WLC and MARS 6.x
1) It appears you can only add 4.x WLC's in version 5.x of MARS.
We're running WLC 5.x and some of the events are not being parsed. Can
anyone confirm that this is fixed in MARS 6.x? Can you actually add
the device as a 5.x device?
2) Does 6.x receive and correctly parse WLAN authentication success/
fail events? If so, does it map an IP address to a user?
1) It appears you can only add 4.x WLC's in version 5.x of MARS.
We're running WLC 5.x and some of the events are not being parsed. Can
anyone confirm that this is fixed in MARS 6.x? Can you actually add
the device as a 5.x device?
[John] As of release 6.0.1 you must add the WLC 5.X as a 4.X device.
2) Does 6.x receive and correctly parse WLAN authentication success/
fail events? If so, does it map an IP address to a user?
[John] CS-MARS supports authentication failure traps. CS-MARS does not map IP address to user.
Similar Messages
-
Changing MARA-ERNAM and MARA-AENAM during Material create
Hi All,
We have a critical requirement to change the MARA-ERNAM and MARA-AENAM during the creation of the material.
We are using the BAPI 'BAPI_MATERIAL_SAVEDATA' to create a material from an Inbound IDOC.When we execute the above BAPI, the material is created with sy-uname in MARA-ERNAM and MARA-AENAM field and our requirement is to update our desired usernames.
Please provide your valuable suggestions.
Thanks and Regards,
Stephenand why don't you execute that BAPI with another UserID? or schedule it as a job, attaching the userid of the special batch-user you have in your company to the job-step?
-
ISE 1.2 With WLC and AD
Hi everyone,
What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
The wireless network is configured with 2 SSID (Staff and Guest)
Active Directory, DNS, DHCP, and NTP configured & synced.
ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
Please provide your thoughts and assistance.
RegardsYou have to implement dot1x and radius between your NAD and ISE device.
Using the switch 3850, that are the steps:
username RADIUS-HEALTH password radiusKey1 privilege 15
aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
!this password will be used to communicate with ISE and to verify reachability
!between ISE and Switch
aaa server radius dynamic-author
client 172.16.1.18 server-key 7 radiuskey
client 172.16.1.20 server-key 7 radiuskey
ip domain-name lab.local
ip name-server 172.16.1.1
dot1x system-auth-control
interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 50
switchport access vlan 10
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
ip access-list extended ACL-ALLOW
permit ip any any
!the comm between radius and ise will occur on these Port
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
snmp-server community ciscoro RO
snmp-server community public RO
snmp-server trap-source Vlan100
snmp-server source-interface informs Vlan100
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
!defining ISE servers
radius server ISE-RADIUS-1
address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
automate-tester username RADIUS-HEALTH idle-time 15
key radiusKey
Please be sure that NTP servers and time are synchronized.
enable dot1X on windows machine, or using cisco NAM.
you can enable debugging on aaa authentication to see the events.
you have to create this user on ISE (RADIUS-HEALTH).
3850#test aaa group radius username password new-code
and observe the result. You are supposed to have user authenticated successfully.
You Must also have define these device in ISE on the radius interface.
ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE.
administration-->network resources -->Network Devices-->Add
input the name
input the Ip address for radius communication
select the authentication settings and field the corresponding shared secret radius key
select snmp settings and select version 2c.
snmp community : ciscoro
you can customize the polling interval if you want and that all.
you are supposed to received message communication between your NAD and ISE.
After you can do the procedure for WLC device.
I will fill it after you have passed the first steps (3850 authentication). -
Problem share folder WLC and pc macbookpro
I am doing a migration from my wireless network in the old network in the PC MacBookPro I can see shared files on the network. But when I connect to the SSID configured on the WLC and I can not see shared files on the network. I have no ACL configured on the SSID.
Bonjour is a non-routabe multicast based service. A trick I use sometimes is to configure the WLAN to be in hreap mode if the ap is located locally to the target bonjour device.if your running in local mode, make sure they are on the same vlan and global multicast is enabled.
