Cisco Wireless :: WLC4402 / Aironet 1240 AG - Logs Are Rejected Due To Network Policy On NPS Server
May 10, 2012
We are using WLC4402 for our Aironet 1240AG access points. The clients are connecting to the access points and are authenticating to the RADIUS server. I am seeing the logs in Server 2008 but they are being rejected due to Network Policy on the NPS server.
Where do I see the Authentication Type on the WLC4400 or the 1240's? In order for the clients (authenticated via Active Directory user) I have to set the Authentication in the NPS Connection Request Policy to "Allow clients to connect without negotiating an authentication method".
I do not have a certificate on the server and my method options are MS-CHAP-v2, MS-CHAP, CHAP, PAP, SPAP, and allow without negotiating. This RADIUS server was moved from Server 2003 IAS to Server 2008 NPS and there were no issues in Server 2003 IAS. I have all authentication methods allowed and it still gives me the error below. Only when I check "Allow clients to connect without negotiating an authentication method" it allows the authentication to proceed.
Client Machine:
Security ID: NULL SID Account Name: Fully Qualified Account Name: OS-Version:
Called Station Identifier: 00-17-a2-87-54-00: SSID NAME
Calling Station Identifier: 00-41-96-b6-e3-27
NAS:
NAS IPv4 Address: 192.168.90.24
NAS IPv6 Address: -
[code]...
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
View 2 Replies
ADVERTISEMENT
Oct 18, 2012
We successfully use this oid on our Aironet 1240 series AP's to list the dot11 associations to the AP:1.3.6.1.4.1.9.9.273.1.2.1.1.18 (cDot11ClientSubIfIndex).However, that oid does not work on our Aironet 1140 series AP's. Any equivalent oid?
View 0 Replies
View Related
Mar 8, 2011
In a multiple SSID setup, can Aironet 1240 & 1250 series AP supports different WEP key for different SSID
View 3 Replies
View Related
Mar 4, 2013
I am working on setting up a new WLAN infrastructure. I have set up different SSIDs connected to different VLANs, in the AP. I also want to use Windows NPS for authenticating users on the different SSIDs, with different authentication methods based on which SSID the user/device is connecting to. To do that, NPS needs to get the SSID, but the Aironet 1240 only sends its MAC address in the Called-Station-Id. I have read a bit about this, and found out that if I have a WLC, it will add the SSID to to the Called-Station-Id. But since we do not have a WLC, I am trying to get this to work anyway. Is it possible to modify the Called-Station-Id to include the SSID on an Aironet 1240? If not, is it possible to send the SSID as a separate attribute that can be read by the NPS?
View 10 Replies
View Related
Feb 13, 2012
Our office has 4 Cisco Aironet 1140 access points mounted on the ceiling. They are all powered via PoE. Every few days 3 of the 4 access points hang and have to be rebooted. When they hang I am not able to connect to their web interface to check the logs. The fourth, for some reason, always seems to stay alive.
I checked the configuration for all AP's and "Hot Standby" is disabled They are all using static IP addresses. I've tried 2 different banks of static IP addresses and 3 of 4 still hange so I don't think this is an IP conflict. I have saved the configurations and compared them and they are all identical, where possible.
They all have software version: 12.4(21a)JA1
They all have bootloader version: 12.4(23c)JA1
I have tried to download the latest software/firmware, but unfortunately I do not have a valid service contract in place with Cisco and therefore can't download the latest version. All of our CISCO hardware was purchased from Amazon resellers but no luck. I have also tried to contact Cisco and they can't seem to assist either. How I can get a valid service contract that information would also be very useful!!!
why 3 of our 4 access points would hang? When they hang, I can't login to the web interface and the logs seem to reset when I reset each access point. I have also set up an rsyslog server and I don't see a log entry that would indicate a problem.
View 2 Replies
View Related
Jan 10, 2011
I am deploying a Cisco 1841 in place of our basic DSL router.I have an ADSL WIC and FA0/0 connected to our LAN.LAN IP ADDRESS range is 192.168.1. 0/ 24 I have dynamic and static NAT configured. At this point although I have ACL's configured I have NOT implemented them as yet for the following reason. I am unable to recieve inbound SMTP traffic - now know my MX records are correct as this all owrks happily on our basic DSL router. I can send external emails no problem and all internal email works fine. [code] I am in the process of defaulting the router and programming the barbones to get the link working and see if inbound SMTP works then start building the blocks again.
