5508 - iPad getting disconnected from WLAN Using EAP-TLS

Similar Messages

• 5508 WLC - VPN disconnects from Wlan guest

  Strange issue that our support staff is seeing on our guest WLAN.
  I have 2 wlans, 1 is production and authenticates our Domain controllers, this is working fine.
  The other is a wlan that has restricted access internally, I allow http, https and VPN access out only.
  It appears that on the guest wlan, after random amount of time an established VPN connection using Cisco VPN client disconnects.
  Wireless connectivity doesnt appear to go down, just the vpn connection.
  On this guest wlan, I have configured QOS bronze and I read a link where this may be affecting the UDP conversation between VPN client and end point.
  Can anyone shed light on this ?
  I just upgraded to latest and greatest code and I am still seeing same issue.
  Cheers
  Dave

  Soemthing I want to make you aware of is another guest bug we hit... After fixing the VPN problem by moving to 7.0.220.0 we hit this bug!
  The fix ... Reboot your WLC weekly. We have a call with Cisco BU on Monday to talk about this...
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx00942
  Webauth stops redirecting after some time
  Symptom:
  It is seen on 7.0.220 4404 WLC that users in the webauth SSID are not redirected to the login page anymore after 1 week or so.This message appears :
  sshglue.c:7009 WebAuth HTTP Redirect rule creation failed for peer 192.168.1.8
  Conditions:
  webauth, 4404 running 7.0.116/220
  Workaround:A reboot solves the problem for another week or so
  Status
  Open             
  Severity
  2 - severe
  Last Modified
  In Last 7 Days        
  Product
  Cisco 5500 Series Wireless Controllers         
  Technology
  1st Found-In
  7.0(116.0)
  7.0(220.0)       
  Interpreting This Bug
  Bug Toolkit provides access to the latest raw bug data so you have  the earliest possible knowledge of bugs that may affect your network,  avoiding un-necessary downtime or inconvenience. Because you are viewing  a live database, sometimes the information provided is not yet complete  or adequately documented. To help you interpret this bug data, we  suggest the following:
  This bug has a Severe severity level 2 designation.  Important functions are unusable but the router's other functions and  the rest of the network is operating normally.
  Severity levels  are designated by the engineering teams working on the bug.  Severity is  not an indication of customer priority which is another value used by  engineering teams to determine overall customer impact.
  Bug  documentation often assumes intermediate to advanced troubleshooting and  diagnosis knowledge.  Novice users are encouraged to seek fully  documented support documents and/or utilize other support options  available.

• 5530XM disconnecting from WLAN and not showing hom...

  My 5530XM is acting up again (v.11 firmware). The symtopms are random disconnects from WLAN and, after doing a soft reset, unable to put shortcuts on the home screen (using the Shortcuts theme).
  I really think the problem is with the memory card because I can't turn the phone on with the card inside.
  Is there a way to scan/repair problems with the memory card? I really, really want to avoid a hard reset. Last time I did that, I lost all my apps from the memory card (I have the Games Edition).
  I can try using PC Suite or Ovi Suite to back up my memory card apps, but I don't trust the suites that much. What I'd like to do is drag and drop my memory card apps to another location in my PC, but I cannot see the memory card apps in Windows Explorer.
  Does anyone have any suggestions?
  Solved!
  Go to Solution.

  I backed up my data. Although my dialer shortcut stopped working, doing the red/green/camera trick allowed me to dial *#7370# . By the way, I had removed my memory card prior to dialing *#7370#.
  Looks like things are working better (dialer works), but my new concern is that when I put the memory card back in, I get "preparing memory card." This freaks me out because last time I saw that, I lost ALL the games that came preinstalled on the 5530 (Games Edition). I understand that I backed up my files, but I have this weird feeling that the games don't get backed up. I pulled the memory card out, put it inside an SD adapter and there are readable files in there, but the preinstalled games may be hidden.
  Where are the preinstalled apps on the memory card? I just want to back them up manually, to have peace of mind.
  I used PC Suite, by the way.
  Thanks for all the help.

