ACS and WLAN

Similar Messages

• ACS/WLC/WLAN

  i,
  Cany anybody provide any assistance with below query:
  I have a 5508 WLC with my WLAN set to authenticate machines via 802.1x. We use ACS version 4.1 to assign certificates to machines which are on our AD domain.
  The certificate is obtained via a Group Policy on the domain which makes the device broadcast for a CA - this is returned as the server running ACS and this then issues the machine a certificate.
  The issue we are facing is that we are about to start a domain migration and the machines on the new domain cannot request a cert from the server running ACS as it is on the old domain - although there is a trust between the old and new domains.
  Many Thanks,
  Claire

  Hi Dave,
  I couldn't find the link you provided :(
  Have a look at this example, it sounds like what you are looking for;
  Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  Hope this helps!
  Rob

• Lost connection between ACS and AD

  Hi
  I'm having a trouble with authentication to my WLAN. We are running a solution with LEAP and ACS 3.0 which gets it's users from our Active Directory. During the summer our ACS-servers seems to have lost the AD-connection and I'm no longer able to EAP-authenticate. All I get in the ACS is "Radius extension DLL rejected user".
  The AD and the ACS are on the same network but not on the same machine. I can log in if I add a local user in the ACS. I've also tried to empty my cached user database in the ACS but to no avail.
  One theory of mine is that it has something to do with a couple och hotfixes that Microsoft released in the middle of July.
  T.I.A
  /Tommy

  Hi
  Thanks for your replies. An update on the issue:
  I've gone through the issues in the suggestion made by cisco in the link:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00800b1583.shtml
  but to no avail.
  At first we could se an error in the eventlog stating that the user didn't have sufficient rights but it disapeared when we created an account and ran the ACS-services via it.
  After that we tried to set up a local user in the ACS and it works like a charm even then the AD-accounts can't connect.
  We also tried to remove the hotfixes released by Microsoft but still nothing.
  Right now it seems as if the AD authenticates the user correctly but then the ACS says no. Here's the eventlog and the corresponding ACS-log.
  NT
  AUTH 08/19/2004 08:20:27 I 0266 1524 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [LINEDU\gustomedu]
  AUTH 08/19/2004 08:20:27 I 0266 1524 External DB [NTAuthenDLL.dll]: Attempting NT/2000 authentication
  AUTH 08/19/2004 08:20:27 I 0266 1524 External DB [NTAuthenDLL.dll]: NT/2000 authentication SUCCESSFUL (by METIS)
  AUTH 08/19/2004 08:20:27 E 0266 1524 External DB [NTAuthenDLL.dll]: LookupAccountSidA failed
  ACS
  08/19/2004 08:20:27 Authen failed LINEDU\gustomedu Default Group 000a8aa291a8 Radius extension DLL rejected user .. .. 37 148.136.120.30
  The status right now is that it is working as long as we restart the ACS-server once a day.
  Tommy

• Communication between : AP and WLAN controller

  Hi,
  The communication between AP and WLAN Controller is ( Data and Control ) UDP.
  Source port 1024 and destination port 12222 and 12223. Actually which device listen to which port or both should listen as control and data can be generated from both the devices.
  How does the user ( wireless client) traffic is switched - if user traffic is a TCP traffic. It will be sent to WLANC and then WLANC forwards it to respective VLAN or default gateway ( depending upon the destination in the packet ).
  Please explain / share the experience.
  any link on cisco.com
  Thanka in advance
  Subodh

  "the LWAPP Control and Data messages are encapsulated in UDP packets that are carried over the IP network. The only requirement is established IP connectivity between the access points and the WLC. The LWAPP tunnel uses the access point's IP address and the WLC's AP Manager interface IP address as endpoints. The AP Manager interface is explained in further detail in the
  implementation section. On the access point side, both LWAPP Control and Data messages use an ephemeral port that is derived from a hash of the access point MAC address as the UDP port. On the WLC side, LWAPP Data messages always use UDP port 12222. On the WLC side, LWAPP Control messages always use UDP port 12223.
  The mechanics and sequencing of Layer 3 LWAPP are similar to Layer 2 LWAPP except that the packets are carried in UDP packets instead of being encapsulated in Ethernet frames."
  Taken from "Cisco 440X Series Wireless LAN Controllers Deployment Guide"

• X3500 No Connection between LAN and WLAN

  Hello,
  I've purchased and installed an x3500 modem, and can connect to internet using both wired and wireless but my problem is, i can not ping or see/detect devices between LAN and WLAN.How can i fix this problem?
  Mac filtering is disabled on wireless
  both gets ip from dhcp

  Hi hakanbayar. Can you ping your Linksys device? If yes and you're using a computer, you may need to disable the computer firewall or security so it will allow you to ping other computers. 

