Cisco Wireless :: WLC2504 - Configure Clients To Access 802.1x?
Jul 4, 2012
configured Cisco 2504 WLC with 1142 Aps... Guest wireless works fine
for the staff wireless I wanted to authenticate with 802.1x & Radius. So configured an external Radius server (Imprivata) and configured the 2504 Radius options for the extenal server.( Layer 2: WPA2-AES & Auth Key Mgmt: 802.1x )
When I connect a client to this wireless, the authentication fails, I wonder whether it is because of the client side settings..
Which trusted Root Certification Authorities need to be checked?
I have a question about managing the Access Point:
-WLC2504 -AIR-LAP1262N-A-K9
First: I need the access point works by period, example: 08:00AM - 06:00PM after that disable the radio and return work next day at 08:00AM
Second: Also, if the radio no activity for a long period (e.g 60 or 120 minutes), disable the radio interface.It's possible with the WLC? Or maybe need implement one NCS?EnergyWise Technology - but, I only need "shutdown" the radio not the Access Point completely.
I need urgent support on creating SSID as layer 2.We have cisco WLC2504 and 1602i access point. In our network we have in gate for guest.I want to create one ssid and bind with vlan only. We can not creat interface on WLC b/c of static IP.
I have two Wireless LAN Controllers 2504 and 8 APs 3502e. The WLCs are running software version 7.0.116.0. The problem is that I don't have the mesh option to configure indoor mesh inside the controller. In chapter 9 of Wireless LAN Controller Configuration Guide, Release 7.0.116.0 says that I have to go to Wireless Menu and select the AP. When I am inside the AP general page, the guide says I have to go to the Mesh tab, but that tab doesn't appear in the controller GUI. Do I have to use another image in the controller? Or do you have to use an special mesh code or something like that? Because in the download page of the controller it only appears the 7.0.116.0, two more new versions but there is nothing about mesh image.
1) We have client setup, which has all PCs in Workkgroup , client has network sharing enable in LAN . Its work well in LAN , he don't have Local DNS , still he is able to ping or access sharing using device hostname
2) When Client moves into Wireless , he is not able to ping or access sharing using Hostname , but if used the ip details he is able to ping and do sharing using IP address onlye.
My Wireless Setup has WLC2504 and LWAPP Access Points.
I have few question with WLC 2504 with 25 License AP. Our customer have SSID around 30 SSID then, is it possible to create WLAN around 30 SSID on WLC 2504? becuase i had tried to do it on WLC4404-25 License that can do or create WLAN with 30 SSID.
Every time I power down my WLC2504 controller and then back up, the time reverts back to the year 2000.The APs can't join the controller, due to certificate errors, until I reset the clock. This problem just started recently.
how can i replace my wlc2504 to a WLC5508 without disconnecting everybody, i have 3 SSID, on different VLAN.. I want the WLC5508 to be the main WLC, so i can remove the 2504 from the network. On the WLC5508, it will be the same configuration of the 2504. Is there a procedure or a wiki on such operation?
I am using the WAG-120 N as an AP and switch for 3 laptops and 2 desktops. Our department is assigned only one Static IP from our server, so only one pc can connect to the server and the internet. I use the first lan port of the Wag-120N as a WAN port and i assign the Static IP address there, along with the subnet, default gateway and DNS addresses. The connected clients are assigned then an ip address from the router's DHCP (192.168.1.10x), but cannot connect to the internet. How can i configure the router to allow the clients to connect?
When clients connect wirelessly to the WRVS4400N they successfully get a DHCP address from the Windows 2008 server. After they have the address they can no longer access the server. It cannot be pinged, no drives can be mapped and internet access fails because the same server is running DNS. The WRVS4400N is setup for DCHP relay to the server. Wired clients do not have this problem. Wireless clients that connect to a secondary WAP on the same LAN also do not experience this problem. I have updated the router to the latest firmware version, reset it to factory defaults and reconfigured from scratch. Turning the server firewall off has not made any difference either. I have been able to bypass the internet problem by adding a second external DNS server in the DHCP scope options.
AP has static IP with 2 SSIDs setup, one for guest one for domain access(both have the same issue), tried with multiple devices, both win and MAC, all show "connected but with limited access", ipconfig on those devices, all show ip "169.254.X.X", but event log on AP indicates that "authentication has been completed sucessfully".
using RADIUS server for authentication. management VLAN ID "1", SSID VLAN ID "11"
I'm working with AnyConnect for the first time (my prior experience is with IPSec client) and I have multiple remote users who connect to a 5520 via AnyConnect client; they need to print to each others' shared printers but currently have no connectivity between each other.
Can I configure the 'intra-interface' command to enable connectivity between remote clients, or is there more that needs to be done to enable this, presuming that it can be done at all?
