WLC and MARS 6.x

1) It appears you can only add 4.x WLC's in version 5.x of MARS.
We're running WLC 5.x and some of the events are not being parsed. Can
anyone confirm that this is fixed in MARS 6.x? Can you actually add
the device as a 5.x device?
2) Does 6.x receive and correctly parse WLAN authentication success/
fail events? If so, does it map an IP address to a user?

1) It appears you can only add 4.x WLC's in version 5.x of MARS.
We're running WLC 5.x and some of the events are not being parsed. Can
anyone confirm that this is fixed in MARS 6.x? Can you actually add
the device as a 5.x device?
[John] As of release 6.0.1 you must add the WLC 5.X as a 4.X device.
2) Does 6.x receive and correctly parse WLAN authentication success/
fail events? If so, does it map an IP address to a user?
[John] CS-MARS supports authentication failure traps. CS-MARS does not map IP address to user.

Similar Messages

  • Changing MARA-ERNAM and MARA-AENAM during Material create

    Hi All,
             We have a critical requirement to change the MARA-ERNAM and MARA-AENAM during the creation of the material.
              We are using the BAPI 'BAPI_MATERIAL_SAVEDATA' to create a material from an Inbound IDOC.When we execute the above BAPI, the material is created with sy-uname in MARA-ERNAM and MARA-AENAM field and our requirement is to update our desired usernames.
           Please provide your valuable suggestions.
    Thanks and Regards,
    Stephen

    and why don't you execute that BAPI with another UserID? or schedule it as a job, attaching the userid of the special batch-user you have in your company to the job-step?

  • ISE 1.2 With WLC and AD

    Hi everyone,
    What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
    The wireless network is configured with 2 SSID (Staff and Guest) 
    Active Directory, DNS, DHCP, and  NTP configured & synced.
    ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
    Please provide your thoughts and assistance.
    Regards

    You have to implement dot1x and radius between your NAD and ISE device.
    Using the switch 3850, that are the steps: 
    username RADIUS-HEALTH password radiusKey1 privilege 15
    aaa new-model
    aaa authentication login default local
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    aaa authorization auth-proxy default group radius
    aaa accounting update periodic 5
    aaa accounting auth-proxy default start-stop group radius
    aaa accounting dot1x default start-stop group radius
    !this password will be used to communicate with ISE and to verify reachability
    !between ISE and Switch
    aaa server radius dynamic-author
     client 172.16.1.18 server-key 7 radiuskey
     client 172.16.1.20 server-key 7 radiuskey
    ip domain-name lab.local
    ip name-server 172.16.1.1
    dot1x system-auth-control
    interface GigabitEthernet1/0/3
     switchport mode access
     switchport voice vlan 50
     switchport access vlan 10
     ip access-group ACL-ALLOW in
     authentication event fail action next-method
     authentication event server dead action authorize voice
     authentication event server alive action reinitialize
     authentication host-mode multi-auth
     authentication open
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     authentication violation restrict
     mab
     dot1x pae authenticator
     dot1x timeout tx-period 10
     spanning-tree portfast
    ip access-list extended ACL-ALLOW
     permit ip any any
    !the comm between radius and ise will occur on these Port
    ip radius source-interface Vlan100
    logging origin-id ip
    logging source-interface Vlan100
    logging host 172.16.1.20 transport udp port 20514
    logging host 172.16.1.18 transport udp port 20514
    ip radius source-interface Vlan100
    logging origin-id ip
    logging source-interface Vlan100
    logging host 172.16.1.20 transport udp port 20514
    logging host 172.16.1.18 transport udp port 20514
    snmp-server community ciscoro RO
    snmp-server community public RO
    snmp-server trap-source Vlan100
    snmp-server source-interface informs Vlan100
    radius-server attribute 6 on-for-login-auth
    radius-server attribute 8 include-in-access-req
    radius-server attribute 25 access-request include
    radius-server dead-criteria time 10 tries 3
    radius-server vsa send accounting
    radius-server vsa send authentication
    !defining ISE servers
    radius server ISE-RADIUS-1
     address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
     automate-tester username RADIUS-HEALTH idle-time 15
     key radiusKey
    Please be sure that NTP servers and time are synchronized. 
    enable dot1X on windows machine, or using cisco NAM. 
    you can enable debugging on aaa authentication to see the events. 
    you have to create this user on ISE (RADIUS-HEALTH). 
    3850#test aaa group radius username password new-code 
    and observe the result. You are supposed to have user authenticated successfully. 
    You Must also have define these device in ISE on the radius interface.
    ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE. 
    administration-->network resources -->Network Devices-->Add
    input the name
    input the Ip address for radius communication
    select the authentication settings and field the corresponding shared secret radius key
    select snmp settings and select version 2c. 
    snmp community : ciscoro
    you can customize the polling interval if you want and that all. 
    you are supposed to received message communication between your NAD and ISE. 
    After you can do the procedure for WLC device. 
    I will fill it after you have passed the first steps (3850 authentication). 