• The packet data and wlan connection runs automatia...

  guys guys guys i'm having a wiered problem with this rubish E72
  well every time i check my log i find that my phone has used packet data connections and wlan connections for small time intervals and small periods while i haven't used the internet for a long time btw i always make sure to exit all app and also make sure to disconnect my email before exiting so packet data signals and wlan signal are not (on)
  so that means that the phone just uses internet by it's own self also notice that the time that the phone used the internet was during my sleep time
  but it's so weired it has used the packet data for 30 seconds and the wlan fo 1.5 mins by it self ..............is this a virus or that ugly firmware is just full of **bleep**
  please check your phones (log) and reply me back
  thank you
  Nokia E72-1 Black
  firmware : 053.001
  of 26 of nov 2010

  well for the  ovi sync i really use that app to sync my contacts and calender and it set to manual sync so i guess it wouldn't go by it self
  as for the wlan data and packet data , last night was ok withou any connection don't know how
  or what happened it seems the problem is solved but i will also make sure tonight of the problem still exist or not
  all i did last night i have installed 2 app (m.gaurd(netqin) and kaspersky antivirus) to scan my mobile and it did but it seems that its slowind down my already slow mobile
  and removed them today because they corrupted the interface of my snaptu application which i use for facebook (the highlight color disappeared but it was still working) so i had to uninstall it and reinstall back again
  Nokia E72-1 Black
  firmware : 053.001
  of 26 of nov 2010

• ACS and Windows Domain / AD

  Hi All,
  In my environment there are two Windows Domain - Doamin A and B. ACS is configured on member server in domain B and hence Windows Authentication for users in Domain B is working fine. However I'm unable to see domain A in Configure Domain List on ACS server in Windows Domain configuration menu.
  Please note, there is one way trust between domain A and B with Domain A trusting Domain B.
  Is there a way I can use the same instance of ACS to authenticate the users in Domain A as well? If YES, can you please guide me with some pointers - thanks.
  I'm using ACS and Windows AD elements to authenticate users for SSL Web VPN on ASA 5540.
  Apprecaite quick help on this.
  -Satishcp

  Unfortunatley we are not using the Cisco Secure ACS Appliances, rather its ACS Ver 3.3 running on Windows 2000 Server (member server in Domain B).
  My guess Remote Agents for Windows / Solaris works with Appliances alone.

• ACS and Windows Server

  I have installed ACS 5.2 on a machine and I am trying to integrate with that Windows Server 2003 ( Active Directory ) . On the ACS when i do test connection it shows me sucess but when i save the setting it gives me Time error . I kept the clock and timezone of Active Directory and ACS server as same but still it gives me error . I read on one of the blog that it is better to configure NTP on a router and then sync both the devices with same NTP .
  Is it necessary to configure NTP or manual config should also work ?

  I have ran into issues like what you are seeing without using NTP. I would suggest setting up NTP and having ACS and your servers sync to that.
  Sent from Cisco Technical Support iPhone App

• ACS and Windows 2000 user database communication port

  Could my Windows 2000 SP4 + ACS v3.23 can install any new Windows 2000 service pack ?
  I'm affraid to infect ACS Service.
  So, I want to install firewall on this server to block malicious traffic.
  However, my ACS used external user database Windows 2000 for authentication.
  Who can tell me What protocols or port list they are communication?
  I have to avoid these traffic on my firewall.

