ACSv3.2 with 802.1x client authenticaiton using LEAP

Similar Messages

• 48Mbps yet 66 SNR with 802.11g clients

  i have been monitoring my wireless connection around the house trying to get a feel for signal strength using netstumbler and am baffled why my WRT100 only shows 48Mbps when it should be 54Mbps.
  the signal noise ratio is 66 which seems really good.
  my router (wrt100) is configure for default, i have changed nothing except to setup security on the device.
  and i have 802.11g cards on the workstations.

  1. How do you run Netstumbler on the WRT?
  2. Forget about the "speed" the wireless driver in your computer shows you. It is pretty much irrelevant. The number shown is some mathematical function related to the signal strength of the beacon signal received. There are more implementations for this function then you can think off. Everyone does it differently.
  You only know how fast you can transfer if you move really data through the channel. A 54 Mbit/s shown won't help you if 10 other access points close by fill up the same channel.
  A 48 Mbit/s or less shown won't bother you if you are in an environment with no interference and once you start moving some data you get optimum rates.
  If you want to know which data rate you have at some place at some time transfer data, e.g. copy some larger files from a computer wired to the router to a wireless computer. Make sure the wireless computer is on AC to prevent power saving settings interfering with performance.

• Data and Voice separation with 802.11n

  Hi there
  I'm interessting in some design guides. I would deploy data in 2.4 GHz band and the voice in 5 GHz band. But aren't there problems with the 802.11n deployment, I thought that this works better in 5 GHz.
  What recommendations would you make and did you have some issues with this design?
  Thanks in advance.
  Dominic

  Hi Dominic,
  You can find all kinds of documentation on Cisco's 802.11n homepage: http://www.cisco.com/en/US/netsol/ns767/networking_solutions_package.html
  To answer your questions, there is no "problem" with running 802.11n in the 2.4GHz space, but there are limitations. You cannot use channel-bonding, which is the primary source of the added bandwidth that 802.11n offers. If you want to see 150Mbps data rates, you'll need to deploy it in a 5GHz implementation.
  Another advantage to running in 5GHz is that you can isolate your 802.11n traffic from your 802.11b/g traffic on the 2.4GHz radio. This will prevent slowdown that can occur when legacy clients coexist with 802.11n clients.
  So yes, you're correct to say that it does work better in 5GHz. The nice thing is that most 802.11n chips in laptops support this band.
  That said, it would be best if voice and data can both exist in the 5GHz space. You can accomplish this by creating different SSIDs for your voice and data networks. There is nothing wrong with deploying both in 5GHz.
  Let me know if you have anymore questions. Thanks!
  Jeff

• Windows 7 client won't connect with 802.1x security

  Having issues connecting a windows 7 dell laptop with cisco unified wireless infrastructure.  Currently running 4 4402 WLCs and 1 wism.  The client in question is trying to connect to an AP that sits on one of the controllers on the wism.  WLC code running is 6.0.199.  If I configure the windows 7 client to an ssid with wpa2 with preshared key it works with no issue.  It's really problematic with 802.1x, wondering if there is addition settings on the adapter in win 7 that I'm missing or have overlooked.
  Thank you in advance for any suggestions to a solution to my problem
  Regards,
  izzy

  Windows is going to want to use the credentials that you login to the machine.  SO if you logged is as "administrator" but you need to authenticated as domain\John.Smith  you need to manipulate the credentials.
  If you are logging in to the machine with valid domain credentiasl though, it becomes a bit more difficult.
  So, is this the only type of machine having an issue?  What is the driver version and chipset type?
  you can run debug client < cliet ma address > and watch what is happening from the controllers persepctive. You can also see what username is being sent to the AAA server.
  Cheers,
  Steve
  If  this helps you and/or answers  your question please mark the question as "answered" and/or rate it, so  other users can easily find it.