• Get disconnected from my Wi-Fi Every 5 Mins

  I get disconnected from my Internet connection roughly every 5 minutes. Usually it comes back on after a couple of seconds which wouldn't usually be a problem but a certain app I use a lot requires a constant Internet connection and every time it disconnects I have to do a lot to get back to where I was.
  It seems to be only the iPad that does this, I haven't noticed it on my laptop or ps3.
  Anyone know what to do?

  If resetting (or completely reinstalling) the iPad 1 doesn't help, you could master reset and, then, reconfigure the access point / install a new firmware (if any) on it. It might help. If it doesn't, get some other access point.
  I've been using the iPad 1 with tons of different access points (mostly SMC and Linksys ones) and never had such a problem.
  EDIT: BTW, why don't you update the iPad to 5.1.1? While 5.1.1 does have its share of problems on the iPad 1 because of the lack of RAM, it might still be better in this regard.

• Unable to disconnect from WLAN

  Hi,
  I am unable to disconnect from WLAN and need to switch off and again switch on to disconnect. Is there a way to disconnect from WLAN without switching off the mobile?
  Regards
  Naveen

  What phone are you using?
  If I have helped you with your problem in some way, please take a little time and hit the kudos button in my post. Without your feedback, I don't know if I am being helpful or should just be put out to pasture.

• When a program gets disconnected  from ORACLE?

  Hi all,
  I have written an proc program .I have to handle the disconnection from oracle in the
  middle of a program.
  Can any one tell me what are the majour/important cases in which a program gets disconnected from oracle and also how to test these cases.
  Please help me in this regard ,
  Thanks in advance,
  Trinath Somanchi,
  Hyderabad.

  there is some OP report after Windows update Dec 2014 macro stop responding ( I cant confirm if this is also related to your issue) its because security update for Office maybe conflict with the active-x that you are installed
  try to
  Close Excel
  Start Windows Explorer.
  Select your system drive (usually C:)
  Use the Search box to search for *.exd
  Delete all the files it finds.
  Start Excel again
  Open that file and save it, and try open at Windows 7
  to get more detail about this issue, I suggest also contact Office forum
  this case also will be solve installing kb3025036
  good luck

• Why do I keep getting disconnected from Ichat?

  why do I keep getting disconnected from Ichat?

  Try logging on to AIM on port 443 rather than port 5190.
  Go to IChat in the menu bar > Preferences > Accounts.
  Log out of AIM and then use the Server Settings tab
  Set the port to 443(press return/enter(you might have to tick and untick SSL for 443 to stick)).
  Log back in again.

• Wireless Router WRT54G version 7. Connected computer gets disconnected from internet

  I have recently installed a Wireless Router WRT54G version 7 for my home office purpose.
  My home PC and my laptop are connected to it. Especially on my laptop, I have observed frequently getting disconnected from the internet. I need to power OFF the router and power it ON to get the internet connection restored
  Need help to get this problem resolved
  Thanks
  Rohit

  Access set up pageof router .... look for MTU ....change the size from 1500 to 1300 ....click save settings ....
  Click on wireless tab ....change the channel to 11 .....click save settings ....
  Go to advance wireless settings subtab ....
  Beacon interval 75
  RTS & Fragmentation threshold 2306...... click save settings ...
  Click on status check Ip address & firmware version on the same & let me know ...

• Unable to disconnect from WLAN for E71

  Hi,
  I am unable to disconnect from WLAN for E71 and need to switch off and again switch on to disconnect. Is there a way to disconnect from WLAN without switching off the mobile?
  Regards
  Naveen

  on the main screen of ur mobile u can see an option search wlan, when u want disconnect ur wlan click on that then u have a menu through that menu u can disconnect ur connection. or go to menu->control panel->connectivity->assistent wlan-> there u can select ur connected ap and deconnect it.
  ¨Arm yourself because no one else here will save you¨

• I got an android, turned off my imessage on my iphone and deactivated the iphone through apple support but I still don't get messages from people using iphones.  What's wrong?

