WCS is reporting few AP's are not associated with it. While troubleshooting, AP conneceted switch interface shows UP/UP and show power inline output gives IEEE PD instead of AIR-LAP1131AG-E-K, after doing a shut/no shut on AP connected interface. Later after sometime AP comes up.
I have a WLC 4402 with many APs connected. Most of the APs are LAP1121 and LAP1131 and are working using 802.11b/g. I tried activating 802.11a but for some reason its not working. I see under the Monitor tab that the AP's "802.11a" interface is "down". I have enabled the radio under the "Wireless" tab. Under all the "WLAN" I have enabled all the radios but still not working. 802.11a" interface is still "down".
The AP Model is AIR-LAP1131AG-E-K9 meaning "ESTI" regulation. Under "Country" I "checked" IL.
I've a 2106 WLC and the software is upgrade to 18.104.22.168. There are 3 APs with external power adapter work normally on it. Here is the problem: There is another AP with external power adapter has join the the WLC successfully. But it can not enable the radio 802.11b. Following is the error message on CLI
(Cisco Controller) config>802.11b enable AP001d.a1ef.b5f4 Cisco AP has not enough in-line power to enable radio
Since few days the WLC 2100 series controller and 3x LAP1131AG are getting disconnected and the controller gets offline via the local ip address. At that point I have to reboot. To get anywhere and after I connect wirelessly to the AP before I know it it disconnects. It worked for 3 years straight no fuss. And now nothing. I reconfigured the WLC 10times and no diffference.
I have a customer whom has six LAP1131AG-K9 but no controller and they are interested in one of the new 2500 series, specifically a AIR-CT2504-5-K9 with a 5 AP add-on license to bring total AP capacity to 10. I can't determine clearly if this controller will work for these older AP's prior to them making the jump to 802.11n via the 3500 or 3600 series, looking to the community to confirm.
I have a problem with the return path of NAT'd traffic on a Cisco 877W router. Here's the network setup:
gatekeeper1 (192.168.0.1) is a Cisco 857gatekeeper2 (192.168.0.253) is a Cisco 857gatekeeper3 (192.168.0.251) is a Cisco 877W The default route is 192.168.0.1 on all devices, however there are some static route defined so that traffic to certain IP addresses bounce off to 192.168.0.253 and use that Internet connection instead. This new connection is designed so that traffic aimed for a certain internal IP address (192.168.0.190) comes via this third internet connection in order to take the load off of the main line. NAT is all configured and appears to be working when .251 is the default route but as soon as I set it back to .1, the traffic appears to come in but doesn't go out again.
I've configured an ASA5505 to be Lan to Lan VPN tunnel endpoint, peering with a linux box. The ASA is full licensed so that side isn't an issue.PROBLEM:When the tunnel is initialised from the linux box everything comes up okay except the ASA isn't encapsulation any packets. It is decrypted the packets received from the Linux box okay but no return traffic is being encrypted.When the tunnel is initialised from the ASA, nothing happens.After some troubleshooting I've found that the ACL defining interesting traffic nor the ACL defining NO_NAT aren't being hit at all.
ACL for NO_NAT: access-list NO_NAT line 1 remark ACL USED TO DEFINE WHAT TRAFFIC NOT TO NAT OVER THE VPN access-list NO_NAT line 2 extended permit ip host PAMS_SERVER object-group LINUX-BOXES 0xc736d5fb access-list NO_NAT line 2 extended permit ip host PAMS_SERVER 10.11.228.0 255.255.255.0 (hitcnt=0)
I've checked with the administrator of the linux box and the definition for interesting traffic is exactly the same (except in reverse as should be the case).The firewall is doing other things like NATs and such like too but those NATs have nothing to do with this VPN. The setup is a LAN to LAN connection with no natting in between.The main parts of the config are attached, i've deleted things that should have a bearing on this however if you think it necessary i can sanitise the config and re-post. I think it will be working fine as long as the traffic hits those ACLs, however they're not and I'm unsure why.At this time i'm not seeing anything at all when doing an debug cry ipsec or debug cry isa. The ACL's aren't being hit so i'm guessing it's not even trying to form the VPN as it can't see any traffic that constitutes being 'interesting'.
We have about 70 AIR-1131AG-A-K9 APs that were installed about 5 years ago. The controller we use is a 4404 WLC, with software 22.214.171.124. This provides us our wireless network. We use Cisco switches as access, distribution, and core switches.
We have two guest networks, one for visiting physicians and another for patients and their guests. Each of these guest networks use a 4402 WLC as an anchor controller, with software 126.96.36.199. They use the same APs as our business network.
According to my understanding of the guest networks is that a tunnel (I don't know if it is encrypted or or encapsulated) is created between the APs/Guest WLAN to the anchor controllers, so this guest traffic is isolated from our business traffic. Futhermore, these guest controllers connect directly to our firewall, which only allows them access to the Internet, and not our Internal LAN.
Our Problem ========================= Well, we've been having problems with our wireless system, specifcally with patient guest access. It has gotten bad enough that they are looking to replace the Cisco APs on the south side of the hospital. We've been told that "you can get better guest access at McDonalds" : ( . I think part of our problem is that our controller code is so very old and we are have a our patient guest network open and "restrict" the number of clients attached to it by limiting our DHCP scope. The biggest complaint we get regarding the patient/guest wireless is people saying "I can't connect to the wireless", which we almost always identify as an issue caused by us running our of DHCP leases (we have about 200). These DHCP lease are used quickly, by an devices that comes into range that is set to automatically connect to any network that is in range. A lot of our staff is connected to our patient guest network and don't even realize it.
