802.1x, enterasys roamabout R2, cisco 350 aironet without win2k active dir.

Similar Messages

• HELP: symbol netvision phone w/cisco 350

  Hello
  I am having trouble setting up a symbol netvision phone with my cisco ap 350 that is running 12.01T. Basically, when the phone powers up it finds the SSID for my network (if i enable the broadcast SSID). It does not seem to get an IP Address/mask. It constantly displays "No Network". I have read the caveats for this release...there is mention that the symbol phone may display this message and there is no workaround present. If anyone has a working config on the AP, please email me at [email protected] Also it would be good to know if anyone has gotten this to work with release 12.01T. I have symbol extensions enable and the preamble is set to long....Thanks!

  I think the only thing you can do is to use Cisco Aironet 1100/1200 AP,instead of Cisco 350 series AP.
  This isssue is not present in 1200 and 1100AP.

• Cisco 1524 Aironet Outdoor Wi Fi Access Points

  I am using Cisco 1524 Aironet Outdoor Wi Fi Access Points for outdoor Wi-Fi Coverage with WiSM Controller. I want to cascade Bridge them with UTP/STP Cables instead of using MESH using the Ethernet Bridging Function inside the controller. But I cannot have a cascaded Bridge chain of more than 2 AP's. Can
  anybody advice & help me in this scenario?

  Hello Mohammed,
  As per your query please refer to the link-
  http://www.cisco.com/en/US/docs/wireless/access_point/1524/installation/guide/1524SB_addendum.html and it supports
  Fiber (SFP) and Gigabit Ethernet interfaces
  Hope this will help you.

• CISCO 350 Wireless LAN Module on Solaris

  I am running Solaris 8 (6/00) for Intel platform with xFree86 version 4.0.3 on my laptop. My CISCO 350 PCMCIA Wireless LAN module work cannot be used nor detected in Solaris. Can anyone help me with that?

  Are you running any other Vm's on the host server?
  Are they working? Did you enable your BIOS to support VM?
  Then with regards to the install make sure you follow the guide as it can get tricky.
  I forgot to add Promiscuous personally. Make double check you Network Backing. I am not running a VM anymore - just recalling where I had issues.
  http://www.cisco.com/c/en/us/support/docs/wireless/virtual-wireless-controller/113677-virtual-wlan-dg-00.html

• Cisco 350 WB security

  I need info on the security issues and solutions for a building to building wireless wan using Cisco 350 Wireless Bridges. Everything I'm finding on the subject is for WLAN applications.

  Access points and bridges use the same radio technology, so security concerns as far as physical location are similar.

• Filtering on CISCO 350 (a)

  Hi,
  I'm trying to set up filters on a CISCO 350 and am a bit confused with the configuration.
  1) Is it so that the "Default disposition" defines how all protocols will be handled while for each protocols defined in the "special cases" in a filter set definition, another action "per protocol" can be defined (kind of :DISCARD ALL but FORWARD only ones in Special cases)
  Thanks and best regards,
  Guy

  Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
  If anyone else in the forum has some advice, please reply to this thread.
  Thank you for posting.

• Cisco 1602 Aironet Stand alone Accepoint

  Dears all.
       I have 15 Cisco 1602 Aironet Stand alone Accepoint. I would like to configure this all to work with one SSID with out registering in any wireless lan  controller. I would like to get your advice that, what configuration I have to do ?

  HI Yakub,
  Here is the template:
  Autonomous AP and Bridge Basic Configuration Template
  https://supportforums.cisco.com/docs/DOC-16087
  Here is a link to the 1600. Click on config guide .. If you never configured an autonomous ap follow the guide carefully
  http://www.cisco.com/en/US/products/ps12555/tsd_products_support_series_home.html
  Hope it helps.
  Regards

• How to view the login log in window NPS after login cisco switch and without SQL server database

  how to view the login log in window NPS after login cisco switch and without SQL server database
  in summary 
  there is only log with event id 4400
  A LDAP connection with domain controller XCPAWS20.cyberport.noc for domain NOC2 is established.

