I have some trouble with the setup of an oeap 600 ap. The ap has joined the controller as it should and the remote-lan connection to my corporate network works well, but i can't connect to the corporate wlan.
When i check the event log on the ap it says:
"
*Oct 02 07:36:56.662: (Re)Assoc-Req from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:36:56.665: received assoc-rsp for wireless client, status=0011
*Oct 02 07:37:11.712: DisAssoc-Req/DeAUTH from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:37:11.713: WTP Event: Delete Mobile sent to wlc00:1a:73:d2:82:8c"
and a debug on the controller gives me:
apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Adding mobile
on LWAPP AP ec:c8:82:c2:3a:20(0)
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Association received from mobile on AP ec:c8:82:c2:3a:20
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Sending Assoc Response to station on BSSID ec:c8:82:c2:3a:20 (s
tatus 17) ApVapId 1 Slot 0
I have a Flex 7500 with 200 1142AP's working fine in remote office and local setup. We have since purchased 3 OEAP 602's and looking to distribute to teleworkers.
I have configured the OEAP to point to the NAT'd IP of the WLC, the OEAP does connect and is listed briefly in the WLC wireless listing but I am not able to make any configuration changes, it will then dissassociate and try the join process all over again. I have attached below the OEAP 600 event log. I see that the WLC does not support data DTLS encryption and looking to make this work.
I have tried to install the DTLS license file from the Cisco website, but says license failed to install, with no other errors.
*Jun 18 15:18:43.938: Build version 7.0.112.72 (compiled Feb 3 2012 at 01:56:39, [L]). *Jun 18 15:18:47.859: CAPWAP State: Init. *Jun 18 15:18:47.860: CAPWAP State: Discovery.
I have a Belkin Wireless G Plus MIMO Router and had no problems connecting to corporate in the past until several months ago. I can connect just fine if I bypass the router and connect to the modem. I also have no problem if I go to places like Subway. There is no problem with the wireless internet connection, only a problem when I try to connect to corporate through the VPN.
We have cisco 5508 office extend in dmz running code 7.3.112. 1132 AP seems to register and authenticate fine but OEAP 600 series dont seem to authenticate. they seem to join the controller and download the SSID but just wont authenticate ? not even registering on the AAA server
I have found that there are only few configuration to the Cisco Aironet 600 OEAP. The settings are just for basic configuration for a wireless network when it is in autonomous mode.
A need for a Wireless LAN Controller to perform advance settings.
Also, there are no firmware available in Cisco. No upgrade/downgrade firmware avalaible for download.
Pool of oeap 600 aps 1x 2504WLC as OEAP WLC (@DMZ) 1x ASA 5515
Scenario:
My OEAP WLC located at ASA - DMZ is NATted to a public ip (primary internet ISP), then my pool of OEAP-600 were configured to communicate with this OEAP WLC.
My question is:
I want to automate the failover of OEAP-600 (I don't know if this is possible) to the secondary internet ISP whenever the primary internet ISP fails. The secondary ISP is terminated on the same ASA 5515-X doing PBR and IP SLA stuff.
I know that OEAP 600 can only be pointed to one WLC ip address I know that the WLC can only be NATted to one public IP address.
What would be the best solution to perform the OEAP backup connectivity? Or just buy another set of WLC/ASA then just manually configure the OEAP-600 APs to point to the secondary ISP.
I have a customer looking to deploy OEAP & wants to know if it possible to disable the local ports 1-3? Reason being, they don't want the home user connecting devices & causing more support tickets to troubleshoot an Xbox or Google TV just b/c it's connected to a company provide AP/Switch. I have read all the docs & it makes no mention of this.... I can see in 7.2 the ability to disable the local SSID but no mention of the ability to shutdown ports 1-3..Also see support in 7.2 for Dual RLAN... but that still leaves 2 local ports.
The web GUI of the OEAP itself only has a single field to enter the address of a single controller.
But, I wonder if once the OEAP is talking to your WLC across the Internet, you can allocate HA settings to the OEAP so that it can fall back to a secondary WLC if your main WLC fails.
This is sort of hinted at in the docs I have read, but I have not been able to find it explicitly stated anywhere.
