Cisco Wireless :: OEAP600 And Remote LAN Anchoring?
Nov 10, 2012
how to configure anchoring on a 'remote lan' wlan for the OE-solution?
That's my setup:
- DMZ:
2504-CTR with code 7.3.101.0
- Internal
5508-CTR with code 7.3.101.0
I've configured two WLAN's and anchored it to the internal Controlller => everything works fine? I also want to use the Remote Lan Port on the OEAP600. I've created a new WLAN on the DMZ-CTR and choosed Remote Lan from the drop down menu. On the internal CTR I've created also a new WLAN, choosed Guest Lan from the menu and mapped the egress-interface to an existing Wired-Interface.
When I now want to configure the anchor on the newly created remote lan on the DMZ-CTR, the problem is, that the menu is only showing 'remove', there is nothing with 'mobility anchor' or something like that.So how can I create the EoIP-tunnel for the remote lan?
View 9 Replies
ADVERTISEMENT
Feb 5, 2013
Can I get access on the WAN Ip from an oeap600?I can't connect trough [URL]
View 3 Replies
View Related
Mar 11, 2012
I am running 5508 wireless controllers. I pass along another agency's WLAN across my wireless network that is anchored to their older 4402 controller.
I wish to run the new 3600 series APs and am planning on migrating to NCS and the new 7.2 code.
I know that the older 4400 series controllers will not handle the newer 7.1 or 7.2 code. However, i still wish to maintain this anchor relatiosnhip with the older 4402 controller. I need to know if this will work or not.
View 2 Replies
View Related
Sep 12, 2012
We have two ASA 5500 series Firewalls running 8.4(1). One in New York, another in Atlanta.They are configured identically for simple IPSecV1 remote access for clients. Authentication is performed by an Radius server local to each site.
There are multiple IPSec Site-to-Site tunnels on these ASA's as well but those are not affected by the issues we're having.First, let me start with the famous last words, NOTHING WAS CHANGED.
All of a sudden, we were getting reports of remote users to the Atlanta ASA timing out when trying to bring up the tunnel. They would get prompted for their ID/Password, then nothing until it times out.Sames users going to the NY ASA are fine.After extensive troubleshooting, here is what I've discovered. Remote clients will authenticate fine to the Atlanta Firewall ONLY IF THEY ARE USING A WIRED CONNECTION.
If they are using the wireless adapter for their client machine, they will get stuck trying to login to Atlanta.These same clients will get into the New York ASA with no problems using wired or wireless connections.Windows 7 clients use the Shrewsoft VPN client and Mac clients use the Cisco VPN client. They BOTH BEHAVE the same way and fail to connect to the Atlanta ASA if they use their wireless adapter to initiate the connection.
Using myself as an example.
1. On my home Win 7 laptop using wireless, I can connect to the NY ASA with no issues.
2. The same creditials USED to work for Atlanta as well but have now stopped working. I get stuck until it times out.
3. I run a wire from my laptop to the FiOS router, then try again using the same credentials to Atlanta and I get RIGHT IN.
This makes absolutely no sense to me. Why would the far end of the cloud care if I have a wired or wireless network adapter? I should just be an IP address right? Again, this is beyond my scope of knowledge.We've rebuilt and moved the Radius server to another host in Atlanta in our attempts to troubleshoot to no avail. We've also rebooted the Atlanta Firewall and nothing changed.
We've tried all sorts of remote client combinations. Wireless Internet access points from different carriers (Clear, Verizon, Sprint) all exhibit the same behavior. Once I plug the laptops into a wired connection, BAM, they work connecting to Atlanta. The New York ASA is fine for wired and wireless connections. Same with some other remote office locations that we have.
Below I've detailed the syslog sequence on the Atlanta ASA for both a working wired remote connection and a failed wireless connection. At first we thought the AAA/Radius server was rejecting us but is shows the same reject message for the working connection. Again, both MAC and Windows clients show the same sequence.Where the connection fails is the "IKE Phase 1" process.