  Hi adil,
  For your issue, you can create a custom security token service (STS) and then set up a trust relationship between a SharePoint 2010 farm and the custom STS.
  For more information, you can refer to the articles:
  http://forums.asp.net/t/1335229.aspx?Sharing+Authentication+Ticket+Between+ASP+NET+and+Sharepoint
  https://msdn.microsoft.com/en-us/library/office/ff955607(v=office.14).aspx
  http://www.paraesthesia.com/archive/2011/02/01/working-with-windows-identity-foundation-in-asp-net-mvc.aspx/
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Cisco WCS to conduct an Active Wireless Site Survey

  Can I use Cisco WCS to conduct an Active Wireless Site Survey or it does only Predictive Wireless Site Survey ? I already bought a software that only do Passive but I need one to make an Active Wireless Site Survey.
  I think that WCS does not provide walkthrough in active mode.
  Tks.

  WCS woudl only be able to do a Passive Survey.  do to an 'active' or AP on a Stick survey you would need softare like Ekahau or Air Magnet to go out and read the RSSI/SNR from the AP.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Issues with cisco 1242 aironets

  We are currently experiencing and issue with the 1242 AG Wireless Access Points. We have have them configured as 1 Root Access point and 3 Repeaters. The repeaters seem to be experiencing frequency interference issues. The Root AP is using antenna model 2506 and the repeaters 1728's.
  What happens is when the repeaters are first started up, they see / communicate to the root access point fine, but within 5 minutes they stop communicating. If we manually set the channel to something different, they see each other for 5 - 10 minutes then eventually disappear and cannot be ping'd or seen with a sh cdp nei.
  We have tried various combinations of settings so far. Have tried channel 1 - 13 and the least conjested frequency mode. It usually settles on channel 8 when we put it in that mode. But it is the same sceneario each time. All 3 repeaters show up almost instantly after a channel change, but slowly disappear in less than 10 minutes.
  Here is our config:
  Version
  Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.4(21a)JA1, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Wed 16-Sep-09 19:06 by prod_rel_team
  ROM: Bootstrap program is C1240 boot loader
  BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.3(7)JA1, RELEASE SOFTWARE (fc1)
  ROOTAP uptime is 2 days, 3 hours, 14 minutes
  System returned to ROM by power-on
  System image file is "flash:/c1240-k9w7-mx.124-21a.JA1/c1240-k9w7-mx.124-21a.JA1"
  cisco AIR-AP1242AG-E-K9    (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
  Processor board ID FCZ112782K9
  PowerPCElvis CPU at 262Mhz, revision number 0x0950
  Last reset from power-on
  1 FastEthernet interface
  2 802.11 Radio(s)
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 00:1C:58:B1:72:2E
  Part Number                          : 73-10256-06
  PCA Assembly Number                  : 800-26918-05
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC11262N5Z
  Top Assembly Part Number             : 800-29233-01
  Top Assembly Serial Number           : FCZ112782K9
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-AP1242AG-E-K9
  Configuration register is 0xF
  Root AP Config
  Current configuration : 1987 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ROOTAP
  no aaa new-model
  dot11 syslog
  dot11 activity-timeout client maximum 120
  dot11 activity-timeout repeater maximum 300
  dot11 ssid WIRELESS
     authentication open
     authentication key-management wpa
     guest-mode
     infrastructure-ssid
  username user privilege 15 secret 5 password
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid WIRELESS
  antenna gain 5
  parent timeout 10000
  channel 2417
  station-role root access-point
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  no dfs band block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.2.10 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.2.1
  ip http server
  ip http authentication local
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  privilege level 15
  logging synchronous
  login local
  stopbits 1
  line vty 0 4
  privilege level 15
  logging synchronous
  login local
  stopbits 1
  line vty 5 15
  privilege level 15
  logging synchronous
  login local
  stopbits 1
  end
  Repeater Config
  Current configuration : 1764 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname REPEATER03
  no aaa new-model
  dot11 syslog
  dot11 ssid WIRELESS
     authentication open
     authentication key-management wpa
     guest-mode
     infrastructure-ssid
  username user privilege 15 secret 5 password
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid WIRELESS
  antenna gain 5
  parent timeout 10000
  station-role repeater
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  no dfs band block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.2.13 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.2.1
  ip http server
  ip http authentication local
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  privilege level 15
  logging synchronous
  login local
  stopbits 1
  line vty 0 4
  privilege level 15
  logging synchronous
  login local
  stopbits 1
  end
  We are wondering if you have any tips to get around this.
  Also,  should these access points be able to handle ~200 clients? How close to the root access point should the repeaters be placed? I basically just go until my signal gets low and put a repeater within that range. Could vary from 30-60 meters away.
  Thanks

