I'm trying to find if the 3500 AP will contains an 802.1X supplicant, so the AP can be identified and authorized by an ACS when it is connected to a secure access switch.I can find plenty of info on WPA2 & 802.1X for the wireless clients, but I'm struggling to find anything on 802.1X for the AP itself.
View 1 RepliesThere's a Canon LBP 3500 printer on my office network.I don't know its IP.It doesn't show up when I scan the local subnet with nmap.I cannot find the manual (hardcopy or online).It is plugged into the network.It is turned on.I have turned it off and on again.I have tried plugging it into other ports on our switch.
View 1 Replies View RelatedHow to configure LAP 1242AG to authenticate it self as a supplicante on the 802.1x interface switch ?
View 5 Replies View RelatedIs possible to configure a Lightweight Access Point LAP1242AG as 802.1x supplicant using Microsoft NPS radius server that not use EAP-FAST authentication method? Can I use PEAP in NPS radius?
View 6 Replies View RelatedFirst, my configuration, (then the problem down below):
I have an Aironet 1142 with multiple SSIDs [mapped to V LANs] connected to Gi1/0/2 on a 2960 switch in a user-accessible area. This switch is up linked to another 2960 switch in a wiring closet, and the Microsoft NPS server is connected to the wiring closet 2960.
Aironet -- 2960 [user area] --- 2960 [closet] -- NPS RADIUS
I have the user-area 2960 configured as an authenticator switch for dot1x, and port Gi1/0/2 is authenticating the Aironet via MAB to RADIUS. RADIUS is sending VSA device-traffic-class=switch to the 2960. The closet-2960 has no special 802.1x configuration, nor is it an authenticator switch; it just has a manually-configured trunk port to the user-area 2960 [for now; I'm trying to take this one step at a time!].
The user-area 2960 correctly converts port Gi1/0/1 to a trunk port when the Aironet is authenticated [via MAB]. The Aironet boots up, the port is opened, I can ping the Aironet on the native V LAN, and all is well [so it seems]. The Aironet dot11Radio is configured for two SSIDs and mapped to V LANs, which are being spanned via STP thru the user-area 2960 and the closet-2960. STP is correct and verified on all switches.
I have DHCP snooping configured on the user-area 2960 but only for V LAN 1 [but NOT the wireless user V LANs], the trunk port to the closet 2960 is a trusted port. Hosts on the wired ports on the user-area 2960 are able to get DHCP IPs. On the Aironet, "show dot11 associations" shows hosts on the SSIDs are getting DHCP addresses. Again, I am *NOT* running dhcp snooping on wireless SSID V LANs [i read elsewhere that can cause problems as users roam between Aironets].
I do have CISP configured on the user-area 2960. I do not have CISP configured on the closet-2960 [best I can tell, that's not required at this stage, but I could be wrong]. Despite the alleged documentation, I could not get the Aironet to use a dot1x credentials profile to authenticate to NPS/RADIUS as an 802.1x supplicant, which is why I resorted to MAB for this exercise. The Aironet simply would not run dot1x [best I could tell]. The documentation and configuration didn't seem complex, so I was quite confused.
I have upgraded the Aironet to the latest 12.4(25d)JA2 software, and the 2960 is at 12.2(55)SE7 [i saw 12.2(58) has some issues, but I'm willing to be persuaded otherwise, based on sound advice]. Ok, now the problem:
Users on the guest wireless SSID (V lan 20) say they cannot connect. Yep, classic. V LAN 20 is trunk and spanned to all the sufficient places. The Aironet shows users in the associations list for that SSID with IP addresses from the DHCP server! DHCP snooping is not configured on that V LAN. I read another support forum post saying CISP and MAB could cause problems with "disappearing" ARP entries. I appear to have that problem. However, the user on the Staff wireless (V LAN 10) has full access. Am I running into a problem with "multi- host" authentication config? Via tcpdump on my firewall, I see nothing but broadcast and multicast traffic coming from a host on VLAN 20. What puzzles me is how I do see *SOME* traffic from a V LAN 20 host on this SSID, but no uni cast traffic!
Since you're going to ask, here is my port config for this AP on the 2960 authenticator switch in the user-area, and the AAA config pieces:
#sh run br | in ip dhcp
ip dhcp snooping vlan 1
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcp_snoop.txt
ip dhcp snooping
[code]......
Just upgraded our WCS server to the 7.x code over the weekend. Turned up the first 3500 series AP's today. The AP's have been up for about an hour. I am seeing the Air Quality graphs on WCS. On the Worst 802.11a/n and 802.11b/g/n Interferers windows, I am see a WCS System Error Page message but only in those windows. I have gone over the documentation and dont see that I need to enable anything else on WCS.
