Cisco Wireless :: WLC 4404 Authentication Of Devices To Wi-Fi Network
Aug 2, 2012
I'm facing a problem related to devices authenticating to our wireless network. Below are how it is setup:WLC 4404 pass authentication to ACS 5.3 (PEAP + MsChapV2) then to AD server.Client can get stock in this status and it keeps repeating from 1 to 20.
What's the least expensive way to enable Guest Network authentication in a network with WLC 4404 controllers and no WCS? Management would like guests to register with a valid email address and enter a 'password du jour' to keep unauthenticated users from chewing up bandwith with automatic connections.
we have acs 4.2 as our radius server, and 2 wlc 4404 with a wism2 for our wireless network. we have 2 SSID network, lets call them SSID A and B. A have a more restricted access to server than B.PEAP machine authentification is authorize on both network, to let our users laptop connect before the user login, this enable us to have our computer gpo deploy before the user logon, or have network access to authenticate a user to our directory if he had not logon previously on the laptop.
Users from group A can't logon to SSID B, they can only logon to SSID A, but we have some clever users from group A who have change they wireless setting to only send machine authentification (this can be done in the advance setting of a wireless network in windows 7) to connect to SSID B
We can't force the wireless config by GPO because we don't have an ad 2008 domain, we are still in 2003 soo we can't change the gpo for windows 7 wireless setting . I can't force user to require machine authentification and user authentification because we have a lot of ipad and iphone, and other mobile device that connect using only their user credentials.Is there a way I could configure this without having to disable machine authentification for SSID B?
I work for a school system and we are currently entertaining the idea of BYOD. We have a Cisco 4404 controller and what I would like to do in order to prepare for BYOD is to create a wireless network that can be connected to with AD credentials. So basically, on any device, when users try and connect to this specific WLAN they will be prompted to put in their AD username and password to get access, that’s it, no other passwords. I will be using the Network Policy Server role in Server 2008 R2 as my radius server. how to actually set up the policy within NPS for this type of authentication. Also, on the controller side, am I basically just setting up the WLAN and then setting up the authentication server on the AAA Servers tab for security? Leave Layer 2 and Layer 3 tabs blank if I only want to use AD credentials?
I got a WLC4404 running software version 5.1.151.0 with 40 LWAPPs (mostly 1242AG). We got new Dell Latitude E6500 Laptops with Intel 5100 NICs. After upgrading the bios to the latest version and installing the latest wlan driver, wireless is working the most time.After about 4 reboots I see the following message in the WLCs logfile: "Thu Sep 18 13:53:10 2008 AAA Authentication Failure for UserName:host/hostname.domain.name User Type: WLAN USER".After I disable the wlan-card, it's working again.
web authenticate users within a specific Active Directory Security Group. I tried to authenticate over Radius with Cisco Secure ACS and Network Access Restrictions. But NAR only works with Layer 2 authentication. And Web Authentication over LDAP can only be used with User Objects.
We are using acs version 4.2.0 build 124 on windows server 2003. Our domain controller has been upgraded from 2003 to windows 2008 R2.Now we are facing following error in ACS authentication for accessing our devices.Error: AUTH 06/09/2012 11:55:40 E 1810 3316 0x8f21 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)if we restarted services of ACS server then users get authentiated fine.
I have been testing WiFi devices such as the iPhones and iPads connectivity with the following setup:
1. 3502i AP 2. WLC 5508 SW 7.0.98 3. NGS
The i-devices have iOS v4.2
My goal is to have the guest user i-devices maintain the credentials (username and password) when they login again to the wireless network. Like if the device sleep, I think definitely they would loose those IP address issued by the DHCP. Once the guest user uses them again and connect them to the wireless network the user would not need to type-in those credentials on the Web Authentication page directed by the WLC.
The credentials are issued by the sponsor who created them on the NGS. It seems that there are WiFi problems with these i-devices. But somehow, I'm looking for a solution that would automated the logins like a checkbox if you want to be kept signed in, on Yahoo or Stay signed in for GMail.