  • Problem share folder WLC and pc macbookpro

    I am doing a migration from my wireless network in the old network in the PC MacBookPro I can see shared files on the network. But when I connect to the SSID configured on the WLC and I can not see shared files on the network. I have no ACL configured on the SSID.

    Bonjour is a non-routabe multicast based service. A trick I use sometimes is to configure the WLAN to be in hreap mode if the ap is located locally to the target bonjour device.if your running in local mode, make sure they are on the same vlan and global multicast is enabled.
    Sent from Cisco Technical Support iPad App

  • Cisco 8510 WLC and RTU licence

    Hi Guys,
    I have a simular issue where is shows the status as active, not-in-use.
    What does this mean and how do I get this to be in use.
    This is a Controller with HA-SKU license.
    The licenses has been inherited from the Primary Controller.
    Any license on HA-SKU controller is disregarded.
    Feature name: ap_count (adder)
    License type: Permanent
    License state: Active, Not-In-Use
    License Nodelocked: No
    RTU License Count: 50
    Hope to hear from you soon.
    Regards,
    Clifton.

    Hi,
    since this is a HA-SKU WLC, and the license is inherited from the active then no need to have a permenant license on it.
    is the HA working fine?
    please review the following link for the HA licensing requirements
    http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#licensing

  • WLC and WCS conflict

    Hi I am currently using 21 X WLC with N+1 Redundancy and 1X WCS with 1000++ of LAP1020. If had been observed that the antenna type and power TX had been changed with no reason. Is there any settings that may affect with AP customized Tx Power and antenna settings other than using the WCS template to push the configure to the APs instead of the WLC.

    Sorry for jumping in on the question with another question but it seemed the right place.
    I have an AIR-CT5508-25-K9 WLC and +25AP license : L-LIC-CT5508-25A.
    As far as I understand it the WLC should already have a 25AP license installed and with the adder license I should have a count of 50 APs.
    However, after installing the adder license the count is still 25.
    Could you please let me know if it's just something wrong in my reasoning or should a case be opened?
    Thank you,
    Barbara

  • Guest-Anchor-WLC and NAC integration guide

    I was trying to find some design reference for the Guest-WLC and NAC integration guide. Anyone can share some experience/cisco docs/links?

    User traffic is locally bridged on a 1030 in REAP mode so packet forwarded to the default gtw would follow the NAT rules on the firewall but the real challenge is the LWAPP control channel. In that past using 1:1 NAT I was successful with a CP firewall but I had to play tricks with the mobility group and use the FW logs to track and define the right ports.

  • Cisco wlc and steel belted radius

    we have cisco wlc controller  that have  two ssid  one for user and one for guest
    we need the  user in ssid 1 take user name and password from  user group in active directory through steel belted radiu
    please send to me any integrated guide between cisco wlc and steel belted radius
    regards

    Hi                                                      Mohammad,
    I am unaware of a specific Steel Belted RADIUS intrgration guide for the WLCs, however the configuration process on the controller will be the same:
    Cisco WLC Configuration Guide 7.0 - Configuring RADIUS:
    http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1388328
    You may wish to contact your RADIUS vendor for additional configuration steps on the server.
    Best,
    Drew

  • WLC and LDAP

    Hi to all,
    i want to use local-eap+LDAP (microsoft AD) and i'm experiencing some issue.
    First of all i'm not able to bind WLC and LDAP...if a perform a debug aaa ldap enable i get this output:
    Any idea about how to solve this issue?
    Regards
    Ale

    It sounds like .... invalid credentials ? :-)
    Please post your LDAP config on WLC.
    Is your admin username with which you're binding within the search context that you defined ? this is very important

  • WLC and WLSE

    Hi Netpro
    what is the difference between the WLC and WLSE?
    thanks

    Basically the WLSE is no longer around:)  the WLSE was a management box for autonomous ap's.  The WLC manages lightweight access points and that is really what everyone is moving towards if not already.
    http://www.learnios.com/viewtopic.php?f=5&t=33687
    https://supportforums.cisco.com/thread/328073
    https://supportforums.cisco.com/thread/338936

  • WLC and IPv6

    Hi All,
    has anybody experiences with WLC and IPv6? I have activated the Check Box for IPv6 Support, but it does not work. Regards, Michael

    Hi ,
    Have you configued uplink router/sw to support ipv6 ; the sample config would look like this
    ipv6 unicast-routing
    interface FastEthernet0/0.6
    encapsulation dot1Q 56
    ip address 10.50.56.1 255.255.255.0
    ip access-group GNS2 in
    ip access-group GNS2 out
    ip helper-address 10.50.1.21
    ip pim sparse-dense-mode
    ip multicast ttl-threshold 1
    no snmp trap link-status
    ipv6 address 2006::/64 eui-64
    ipv6 address autoconfig
    ipv6 enable
    let me if this works for you or not
    regards
    Seema