• AP with 802.11 G Vs clients with 802.11b

  hi
  i've got more access point 1200 series with he 802.11g but the client are 802.11b . Can the client 802.11b connect at the AP with 802.11 G ? Now i don't resolve this problem anche the client 802.11b connect only with the ap 1200 series with 802.11b
  Thanks for all

  > If you disable the "b" data rates, you've pretty much blocked "b" clients.
  A-ha... As i can understand i must disable 1.0, 2.0, 5.5 and 11.0 speed's.
  "To set the 2.4-GHz, 802.11g radio to serve only 802.11g client devices, set any Orthogonal Frequency Division Multiplexing (OFDM) data rate (6, 9, 12, 18, 24, 36, 48, 54) to Basic."(c) Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12.3(7)JA
  This the same thing as entering `speed throughput ofdm`? Command disables all 802.11B data rates as you recommend.
  > They may be able to respond / attempt association (that all happens at either one or two mbps for either "b" or "g" ... long or short preambles), but since they dont have compatible data rates, they can never connect.
  I know... But, AFAIK, when 802.11G AP "see" 802.11B client in his coverage area AP "downgrades" to 802.11B to allow this client associacion. Your recommedation prevents this, i'm right? Try to understand me, many years i used damn D-Link (my boss love it) but one day i sad "Cisco or on no any kind wireless :E" and now i have dosens AP-1200 with my many questions... All want now i want - is set "G-only" (in dlink's terms) like function...
  Thank you
  P.S. Sorry for my english

• Limitations/Issues to use LEAP/EAP-Fast with Airespace

  Hello
  are there any important limitations or issues to use with cisco a/b/g Card the authentication methodes LEAP or EAP-FAST.
  Any input is welcome
  Oliver

  I would suggest that you use LEAP for the client adapters. It is easy to implement and is also secure.

• I am automating the process of sending appointment reminders to my clients. I started with an alert with an email in calendar using the clients email address as a custom entry in my me card in my contacts. this was resulting in three emails being sent wit

  I am automating the process of sending appointment reminders to my clients. I started with an alert with an email in calendar using the clients email address as a custom entry in my me card in my contacts. this was resulting in three emails being sent with slightly different versions of the same address (see my previous post). Heating someone else's suggestion I created a workflow file to send an email and calling that file from an alert on my calendar. This is working and sends only one email to the client.
  My calendar is on I cloud and I access it from three different computers so I can keep my appointment calendar current. The files that send the email only exist on one computer. My other computers show error messages when those emails get sent. It seems that each computer wants to send the email. It's a small problem but is there a way that I could not get those alerts.
  But appreciate any thoughts about this. It seems like both problems might be related to the iCloud system.
  Thank you in advance,
  Michael

  Good work, catch so far Michael, does seem to be a "feature" of iCloud syncing, not sure what you could do to disable it.

• How to deal with credentials for external applications using a Java Client/

  Hi Guys,
  This is the case. I am integrating an external application with an ADF Application. I have implemented some programmatic ViewObjects that are being filled up by a REST Java Client Wrapper. Everything is working fine but the issue is that the credentials the wrapper is using are hard coded inside the java class. I am thinking to ask for the credentials at the beginning of my taskflow and then store them somewhere and use them then to create my client wrapper (passing them in the constructor).
  However, I don't know if my approach is good and I would like you to share your experiences or how to deal with this.
  Regards

  You can use Credential Store Framework to store the credentials securely in the weblogic server instead of hardcoding in the java class.
  The Credential Store Framework:
  - enables you to manage credentials securely
  - provides an API for storage, retrieval, and maintenance of credentials in different back-end repositories
  Check the documentation on CSF API -
  http://docs.oracle.com/cd/E29505_01/core.1111/e10043/devcsf.htm
  Major Steps -
  1. Create a credential map and key in em console to store the password (http://docs.oracle.com/cd/E25054_01/core.1111/e10043/csfadmin.htm)
  2. Use CSF API to retrieve the stored password
  3. In jazn-data.xml give permissions to access CSF key and map

• Aironet 1140N in mixed mode not working with 802.11b/g Clients

  I have a new Aironet 1140N Access point , the model is number AIR-AP1142N-A-K9, my main problem in that i have Nokia E71 smartphones on the network, but they cannot connect to the Network, the Access Point SSID is not showing on the List of Available Devices if i Scan using the Phone,
  All Laptops are runing Win 7 Pro and they connect quite ok, The phones (8 of them) at HotSpots connects without problems, the Spec says they are compatible with 802.11b/g and the Aironet Access point provides 802.11a/g/n.
  Since the phone has the 802.11g which is compatible with the Access Point, why cant it Pick it? the Access Point is Operating in Mixed Mode.
  Bonnie