View 10 Replies View RelatedWe are planning to implement Aironet 3500, Do we need to have controller to install it or can we install as standlone AP.
View 1 Replies View RelatedHas any tried using a 3500 CleanAir AP as a site survey tool? Could you set it up in multiple locations temporarily and gather interference data and analize through WCS? This would use the 3500 AP like you would the Spectrum Expert product.
View 7 Replies View Relatedwe demo'd a 3500 with CleanAir before working with Cisco and purchasing a first batch. The demo worked as expected, just plugged it in and it went to town serving clients and reporting on it's channel in local mode, no problem. My first batch I have two AP's, 3502i's to be exact, plugged in and running on my 5508 with 7.0.98.0 code and and NCS Demo. The AP is up and serving in local mode, however NCS says CleanAir Management Operation StateDown
I took a look at the WLC and it says:
CleanAir
Oper
Status DOWN
So, why.. and where do I put it UP.BTW, this AP is connected to a 3750x stack, shouldn't be an issue there...
For a Campus setup (University), if I deploy 1142 AP's on all the floors with a WLC controlling them, and put one 3500 AP on each floor, will that give sufficient Clean Air support with automatic Rogue elimination? What about if an AP drops, does the WLC automatically try to cover that area with neighboring AP's? I know the old WLSE would be able to do that, but not sure if the WLC can do that by itself. What part of Self Healing can the WLC do with Clean Air, or is a WCS a must have in order to automatically Defend and self heal? Also is the MSE needed for this if a WCS is used? What does the MSE do that the WLC and WCS can't?
View 4 Replies View RelatedWe have a Sonicwall NSA 3500. We have a seperate interface for LAN and WLAN. The WLAN is set up on a Sonicpoint. Right now, the LAN gives out 10.10.99.x addresses, the WLAN gives out 10.10.100.x addresses. What is the best way to get these two interfaces to give out addresses on the same scheme, ie both LAN and WLAN giving out 10.10.99.x addresses?
View 1 Replies View RelatedI am trying to config my wireless lan controller (WLC) 2106 to discover my new 3500 access points.I followed the example Cisco configuration doc.69719.I am using a Cisco 3760 switch to interconnect the AP and WLC.I set up DHCP in the switch. [code]
View 6 Replies View RelatedFollowing best practices on cisco documentations we did set aaa acounting update periodic 5 with 250 switches in the deployment every single switch is geneating and sending 9.990 acct records this is too much the new testing parameterswe are using is aaa acounting update newinfo periodic 15 and this lowered accts by 2/3 (3500) moreover from switch monitoring the most accts records sent by it are related to the trunk-port any suggestion to mitigate this informations storm rather than raising the 15 min period to higher values?are this records generating from the trunk port normal?
View 1 Replies View RelatedThe problem am having is that my Users can get to the internet on the LAN but cannot get to the internet thro the WLAN. Below is the cisco equipment used to setup the WLAN and LAN. I dont have any clue as to why users cnnot get to the internet from the WLAN except the LAN.
ITEMS
1.
CISCO CATALYST 2960-S
Part Number: WS-C2960S-24PS-L
10
Part Number: CON-SNT-2960S2PS
10
[code]....
So I'm going to bridge two Cisco AP's 1260 and 3500, which have an 880 router on each side.
(Currently I have a VPN set-up through the internet for the two locations to communicate) (Naturally they are currently in different subnets) Will absolutely change this and set up as one subnet. There is VLANs setup on each router (same VLANs)
VLAN 1
And
VLAN 10
Everything is configured on the Routers and AP's for these VLANs (works flawlessly over the VPN).
So now since I’m going to get rid of the VPN and set-up a bridge with two AP's, will having same VLANs across both routers be a problem? Will VLANs work OK through the bridge?
Besides using (IP helper address DHCP-IP) command on the non-root bridge side router to forward DHCP requests to the root bridge side router, Also I want to be able to route internet traffic on the non-root bridge side through the WAN port, and only route LAN traffic through the bridge..
In regards to QoS profiles on the WLC. I have applied a profile to a newly created WLAN and set the Per User Bandwidth to 512k and it seems to be kicking in on the ingress only, this is supposed to work ingress AND egress or is it just designed to work one way? I have a 4402-25 with Cisco 3500 AP's and am running the 7.0.98 code. If it is designed to work one way only is there a different way to apply it ingress and egress simultaneously off the WLC?