The original network had a Zylex router, Netgear Switch. There was 2 pc's, one XP and Win 7. There is also 3 tills connected too. There is VPN network connected too. This emits a wireless signal to connect to a scanning gun and is also used to administrate the entire network. I was told by the Administrator of that network that it shouldn't interfere with the wifi network.
The job I was requested to do was to install 3 new wall plates as the Win 7 pc was using a Belkin wireless adapter. There was 2 put inside the office where the XP and Win7 pc's are located. The 3rd was just outside the office.
Now all the ethernet connections work 100%. The wifi is another story though. It will show up in the connect too, when you try connect it will disappear/no response from AP/connect then disappear, these are random too. No order to when each is error is displayed. Even when I put in another router the exact same issues happen.
I have tried to connect to both routers wifi when it wasn't plugged into the switch. Just the router's turned on with no cables plugged in separately of course, no joy same issue with both.
The original network had a Zylex router, Netgear Switch. There was 2 pc's, one XP and Win 7. There is also 3 tills connected too.There is VPN network connected too. This emits a wireless signal to connect to a scanning gun and is also used to administrate the entire network. I was told by the Administrator of that network that it shouldn't interfere with the wifi network.The job I was requested to do was to install 3 new wall plates as the Win 7 pc was using a Belkin wireless adapter. There was 2 put inside the office where the XP and Win7 pc's are located. The 3rd was just outside the office.Now all the ethernet connections work 100%. The wifi is another story though. It will show up in the connect too, when you try connect it will disappear/no response from AP/connect then disappear, these are random too. No order to when each is error is displayed. Even when I put in another router the exact same issues happen.I have tried to connect to both routers wifi when it wasn't plugged into the switch. Just the router's turned on with no cables plugged in separately of course, no joy same issue with both.
The wireless in our condo requires a user and password to be submitted via a browser to connect to the network. My bluray player does not give this option or have the ability. Is there a way to accomplish this? Is there a bridge or router that can make the authentication to the wireless in the building that I could then connect the blu ray to?
I have a Cisco WLC 4404 with version software 7.0.230.0 and it gived me a this logg
Oct 9 15:43:08 192.168.122.34 WLC_4404_CC: *osapiReaper: Oct 09 15:41:49.549: %OSAPI-3-FILE_OPEN_FAILED: osapi_file.c:370 Failed to open the file : /proc/895/stat.(erno 24)
I have a problem with MSE tracking client in my network.What we have:PI 1.3 with evaluation license (temporary)MSE 7.4.100 with 3k device licenses (hardware appliance 3355)WLC 5508 7.4.100.For now MSE is reacheble from PI and WLC, all setings are synchronized, NMSP status is active, mse assigned for maps and synchronized, on map we have 3 APs, but in Contex Aware tab we didnt see any tracking devices, all counts 0.
I recently added several devices to my wireless-g network: Xbox 360, an HTC Smart phone, and an old laptop my buddy gave me (in addition to the 2 desktops that were already on the network). Since doing this, I've had occasional buffering problems when streaming music or video, even when I'm only using 1 of the devices. I suspect that the Xbox (or maybe phone) is downloading updates in the background, even when it's turned off, and that is consuming bandwidth. Is there any way I can see a list of devices that are connected to the network and maybe even the amount of data being transmitted to/from each so I can find the culprit. when I play online, it says that my NAT settings are not open and that this makes it take longer to connect to other players. What are the risks involved in loosening the NAT restrictions?
I'm having constant lag spikes. I use DPC Latency checker [URL]On both my desktop (using PCI wifi card) and my laptop I have lag spikes. This is a screenshot of the spikes [URL]. Although it says its my hardware problems, I doubt its true, as it happens on both devices.