  There are basically two "flavors" of WDS that the AirPorts support: static & dynamic.
  o A static WDS allows for a main, relay, and remote base stations in the configuration. This only operates in the 802.11g radio mode. Its advantage is it is well suited when you are trying to cover a considerable linear range ... like a rectangular house where the Internet connection comes in at one of the shorter sides and you want wireless at the other end. The biggest disadvantage of this type of WDS is that for every base station added, you lose half the overall bandwidth.
  o A dynamic WDS allows for only a single main and multiple remotes. Think of a wheel with the main at the center and the remotes as spokes of the wheel. The advantage of this type of WDS is it operates in the 802.11n radio mode and doesn't suffer a significant bandwidth loss like the static version.
  As a minimum, a dynamic WDS requires two 802.11n AirPorts (or Time Capsules). You can create a static WDS with either all 802.11g AirPorts or a mix of 802.11n & 802.11g AirPorts. Note; however, you cannot create a dynamic WDS with mixed mode base stations.

• I have created a Muse site for a client that wishes to host with Business Catalyst. How do I publish the site with their account rather than using one of my free sites?

  I have created a Muse site for a client that wishes to host with Business Catalyst. How do I publish the site with their account rather than using one of my free sites? This is so I can keep my free ones for personal projects but also so they can pay for their own hosting. I am happy to set it all up for them but not sure what to do.

  Hi
  You can use their BC login details and use them , which on publish the site will be under their account.
  Please change the BC login from Edit > Preferences > Publish > Switch Accounts , for Mac it would Adobe Muse > Preferences
  Thanks,
  Sanjit

• AAA using Radius with 802.1x

  Hello there,
  We're going to be implementing 802.1x on our network of some reaallly old switches (6509 Cat OS with MSFC 2).  We use radius for AAA authentication and I've been reading that .1x uses radius.  How is that going to work?  Do I just add another radius server in my radius server command and, more importantly, will .1x work on Cat OS running 8.2.1?  I've been trowling the forums and I can't seem to find anyone who's actually running .1x on the old Cat OS switches to see what kind of gotchas I can expect to run into.
  Any advise, assistance would be greatly appreciated!
  Thanks
  Kiley

  Salodh,
  Thanks but that document is for a 2950 and we have a 6509 but, the good thing is I just found out our Tier 3 engineers will not be adding dot1x to the 6509 since it has only trunks - no access ports.  Thanks very much for your reply!

• I am shooting aerial video with a GoPro H3  at 1080p 30fps and would like to edit videos and give them to my clients to use in as much media as possible for their advertising and marketing needs.  I would like to give it to them at the highest quality all

  I am shooting aerial video with a GoPro H3+ at 1080p 30fps and would like to edit videos and give them to my clients to use in as much media as possible for their advertising and marketing needs.  I would like to give it to them at the highest quality allowed.  What form should I save it in 'Publish and Share'?  I have Premier Elements 12.

  KM
  Can we assume that your 1080p30 is an AVCHD.mp4 file or other?
  You manually or the project automatically should set the project preset to
  NTSC
  DSLR
  1080p
  DSLR 1080p30 @29.97
  (If your frame rate is really 30 instead of 29.97, then go with DSLR 1080p30 instead of DLSR 1080p30 @29.97)
  See the following link for setting the project preset manually
  http://www.atr935.blogspot.com/2013/04/pe11-accuracy-of-automatic-project.html
  For your export
  Publish+Share
  Computer
  AVCHD
  with Presets = MP4 - H.264 1920 x 1080p30
  Please let us know if you have further questions on this or need clarification on anything written.
  Thank you.
  ATR

• Ipad connecting with vmware view client v5.1. "any way to disable or hide radial virtual keyboard mouse interface as using blue tooth external keyboard"

  Issue - ipad connecting with vmware view client v5.1. "any way to disable or hide the vmware view's radial virtual keyboard mouse interface" either in vmware view client settings, hidden cmds, or ipad system settings.
  My client is using an external blue tooth ipad metal cover type keyboard and does not wish to have the radial keyboard / mouse visable or floating on desktop when connecting to vm with iPad using vmware view client v5.1.
  i was unable to locate any settings or related toggle key/function combo keystrokes under iPad settings under vmware view client, to affect viewability of the radial keyboard/mouse. And can you kill it from service/process on vm instead of ipad? then dont allow service to restart at startup? What is the name of services that enable the radial virtual keyboard mouse - function to work?
  Thanks for any and all feedback-
  stratman1

  I'm having a very similar issue. Sometimes, when I boot and type in startx (I'm not even a GNOME user--I use dwm and no graphical login manager), I just get a black screen. No mouse cursor, so I think X doesn't even load. It only started with the xserver 1.6 update and the update to that hasn't changed anything. What I've been doing is just rebooting until it loads normally (takes one to three times). Is anyone else having this problem?