View 3 Replies View RelatedWe have couple of Cisco Aironet 3500 Series access points with the following P/N: "AIR-CAP3501E-A-K9", we have discovered that we need a wireless LAN controller to connect those new access points!, however, we do not have any wireless controller in our LAN.
We even tried to CLI through the console port but we could not set any static IP on it!, after reading on Cisco site we discover that this type of AP is called "Lightweight Access Point" LAP which handles all the management tasks to the controller!
So what shall we do! is it impossible to operate them without the controller?
We have had several APs disassociating from our controllers. The alerts say, Message: Access Point 'AP-xxxxx' associated to controller '10.x.x.x' on port number '0'. Reason for association 'Dot11g Mode Change. I have read several posts that point out that you should have QoS implemented to prioritize the CAPWAP traffic. I'd like to know if someone has implemented QoS and whether it has been successful in stopping the APs from disassociating. And if it has been successful do you have any configuration examples for the ports attached to the AP and controller as well as the QoS configuration?
We have several sites with AP1142's and 3500's. We have 2 5508 controllers. We are broadcasting 2 SSIDs of which one is in HREAP mode and the other is in local mode. Each of our sites have MPLS circuits.
Here is an example I found on Cisco which I believe can be used for CAPWAP as long as you change the ports to 5246 & 5247 instead of 12222 & 12223.
Example Router Configurations #
This section contains router configuration examples to be used as guides when addressing CS6 remarking or LWAPP control traffic load.
#
This example uses LWAPP APs on the 192.168.101.0/24 subnet, and two WLCs with ap-managers at 192.168.60.11, and 192.168.62.11. (code)
i have engenius ecb 3500 router .i changed it ip address to a new one but i am not remembering it .ARe there some ways to detect new ip address
View 2 Replies View RelatedI have recently purchased a Cisco 887w router for my small business to replace our Netgear DGN-3500. We have made the change to allow greater access to our internal IT infrastructure from remote locations. For the most part I have been able to work through the configuration but I have reached a point now where I can go no further. The WLAN, LAN and WAN all seem to be working well together as a basic setup but I cannot get any port forwarding/NAT to work.
So far I have attempted to configure two NATd services, both with the same result. I am trying to direct port 80 through to our web server, and port 444 to our VPN server. Both seem to undergo translation ok (if i am reading ip nat trans output correctly) but then the packets disappear. The VPN client annouces that the connection timed out, and the browser goes nowhere. Also, if i use an online port check it tells me that 80 and 444 are closed, with no packets returned.
I have spent a few days with no progress. The output of the log (attached txt file) might be meaningfull to somone with a stronger background with Cisco routers... I have also included the config and some other output that might be useful.
how an AP 3500 get to be registered in a controller 5508??, so, i have seen a lot of information of wireles deployment guide but i haven't understood yet how the process or flow is for getting the AP to be registered in a controller 5508, what exactly basic configuration must be done in a controller for doing it?
View 6 Replies View RelatedI'm configuring ACE to enable the XML-HTTPS interface so I can import it into ANM, when I try to do a "match protocol xml-https any", I get a invalid command detected. When I tab at the match protocol command, I don't see xml-https listed (http, https, icmp, etc. is listed).
View 2 Replies View RelatedI am building a BOM for a customer and I need to present cheaper options than 3500 or 3600 APs. I thought of these two models but I don't know what models of antennas to pick.1602 is a 3X3 MIMO with 3 antenna connectors. How many 2.4 GHz and how many 5.8 GHz antennas should I pick for each radio?2602 is a 3X4 MIMO with 4 antenna connectors. In this case I suppose there are 2 connectors per radio.
View 9 Replies View RelatedI currently have WLC 5508 and a few campuses with LAP 1142, each with 2-3 vlan. Now one of our campuses have a building thas is a bit far away and needs network (wired). We can't get fiber or TP-cable there in a good way. So the plan is to get two 1262 or 3500 with AIR-ANT5160NP-R antennas and get a wireless link working between the campus and the building. And then connect one of the AP's to a switch in the other building to provide it with wired network.
The problem is that I can't find information on how to do it. Should both APs be in autonomus mode? I probably only need to have 1 VLAN in the other building but I am not sure yet. Is there a problem with transfering several VLAN over the WLAN-link?
I am trying to find out what the most upto date IOS I can put in my Cisco Catalyst 3500 XL switch, and I'm not sure if this the newest software. I have a lab setup at my house to study for the CCNP certs and this IOS doesn't have all the commands I need, well it might but all depracated commands.
View 5 Replies View RelatedJust had some more 3500i installed,but 2 of these seem to be working, but there is no green LED when no connection, and when you conneect there is no blue led. The LEDs to change when rebooting the AP, just neve seen this before, is this a fault?