I have 4 desktops cat5 to Dlink DIR 615 router. All work fine. Any wireless clients, laptop or netbooks, see the desktop computers for a while then disconnect somehow. All machines can see the Internet through the router at all times. The desktops disappear from the laptop/netbooks but the wireless machines can be seen from the desktop computers but clicking on them gets 'Access Denied' message after a wait.3 desktops = XP, 1 98SE. All laptop/netbooks = XP
We are about to upgrade our training facilities wireless and i have a few questions regarding the number of active clients we should target our design for.
We would be using 1142 and 3502I access points. I was thinking that based on the belo we'd be able to support around 30-40 clients per AP.
Protocol Type of web use Amount of bandwidth allocated per device
We have recently been given this unusual task. The setup is a series of CAP3502P access points, and a wireless controller (either 2500 Series or 5500 Series), as well as other standard network infrastructure.
In this network, the client (mobile/wireless) devices must be able to detect when they change what access point they are communicating through, while also requiring a seamless transition. Ie, if the client device is communicating via access point A, and displaying the application menus for A, when the user walks to the area services by access point B, it must detect that sot he application can display menus for B, without the user having to select "B".
Is there a way for the client device to detect which access point it is using and provide that to an application? Or alternatively a way for a host service residing on a server to get that information from the wireless controller?
I want to setup Wireless Clients MAC+Active Directory based acess on AP 1242 standalone Wireless series.Steps i have configured :
1) SSID manger under Open authentication : Selected with EAP. 2) under advacned Radius.MAC Address AuthenticationMAC Addresses Authenticated by: Authentication Server Only 3) Server Manger : Current server list added the radius ip address 10.1.200.x
I've set up a WLC2504 with interface "mgmt" and "guest" (2 different VLAN IDs) both configured on port1.Now I'd like to be able to connect to PoE ports (port 3 and 4) 2 LAPs which should be able to get IP addresses from the DHCP as if they were connected to port1.
setting up a 2504 on a 2960 switch. The management interface is up and pingable, and from the WLC we can ping vlan 20 (our wireless client vlan) gateway. However, when we create the vlan20 interface on the WLC, give it a valid address and assign it to a port, we can no longer ping the vlan 20 gateway from the wlc, nor can we ping the vlan20 interface from a PC. I’m told the 2960’s don’t do dot1q trunking…
I got a set of dhcp pool in one 3750 attached to diferent Vlans in the network, the wired network works fine, you can get from any switch port across the LAN a diferente VLANs IP. In my wlc2504 I got 5 WLANs with the DHCP server pointed to the VLAN in the 3750, but I just got one set of ip when i tried to connect to diferent WLAN, without connectivity, I can see all the Ap's, and ping the VLANs in the 3750,
I have a Cisco 1841 router that is connected to a switch. I have WAN/LAN configured on the router and the switch is handing out internal IP's. The issus that none of the client machines can access the Internet. From within the router console, I am able to ping external domain names, my ISP DNS servers.
Once the client machines picks up an IP they are unable to ping any external domain names or IP's and not even the ISP DNS servers, but they can ping the Cisco router IP. As a note I have tried my ISP DNS servers and as a test Google's DNS servers, but neither will allow access to the Internet.
Below is the current running config:
Building configuration...
Current configuration : 1440 bytes ! version 12.4 service timestamps debug datetime msec
The title says VPN clients cannot access DMZ network, but that is not exactly the problem, the situation is this, a group of users are using an actual 10.x network where they have their servers and pretty much everything. The users must be relocated into a new network, the 172.16.x. In a point in time they will not have to use 10.x anymore, but meanwhile, they need access to that network.
I have an ASA 5510 as default gateway for the new network (172.16.x.x), one interface e0/0 connected to the outside (internet), interface e0/1 to the inside and other interface connected to the actual 10.x (which I call DMZ), so basically I am using the ASA as a bridge using NAT to grant access to the users in the network 172.16.x to the resources in the 10.x network while the migration is completed.
All the users must use the path to the internet thru the ASA using the NAT overload to the outside interface and I put in place a NAT policy to 10.x to allow access to the 10.x network only when the internal users 172.16.x try to reach that path and so far, everything is working just fine for the internal users.Now for some reason, when I do VPN, the VPN clients cannot reach the 10.x network, even when they are supposed to be in the internal network (because they are doing VPN right?) .
I have enabled split tunneling with NAT exempt the 172.16 network and I am not sure if that is causing the problem, because when I trace from my PC the 172.16.16.1 address using the VPN I get the proper route path, but when I try to reach 10.x, my PC is using its default gateway and not the VPN gateway which has a route to 10.x.
I’m not even sure if what I am trying to do is possible, I want VPN users to be able to access a 10.x network using NAT overload with the Interface of the ASA plugged to the 10.x network, just like the internal users are doing right now.
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
We currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