  • WLC and LWAP Registration Log Question

    We have a Cisco 4404 WLC and and about 70 Cisco 1131 APs.  I am very new to the Cisco WLC and I need to know how to view its AP registration and unregistration logs.  We have a AP that has unregistered and we can't seem to find what switchport it was attached to.  It would be helpful to know the IP address and ideally any CDP information it had.  Unfortunately you can only view this information in the WLC if the AP is registered, but at this point it is not.  Any help would be appreciated.

    You will not be able to find that info unless you still see the information on the log about the AP. You would have to either review the switch cdp info as long as the AP is still functioning or else you will just need to physically track it down. If you have WCS or NCS, you should be able to review the past history and the maps would show you where that AP was located if the ap were positioned correctly.
    Thanks,
    Scott Fella
    Sent from my iPhone

  • WLC and AP in L3

    Hello everyone
    I hope if anyone can help me.
    a Building has 3 companies (A,B and C)
    and I have one WLC
    in each company there is 3 AP
    I want to configure WLC whereas any AP in company A cant communicate to other AP in company B and C
    and the same to all companies
    I mean totally separate in IP scheme (no routing between them)
    can that done with WLC and LWAP ??
    PLZ advice

    thank you all for your reply
    I would like to ask you another question fo another scenario.
    I have one WLC installed in one subnet, let's say in the head quarter network, while the LAPs are installed in the branches and there is WAN connectivity between the HQ and the branch and OSPF routing is enabled between this WAN network. How can I do my configuration in order to register the LAPs installed in the branch with WLC installed in the HQ?
    Thanks,

  • NBAR, Netflow, QoS Policing, 6500s, IOS 12.1(26)E7, and MARS

    Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
    To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
    While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
    My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
    Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
    Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
    Thank you for your time,
    Joshua

    Hi,
    First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
    http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
    or one of the following commercial tools:
    http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
    The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
    However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
    Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
    I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
    HTH - plz rate if useful.
    Andrew.

  • IPv6 for management and control plane on WLCs and LWAPs

    Good morning, everybody!
    I am trying to find answer to a question that has been previously asked by people but never successfully answered
    The question is about IPv6 support on Cisco Wireless LAN Controllers and access points... Does Cisco have a roadmap to include support for IPv6 used in CAPWAP, control plane and management? There are couple of posts on this topic that do not unfortunately provide any answer to this point.
    https://supportforums.cisco.com/message/3018843
    https://supportforums.cisco.com/docs/DOC-15667
    Infamous "Cisco IPv6 Solution" at http://www.cisco.com/en/US/partner/technologies/collateral/tk648/tk872/tk373/technologies_white_paper_09186a00802219bc_ps6553_Products_White_Paper.html briefly states "Wireless Solutions... In future, IPv6 control plane features may get added to those components."
    Has anyone heard of any more specific roadmap for IPv6 support for CAPWAP, control plane and management on WLCs and LWAPs?

    Full ipv6 support will never be available on the Wism and 440x controllers because they have a NPU to forward traffic and it was not designed with ipv6 in mind.
    The 5508 and Wism2 and all new controllers all have CPU based forwarding and ipv6 is coming in next releases.
    WLC 8.0 is only for december 2011/2012 and I have to say I don't know if it will support native ipv6.
    my 2 cents

Maybe you are looking for

  • Problems with Westell 7500 Gateway

    Hi guys I have a problem with a westell 7500 series wireless gateway. Having recently upgraded to the gateway from an old 6100 series modem, I am having some issues keeping computers synced with the gateway. Every time I restart my computer connected

  • Database Link and error ORA-02019

    Oracle 9.2.0.6 on Windows 2003 Has anybody encountered this before and been able to resolve. SQL> connect SchemaA/password@NSN1 SQL> create database link MyLink1 2 connect to REMDB identified okm135 3 using 'STAF' 4 / Database link created. SQL> crea

  • Purchase condition based on Contract document type

    Dear Gurus, We have created a seperate documents for Domestic and Import Contracts. We want to trigger Domestic Pricing condition in Domestic Contract, and vise verse... We want only the domestic condition to apprear in the dropdown when the purchase

  • Lock box facility

    hi experts,i want to know about:what is lock box facility?can any body tell me the configation steps for that

  • JNLP related-content issue in JRE 7u5 Sub Menu Item link not working

    we are having an issue with our existing Web Start Application in Java Version 7 Update 2 and above where the Sub Menu items are not being associated with Internet Explorer with href link as Target when using <related-content> tag in JNLP. This is wo