  Hi cheng
  I think you can install any servie pack without problem and the SP4 is the latest one for WIN2000 and you server already has this SP
  For your second question you need to specify many protocols according to your active directory config in this link you can find a list of this protocols and the best way is to make debug or logging or use a siniffer to know the exactly protocols flow between your ACS and AD server
  http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
  Best Regards

• Simultaneous usage of LAN and WLAN

  Hi,
  I have a T61 running win2k.  The WLAN is managed by Intel Proset wireless.  I have been having problems running the LAN and WLAN simultaneously.  The WLAN connection drops off immediately if my LAN gets connected.  I have to disable/disconnect the LAN to make the WLAN work again.  I have observed this problem with a few other T61 laptops at my office.  Is this a known issue ?  What is the resolution ?  Thanks.

  Mine R61i with Vista can do that, but i can't seem to get it working in dual mode when using XP pro.

• Can i configure a network with ACS and ISE?

  I have both acs and ise, how do i integrate these appliance to work togheter?
  Thanks

  ISE does not interoperate with Cisco Secure ACS deployments. The Cisco Identity Services  Engine can work in tandem with Cisco NAC Manager to provide the same  profiling service as the NAC Profiler, which has reached end-of-sale  status.
  Existing Cisco Secure ACS customers using network  access can easily migrate to the Cisco Identity Services Engine platform  using migration part numbers and tools. However, existing Cisco Secure  ACS customers using TACACS functions will not be able to migrate to the  current version of ISE for network device identity management which is  often acceptable for customers who prefer to keep user and network  identity on separate systems.

• ACS and HA

  Hello,
  The purpose is to use a 802.1X authentication with ACS server, AD and high availibility.
  I have 2 sites with one AD with a 4 mega link bandwidth and one ACS for each site.
  I know that it is possible to use ACS active/passive mode with replication of database.
  but I also read that it's possible to use 2 groups on ACS and use HA,and my question is
  In my configuration with one AD and 2 ACS, can I use this functionality ?
  Is it possible to know the bandwidth between ACS in case of replication or active/active mode?
  Regards

  You can make it active / active too... Second Only one AD it is not at all problem. As sson as it need one IP or Name of AD server. Specify same name at both server. It will be replicate.
  Regards,
  Dharmesh Purohit

• Guest LAN and WLAN on Controller

  Hi,
  While creating new ssid, i can see the option guest lan and wlan, whats the difference? which one is preffered?
  Thanks in advance..

  Hi,
  I remember answering this few days and also George joined the thread.. or max week back..
  Guest LAN WLAN =
  1> The clients connecting to the WLAN will have a time limit on the connectivity, for example you can configure the Guest WLAN for 24 hours or something which you want..
  2> I guess George pointed this in the previous thread.. Can be used for Wired Guest Users configuration as well , here is the link..
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
  WLAN =
  Just nothing but a SSID with security which doesnt have any time limit.
  which one is preffered? =
  Its your network and what ever meets your requirements you can use that.. however both of them does its job with different features involved.
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Cisco Secure ACS and Windows NLB

  Hi,
  I have two ACS servers and have been trying unsuccessfully to setup Windows NLB for them. I can successful setup the NLB but ACS won't respond on the clustered IP. Other services running on the clustered IP will respond so I believe the NLB is working correctly.
  Has anyone had any success with ACS and Microsoft NLB? I can?t find any documentation to suggest that they are incompatible but I think this may be the case.
  Thanks,
  Neil

  Neil,
  ACS is not tested with NLB but if cluster hosts are attempting to communicate with the ACS using their clustered IP then ACS should reply.
  Do you see any hits on acs ? If you sniff the acs interface, what is the source IP address ? Is it clustered ip or clustered host IP ??
  Also on acs --->Network configuration add aaa client with host IP and clustered ip . Now see if acs responds to NLB.
  Regards,
  ~JG

• ACS and CAR integration

  Hi,
  Is it possible to integrate ACS and CAR with DB-2 Database and if yes, are there any limitations or issues related to that? Does CAR or ACS loose any functionality in such integration?
  I am not looking for detailed process of the integration at this time, all I want to know is if it is supported and are there any issues.
  Thanks,
  Habib U Dashti

  Hi Habib,
  Yes, ACS can be integrated with DB-2, as ACS is ODBC compliant and so as DB-2, The other way round is that you can convert DB-2 database in flat file structure and import it into ACS database. Regarding limitations or issues i do not have any info.
  And CAR has its own database & does not support DB-2.
  Thanks.