View 4 Replies
View Related
Dec 6, 2012
We have 2 AIR-WLC4402-K9 devices at a remote location that will both drop their network connections some undetermined time after a reboot. We cannot reach them via telnet, SSH or HTTP. In fact, we cannot even ping them once they drop connection. The only cure we've found so far is to power-cycle the controllers. The controllers are in separate rooms and connected to separate switches. We've confirmed the links are configured as trunks and have the correct speed/duplex settings. I tried updating the IOS & boot loader on one of them but that had no effect on the problem.
View 19 Replies
View Related
Jun 16, 2011
I have a question about VPN Concentrator FTP Backup configuration to get logs on FTP server. I have configure FTP Backup with all details but I still do not see any logs on FTP server. Do you know what could be the issue? I have never used Concentrator and not sure what needs to be done to get in working condition. I am using VPN Concentrator 3015 series.
View 5 Replies
View Related
Mar 31, 2013
AP not booting and am not able to boot. Xmodem file system is available.flashfs[0]: unable to allocate available block.
The system has been interrupted, or encountered an errorduring initializion of the flash filesystem. The followingcommands will initialize the flash filesystem, and
[Code]....
View 3 Replies
View Related
Apr 24, 2013
I am using CiscoSecure ACS v4.2 appliance, in there any way that RADIUS logs upload to FTP server because it has limitation to store RADIUS logs.
View 15 Replies
View Related
Nov 2, 2011
Cisco ACS 5.2 secondary server is configured as a log collector for both primary and secondary server .Now i am facing problem in log collection from primary server .ACS secondary server is not collecting any logs from primary .
View 2 Replies
View Related
Mar 25, 2013
I updated my RV180W to the latest firmware and found that port forwarding works I started using it.I've just noticed that since changing over to the RV180W, my Apacher server logs show the router's IP address instead of the remote IP address - every remote request appears to come from 192.168.0.1.
How do I get it to forward the remote IP.
View 1 Replies
View Related
Feb 19, 2012
Whenever new clients logs on to the network, the network tends to kick out users already logged on to the network.
View 2 Replies
View Related
May 2, 2013
ACS 4.2 and remote agent was working properly two months before. But in past two months we are facing weird issue in RA server.For Somedays we are missing logs from both ACS and RA server. Once we notice this we use to restart the services in ACS to give workaround. But due to this we loose our daily logs intermittently and facing risk in without having logs.This is not like communication between ACS and RA is not at all happening. It happens properly for a week or month, but again it is going bad without any config change. CSAgent.ini file is properly configured.Full version is 4.2.1.15 and patch is 10 in acs and ra.ACS and Remote Agent Major and Patch version are same.
View 5 Replies
View Related
Sep 20, 2011
We are setting up a WLC 7500 for the first time and are having a hard time trying to connect an LAP to the WLC. We have 1042 Access Points.Reason for last unsucessful attempt: to many concurrent ap image downloads
-Last Error Occurred: Lwapp discovery request rejected
-Last Error Occurred Reason: Too many concurrent AP image downloads
We only have 1 AP plugged in so far and it does recieve an IP address from DHCP.
View 15 Replies
View Related
Jan 13, 2013
I am looking into upgrading a customers wireless network and they are looking at using a few 1240 access points for both internal and external connections. Their question is can one access point support both channels simultaneously? They would like to connect an antenna on the inside of the building on the 5ghz channel and another externally on the 2.4ghz channel.
View 3 Replies
View Related
Sep 27, 2012
We have four VLANs that need to be accessible to wireless devices. The VLANs serve the following groups: staff, student, guest, phone
We are currently using a WEP/MAC authentication for staff and phone wireless networks.
I am looking for what your recommendation would be to provide reasonable level of wireless security, particularly with the staff network, but at the same time not require a high level of management, ex. managing active and inactive MAC addresses for MAC authentication. We have the following components available - 1240 APS, Windows AD, a 4402 WLC, and 6 campuses, and outdated Cisco ACS.We need to provide connectivity to Cisco wireless phones, laptops, iPads, cell phones.
View 2 Replies
View Related
Jul 14, 2008
Cisco 4404 WLC
AP 1240 - LWAP
Wireless client receives a DHCP address from central DHCP server fine. Unable to route outside of own subnet . Continuous ARP WHO HAS (Default Gateway addr) TELL (client IP) messages being received. WLC running OS 4.2.99.0.