-------------------------------------------------------------------------------------------------------------------------
WORKING CONNECTION
-------------------------------------------------------------------------------------------------------------------------
%ASA-6-713172: Automatic NAT Detection Status: Remote end is|is not behind a NAT device This end is|is not behind a NAT device
NAT-Traversal auto-detected NAT.
%ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user
%ASA-6-113005: AAA user authentication Rejected: reason = string: server = server_IP_address, User = user
[code]...
View 1 Replies
View Related
Mar 9, 2011
On wireless (lenovo tabletx61) I cannot connect through the intranet - no problem connecting through internet. When I manage to connect through intranet connection is dropped quite often.No problem connecting via Ethernet cables.
View 1 Replies
View Related
Jul 28, 2011
I have a remote site that has an AP running in H-REAP mode which connects over our MPLS cloud to a WLC, which has one interface on the "inside" network and one on our DMZ. The remote AP in H-REAP mode currently only runs our Guest SSID, but now I need to established an isolated VLAN.
Two of the hosts on this isolated VLAN, which is need to support some conference room devices, need to run on wireless and communicate with two devices on the same VLAN that are hard-wired to the switch.
Getting the wireless devices to connect remotely is easy enough by setting up an SSID that uses an IP subnet which one of the WLC's interfaces actually connects to...but can I do that for a completely remote IP subnet (i.e. one that the WLC does NOT physically connect to?). I'm not sure and I'm wondering whether that's the purpose of the "Remote LAN" feature...which is a very new feature.
View 3 Replies
View Related
Mar 29, 2012
I do have problems with remote management of a Wireless Accespoint WAP200.The WAP200 is connected to a router RVS4000 and works well..There are several nodes in the LAN, all static IP, all forwarded in the RVS4000..All nodes can be managed in the LAN as well as from outside..Exept the WAP200, from inside in LAN no problem, but from outside gives a 404 return.I build other similar LAN's, but the same, no connection.
View 8 Replies
View Related
Sep 16, 2012
I am having trouble getting DHCP working for a site connected using Flex Connect. Here is my setup. I have a single 5508 Controller at one site using the 10.3.0.0 network. All AP's at that site are in local mode and use the local DHCP server, 10.3.0.2. Everything works fine there. Each site uses a different SSID as well.
At my second site, 10.4.0.0, all AP's there connect back to the controller at the site above and are in Flex Connect mode. The AP's work fine and the clients work fine there but they get an IP address on teh 10.3.0.0 instead of the 10.4.0.0 network. If i setup the SSID at this site to override the DHCP server settings and tell it to use 10.4.0.2, which is our local DHCP server, the clients don't get an address at all.Is this simply a matter of setting an IP Helper address on the router where the WLC is located or is there more to it than that?
View 4 Replies
View Related
Mar 14, 2011
We have a WAP2000 that supports a few wireless users in a shop environment. Users authenticate using RADIUS. Users connect without issue and can browse the Internet.
The main local network uses a Cisco 800 router to connect to the Internet via DSL and there is an IPsec VPN tunnel to our main office.
When a user is connected to the network via a wired connection, all systems work as expected. If they are on wireless, they cannot connect to services at the main office. They must make a PPTP VPN connection for applications to function.
The WAP2000 has the latest firmware 2.0.4.0. It has a static IP on the local subnet.
View 2 Replies
View Related
Nov 8, 2011
I have been asked to setup wireless and we have purchased WLC 5508 and 1142 APs.We have several remote sites and a centralized WLC. The requirement are to have a common SSID (Corporate) advertised across all the remote sites and have that SSID locally switched, and have another two SSID Guest and Mobile tunneled back to the central site (WLC).I want all the wireless (Corporate) clients to use the same subnet as the wired clients at each remote site, the IP assigment will be done by a DHCP server at the central site. The Guest and Mobile users will use a common subnet each across all the site and this will also be handled by the DHCP server at the central site.
I have enabled H-REAP with Centralized Authentication and Local switching but I'm not sure about the second part which is to have a common SSID (Corporate) across the remote sites and localy switched whilst having the other two SSIDs tunneled back to the WLC. Cisco TAC told me to configure dynamic interfaces for each of the remote site but then he said I still wouldn't be able to switch the Corporate traffic localy if I use a different subnet to the wired subnet for the wireless clients.
