Cisco :: Authenticate Wireless 1242 AP To Switch Port With Dot1x Enabled?
Sep 12, 2007
Trying to authenticate a Wireless 1242 AP to a switch port with Dot1x enabled. It seems like the switch can't get the mac or doesn't ever start authentication for the port when I plug in an ap. The ap is configured to pull dhcp on start for fa 0, however never gets an address, even though the port should fail into guest network after auth fails.Any thoughts,, a debug only shows this...
*Mar 1 00:19:27.127: %IF-3-VLAN_NOT_CONFIGURED: Received dot1Q VLAN tagged packet on interface which does not have VLAN configured.
View 3 Replies
ADVERTISEMENT
Jan 17, 2013
I was looking for a way the manually re-authenticate dot1x client from cli and found this: [URL]
"You manually reauthenticate the client by entering the dot1x reauthenticate interface interface-id privileged EXEC command"
I've tried it 2960 with 12.2(58)SE and 15.0(2)SE, but it doesn't seems to be implemented. Have I missunderstood something? Or do you guys have any other command to accomplish a manually re-auth?
View 6 Replies
View Related
May 6, 2010
I am experiencing a problem on a Catalyst 4510 (cat4500-ipbasek9-mz.122-53.SG.bin) with 802.1x configured. Client PCs are connected via a mini desktop switch to a Cat 4510 switched port in multi-auth mode. The configuration of the port follows:
!interface GigabitEthernet2/34 switchport mode access ip arp inspection limit rate 30 authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server dot1x pae authenticator dot1x timeout tx-period 5 dot1x max-reauth-req 6 spanning-tree portfast ip verify source vlan dhcp-snoopingend
It happens from time to time that the Cat 4510 port stops passing traffic. Reconnecting the mini switch recovers the communication. Client PCs connected to the mini switch seem to be authorized at the moment when the problem occures. The RADIUS Termination-Action attribute is set to RADIUS-Request. The problem is not present if "authentication periodic" is disabled.
View 1 Replies
View Related
Sep 5, 2011
What kind of hardware are people using for mobile bridges? I have not had good luck with Cisco 1242's in bridge mode with mobile-client enabled. The only reason we're using the Cisco access point over standard industrial bridges is because we need to manually forward the mac addresses of the devices behind the bridge. These are being installed on robotic forklifts. They have a generic ethernet scrolling marquee installed that does not maintain any active connections and drops from the fowarding table in the bridge if not staticly configured. I'm looking for an alternative because the roaming is not nearly as smooth as it should be.
View 3 Replies
View Related
Jan 18, 2010
I have 3750 switch (WS-C3750G-24TS-S1U) with IP Services version
Switch Ports Model SW Version SW Image------ ----- ----- ---------- ----------* 1 28 WS-C3750G-24TS-1U 12.2(46)SE C3750-IPSERVICESK9-M
on the switch, I have configured aaa new-modelaaa authentication dot1x default group radius dot1x system-auth-control but i am not able to implement the command under interface
Switch(config)#int gigabitEthernet 1/0/20Switch(config-if)#do?down-when-looped
dot1x commands are not available under the interface config. Is the IOS version is compatible with dot1x?
View 5 Replies
View Related
Jan 24, 2010
I want to setup the ACS 5.1 for dot1x-Port authentication. I want to make a machine authentication against an AD-Domain and I got the following error Message:24435 Machine Groups retrieval from Active Directory succeeded
View 13 Replies
View Related
Sep 17, 2012
I have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
View 5 Replies
View Related
Mar 27, 2013
I have a Sony Vaio and it has been working fine and it Suddenly just disconnected itself from the wireless connection. I did troubleshoot and it fixed itself but it done it again minutes later and simple said a cable was disconnected. I restarted the laptop and it came on fine but it disconnected again and has not worked since. I have gone into the wireless connection settings and it says wireless isn't enabled. The switch is on and illuminated. I've switched it on and off. I have also done a system restore from a previous update just to be sure but there is no change?
View 14 Replies
View Related
Jul 30, 2011
The user "shreedhar" is getting authenticated locally and not through TACACS+ (Cisco ACS 1121 appliance running ACS 5.1).
In the switch, after entering credentials, the switch says, "Authentication failed - login using local mode". (Not the exact message but close enough!).
In ACS 5.1 -> Monitoring and Reports->Dashboard->My Favorite Reports->Authentications-TACACS+, I am getting the following error, "13011 Invalid TACACS+ request packet - possibly mismatched Shared Secrets".
Configuration in switch is as follows:
feature tacacs+
username admin password 5 $1$joEvYokP$5wZ1mtpBlxuoKMEWbFzRY1 role network-adminusername shreedhar password 5 $1$x8u5N4IR$NbVcY1u6CuoXYkMgXs60l/ role network-admin
tacacs-server key 7 "Ti!23456"ip tacacs source-interface loopback0acacs-server test username demo password demo123 idle-time 3 tacacs-server timeout 10tacacs-server deadtime 5tacacs-server host 192.168.31.11 key 7
[code]....