  I got an android, turned off my imessage on my iphone and deactivated the iphone through apple support but I still don't get messages from people using iphones.  What's wrong?

  Go ahead and call AppleCare at 1-800-692-7753 and ask them to revoked your certificate

• HT1689 My iPad got wet from daughter using it in the bath. Not sure of extent of damage. We're in remote bali - what should I do?

  My iPad got wet from daughter using it in the bath. Not sure of extent of damage. We're in remote bali - what should I do?

  Solutions for wet iPad.
  http://www.gazelle.com/how-to/ipad/ipad-recover-from-water-damage
  http://www.knowyourmobile.com/appleiphone/ipad/ipaduserguides/701079/how_to_fix_ an_ipad_if_it_gets_wet.html
   Cheers, Tom 

• Why my iPad get hot after 30min use?

  Why my iPad get hot after 30min use?

  The iPad should not get hot after 30 minutes of use. The new iPad will get warmer that the other two iPads did, but it should never get hot.
  If you are playing a HD graphic intense game or watching a HD movie it will get warmer than it does when you are just surfing the web or doing basic functions in word processing apps, or writing emails a but it should still never get hot.
  Is your iPad brand new or has this been going on for a while?

• Apple macosx machine authentication with ISE using EAP-TLS

  Hello,
  On a ongoing setup we are using eap-tls authentication with account validation against AD. We have our own CA (microsoft based). ISE version 1.2.1 patch 1.
  With windows machines all is working well. We are using computer authentication only.
  Now the problem is that we wish to do the same with MAC OSX machines.
  We are using casper software suite and are able to push certificates into macosx, and are doing machine authentication.
  in ISE the certificate authentication profile is being set to look at the subject alternative name - DNS name of the machines. Whenever we set it to the UPN (hostname$) windows accounts are not found in ad.
  When MAC OSX authenticate as machines (they have a computer account in AD) they present themselves with RADIUS-Username = hostname$ instead of host/hostname.
  The consequence is that by lacking the host/, ISE considers that this is a user authentication, instead of a computer one, and when it sets off to find the account, it searches in User class instead of Computer - which obviously returns no results.
  Is anybody aware of any way to force MAC OSX to present a host/hostname RADIUS-Username when authenticating?
  Any similar experiences of authenticating MAC OSX with ISE and machine/computer authentication are welcome.
  Thanks
  Gustavo Novais

  Additional information from the above question.
  I have the following setup;
  ACS 3.2(3) built 11 appliance
  -Cisco AP1200 wireless access point
  -Novell NDS to be used as an external database
  -Windows 2003 enterprise with standalone Certificate Authorithy Services Installed
  -Windows XP SP2 Client
  My Goal is to use Windows XP Native Wlan Utility to connect to AP using EAP-TLS authentication against Novell NDS.
  Tried to connect using Cisco compatible wlaN utility and authenticate using EAP-GTC against Novell NDS for for users, it works fine and perfectly.
  When connecting using EAP-TLS, I am getting an error from ACS failed attempt "Auth type Not supported by External DB". But in the ACS documentation says that it supports EAP-TLS. How true is this? Is there anybody have the same problem? Do I need to upgrade my ACS? What should I do? What other authentication type could be used to utilize native WinXP Wlan Utility?
  Please help...
  Thanks

• Cisco 7921 - Does anyone Use EAP-TLS in their VoWLAN Deployments?