It would be nice to have 2 DMZ-based WLCs at two different data centres to allow remote users to have a fail-over solution, but I need to be sure that this is supported before implementing.
I have a TAC case open, but it doesn't seem to be making any progress.I upgraded my 5508 controller from 7.2.111.3 up to 7.4.100.0..Most of my APs are fine. 3500s, 1100s etc.except for 602i APs. The APs associate, they update software etc, but they won't broadcast the WLAN.An interesting thing, on the 602 AP, in the log, I see this:*Mar 06 15:08:12.667: SSID remote, WLAN Profile Name: RemoteOEAP, added to the slot[0], disabled..So the AP is definately talking to the WLC and being pushed the correct WLAN profile.On the controller, the AP shows the the Admin status of the radios is showing DOWN, but the Admin status on the AP itself shows UP
I've done a factory reset on the APs to no avail. I have a 2504 WLC as well that i'm in the process of implementing in a DMZ specificially for these APs, and for testing purposes, I associated the 602 Ap to that WLC as well. This one is running 7.4.100.0 too, same results. It would appear to be a problem with this version of software?
Only fifteen users are allowed to connect on the WLAN Controller WLANs provided on the 600 series at any one time. A sixteenth user cannot authenticate until one of the first clients de-authenticates or a timeout occurred on the controller. Note: This number is cumulative across the controller WLANs on the 600 series. For example, if two controller WLANs are configured and there are fifteen users on one of the WLANs, no users will be able to join the other WLAN on the 600 series at that time. This limit does not apply to the local private WLANs that the end user configures on the 600 series designed for personal use and clients connected on these private WLANs or on the wired ports do not affect these limits. This is from the Configuration Guide for teh 600 series Office Extend AP. Is this count per AP or total per WLC? If I have 10 APs deployed to our remote users, can each AP support two simultaneous users? Would I need to use separate WLANs for each OEAP?
I've got a strange problem here. In the office, my OEAP 600 can join WLC if there is no MAC authentication. When i enable MAC authentication at WLC, AP will fail to register. However, I try it at home and it works with both MAC authentication enable or disable. I suspect it is because of firewall in my office, but there shouldn't have any different in discovery and joining procedure for AP with MAC authentication enable or disable.
I have established dual-rlans on different segments.I have a 2960g switch. I created vl2 (management) and vl3 (data).I connected rlan1 (port4) to vl2 and rlan2 (port3) to vl3.My laptop receives a dhcp address on vl3 and the switch (in dhcp mode) receives it's proper address on vl2.Unfortunately a MAC is assigned to each vl and to the management interface. Thats 3 out of the 2 sets of 4.
So a managed switch is NOT the desired device to have on the back side of an OEAP600.In any case doing a show mac address-table revealed that all the vl2 MAC addresses were duplicated on vl3.To the tune of 216 addresses. 108 in each vlan. Which is a close match to the current host counts for each segment 98 + 18.Obviously this application is not what was envisioned by the OEAP team during work-up.The goal of 4 host devices on the rlan is proving difficult to achieve.The client wants 2 pc's and 2 digi-port servers.
I would like to setup a 2504 to have one Guest WLAN and one Staff WLAN with a controller port for each WLAN connected to different devices.
I would prefer to connect the WLC Guest port to an ASA 5510 and the WLC Staff port to an internal 2960S switch. Will this work? I haven't setup a 2500 series controller previously.
Trying to access my corporate VPN. My laptop can successfully VPN in anytime I'm on the road, but not through my WRT54gx at home. I've enabled the VPN pass through but my expertise ends there.
I have Cisco 5508 Wlan Controller and its having 6 Fiber Ports and I have AIR-LAP1131AG-E-K9 Access Point. Can this Access Point will work with this Lan Controller? Can i connect 3 switches to this wlan controller?
We recently purchased a 2112 WLC, running version 6.0.199.4. I have everything running through a single port on the controller, which is connected to a trunk port on our 3750 stack. Our management VLAN is vlan 40, and AP is plugged into another port on the same switch which is an access port in vlan 40. APs appear in the controller ok, receive an IP address, but we aren't able to connect to any of the WLANs and periodically the APs will disassociate with the following messages: [code] I'm not sure if that's related to why we can't connect to the WLANs or not...