Is #the encrypted TACACS+ shared secret key from switch not being decrypted by ACS 5.1 as it requires a clear-text password? Could it be the reason for the above error?
View 1 Replies
View Related
Apr 29, 2012
I'm doing some testing with ACS server on my windows box and I can't seem to get a barebone radius authentication to work with ACS internal users. I tested the same configuration with TACACS and it works fine, so there's something missing or misconfigured in my setup.
I have a cisco 3550 switch that I want users to login using their ACS username/password.
SW1
username cisco password 0 cisco
username admin password 0 admin
[Code].....
View 2 Replies
View Related
May 2, 2012
I have a cisco nexus 7000 switch and a cisco ACS 5.2. I would like to setup the switch to be able to authenticate users with tacacs+ using RSA secureid tokens when they try to logon to the switch.
View 1 Replies
View Related
Jan 30, 2012
Document at url... is quite interesting,One of these goes about the behavior of a switch (2960-S and 3750G) when QoS is not enabled vs the one when QoS is simply enabled with "mls qos".What additional commands, beside "mls qos", would be needed so as to simulate as accurately as possible the switch's behavior when QoS is not enabled?
View 3 Replies
View Related
Oct 3, 2012
I have enabled syslog on my Cisco 2960S swtich as shown below -
-logging facility local6
-logging host 10.11.12.122 transport tcp port 514
I have sent the port to TCP since that is what is configured on the SYSLOG server which is a CENTOS 5.8, running rsyslogd.I have tested the rsyslogd locally and it work.However i want to send any and all log messages in the buffer to my syslog server and it is not working.there is no firewall on the CENTOS and the ASA firewall filter is enabled for outgoing traffic.
View 5 Replies
View Related
Jun 4, 2013
I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows: HTTP[TCP/80~80]->10.0.0.6HTTPS[TCP/443~443]->10.0.0.6IMAP[TCP/143~143]->10.0.0.5IMAP SSL[TCP/993~993]->10.0.0.5SMTP SSL[TCP/587~587]->10.0.0.5
Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out. Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.
View 1 Replies
View Related
Nov 20, 2011
Is there a way to use the "no switchport command to enable routing on a port and yet sequester it from traffic on other vlans within the switch?
The switch in question is a 3750E
View 2 Replies
View Related
Aug 23, 2011
Using a Mac running Mac OS X 10.6.8 with VPN Tracker 6.3.0.Before switching to the WAG320N I had no issues with my IPSEC VPN client. After the switch it consistently fails in Phase 1 negotiation.In the log file of the gateway I only notice: Mon, 2011-08-22 07:47:31 - [Outgoing] UDP Packet - 192.168.1.100:500 --> IP.ADDRESS.VPN.GATEWAY:500.The software itself complains about timeouts while contacting the remote gateway.VPN pass through is enabled, no port forwarding is set up, firewall is disabled.
View 6 Replies
View Related
Jul 11, 2012
Hardware: Cisco 3750 switch and Cisco autonomous access point (AIR-AP1142N-E-K9).Requirement: A single broadcast SSID; use dot1x to assign vlan 98 to authenticated clients (computer certificate); assign vlan 3 (guest) if the authentication fails.I can achieve assigning a guest vlan on authentication failure when using a wired connection by using the following command on the interface:authentication event fail action authorize vlan 3 I'm after a way to achieve the above using the wireless access point. The main point is that internal users cannot access vlan 3 as they have a valid certificate and that guests do not have to authenticate.
View 2 Replies
View Related
May 8, 2012
On the supervisor card of a cisco 6500 series, according to the following link, [URL] it only has 2 uplink ports on the card. Would I be correct in assuming that I only have those to ports that I can configure IP addresses on?
The cisco that is being devlivere is coming with a 48 port switch and 24 port fibre switch. Could I change any of those ports into a router port and configure IP addresses on those?
The supervisor card is a ws-sup-720-3b the 48 port switch is a ws-x6748-ge-tx the 24 port fibre switch is ws-x6724-sfp
View 3 Replies
View Related
Jun 5, 2013
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
View 2 Replies
View Related
Dec 28, 2008
what is the use of no switch port command in L3 switch?
View 7 Replies
View Related
Feb 26, 2012
I was looking for a way to connect an AUX port from a 1700 router to a 6500 switch module console port, to see the output of the Switch's on the 1700 router, in case there is a network downtime, I could see what's going on in the switch, what cable should I use ? Also, is there is any kind of documentation for this type of config what have I seen is very few info.
View 2 Replies
View Related
Jan 16, 2011
is it possible to assign a loopback address to a typical switch port on a 2950 switch? I want to be able to have some devices connected to a switch to test access lists and VLANs.