  Hi Guys,
  I am looking at making a technology decision, in regards to VoWLAN and authentication.
  For our Data Deployment, we use EAP-TLS with a PKI infrastructure and ACS. The ACS passes fields from the certs to AD for verification.
  Can I do exactly the same for the Voice Deployment?
  Has anyone used EAP-TLS with Voice? Are there any problems? Or should I just go ahead and get some certs minted for the phones, setup some AD accounts and whey hey, its time to party?
  Many thx indeed,
  Ken

  Hi Michael,
  So looking at the deployment guide, this is worded (imho) in a confusing manor? Sorry.
  CCKM is listed under authentication, where i though CCKM is an authentication "key managment" protocol?
  It also says 802.1x authentication with AES encrytion, under the authentication heading?
  It says eap-tls, should this not say 802.1x eap-tls or collapse this with the 802.1x authentication?
  ahh, when it says 802.1x, does that mean 802.1x dynamic wep?
  Would it be correct to say, that I want to use 802.1x eap-tls with tkip and CCKM?
  Sorry, this hurts :)
  Thx,
  Ken
  Wireless Security
  When deploying a wireless LAN, you must provide security. The Cisco Unified Wireless IP Phone 7921G supports the following wireless security features.
  Authentication
  - Cisco Centralized Key Management (CCKM)
  - 802.11i (802.1x authentication + TKIP encryption)
  - 802.11i (802.1x authentication + AES encryption)
  - 802.11i (Pre-Shared key + TKIP encryption)
  - 802.11i (Pre-Shared key + AES encryption)
  - Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST)
  - Extensible Authentication Protocol - Transport Layer Security (EAP-TLS)
  - Protected Extensible Authentication Protocol (PEAP)
  - Lightweight Extensible Authentication Protocol (LEAP)
  - Open and Shared Key
  Encryption
  - Advanced Encryption Scheme (AES)
  - Temporal Key Integrity Protocol (TKIP) / Message Integrity Check (MIC)
  - 40-bit and 128-bit Wired Equivalent Protocol (WEP)
  Cisco Centralized Key Management (CCKM)
  When using 802.1x type authentication, you should implement CCKM for authentication. 802.1x can introduce delay during roaming due to its requirement for full re-authentication. CCKM centralizes the key management and reduces the number of key exchanges. Also, WPA introduces additional transient keys and can lengthen roaming time. TKIP encryption is recommended when using CCKM for fast roaming as CCKM does not support AES currently.

• L2TP/IPSec with PIX using EAP-TLS

  Hi,
  i have big problems with using my PIX515 (SW 7.2.1) for L2TP/IPSec VPN-Connections using EAP-TLS. With the option EAP-Proxy activated on PIX a RADIUS Access-Request Message reaches the configured RADIUS-SERVER (IAS2003), but the request is rejected by Radius. I did inspection of the packets with a sniffer and see following strange behavior:
  - There is a Tunnel-Client-Endpoint AVP with no value and, even stranger, an existing AVP titled User-Password with an encrypted value.
  I dont understand where the encrypted Password comes from in the first RADIUS Access-Request message received from the PIX, since the authentication method should be certificate-based (EAP-TLS). And I dont know either if the Tunnel-Client-Endpoint MUST be present in the message. Fact is the RADIUS responds with an Access-Reject Message.
  The other AVPs in the request seem to be OK, and there is an existend AVP titled EAP-Message (79) that seems alright...
  Other detail: In the event log on the IAS the request is logged as Type "PAP" (and not EAP as it should be!) and the log tells me about a problem with wrong username/password.
  Tested the same client and Radius configuration using a RRAS-Server from Microsoft instead of the PIX and it worked fine! Could this be a bug of the Pix EAP-Proxy function?
  EAP-Proxy should pass all EAP packets unmodified to the Radius, right? This seems not to be the case. Comparing the RADIUS Access-Request Message received from the Pix (which fails) with the RADIUS Access-Request Message received from the RRAS-Server (which successes) shows significant differences.
  Every help appreciated. Please ask me for further infos if needed or if you would like me to post the Packet Capture file (Ethereal format)/Configuration information.
  Thank you very much!!
  Best regards,
  Matthias

  The Cisco Secure PIX Firewall Software Release 6.0 supports VPN connections from the Cisco VPN Client 3.5 for Windows.Refer the following URL for more information
  http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml#configuringthepixfirewall