Another wrinkle is that if we plug in the AP directly to one of the PoE ports on the controller, it all works perfectly. I'm guessing its something switch-related since the only difference is that we're not going through the switch when it works.
I have a cisco 877 configured foir lan to lan between sites A and B. I have used vlan 1 but looks like i have to bvi1 if i need to use the wireless,what is the difference between bvi and vlan. if i wanted users on the same vlan and wireless what would be the base config ? at the moment all corporate traffic goes to site A and other traffic goes to internet. now would i be able to create two ssid, one for corporate to access corporate subnets and the other for guest access alone where the traffic goes out to the internet.
So earlier today I purchased a new video card, a PNY Nvidia Gtx 560. After installing the drivers through the disc, I ended up getting he BSOD, and my PC just kept on restarting automatically. I fixed that problem, and found out that I should install the drivers for it through their website instead. So, after restarting my PC yet again, I tried using the Internet (Chrome) and found out that I have no Internet connection. Now, I am writing this on my iPad using the same router and modem that my PC is supposed to be using, but I keep on checking my WLAN adapter and it says that it is Not Connected. Now I have tried every forum, every post, EVERYTHING related to this problem and not a single thing fixes it. Also, when I do the ipconfig, everything says Media Disconnected and that's it. PS, I tried unplugging/plugging back in my modem and router PPS, Is it possible that when installing my new gcard and psu that I may have messed up with something internally?
One of my customers asked me to configure a WLC 2106 and 2 LAP 1131AG (lightweight) for corporate/guest Wifi. Basically they want to implement a good wifi connection for internal use and a guest one with different QoS. The two lans should both have dhcp but they must bet kept segregated so that none from the Guest wifi can access corporate resources.
Since i've never configured a WLC from scrath i lightly supposed it would be quite straigh forward as routers and switches from Cisco.Unfortunately i was totally wrong.
I've downloaded the "Cisco Wireless LAN ControllerConfiguration Guide" (Soft.Release 6.0 June 2009) and after i red it i made up this workflow for the configurations:
1) Configure Controller: (via serial) - Set Management Interface parameters (IP- SM - Def GW - Dhcp server IP) - Set Ap-Manager Interface parameters - Virtual Interface parameters - Set Admin Credentials - Dhcp Configuration (internal and/or external)
2) Ap registration on the controller - Configure vlan with dhcp request redirection to the dhcp server
3) Configure Wlan following customer's requests. - Configure Wlan Auth for Corporate/Guest Wifi - Configure QoS for both Wlans
Unfortunately i'm experiencing issue while trying joining the AP to the WLC.It appers that the IT guy of my customer tried to configure one of the Ap.In that Ap's flash i find files referring to a "mesh" configuration like: [code]
I have a Linksys EA4500 setup on my corporate network for wireless access. I have enabled the guest network and from all I can tell it's on a seperate subnet from my internal network like it should be. 192.168.x.x My internal is on a 10.x.x.x network. I conenct to the guest network using a laptop and I'm prompted for a password to get to the internet, which I like. The one issue I'm seeing is when I'm connected to the guest network I can still do an RDP session to internal resources. How is this possible if the guest network is on a seperate subnet?I take a laptop which has not been joined to my domain, connect to the guest ssid, and then open an RPD session and enter an IP address for an internal server and it connects. Is there a setting to keep this from happening
I have two 5508 and a few hundred 1142 in our internal net. Now I bought some OEAP 600 to do tests in some small branch offices, but I would like to enable AP policies with MAC filtering to block that anyone else can connect an OEAP through our firewall. If I enable 'Accept Self Signed Certificates (SSC)' and 'Authorize MIC APs against auth-list or AAA' as suggested in Cisco document 'Aironet 600 Series OfficeExtend Access Point Configuration Guide', will that effect only my OEAP 600 or will I have to also include the MAc addresses of my internal 1142?
I have dell inspiron 640m with Wireless 1390 WLAN Mini-Card and it is connecting perfectly with any other routers. but i can not connect it to CISCO WAP4410N router ! i tried several times but no way.