  Also,  should these access points be able to handle ~200 clients?
  APs, in theory, can handle >1,200 clients.  In theory.  In practice, Cisco recommends between 12-25 clients.  Imagine if you have, say, 50 clients and they are trying to access the network on a 100 Mbps FastEthernet connection.  That slows them down, right?  But consider wireless as a broadcast.  One talks and the rest listens.

• 802.1x problem with non-Cisco IP Phone, VVID enabled.

  I am testing with a 3750 PoE switch running 12.2(25)SEE1 and trying to configure 802.1x to work with Mitel IP phones.
  I have voice and data vlans configured on each port. Turning on 802.1x causes the phone to hang and timeout in DHCP Discovery. The port status from the switch is "Unauthorized".
  interface FastEthernet1/0/2
  switchport access vlan 1
  switchport mode access
  switchport voice vlan 2
  dot1x pae authenticator
  dot1x port-control auto
  no mdix auto
  spanning-tree portfast
  end
  Should anything be configured besides the Voice VLAN to let phones onto the network? There is no computer behind the phone right now. The only information I can find says I need a VVID, and any clients behind it will cross the PVID.
  Thanks.

  Yes it does.
  Apparently the Mitel phones (testing a 5215 dual-mode) we have support EAP-MD5, but we have a primarily PEAP/EAP-TTLS environment. Apparently the phones need to use a username/password entered on each phone before they will send that to a Radius server doing EAP-MD5. Our PEAP clients authenticate to a Microsoft Radius server, and our EAP-TTLS to a Funk box. Hopefully the Microsoft can support both EAP-MD5 phones and PEAP on the laptops, I'll have to find out.
  I was hoping this was a quick and easy Cisco configuration error... oh well.

• NAC-L2-802.1x (EAP-FAST) and Cisco Secure Services Client 5.0 in wired net

  Hi!
  (Sorry, if this is a wrong forum.)
  Does anybody have any success with Cisco SSC and EAP-FAST in the wired network?
  I'm going to use NAC, so I'm trying to set up EAP-FAST. I see the pop-up window on the client to enter user credentials and I see a lot of "debug radius" messages on my 3750 12.2(44)SE switch:
  Access-Requests with User-Name="anonymous"
  Access-Challenges (I see certificate is sent from ACS)
  Access-Reject
  CS ACS Failed Attempts Report shows "ACS user unknown" failure for "anonymous".
  So far as I understood, EAP-FAST is a tunneled method and it uses "anonymous" to protect user's identity during phase 0 / phase 1 transactions. The actual username is sent in phase 2 transaction.
  The following is excerpt from the CS ACS documentation:
  "EAP-FAST can protect the username in all EAP-FAST transactions. ACS does not perform user authentication based on a username that is presented in phase one; however, whether the username is protected during phase one depends on the end-user client. If the end-user client does not send the real username in phase one, the username is protected. The Cisco Aironet EAP-FAST client protects the username in phase one by sending FAST_MAC address in place of the username. After phase one of EAP-FAST, all data is encrypted, including username information that is usually sent in clear text."
  SSC 5.0 is indeed set up with "Unprotected Identity Pattern"=anonymous and "Protected Identity Pattern"=[username] using sscManagementUtility.exe
  So, the question is: Why is ACS 4.1 trying to authenticate username "anonymous" if it knows that the user is fake? Does anybody have working configuaration for EAP-FAST in a wired network?
  Any help is greatly appreciated.