View 5 Replies View Relatedwe have a wireless network composed by Cisco Wireless LAN Controllers (WLCs) and Access Points (APs) providing access to a large university.
For WLC we're using the 5508 model (four controllers in total) with the latest software version - 7.0.220.0.
For APs we're using the 3500 Series (AIR-CAP3502I-T-K9) and the 1200 Series (AIR-LAP1262N-T-K9), also with the latest version (upgraded automatically by the WLC). We have around 200 APs. We have established V LAN's specific for the dynamic interfaces (providing the W LAN's) and a management V LAN's (id 254). Our users are experiencing performance issues with the network, specially when the number of users connected is high (around 1700~2000 users).
Analyzing the packets received by a client, we detected a lot of Gratuitous ARP packages originating from the WLCs, for each APs. According to Wire shark:
No. Time Source Destination Protocol Length Info
31 31.954314000 Cisco_61:xx:xx Broadcast ARP 42 Gratuitous ARP for NNN.NNN.254.63 (Reply)
33 32.552240000 Cisco_61:xx:xx Broadcast ARP 42 Gratuitous ARP for NNN.NNN.254.236 (Reply)
34 32.559302000 Cisco_61:xx:xx Broadcast ARP 42 Gratuitous ARP for NNN.NNN.254.115 (Reply)
35 32.616899000 Cisco_61:xx:xx Broadcast ARP 42 Gratuitous ARP for NNN.NNN.254.171 (Reply)
[ code]....
Cisco_61:xx:xx is the WLC mac. All these IP addresses (NNN.NNN.254.XXX) are APs.
As you can see, the clients are receiving broadcast related to the APs in the management V LAN (254). In our understanding this traffic should occur only between WLCs and APs. We are already using two separate ports in the WLCs - one for the 254 V LAN (management) and other for the dynamic interfaces (W LAN's).
We have left a ping command running in the client, and have noticed that when the clients receives many of these broadcast the connection fluctuates. Such broadcasts from the management network in the W LAN's are expected behavior?
How to configure ssh in all access points ( cisco 3500 Access points ) under wlc 5508 ?
View 3 Replies View RelatedPlaning to implement ARP out in all interface vlan at switche(6500,3500).It's useful to avoid unicast floating in the Switch.What are precaution to be take care during the implementation?
View 5 Replies View Relatedi want ti migrade lan from ipv4 to ipv6.. how can i check my switch support ipv6?
i am having cisco 3500 and d-link managed and unmanaged switchs.
New inspiron 14z would not connect to wireless home network. Area networks appeared, tried to connect to my network (entered password, etc.) and would attempt to connect, but could not. Solution - activate McAfee security center.Products - 2 day old Inspiron 14z (windows 7, intel wi-fi) & Netgear n300 (6 months old, connecting 2 yo inspiron 15, sony bluray, kindle fire, hp photosmart 3500 printer with no issues)
I checked router log in information, firmware updates, cable connections - all okay. So I called tech support and the first cutomer care rep adjusted the power saving settings to "Dell" (was turning off wi-fi adapter to save juice), but that didn't solve issue. He told me that it was probably an ISP/router issue. Eventually I spoke to three other reps and 2 supervisors and was consistently told issue was ISP and/or router. Crankily, I told the last customer care rep that if the issue wasn't resolved, I would return laptop, since everything else was working. (Not nice of me, but that's how I felt. I'm not about to spend an extra $100+ on a router when mine is working fine and my ISP service is fine.) So, that rep agreed to connect to both my new laptop and the older inspiron 15 to find any differences in settings. He then found a solution - McAfee security center. I had not activated it, because I prefer another product, and hadn't uninstalled it before calling. The rep activated it and voila, connectivity. Afterwards, I did uninstall mcafee and installed my preferred security product, and still have connectivity.
I have upgraded my 'old' Linksys router to a new Cisco 3500 and I can only connect to the new router via Wi-Fi... When I connect using hard-wire - the computer tells me I hve no connection! Same computer works just fine w/old router
Dell Inspiron duo - Windows 7 - Cisco 3500
We are deploying a new office and exploring the options for WLAN deployment. We were pretty impressed with 3500 series APs and that it supports CleanAir.However, we have decided to go for standalone AP deployment model now. As 3500 does not work in standalone mode, so we are looking for APs that can work in standalone mode ( and later can be converted to lightweight if needed). We can go for 1140 in that case. However, it would be better for us to know the main differences between features supported by 3500 lightweight AP and 1140 standalone AP. CleanAir looks like the main one. Are there other important ones as well?
View 2 Replies View Related