View 12 Replies
View Related
Apr 17, 2012
I have 3 AIR-CAP3502I-E-K9 AP’s on my network now. Its connected directly to a cisco L3 switch now. and through a WAN link it communicates to a cisco 5505 WLC at remote head office (flexconnect).I want to install a low end WLC on my office, so that incase of the WLC fails at head office, still the clients on my end able to connect to the AP .So which of the following models are support for the AIR-CAP3502I-E-K9 APs ? and can that’s WLC talk with the other one at head office(WLC 5505) ?
View 1 Replies
View Related
Apr 16, 2012
City A is the data center with 2 WLC (CT2504-K9) and a number of AP. City B is a branch with MPLS between A and B. Right now the APs at City B has joined the controller. Users at B is getting ip's assigned from DHCP at City A. How do I configure the WLC so users can get ip's assigned from DHCP server present at B. Option 43 is enabled.
View 2 Replies
View Related
May 3, 2012
I'm essentially looking to extend an existing network in a primary warehouse for our company across a parking lot to a secondary warehouse with no network drops. I need to keep the ability to assign addresses in the existing scheme over to two computers in the secondary warehouse.
View 1 Replies
View Related
Jul 29, 2011
I'm facing a problem with the Cisco 1522 AP at the remote site every day that it takes about 2 hours to join the WLC, is there any way to minimize the time that the mesh 1522 AP takes to join the WLC?
View 2 Replies
View Related
Mar 10, 2013
deploying a DMZ wireless controller and I have a question regarding remote wired LANs. My 602OEAP APs support 1 or 2 of their LAN ports as being accessible across the DTLS tunnel.This works fine when they register across internet right to my internal WLC. However, now that I'm implementing a DMZ controller for this purpose, how will this work? I dont see the option for the Remote Wired LAN to be linked to a mobility anchor.Some of my users have printers connected to the LAN port on their 602OEAP and I need to maintain this functionality once I move their APs to the DMZ controller.
Software versions: 7.4.100.0
DMZ Controller: 2504
INT Controller: 5508
View 6 Replies
View Related
Jan 7, 2013
I have a existing wireless setup of 4400 WLC with some AP's connected remotely,now i am migrating the whole setup to the new WLC 5500. All the AP has been registered to the new WLC 5500 except the remote location AP's.As there was no option of giving IP address in GUI of the controller in 4400 WLC, i have changed the controller name and restarted the AP, but even though it is going back to the old controller.
View 15 Replies
View Related
Mar 11, 2012
I have a setup like this:
A central WLC 5508 running code 7.2 with management vlan 10 ( range 10.10.10.0/24), corp-user vlan 100 (10.11.10.0/24) with WPA2 key, guest vlan 200 (192.168.0.0/24, on local dsl modem) with WPA2 key...
A remote WLC 5508 with code 7.2 with management vlan 10 (range 10.20.10.0/24), corp-user vlan 101 (10.21.10.0/24) with WPA2 key and guest vlan 201 ( 192.168.0.0/24, on local dsl modem) with WPA2 key
corp ssid "Corp-user" on both sites
Guest ssid "Guest" on both sites
Intention is that the AP's (3500) on the remote site should fail over to the central WLC in case of any failure on the remote WLC and that the users could remain in their local vlan.
What kind of configuration would make this work?
View 8 Replies
View Related
Jan 2, 2010
we are in the midst of designing a wireless Mesh AP solution for our customer.
Customer Requirement:-
1. Customer wants to deploy REmote MEsh APs (1500 Series) with a centralized 4404 Controller at HQ site.
2. The Remote and HQ site is linked thru a leased line with 2 routers in between
Based on cisco's document REAP and HREAP is not supported in LWAPP Mesh APs. So if the Mesh APs were to be deployed at Remote sites (3 total). How this be achieved?