  Correct, ACS database wasn't selected on the NAP Authentication page. It works now, but I constantly get the following message in the Windows event log: "The Cisco Secure Services Client service hung on starting". This is Windows 2000 Advanced Server system with SP4. SSC was set up with no domain authentication, no machine authentication, single sign-on. After some time the SSC service starts, but at that time my PC is already put into the guest VLAN by the switch (the tx-period is 10 seconds):
  POD1-SW#sh run int fa1/0/1
  Building configuration...
  Current configuration : 378 bytes
  interface FastEthernet1/0/1
  switchport access vlan 999
  switchport mode access
  dot1x mac-auth-bypass
  dot1x pae authenticator
  dot1x port-control auto
  dot1x timeout reauth-period server
  dot1x timeout tx-period 10
  dot1x reauthentication
  dot1x critical
  dot1x critical recovery action reinitialize
  dot1x guest-vlan 91
  dot1x critical vlan 11
  spanning-tree portfast
  end
  After all the VLAN is reassigned by the switch, but the delay is too high. How can I troubleshoot this?
  Thx.

• "Busiest Clients" report template on Cisco Prime & Aironet 1242AG

  Yesterday I was trying to schedule a "Busiest Clients" report on our Cisco Prime physical appliance (PRIME-NCS-APL-K9, v2.1.0.0.87).
  My goal was to monitor the busiest clients on a couple of old Aironet access-points. These APs have been installed in a branch office of our university that rely on 4 Mb/s SHDSL WAN connectivity and, as you might imagine, some saturation occurs when the classrooms are crowded.
  Unfortunately, all the reports were empty ... there was only a "No data matches the specified criteria for the report” warning inside.
  The Client Statistics task (Administration>Background Tasks) was enabled and I was able to run this report selecting a different floor area ... after a few tries I've discovered that this error occurs only when the old Aironet 1242AG APs are involved. If I select a floor area populated with the newer 1142 and 2602 models, the report template works as intended.
  So, is there a way to fill a "Busiest Clients" report with data fetched from our old Aironet 1242AG APs?
  Our WLC is a Cisco Wireless Services Module 2 Controller for Cisco Catalyst 6500 (WS-SVC-WISM2-K9).
  (Sorry ... my English is a bit rusty)

  Hi,
  Kindly try to restart the Dameon manager with the command line of the server
  1> net stop crmdmgtd
  and then start the daemon manager --> net start crmdmgtd (wait for atleast 20-25 minutes before login back to LMS and also see if any file do exist at location CSCOps\Objects\dmgtd\ready folder).
  Get the output of pdshow after waiting for 20 minutes and stdout.log and stderr.log from CSCOpx\MDC\tomcat\logs.
  Many Thanks,
  Gaganjeet

• Filtering on CISCO 350 (b)

  Hi,
  Still dealing with the filter configuration on AP350.
  Filters can be designed based on the ETHERTYPE, IP protocol and IP port. Focusing on ETHERTYPE filters, how can I filter out 802.3, 802.2 frames ?
  Thanks and best regards,
  Guy

  Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
  If anyone else in the forum has some advice, please reply to this thread.
  Thank you for posting.

• 350 aironet bridge access issues

  I have been given a configureded 350 seires bridge (static Ip address) that I am trying to install on my home network. But when using the device Mac address with the Cisco IPSU software to get the ip address assigned to the bridge, there is no reply. How can I reset this bridge to DHCP so I can install it on my home network?
  Any help would be appreciated.
  thanks

  Hi
  (1)Are you using the bridge with PoE or AC adapter?
  (2)There is a reset button on your bridge.Try inserting a pin into that and see.
  (3)Third option is to connect through console and reset that.
  Pls visit the following page for full troubleshooting doc.
  http://www-tss.cisco.com/eservice/compass/common/activities/password_aironet.htm
  Regards
  JD