View 20 Replies
View Related
Dec 21, 2011
I have configured my 2951 router to send logs to my Kiwi syslog server like below.
#logging 10.20.20.52
But I am not receiving any logs from my router, the same has configured on my asa5520 and its sending logs.
View 3 Replies
View Related
Apr 26, 2012
I'm trying to find a document in Design Zone about configuring a Wireless AP and I wasn't able to find it. I have a good experience configuring switches, routers and firewalls in CLI and this is the first that I have my hands on APs (1240 AG).
View 2 Replies
View Related
Mar 6, 2011
I just started a project to make a guest wireless network available at every site in my enterprise. Guest wireless networks are currently available at some sites. Two key goals of this project is to enable WPA/WPA2 encryption and to develop a web based registration/autentication solution. All of the sites have a mixture of 1230, 1240, and 1250 autonomous access points. What do I need to do/get in order to make this happen?
View 3 Replies
View Related
Apr 18, 2012
I try to use EAP-TTLS on one of my wireless networks and the 802.1x authentification fails at this moment:
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.800: 00:16:cb:66:29:bc Processing Access-Accept for mobile 00:16:cb:06:09:bc
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.801: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.801: 00:16:cb:66:29:bc Resetting web acl from 255 to 255
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.802: 00:16:cb:66:29:bc apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 20, reasonCode 2
where I can find what are deleteReason 20 and reasonCode 2?
View 23 Replies
View Related
Oct 1, 2012
info regarding my LAP521 access points that are refusing to join the WLC4402-12.This is my first lightweight access point implementation and I have 3 LAP521's and 1 AIR-CAP3502I-E-K9 access points on my network.They are meant to pick up ip address from external dhcp server and then join the WLC but only the 3502i joins successfuly while the 521's get dhcp address but do not join the WLC. From the logs, I can see that the WLC is discovered by the 521's and even get a response message from the controller but they are still unable to join as shown in the screenshot below.My WLC is running software version 7.0.230.0 and the 521's are running an lwapp image version 4.2.61.8. [code]
View 3 Replies
View Related
Apr 25, 2011
today i upgraded our WLC4402 from 7.0.98.0 to 7.0.116.0. After the upgrade (also bootloader upgrade) the Aironet 1142 AP's do not joint the controller anymore. Error in log:*spamReceiveTask: Apr 26 11:30:46.301: %CAPWAP-3-DISC_INTF_ERR2: capwap_ac_sm.c:1468 Ignoring Primary discovery request received on a wrong VLAN (21) on interface (29) from AP ec:c8:82:ab:ed:00 Nothing changed in infrastructure. AP's are in VLAN 21, AP-Manager interface is in VLAN 21. Ap-Manager, Management Interface and Dynamic Interfaces are in PortChannel (LAG) = Interface 29.
View 8 Replies
View Related
Dec 5, 2011
has WiFi controller WLC4402 mac address table and can I show it somehow?
View 1 Replies
View Related
Mar 12, 2013
I have a Cisco 4402 WLC running version 4.2.112.0 controlling 20+ AIR-LAP1242AG-E-K9 access points running IOS 12.4 (10b). I'm trying to setup an additional AP as MESH. When I try to change the mode from local to bridge, on what will be the rootAP, I get a message stating that bridging is not support on this unit.
View 4 Replies
View Related
Mar 2, 2013
Is there is is any posibility to run WLC4402 and 104x family in H-REAP mode.
View 8 Replies
View Related
Feb 14, 2012
I have one WLC 4402 & arround 29 Access point (1130) in our enterprise network. Wireless users LAN segment is diffrent from wired users.Wireless users like Laptop users, Mobile users & ipad users which are connetced with this wireless & using enterprise network.
Presently we are using WEP mode for security key. This WEP key are week & can be cracked easily. so security point of view i want to put strong encription mode.Presently i do not have any radius server.I found there are some modes are available Like WPA, WPA2 with PSK etc.
will there any problem with wireless users to access application after changing the mode? Which mode will be stronger & could not be crack. Could we achieve without radius server or not?
View 24 Replies
View Related
Sep 1, 2011
Our costumers has implemented 2 AIR-WLC4402-50-K9 with Software Release 7.0.98.0, the wireless infrastructure consist in 2 Root-Mesh-LAP and 8 Mesh connect over-the-air to deploy outdoor coverage.