I can connect IPAD , Samsung Smart tv , Denon network radio and toshiba laptop but not my inspiron laptop. I think my WLAN can not get th WAP4410N IP address !
Region : Netherlands Model : TL-WDR4300 Hardware Version : V1 Firmware Version : 3.13.23 Build 120820 Rel.73549n ISP :
I recently purchased an TL-WDR3600. Setup was easy. Both wlan channels work perfectly. All clients can connect to the internet and access my lan connected NAS. I have some wlan devices which needs to be connected sometimes by http: port 80 and also by telnet or ssh. I can connect from a wlan device to a lan device. But NOT from a wlan to wlan or a lan to wlan. I allready diabled WMM and tried some other wlan settings, like disable one channel, changing the channel width etc.
My setup is : ADSL device -->(192.168.1.X dhcp) WAN TL-WDR3600 --> to LAN&WLAN (192.168.0.X dhcp and some LAN connected with static 0.200, 0.210)
I can't connect to the internet using wireless. Can access the internet just fine with my cable. All I see is the red x and its not able to detect any networks. I reinstalled drivers, it works fine for a second, and then dies out again.
I recently upgraded our controllers to the latest version 7 software, as I read this was one of the requirements to get them to connect. But I am not having any luck getting into a controller. Normally I plug them in to the network, they pop into the controller listed as something like AP5057.a844.xxxx and then I can finish configuring them, but a static IP on them, etc. This is the first of this model AP I have tried to deploy, so I am wondering what is different with these. or what I might be missing in the default config in the WLAN controllers. Niether of which are set to "Master" either.
I have dell inspiron 640m with Wireless 1390 WLAN Mini-Card and it is connecting perfectly with any other routers.but i can not connect it to CISCO WAP4410N router ! i tried several times but no way.I can connect IPAD , Samsung Smart tv , Denon network radio and toshiba laptob but not Imy nspiron laptop. think my WLAN can not get th WAP4410N IP address !
I am a owner of a cyber cafe.there is wired lan connection on the desktop computers in my cafe which is connected to a wifi router (Dlink).I have issue while playing counter strike 1.6.if i am connected to wifi router from my laptop, i am not able to detect the lan game server. the game server which is created on one of the desktop machine on the lan network of my cafe ! In other words I want to play cs 1.6 from my laptop which is connected to a LAN network through wifi router !
Laptop Config :
Os : windows 7 Desktops OS : windows xp Router : Dlink
I am the CEO of a small company with 5 divisions, 2 of which are remote. There is also my home office that I wish to be on the company VPN.We can't afford an IT department, so it is up to me to ask for a network diagram (as specific as possible) that lays out all the hardware required.My plan is to eventually have an intranet web server, file server, and database server all for internal use. Our external webserver is hosted by a well-known company. Growth must be considered both in hardware and network.
I have cisco's CUCM version System version: 7.1.5.10000-12 when I do a corporate lookup (form my 7970 I hit Directories - 5) Corporate Directory) I see all sort of accounts that have no phone extensions I.E. our windows service accounts, our administrator accounts that have no number associated with them. is there a way for me to hide them?
I need information about the Aironet 600 access point.I got a customer who want to deploy a guest WLAN on branch office with an authentication with a captive portal that is centralized. I would like to use the OfficeExtend functionnality with Aironet 600 Acces point & WLC 5508 or 2504 to centralize the traffic from all access points on the controller.
On those branch offices, there were a few "free access desktops" that need a copper link. I want those devices to be also authenticated by captive portal, so I want to connect them on the four 10/100 port of the access point. But it seems that we can only use one port as "corporate remote LAN", the threee others are just for "home LAN". Is it correct ? Is there any solution to configure the four ports as remote LAN interface ?
My company uses an ASA 5520 to authenticate VPN using the Anyconnect client. We would like to deploy a second authentication method such as Host Scan (CSD.) Our ASA is currently running on a "Plus" license. As I understand CSD will only work with "Premium?" If this is correct are there other options for two part authentication? We're also considering using FOBs and have ruled out using the NAC.