View 3 Replies
View Related
Feb 4, 2013
I’m going though dot1x implementation using Cisco WLC 2500 series and ACS 4.2 but I have problems with joining to the SSID. I revised the configuration many times as attached but don’t know what is wrong
log 2013.02.05 17:34:02=
(Cisco Controller) >
(Cisco Controller) >debug dot1x all enable
(Cisco Controller) >*apfMsConnTask_2: Feb 05 07:27:19.865: 00:26:c7:3b:dc:d8 apfMsAssoStateInc
*dot1xMsgTask: Feb 05 07:27:19.867: 00:26:c7:3b:dc:d8 Station 00:26:c7:3b:dc:d8 setting dot1x reauth timeout = 0
*dot1xMsgTask: Feb 05 07:27:19.867: 00:26:c7:3b:dc:d8 Stopping reauth timeout for 00:26:c7:3b:dc:d8
[code]...
View 6 Replies
View Related
Dec 26, 2011
I'm using two cisco 1242 AG access points to configure WDS feature. I've named the accesspoints as AP1(acts as WDS) and AP2. Since I've only two accesspoints, I've configured the AP1 to act both as a WDS and as a regular accesspoints.Further I'm using the local radius server within the AP1 to authenticate both clients and infrastructure accesspoints. And both APs are connected to a router (which act as a dhcp server) via a unmanageble switch and both accesspoints are getting registered with WDS.But the issue is when I tried to connect to the configured SSID, it promts me a "authentication window" but after entering the configured username and password, i'm not getting authenticated by the AP.
I've attached the configurations of both APs to for your reference and I've used the following cisco document as a guideline to crate the WDS. [code]
View 3 Replies
View Related
Mar 4, 2013
I'm having a little issue with some Cisco Aironet1242ag WAP's. I receive a call at least twice a month stating that some of the WAP's are not giving out internet connection. What I always do is go to my patch panel and disconnect those WAP's not working and connect them back again so they can power cycle. These WAP's are connected to a Cisco3750g. Once the WAP's boot up, the users can connect to the WAP and connect to the internet.
I don't know if these WAP's are filling up with some information that causes the access points to not connect to the WAN.
View 15 Replies
View Related
Apr 18, 2011
Is it possible to make a bridge using a 1242 and a 1310? I have been able to get them to associate together and it appears it will function as a bridge. I have the 12(4) 253 JA IOS for both devices. I would like to use the g antenna on the 1242 for the bridge and the a antenna for wireless clients. The configuration on the web management appears to support bridge root and non root for both devices.
View 2 Replies
View Related
Sep 12, 2011
I am trying to upgrade an autonomous IOS 1242 AP to LWAPP and I am having an issue with finding the right code to complete the upgrade. I have upgraded the AP to c1240-rcvk9w8-tar.124-21a.ja2.tar, but now I think I need a JX version of code to have it join a controller, and I can't find this anywhere on the Cisco site.
View 5 Replies
View Related
May 9, 2012
i have 1240 series access points which is not joining controller 5500 series. [code]
View 12 Replies
View Related
Aug 13, 2006
i need to change the IOS in a Ligthwiegth Access point and make it work as an Autonomus AP 1242. I have got the image but im not realy clear about the process. I got to enter the Ligthwiegth Access point true the console port but i dont know how is the upgrading process.
View 6 Replies
View Related
Jun 6, 2012
One of Cisco Wireless AP 1242 installed in my premises restarts itself; AP is getting power from Catalyst 2960 POE. I am using multiple SSID on this AP. I have issued the show tech-support. I have seen below in tech-support System was restarted by unknown reload cause - reason ptr 0xF, PC 0x46FEB8, address 0x0? what could be the reason of restarting of AP. AP is in production since 1 year and it restarts seldom.
View 2 Replies
View Related
Mar 24, 2013
When I tried to add new AP 1242 to my network I had following problem:
The Ap was constantly reloading and I was getting message
Wed Mar 20 13:32:12 2013 AP 'UBFT-E06-F0A-R09-0022.901b.a6ba', MAC: 00:23:ab:27:1f:30 disassociated previously due to AP Reset.
%CAPWAP-3-IMAGE_DOWNLOAD_ERR3: capwap_ac_platform.c:782 Refusing image download request from AP - unable to open image file /mnt/ap_bundle/ap.pri//c1240
I decidet to reinstall software on WISM 2 modul (7.2.111.3) this fix the problem and AP joined controller but during this process I have lost connection to 87 AP for 3 seconds and then they joind back again.
"disassociated previously due to AP Reset"
View 5 Replies
View Related
Feb 9, 2011
I have 3 Cisco 1242 WAPs that I have deployed at a site that has NO RADIUS/AAA devices. I have given all of them a different channel (1,6,11), but the same SSID and crypto (WPA2-PSK). The issue is when a machine boots up it associates with the closest/strongest AP, but as the device "roams" it does not which to a different AP. It stays associated with the original AP until that signal is gone. Then it quickly associates with the closest AP with no problem.
How do I get the device to associate with the strongest WAP? I have research "fast roaming and WDS" but it seems like you need EAP/LEAP and they do NOT have that at all.
View 3 Replies
View Related
Oct 6, 2009
I configured dot1x port-authentication on a 3750. The switch sends out a request to the radius server. The radius server sends a answer-packet to the switch udp port 21645 but it seems the switch discards the packet or something like that. The radius server gets the answer "Destination unreachable, Port Unreachable"
View 8 Replies
View Related