We are interested in Meraki APs because they are magaged using a cloud controller (we won't have the added expense of another controller) and they seem really easy to manage. Our biggest concern regarding Mearki is security. They make use of NAT, a Layer 3 firewall, and LAN isolation (a firewall rule that only allows clients Internet access) in each AP as a means of isolating the guest traffic from the business traffic. Does this seem like a secure way to accomplish this or are the Layer 2 tunnels that Cisco and from what I've been told recently Aruba and Juniper make use of a more secure approach?
We've been working with a Meraki vendor, who also happens to sell Aruba and Juniper wireless networks. It seems like don't suggest Meraki if we are concerned with security. They said they are good for situations where you have many geographically seperated sites. They suggested we use Juniper and Aruba, specifically because they use Layer 2 tunnels and that they used technologies like clear air (APs self adjust channels and power, which Meraki claims to do too). I thought that, hey does Cisco that too, why wouldn't we just go with Cisco if those are your selling points for Juniper and Aruba?
I have 10 AIR-LAP1131AG-A-K9 connected to a 4402 controller. I have a couple of questions:
- When I go into CONFIGURE/ACCESS POINT, one of the AP's has the message "**Configuration is different on the Device**". How do I connect directly to the device to check the settings? I tried to telnet but that didn't work.
- Are these access points capable of acting as a DHCP server? If so, where can I check this setting? I have workstations that are unable to pull an IP address from my DHCP server running on a Windows server. I want to make sure the AP's and/or the controller are not the issue. The clients see the SSID and the signal is strong, but when they connect they get limited network connectivity message and the IP addr is 169.254.97.123 (which is wrong).
I've just bought a ASA 5505 to project my LAN. I've already use Cisco router in the past but it's the first time with ASA line.Everythings work except one major point, the return traffic is blocked by the system… I don't really understand how the zone based firewall is supposed to work but it seems OK by default, my LAN side is allowed to talk with the Internet but Internet is not allowed to directly call my LAN. The NAT is setup to use the IP of my outside interface.When I try to ping a public server, the ASA debug log show me that the communication can go out the network, with the good translation, then go back to the ASA from the public server and here, the ASA block it because the communication is not allowed.I've only found two workaround:
-allow inside trafic with static rules, and I say NO ;
-disable the zone based feature by settings all zone to the 0 level…
How I'm supposed to make my state-full firewall work with zone based feature?
I have an IPSec VPN and NAT configured. Return traffic from an internal NAT host seems to be blocked by the WAN inbound ACL. What is the proper way to allow return traffic from the Internet for this internat NAT host? Note: As a test, removing the deny entry on the WAN ACL allows return traffic.
I changed from a Linksys E4200 to a 5505 and when I use trace route, it doesn't return a DNS name for each hop. I can see the hops shown as asterisks. Do I have to add something to inspect for this to work?
At one of our locations we are experiencing some problems getting connected to our wireless networks.
It is possible to sit right next to an AP (AIR-LAP1131AG) and only have limited access to the network.
I have attached a snapshot from inSSID from the wireless networks in the area. All of them are broadcasted by our controller and I can´t figure out how it is possible to see SSIDs in other channels than the ones in the 2.4GHz band (11-14)?
Recently, I have had issues with several Internet browsers. All, return with cannot locate remote server issue. I've flushed the DNS through command, and have turned on/off the firewall, reset the network connections, reset the router, uninstalled mozilla, IE, chrome, and opera, and still haven't been able to get any resolutions. I have a bare minimum connection at the moment.
I returned to work and found a note that my Outlook and Windows password had been changed during the night by the IT department. Why would they need to change my password? Are they monitoring my work somehow.
I am having touble with a NAT concept. What I have is a 3rd party software VPN product that basically tunnels encapsulated traffic to/from a server sitting inside the network. Right now this traffic utiluizes a physical interface on the ASA5510, but I need the interface for another project.
I have a WRT160N and a WAP4410N but can not get WAP function as a repeater. I have already put as Wireless Client / Repeater and Wireless WDS Repeater. I notice they are both with the same settings security. View attach file.
We have got 3 Cisco APs 541N with firmware version 9.2.2 and want to set up the cluster function for those APs.Here is the problem:Before enabling the cluster you can ping all three APs located in the same local network with a delay of 1ms or below.If the cluster is enabled the pings for one AP rise above 200 ms in a random way (see attached file).Moreover users connected to that AP are more likely to lose the connection or experience delay.Do the APs communicate through LAN or WLAN ?
i have internet srevice working with my wireless usb stick or ethernet wire from my gateway modum. in device maneger i have network adapters listed and a question mark before network controller. windows auto update lists no driver avalible for it, and i would like to know it function/purpose?
Was having problems with my router, thought I could figure out how to fix it myself, and ended up screwing it up more. Right now everything somewhat works being wired. Xbox Live is a little spotty. Have never had a problem with it before. I have done all the resets, factory resets, hard resets, and any other names. When I attempt to enter any sort of IP addresses, default Belkins and ones I see when viewing ipconfig, all it does is perform a Google Search with the numbers.