?
View 8 Replies
View Related
Jun 17, 2012
Flex 7500
Software Version: 7.2.103.0
I have a Flex 7500 with 200 1142AP's working fine in remote office and local setup. We have since purchased 3 OEAP 602's and looking to distribute to teleworkers.
I have configured the OEAP to point to the NAT'd IP of the WLC, the OEAP does connect and is listed briefly in the WLC wireless listing but I am not able to make any configuration changes, it will then dissassociate and try the join process all over again. I have attached below the OEAP 600 event log. I see that the WLC does not support data DTLS encryption and looking to make this work.
I have tried to install the DTLS license file from the Cisco website, but says license failed to install, with no other errors.
*Jun 18 15:18:43.938: Build version 7.0.112.72 (compiled Feb 3 2012 at 01:56:39, [L]).
*Jun 18 15:18:47.859: CAPWAP State: Init.
*Jun 18 15:18:47.860: CAPWAP State: Discovery.
[Code]....
View 2 Replies
View Related
May 21, 2012
I have established dual-rlans on different segments.I have a 2960g switch. I created vl2 (management) and vl3 (data).I connected rlan1 (port4) to vl2 and rlan2 (port3) to vl3.My laptop receives a dhcp address on vl3 and the switch (in dhcp mode) receives it's proper address on vl2.Unfortunately a MAC is assigned to each vl and to the management interface. Thats 3 out of the 2 sets of 4.
So a managed switch is NOT the desired device to have on the back side of an OEAP600.In any case doing a show mac address-table revealed that all the vl2 MAC addresses were duplicated on vl3.To the tune of 216 addresses. 108 in each vlan. Which is a close match to the current host counts for each segment 98 + 18.Obviously this application is not what was envisioned by the OEAP team during work-up.The goal of 4 host devices on the rlan is proving difficult to achieve.The client wants 2 pc's and 2 digi-port servers.
View 1 Replies
View Related
Dec 9, 2012
Does the AP is able to configure 2 public ip address of the DMZ-WLCs?
like ip 1.1.1.1 in my US data center, whereas a second ip 2.2.2.2 in my EU data center?
View 5 Replies
View Related
Feb 18, 2013
What's the least expensive way to enable Guest Network authentication in a network with WLC 4404 controllers and no WCS? Management would like guests to register with a valid email address and enter a 'password du jour' to keep unauthenticated users from chewing up bandwith with automatic connections.
View 4 Replies
View Related
Mar 15, 2012
I have two 5508 and a few hundred 1142 in our internal net. Now I bought some OEAP 600 to do tests in some small branch offices, but I would like to enable AP policies with MAC filtering to block that anyone else can connect an OEAP through our firewall. If I enable 'Accept Self Signed Certificates (SSC)' and 'Authorize MIC APs against auth-list or AAA' as suggested in Cisco document 'Aironet 600 Series OfficeExtend Access Point Configuration Guide', will that effect only my OEAP 600 or will I have to also include the MAc addresses of my internal 1142?
View 2 Replies
View Related
May 16, 2013
I am new to Cisco wireless solution and would like to ask how to add the AP to the WLC properly. All Cisco 1041 and Cisco 2500 WLC are new. I connect those AP and WLC to the switch without any VLAN tag and the AP can gain the IP address from our DHCP correctly. However, the AP 1041 could not join the WLC successfully.
WLC: Cisco 2500
IP Address: 192.168.1.225
version: 7.4.100.0
View 5 Replies
View Related
Mar 24, 2013
Our offcie use WLC2100 Series controller with AIR-LAP1031 and successfully join and running. Now i am trying to replace one ap with AIR-LAP1041N and join with WLC, but i can't and below the error message generate:
[code]....
View 2 Replies
View Related
Jul 10, 2012
I am trying to set up a Wireless network a WLC hosted on an SRE module in a 2911 router. I think i have most of my bases covered but there is still one problem.
My LAP1131AG AP's won't join the controller, on the AP im am seeing this:
Translating "CISCO-LWAPP-CONTROLLER.test.local"...domain server (192.168.250.10) [OK]
[Code].....
But to my knowledge an LWAP AP schould be able to join a CAPWAP WLC
View 2 Replies
View Related
Apr 8, 2012
WLC software 7.2.103.0
1. first problem: AP1252 can´t join on WLC. MAC was add on mac filter properly.
170Mon Apr 9 15:37:32 2012Mesh Node '2c:3f:38:be:53:ef' failed to join controller, MAC address not in MAC filter list.171Mon Apr 9 15:37:32 2012AAA Authentication Failure for UserName:2c3f38be53e0 User Type: WLAN USER172Mon Apr 9 15:37:32 2012Coverage hole pre alarm for client[1] 40:a6:d9:ef:87:68 on 802.11b/g interface of AP 2c:3f:38:bf:0c:80 (AP2c3f.38bf.0c80). Hist: 46 7 5 4 2 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0173Mon Apr 9 15:37:32 2012Coverage hole pre alarm for client[1] 8c:7b:9d:05:a0:67 on 802.11b/g interface of AP 2c:3f:38:bf:0c:80 (AP2c3f.38bf.0c80). Hist: 50 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0174Mon Apr 9 15:37:30
[code]....