• Which Oracle client to use? with CRS2008 on Windows 2008 R2 64bit

  Hi,
  We are setting up a standalone Crystal Reports 2008 Server on Windows 2008 R2 64bit. This server will serve some reports that will pull data from an Oracle 11g DB. Several Oracle 10g/11g, (32bit or 64bit) DB client has been tried, but CRS cannot connect to the oracle DB using any of them. Which oracle client is known to be working well on this setup?
  CRS 2008 <> Windows 2008 R2 64 bit <> Xeon E5600 series machine    
  Thanks,
  Steve

  Hello,
  CRS2008 v1 supports Oracle 9.2, 10g R1, 10G R2 and 11g R1.
  The client to use on those version are the same as the server meaning if you have a 11g R1 server then you can use an Oracle Net Client 11G R1. But you can use also a JDBC, ODBC, OLEDB Oracle 11G R1.
  If you have a CRS2008 v0, then Oracle 11G is not supported. Only 9.2, 10g R1 and 10G R2.
  I hope this will help you
  Regards,
  Philippe

• EAP with Windows 2000 client and IAS server

  Several messages on this site point to peole using EAP on a Windows 2000 client and authenticating against an IAS server. I am running an Aironet 350 AP and trying to setup my Windows 2000 clients to use EAP only and authenticate against a Windows 2000 AD forest via IAS. The access point and client are on the latest firmware and drivers (12.0 for AP). I have two basic questions.
  1. It is my understanding that by enabling Network-EAP as the only authenticaiton type that users will authenticate and then dynamic WEP keys will be used, greatly reducing the risks of compromised WEP keys while at the same time keeping the data encrypted.
  2. Does anyone have a quick HOW-TO or point-by-point list of how to configure the Windows 2000 client to authentication using the Network-EAP method? I am currently running into a situation where no matter what I configure on the client, the IAS server reports and error with "Reason: The authentication type is not supported on this system." I also noticed that the "Authentication-Type" and "EAP-Type" fields shown in the IAS messages in the Windows 2000 Event Viewer log have the value "<undetermined>". Has anyone else run into this?

  I'm having a similar problem. I'm trying to do PEAP and it appears that IAS is not handling the request properly. It keeps trying to log the user PEAP-##### in instead of setting up the TLS and then asking for Username, Pass, Domain. The IAS error message I'm getting is:
  User PEAP-00097CFCD901 was denied access.
  Fully-Qualified-User-Name = APPLY\PEAP-00097CFCD901
  NAS-IP-Address = 172.16.200.31
  NAS-Identifier = AP1
  Called-Station-Identifier = 004096570d87
  Calling-Station-Identifier = 00097cfcd901
  Client-Friendly-Name = WirelessAP
  Client-IP-Address = 172.16.200.31
  NAS-Port-Type = 19
  NAS-Port = 37
  Policy-Name =
  Authentication-Type = EAP
  EAP-Type =
  Reason-Code = 8
  Reason = The specified user does not exist.
  So if anybody has the needed settings for Win2k (SP3 and 802.1x patch) IAS it would be much appreciated.
  Ben
  Note: if I had PEAP-####### as a user in Win2k I get:
  User PEAP-00097CFCD901 was denied access.
  Fully-Qualified-User-Name = apply.org/Users/PEAP TEST
  NAS-IP-Address = 172.16.200.31
  NAS-Identifier = AP1
  Called-Station-Identifier = 004096570d87
  Calling-Station-Identifier = 00097cfcd901
  Client-Friendly-Name = WirelessAP
  Client-IP-Address = 172.16.200.31
  NAS-Port-Type = 19
  NAS-Port = 37
  Policy-Name = Wireless Policy
  Authentication-Type = EAP
  EAP-Type =
  Reason-Code = 16
  Reason = There was an authentication failure because of an unknown user name or a bad password.