My laptop with Windows 7 64-bit is not being able to connect to the home wireless network. But other devises like iPad and iPhone and Mac laptop can connect to the same wireless network. However I can connect to the network if I connect my laptop directly to the wireless router using a network cable.I have tried upgrading the firmware in my wireless router but no luck. THis laptop had no problem before connecting to the same wireless network. But since I came back from the back home couple of days back I am seeing this problem. But my laptop can still connect to my my-fi devise wireless network. I have tried running the netsock commands listed in a similar thread in this forum but no luck.netsh winsock reset catalog netsh int ipv4 reset reset.log netsh int ipv6 reset reset.log
I have a Cisco 4404 WLC that is up, has green status light, the interfaces are showing activity. I see it connected to my Cisco 6500, (Sh port status) it shows connected and trunking,; I also see a lot of activity on the interfaces. Also it will not let me console in, I can console in on my other Cisco 4404 WLC's with out and issues, so I know my cables and configure are correct. The only change a I made today was the time zone. I noticed the time was off by a hour and noticed that the time zone wasn't set so I set it correctly. Shortly after that I saw the WLC go belly o up in my WCS. I tried rebooting the WLC several times without luck. Since I can not gain access via the console I can not really trouble shoot.
We have 2 4404 controllers running 6.0.x code. I have several SSID setup with different VLANS. When the clients associate they do not show the name of the AP they are connected to, is there any way to display the assocated AP name?
Have a WAP321 connected to a Cisco SG200-08P then connected to a Cisco 2901. The main wireless on vLAN 1 works fine. However, the Guest on vLAN 4 (Choose vLAN 4 as per the included docs so guests will be unable to see the production network) will not give an IP to any wireless device. Looking for documentation on getting the Guest radio working. The included documention for these 3 devices do not address how to get the Guest radio to work.Does vLAN 4 need setup on the 2901? Have just 1 internal port on the 2901.
I have recently deployed a wireless network using a WLC 2504 with 21 Light APs. All seems fine except that Apple Devices drop their connections every 15 minutes or so. A couple of minutes later they can reconnect but obviously something is wrong.
Recently, I have configured a small Wireless Network with Cisco 2500 WLC (25 AP License) running version 7.3.101.0 ,Total 15 APs were installed and associated with the Controller successfully.I have configured WLAN with WPA2-PSK.
I came across a strage issue, where all Android devices can't access Internet via Wireless.When I checked the Controller log, the Android devices (Phones, Tablets) are successfully authenticated and associated to the Wireless Network (They got the IP Address from the DHCP Server configured on the Switch) but they can't access internet.
There is no issue with Apple devices (IPhones, IPADs) and Wireless Laptops. Even the Apple devices and laptops getting IP Assigned from the Same DHCP pool configured on the Switch.
Any issue connecting just Android devices? All other devices connect fine.
Is there any limitation/configuration on the WLC which restricts the Internet Access only to the Android devices?
I have installed my new E4200 and it works beautifully. I have several wirelss adapters and a few wired connections through powerline adapters. I also have a second VPN router attached to the 4200.I can see the wireless connected devices with the associated IP addresses. If I plug a laptop directly into the Cisco, I can of course see it.However, I can see none of the devices attatched to the powerline devices? I have a securty cam connected via the powerline and want to know the IP address. I checked with cisco technical support via chat and they said it is impossible. I have used 2 previous routers with the same configuration and can see all devices.
I recently purchased a newer Netgear wireless router ($50 or so) to replace an old one because I was constantly having to reset it to successfully get an internet connection on my computer, my phone, and our wireless printer. Now, the computer and phone have no problems picking up the network, but I always have to reset the router to get the printer to pick it up.
Just upgraded my system. I am using D-Link 615 as access point hardwired LAN to LAN to ActiveTec MI424WR N capable Verizon Fios Wireless Modem/Router. The Fios Router is set up with WPA2 security. Intend on having three 615s as Access Points off of ActiveTec. Have a number of wireless devices accessing the network. Have followed instructions from manual to use 615 as Access Point, disabling UPnP and the DNCP Server function on the 615. My ActiveTec IP address is 192.168.1.1 and I changed the 615 to 192.168.1.50. I can type this IP address in my browser and get to the 615 set-up.
I have tried a couple different options in naming the SSID on the 615 set-up. If I name the SSID on the 615 the same as the ActiveTec router, when I go to Connect to a wireless signal where there is overlap, there are two signals that one can connect to, named the same SSID, the Fios is WPA2 secured and the 615 is not. Shouldn't these all be on one SSID? It seems that I have two different networks (different SSIDs) instead of one (rather than the 615 simply serving as an extension of the Fios router as a wired remote access point) with different security protocols (WPA2 and None). The SSID name almost seems meaningless. If I name the 615 SSID the same as the Fios router SSID or something different, I still have the option of selecting one SSID that is secure and one that isn't. If I try to connect to the SSID name associated with the 615 I can get on without providing a password.How do I make it so that one can walk around and go from one area to the next and seamlessly move to the best signal? I did read to select different sets of channels for each access point.