Several APs can´t join on WLC and all are added on MAC filter, but they are showing this messages.
2 . Second problem.: Operational Status = UNKNOWN
Some Access Point are in UNKNOWN status. I tried but I can´t do the reboot. I can access Web config the APs using WLC, but when I applied the reset, it wasn´t working properly.
View 2 Replies
View Related
Jun 10, 2013
I'm new in installing WIFI, I have WLC 2504 using 7.4.100.0. I have AP 1600 (AIR-CAP1602E-E-K9)
I installed the WLC and AP in a cisco poe switch, wlc and ap are in the same subnet and can ping ap from WLC, but the AP cannot join the wlc. i have this error message
(Cisco Controller) >show ap join stats detailed 00:06:f6:d6:03:f0
Sync phase statistics
- Time at sync request received............................ Not applicable
- Time at sync completed................................... Not applicable
View 15 Replies
View Related
Jan 31, 2013
I have converted ap 1131 from autonomous to lwapp successfully by using upgrade utility tool but the AP does not join the WLC 2106. I can see it as a neighbor on the switch with no IP address.
View 19 Replies
View Related
Jun 29, 2011
My WLC running 6.0.182.0 suddenly could not accept more than 47 APs! Ihave a 1240 trying to join but failed with no obvious reason (no special errors in debugging).
I unplugged one of the joined and the first one joined!! I replugged the second one but could not join!! I unplugged the first one and replugged the second one: the second joined the controller but the first could not associate again!
View 4 Replies
View Related
Jan 24, 2011
I have a 4400 WLC for 100APs running the 7.0.98.0software version. Now, only 48 APs are joined, and the WLC dont accept new joins. The log below are from my WLC but appear for all others APs:
%LOG-6-Q_IND: spam_lrad.c:1440 Discarding discovery request in LWAPP from AP 00:3a:98:ae:e3:f0 supporting CAPWAP%LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1440 Discarding discovery request in LWAPP from AP 00:3a:98:ae:e3:f0 supporting CAPWAP%CAPWAP-3-TX_ERR: capwap_ac_sm.c:1966 Failed to transmit discovery response to AP 00:3a:98:ae:e3:f0%CAPWAP-3-ENCODE_ERR: capwap_ac_sm.c:2269 Failed to encode Discovery (code)
View 2 Replies
View Related
Jun 7, 2012
We have two cisco 1262 AP and a 4402 WLC, the AP cannot join the WLC. The AP gets the address from dchp
I cannot ping the AP address from the WLC, but i can ping the default gateway and other VLAN addresses.
I already read the info on the this link : [URL] Still our AP cannot join the WLC no matter what i have tried.
Setup
- VLAN setup on a Cisco 3560 48 port poe Switch
- tunk configured btwn the Gi Interface and the Management physical port
- WLC mode is configured for Layer 3
- AP Manager and Management are in the same Subnet
- Option 43 is configured for the with the AP Manager's IP address
- Opotion 60 is also configured with AP Manager's IP address
- the port connected to the APs are in the AP Manager VLAN
View 12 Replies
View Related
Mar 12, 2013
I have a problem in join my ap1130ag in my wlc 2504 i activate dhcp internel (172.19.1.50 ----> 172.19.1.60) in wlc and this wlc affected address for ap1130ag (172.19.1.51) wlc and ap1130ag is connected with switch 2960 (port 17,18) this port the switche is configured in trunk mod allowed all vlan then my wlc not detected ap1130ag?
View 4 Replies
View Related
May 20, 2013
i converted the C1310 to LAP using upgrade tool. but the AP is not able to join the controller i was not able to view SHA Key in upgrade tool, so i ran the "debug pm pki enable " on the controler to get it. i'm still not able to view SHA key.
here is the output of debug command
*spamApTask0: May 21 15:07:43.527: 88:43:e1:d1:fc:9e Received LWAPP JOIN REQUEST from AP 88:43:e1:d1:fc:9e to cc:ef:48:b3:23:ef on port '13'
*spamApTask0: May 21 15:07:43.549: sshpmGetIssuerHandles: locking ca cert table
[Code].....
View 3 Replies
View Related
Jan 16, 2013
I have some LAP1242 which by mistake were bought for Mesh. I am trying to convert them to LWAPP so what I did first was to convert them to Stand Alone then to LWAPP but I cannot get the AP to join the WLC and sends several error logs.
I attached some logs taken from AP and WLC so that you can figure out what's going on.
I wonder if I have to remove anything from flash either on SA or LWAPP mode (I know that in some cases you have to delete privete-config in order to avoid the AP taken previous configurations). By the way I think I had never seen this c1240-k9w8-mx.124-25e.JA2 on an AP IOS before, I wonder if it has to do with the mesh thing.
View 27 Replies
View Related