Sent from Cisco Technical Support iPad App -
Cisco 8510 WLC and RTU licence
Hi Guys,
I have a simular issue where is shows the status as active, not-in-use.
What does this mean and how do I get this to be in use.
This is a Controller with HA-SKU license.
The licenses has been inherited from the Primary Controller.
Any license on HA-SKU controller is disregarded.
Feature name: ap_count (adder)
License type: Permanent
License state: Active, Not-In-Use
License Nodelocked: No
RTU License Count: 50
Hope to hear from you soon.
Regards,
Clifton.Hi,
since this is a HA-SKU WLC, and the license is inherited from the active then no need to have a permenant license on it.
is the HA working fine?
please review the following link for the HA licensing requirements
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#licensing -
Hi I am currently using 21 X WLC with N+1 Redundancy and 1X WCS with 1000++ of LAP1020. If had been observed that the antenna type and power TX had been changed with no reason. Is there any settings that may affect with AP customized Tx Power and antenna settings other than using the WCS template to push the configure to the APs instead of the WLC.
Sorry for jumping in on the question with another question but it seemed the right place.
I have an AIR-CT5508-25-K9 WLC and +25AP license : L-LIC-CT5508-25A.
As far as I understand it the WLC should already have a 25AP license installed and with the adder license I should have a count of 50 APs.
However, after installing the adder license the count is still 25.
Could you please let me know if it's just something wrong in my reasoning or should a case be opened?
Thank you,
Barbara -
Guest-Anchor-WLC and NAC integration guide
I was trying to find some design reference for the Guest-WLC and NAC integration guide. Anyone can share some experience/cisco docs/links?
User traffic is locally bridged on a 1030 in REAP mode so packet forwarded to the default gtw would follow the NAT rules on the firewall but the real challenge is the LWAPP control channel. In that past using 1:1 NAT I was successful with a CP firewall but I had to play tricks with the mobility group and use the FW logs to track and define the right ports.
-
Cisco wlc and steel belted radius
we have cisco wlc controller that have two ssid one for user and one for guest
we need the user in ssid 1 take user name and password from user group in active directory through steel belted radiu
please send to me any integrated guide between cisco wlc and steel belted radius
regardsHi Mohammad,
I am unaware of a specific Steel Belted RADIUS intrgration guide for the WLCs, however the configuration process on the controller will be the same:
Cisco WLC Configuration Guide 7.0 - Configuring RADIUS:
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1388328
You may wish to contact your RADIUS vendor for additional configuration steps on the server.
Best,
Drew -
Hi to all,
i want to use local-eap+LDAP (microsoft AD) and i'm experiencing some issue.
First of all i'm not able to bind WLC and LDAP...if a perform a debug aaa ldap enable i get this output:
Any idea about how to solve this issue?
Regards
AleIt sounds like .... invalid credentials ? :-)
Please post your LDAP config on WLC.
Is your admin username with which you're binding within the search context that you defined ? this is very important -
Hi Netpro
what is the difference between the WLC and WLSE?
thanksBasically the WLSE is no longer around:) the WLSE was a management box for autonomous ap's. The WLC manages lightweight access points and that is really what everyone is moving towards if not already.
http://www.learnios.com/viewtopic.php?f=5&t=33687
https://supportforums.cisco.com/thread/328073
https://supportforums.cisco.com/thread/338936 -
Hi All,
has anybody experiences with WLC and IPv6? I have activated the Check Box for IPv6 Support, but it does not work. Regards, MichaelHi ,
Have you configued uplink router/sw to support ipv6 ; the sample config would look like this
ipv6 unicast-routing
interface FastEthernet0/0.6
encapsulation dot1Q 56
ip address 10.50.56.1 255.255.255.0
ip access-group GNS2 in
ip access-group GNS2 out
ip helper-address 10.50.1.21
ip pim sparse-dense-mode
ip multicast ttl-threshold 1
no snmp trap link-status
ipv6 address 2006::/64 eui-64
ipv6 address autoconfig
ipv6 enable
let me if this works for you or not
regards
Seema -
WLC and LWAP Registration Log Question
We have a Cisco 4404 WLC and and about 70 Cisco 1131 APs. I am very new to the Cisco WLC and I need to know how to view its AP registration and unregistration logs. We have a AP that has unregistered and we can't seem to find what switchport it was attached to. It would be helpful to know the IP address and ideally any CDP information it had. Unfortunately you can only view this information in the WLC if the AP is registered, but at this point it is not. Any help would be appreciated.