I am facing a strange problem in my WLAN Setup. none of my wireless clients are able to associate with Wireless LAN but when I delete and create a new wireless profile in WLC 4404 clients starts associating with WLAN. every 2-3 days I had to delete and create wlan profile. Is it related to IOS bug or any other problem? My Wireless LAN Controller image is AIR-WLC4400-K9-5-1-151-0.aes.
I have a 4404 with 3 SSID's configured on it. I only want all SSID's to be available on one floor in one building and not on any other AP's in any other building or floor.I thought the way to do it was via AP group but have not had any luck getting that to work. I setup a group for the AP's that I do not want all SSID's and then assigned those AP's to that group. However, I can still see all three SSID's where I only want to see 2 SSID's.
I have Cisco 4404 WLC with Image 7.0.235.0 We have one SSID Sup_Admin with following config. Which is getting the IP address from the interface pool “corp”.
WPA+WPA2 with AES and TKIP Auth key Mgmt is 802.1X
We are using Cisco ACS as radius server On the same WLC I have created another SSID Corp_Admin . Which also should get the IP address from the interface pool “corp”. Both SSID has the same settings ,but the second SSID is not working.
The story is that we recently upgraded our 4404 controller to the new 7.2.0.230 code. This upgrade was from 4.2.209 code. I would like to make the change to the Multicast setup so that It is multcasted and not unicasted.So I went into the controller and selected MULTICAST for AP multicast mode and entered in a multicast ip of 239.255.1.60 ( default choosen in the cisco howto's)I then test the reason for enabling the multicast and it doesnt work. The problem is that the Wireless HP printers setup to use Apples IPRINT are not able to be found. However, when I select the Multicast setting for the APs to be UNICAST the Ipads can find the Printers and print to them.What am I doing wrong with this Multicast setting? Do i need to add a Multicast address to the router?
WLC4404 - United States Software Version 5.2.193.0
where the new WLAN dosn't seem to be routing... but it's not related to name length (ours only 6 charecters). It's almost seems like the new WLC interface (interface2) isn't configured for the same subnet that it's plugged into, but it is.We actually have 2 WLANS. Alot of the original config was done before my time, between about 3 different people. The original WLAN config works fine, but part of the problem is the WLC4404 was configured our server VLAN, thus when a client gets an IP, they are placed on our main server VLAN. Our WLC4404 is connected to our 6509 in our Datacenter, and we have dozens of PTP T1's to our remote offices, which all have WAPs.On the WLC4404, I've configured a new interface on port 2, vlan404, and I have the new WLAN using that interface. The WLAN security is using WPA2, and authenticates via our ActiveDirector services, as well as handing out DHCP from our Windows DHCP server.
The client wireless PC is able to connect to the WAP, but unable to connect to anything else. It can only ping the WLC4404 interface2 address, and nothing else. It does receieve DHCP info (via WLC via Windows DHCP server), but cannot see DHCP server.From the WLC4404: I can telnet into the management IP address, and can ping PC's on the new WLAN, and anyplace else, except the vlan gateway ip address on the 6509.From the 6509: when telnetted in, I can ping everything except interface2 of WLC on vlan404 and the wireless PC using the new WLAN. I am able to ping the ip address of int for vlan404. The 6509 somewhat see's the WLC int2 & wireless PC. Show ARP | inc 404 from the 6509 shows the IP's of the VLAN int, WLC int2, and wireless PC. Show mac-add-tab | inc 404 shows the WLC and wireless PC on same 6509 port.From my work PC (via LAN) at a remote location: I can ping everything except Int2 on the WLC, and the wireless PC.
Is there a command like the "| include" command to filter comand results? For example say I want to find a specific client mac in the "sh dhcp leases" output. On a router or switch I would just type "sh ip dhcp binding | include (mac address). Is there something like this on the WLC CLI?