View 4 Replies
View Related
Jun 2, 2013
We have a 5508 with 7.4.100.0 vor Internal APs and OEAPs. till now every thing is ok. Now we have to connect an AP (local) in a remote office, connected to the WLC by a VPN Tunnel. The problem is that the AP in the remote office uses the NAT Address to connect to the WLC, so the traffic goes over the Internet, not trough the VPN Tunnel. On the controller I have the following setting:
AP Discovery - NAT IP Only ................. Disabled
On the AP:
AP Link Latency.................................. Disabled
How to force the AP to use the internal IP Address of the WLC?
View 7 Replies
View Related
Mar 18, 2012
I am in the process of turning our autonomous wireless network into a centrally managed lwapp network. We have a new 5508 with 1140 series APs which will be distributed in three locations nationwide.
My manager saw a presentation that showed the AP just getting plugged in and all of its configurations were downloaded. Right now I am able to get basic global information to install on an AP in the local network but I feel I am missing something. If I have three locations using different IP schemes (eg: 10.0.1.0 for A, 10.0.2.0 for B and 10.0.3.0 for C), the remote locations are getting their DHCP info from the routers.
Is there a way based on location/IP that the APs associate themselves with the correct WLAN or AP group? How much can I automate once the AP discovers the controller? I am reading the manual and searching the web but information is a bit vauge on this. My plan is if an AP fails in a remote location, all I need to do is ship a new AP out to be replaced and when the AP is added to the network the firmware and other information is downloaded and is then ready to be accessed with minimal configuration on the controller end.
View 4 Replies
View Related
Aug 3, 2011
keep getting this message from my firewall:A port scan was detected. Local IP:192.168.xxx Remote IP: 192.168.1.xxx. Protocol: UDP.Action Taken: BlockedWhat does this mean?!!? And what effect will it have? Simple question for pro's.
View 2 Replies
View Related
Oct 12, 2012
I suspect that he did something and gained remote access to my computer.I found out about it when I checked my wireless connections on my router and found his name on the network : Steve's - Iphone and a couple of unfamiliar connections. I then opened my task manager and ended some tasks I thought were possibly infected. When I went back to the wireless status, the unfamiliar connections disappeared.
I use Norton firewall + kaspersky internet security and my virus definitions have always been up to date, but I cannot detect anything. I also set my options to permit only MAC authenticated computers and changed my wireless WPA/WPA2 key, but every time I turn my wireless on, this guy somehow is connected to my network. [code]
View 4 Replies
View Related
Apr 18, 2013
I've just installed NCS. When trying to configure NCS for ACS Tacacs+ authentication, I receive the message below when trying to login to NCS. ACS records my login in the 'passed authentications' log. I am using ACS 4.2."No authorization information found for Remote Authenticated User. Please check the correctness of the associated task(s) and Virtual Domain(s) in the remote server". I used the following link to configure ACS for NCS, url...
View 3 Replies
View Related
Jul 8, 2012
I have been tasked with setting up a guest wireless network for a remote office. They would prefer that the guest network be on a different VLAN than the trusted network, and they want to use a different outside IP address for the guest network.
I am trying to figure out how to configure the ASA so that it supports two different LANS, each with it's own outside IP address. Is this possible?
View 7 Replies
View Related
May 29, 2013
While trying to connect to WiFi at remote sites APs, the connection is getting time out.User are getting error as 'Unable to connect to <WiFi-SSID>' The APs at corporate office are functioning properly and user are able to connect to the APs.
Wifi Controller: 2504 Software ver: 7.3.101.0
Authentication 802.1x
View 7 Replies
View Related
May 15, 2013
I am trying to troubleshoot my own router (Linksys) issues with using Lync and accessing some sharepoint sites that are internal to my company's network. I am connecting to the Internet using a Linksys router (WRT400N). When I have my work laptop using RESCUE GFE hardwired directly to the modem - and then connecting to VPN - I can connect to Lync and work normally. However, when I move connection via the router - I can no longer connect to Lync nor access some Sharepoints. I can access VPN fine but with Lync I get an error stating "Your Lync account does not allow access from outside your organization's network. Please connect to your organization's network and try again. However, I am connected via the VPN.this connection worked with a prior laptop using WinXP (I am no on Win7) and the connection thru router and using VPN worked with Communicator.I unfortunately had to reset my router - so I cannot recall if there were port settings established from the last time I had to set up the network. I didn't save the configuration; note to self - save configuration in future.