You will not be able to find that info unless you still see the information on the log about the AP. You would have to either review the switch cdp info as long as the AP is still functioning or else you will just need to physically track it down. If you have WCS or NCS, you should be able to review the past history and the maps would show you where that AP was located if the ap were positioned correctly.
Thanks,
Scott Fella
Sent from my iPhone -
Hello everyone
I hope if anyone can help me.
a Building has 3 companies (A,B and C)
and I have one WLC
in each company there is 3 AP
I want to configure WLC whereas any AP in company A cant communicate to other AP in company B and C
and the same to all companies
I mean totally separate in IP scheme (no routing between them)
can that done with WLC and LWAP ??
PLZ advicethank you all for your reply
I would like to ask you another question fo another scenario.
I have one WLC installed in one subnet, let's say in the head quarter network, while the LAPs are installed in the branches and there is WAN connectivity between the HQ and the branch and OSPF routing is enabled between this WAN network. How can I do my configuration in order to register the LAPs installed in the branch with WLC installed in the HQ?
Thanks, -
Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
Thank you for your time,
JoshuaHi,
First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
or one of the following commercial tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
HTH - plz rate if useful.
Andrew. -
IPv6 for management and control plane on WLCs and LWAPs
Good morning, everybody!
I am trying to find answer to a question that has been previously asked by people but never successfully answered
The question is about IPv6 support on Cisco Wireless LAN Controllers and access points... Does Cisco have a roadmap to include support for IPv6 used in CAPWAP, control plane and management? There are couple of posts on this topic that do not unfortunately provide any answer to this point.
https://supportforums.cisco.com/message/3018843
https://supportforums.cisco.com/docs/DOC-15667
Infamous "Cisco IPv6 Solution" at http://www.cisco.com/en/US/partner/technologies/collateral/tk648/tk872/tk373/technologies_white_paper_09186a00802219bc_ps6553_Products_White_Paper.html briefly states "Wireless Solutions... In future, IPv6 control plane features may get added to those components."
Has anyone heard of any more specific roadmap for IPv6 support for CAPWAP, control plane and management on WLCs and LWAPs?Full ipv6 support will never be available on the Wism and 440x controllers because they have a NPU to forward traffic and it was not designed with ipv6 in mind.
The 5508 and Wism2 and all new controllers all have CPU based forwarding and ipv6 is coming in next releases.
WLC 8.0 is only for december 2011/2012 and I have to say I don't know if it will support native ipv6.
my 2 cents
Maybe you are looking for
-
Problems with Westell 7500 Gateway
Hi guys I have a problem with a westell 7500 series wireless gateway. Having recently upgraded to the gateway from an old 6100 series modem, I am having some issues keeping computers synced with the gateway. Every time I restart my computer connected
-
Database Link and error ORA-02019
Oracle 9.2.0.6 on Windows 2003 Has anybody encountered this before and been able to resolve. SQL> connect SchemaA/password@NSN1 SQL> create database link MyLink1 2 connect to REMDB identified okm135 3 using 'STAF' 4 / Database link created. SQL> crea
-
Purchase condition based on Contract document type
Dear Gurus, We have created a seperate documents for Domestic and Import Contracts. We want to trigger Domestic Pricing condition in Domestic Contract, and vise verse... We want only the domestic condition to apprear in the dropdown when the purchase
-
hi experts,i want to know about:what is lock box facility?can any body tell me the configation steps for that
-
JNLP related-content issue in JRE 7u5 Sub Menu Item link not working
we are having an issue with our existing Web Start Application in Java Version 7 Update 2 and above where the Sub Menu items are not being associated with Internet Explorer with href link as Target when using <related-content> tag in JNLP. This is wo