All the LAP are Aironet 1520 Series Mesh Access Points with equipped with 3 antennas for 2.4GHz and 1 antenna for 5GHz (backhaul).For one year all seems to be ok, yesterday after a power outage of one Mesh-Root-LAP, 5 Mesh-Lap continues reload each 10-12 minutes, on the WLC Log you can see event like a reboot from AP Console, on the LAP console i can capture this event before the reload:
Log on LAP Mesh
%DOT11-6-GEN_ERROR: Error on Dot11Radio0 - Not Beaconing for too long - Current 0 Last 0
%SYS-5-RELOAD: Reload requested by Dot11 driver. Reload Reason:
Radio Not Beaconing for too long ....
LWAPP-5-CHANGED: CAPWAP changed state to DOWN
AP1780-Mesh uptime is 11 hours, 10 minutes
System returned to ROM by power spike
%DOT11-6-GEN_ERROR: Error on Dot11Radio0 - Not Beaconing for too long - Current 0 Last 0%SYS-5-RELOAD: Reload requested by Dot11 driver. Reload Reason:Radio Not Beaconing for too long ....*Sep 1 16:05:43.399: %LWAPP-5-CHANGED: CAPWAP changed state to DOWN
What does it mean? That the beacon signal trasmitted from Root-Mesh-LAP cannot reach the Mesh-Lap and so the Mesh-LAP force a reload?Where we should search the cause? In the power instability or in a interference on the 5GHz radio interface?
On one of mesh Lap I found a strange reason for a releoad:AP1780-Mesh uptime is 11 hours, 10 minutesSystem returned to ROM by power spike
Log on WLC
Log System Time Trap
0 Thu Sep 1 17:31:11 2011 AP Disassociated. Base Radio MAC:00:22:be:41:33:00
1 Thu Sep 1 17:31:11 2011 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:22:be:41:33:00 Cause=Heartbeat Timeout Status:NA
2 Thu Sep 1 17:31:11 2011 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:22:be:41:33:00 Cause=Heartbeat Timeout Status:NA
[Code]....
View 7 Replies
View Related
Mar 31, 2013
I am interested in knowing how to check on my 2003 Server what usernames are blocked from downloading. Many of the clients seemed to have downloaded Google Talk and also Spotify. I was wondering if I can check -where it is located and how to enforce this policy. (or create it if it isn't in effect correctly)
View 2 Replies
View Related
Jun 6, 2012
my question regards to a pair of WLC 4402 with 7.0.98.0 software.Actual, our security policy does not really allow any peer-to-peer communication in a wireless LAN. Therefore we set the 'P2P Blocking Action' to drop, and the 'Broadcast Forwarding' feature to disabled (default).But now there is a special requirement for two mobile endpoints to communicate with each other, because one device controls the other.To test the communication, we first disabled P2P Blocking (without success) and further enabled Broadcast Forwarding to bring the communication up. Now it works, but the configuration disagrees with our policy.
1. Is there an alternative configuration as described possible, so that we do not violate the security policy? To allow only p2p connection between the two devices, ist should also be possible to drop any else by an ACL. But how to fix the problem with the broadcast, because of the needed ARP? My idea was to use a static ARP entry, but as far as i know, one of the both devices is not able for it.
2. Because, I did not find any detailed documentation:
2a. with enabled Broadcast Forwarding, the controller forwards all broadcast for any configured SSID, right?
2b. is the broadcast limited to the source VLAN/SSID?
2c. is the broadcast limited to an AP, to an WLC, or is it broadcasted to every AP on every WLC that has the relevant SSID?
we already have two new 5508 but not in an operational state now, because we plan to implement new 3600 APs.Do these WLCs offer more/another circumstances or possibilities?
View 1 Replies
View Related
Jan 2, 2013
I'm trying to connect to my wireless network using an android device with certificate but with no success.I'm using a WLC4402 7.0.235.3 SSID Security (WPA2 Auth802.1X + CCKM) [code]
View 7 Replies
View Related
Jun 21, 2007
I made a lot of tests during some days with a wlc4402 and everything was ok.
One day when I tried to reset the system I had a lot of errors (see attach) and could not go on. After changing the image the following output appeared: "RAM Disk Image Integrity Check Failed (Bad Magic Number) Hanging". Now I have no response from the controller.
View 4 Replies
View Related