View 1 Replies
View Related
Mar 23, 2010
Even when I disable remote access, people still can get to my router login by typing my external IP. Is there anything I can do to stop this?
View 5 Replies
View Related
Mar 30, 2012
I have a small issue with Remote Management on my E4200v2.I have enabled it , select https and set Allowed Remote IP Address to any on the default port ( 8080 ).After all of this, I cannot connect to my router from my office or any other place. I'm using DDNS and all its ok ( updated at time ). I've tried also connecting to my direct ip address ( dynamic ) but with no result.P.S. no incoming log from port 443 using https.
View 3 Replies
View Related
Nov 29, 2011
I'm using a Linksys WRT54G in my home and I have it set up to allow me to connect remotely (VPN and RDP) from work. I do this every day and it works perfectly. The problem I'm having, though, is that every morning it doesn't work until my wife wakes up her laptop. After that it works fine, whether her laptop is on or off. It behaves as if the router is "asleep," and when she generates some local network activity, it wakes up, thus allowing me remote access.
I believe it's a router issue and not a computer issue because not only does it affect VPN and RDP, but even the router's remote management interface is unavailable until this happens.
Some more details about my home setup. I have a fixed IP address assigned to me by my ISP . All computers connect to the router wireless VPN and RDP is routed to a desktop computer running XP SP3 that is always on (it never goes to sleep or hibernates)The router is enabled as a DHCP server (192.168.0.2 thru 11)The desktop computer is set up with a fixed IP address (192.168.0.100)The router is set up to forward VPN and RDP traffic to the desktop . Here's some screenshots that may be useful.
Basic Setup Port Range Forward Management
Pretty much every other setting is defaulted. Like I said at the start, my setup works perfectly and I'm very happy with it. I just can't figure out why every morning it doesn't work until my wife uses her laptop?
When I'm at work, hers is the only computer on the local network getting assigned an IP by the router. Until she turns on her laptop, the DHCP client list is empty. Could it be that the router needs at least one connected device assigned an IP by its DHCP service in order for it to receive external connections?
View 6 Replies
View Related
Jan 14, 2013
We have a 5508 controller in main site.Which has two ports connected to local network.Management VLAN 500 is untagged and mapped to Port 1.All other interfaces are including 501 to 507 are mapped to Port 2.We have a SSID that is mapped to VLAN 501 interface , which successfully can be joined in main site.We connect an AP to remote site ;We have a remote site VLAN 115 which can be reached from main site.We connect an AP to access vlan 115 port on the remote site , we had described option 43 , so AP can successfully finds controller in local mode.
AP gets ip from VLAN 115 , can setup connection / ping controller successfully.There is a wide area connection between remote and main site.No trunk setup , the whole remote site is vlan 115.However when the client is trying to connect the test SSID , client cant get connected nor get ip address.Local switching is disabled.For this setup , client comes to AP as a requested , AP tunnels traffic to controller from vlan 500 , controller lets the client get into wired platform from VLAN 501.
View 25 Replies
View Related
Jan 31, 2013
When I try to enable remote management on my Linksys E3200 I get an "illegal value" message. Is there something else I need to change
View 2 Replies
View Related
Aug 11, 2011
how to setup the E4200 so that I can access the media server when I am in office? I was browsing on the Cisco website and unable to find it.
View 8 Replies
View Related
Aug 25, 2012
I want to be able to login to a router remotely and foward a port on the router. I thought i saw a spot for remote management but don't know how to use it. I have a dyn account and can create a dns for it.
i setup security dvrs on the internet so clients can see cameras from outside their homes. I would like to be able to login to a router if i need to foward a port or something similar.
View 1 Replies
View Related
