AP Authentication feature in Cisco 1242AG/1310G
Dear All,
can you tell me please what I can define in the menu Security--> AP Authentication in the AIRONET 1242AG and 1310G APs ? Is this feature for LWAPP only [authentication of AP against LWAPP Controller] ? Thanks.
Hi, I defined a username/password in the Radius Server and then also entered this username with a false password in the AP Authentication section - but still the APs can pass on WiFi-client Radius Requests. Can you help please ? Thanks
Similar Messages
-
PoE for Cisco 1242AG and 1310G Access Points
Dear All,
we purchased a Cisco 1242AG and a 1310G Access Point and in the DataSheet it was specified that these APs support Power-over-Ethernet. The problem is we don't see any RJ-45 port in either AP which could be used for connecting the AP to an PoE Switch. Can you please tell us how we can connect these APs to an 802.11af compatible PowerBridge (by Intermec) ? Thanks.Hi Thorsten,
The 1242 should be good to go but the 1310 is powered quite differently. Have a look;
AP 1240 Series - Hardware (see diagram)
http://www.cisco.com/en/US/products/ps6521/products_installation_guide_chapter09186a008079b7f4.html#wp1071972
Connecting the Ethernet and Power Cables
http://www.cisco.com/en/US/products/ps6521/products_installation_guide_chapter09186a008079b7f4.html#wp1052781
1300 Series Power
Power
The access point/bridge receives inline power from the Cisco Aironet Power Injector (hereafter called the power injector). Dual-coax cables are used to provide Ethernet data and power from the power injector to the access point/bridge. The power injector is an external unit designed for operation in a sheltered environment, such as inside a building or vehicle. The power injector also functions as an Ethernet repeater by connecting to a Category 5 LAN backbone and using the dual-coax cable interface to the access point/bridge.
The power injector is available in two models:
Cisco Aironet Power Injector LR2 standard version (included with the access point/bridge)
48-VDC input power
Uses the 48-VDC power module (included with the access point/bridge)
Cisco Aironet Power Injector LR2T optional transportation version
12- to 40-VDC input power
Note The power injector and the power module must not be placed in an outdoor unprotected environment. The power module must not be placed in a building's environmental air space, such as above a suspended ceiling.
http://www.cisco.com/en/US/products/ps5861/products_installation_guide_chapter09186a008079b93b.html#wp1051840
Dual coaxial cable to run from the power injector to the 1300. See attached notes:
Cisco Aironet 1300 Series
Cisco Aironet 1300 Series Access Point/Bridge Power Injector
The Cisco Aironet 1300 Series Outdoor Access Point/Bridge Power Injector,converts the standard 10/100 BaseT Ethernet interface that is suitable for weather protected areas to a dual F-Type connector interface for coax cables that are more suitable for harsh outdoor environments. The Power Injector also provides power to the outdoor unit over the same cables with a power discover feature and surge protection. To support longer cable runs from your wireless network switch or router, the Power Injector LR is designed to accommodate up to a 100 meter coaxial cable run plus 100 meters of indoor cat5 cable?enabling total cable runs up to 200 meters. The Cisco Aironet 1300 Series Outdoor Access Point/Bridge ships with the Power Injector LR2 and an AC power supply.
From this link:
http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a008022551d.html
Cisco Aironet 1300 Series Outdoor Access Point/Bridge Hardware Installation Guide
Ethernet Ports
The access point/bridge dual-coax Ethernet ports consists of a pair of 75-ohm F-type connectors, linking the unit to your 100BASE-T Ethernet LAN through the power injector. The dual-coax cables are used to send and receive Ethernet data and to supply inline 48-VDC power from the power injector to the access point/bridge.
From this link:
http://www.cisco.com/en/US/products/ps5861/products_installation_guide_book09186a00804d3095.html
AIR-PWRINJ-BLR2
F-Type Connectors
Dual coaxial cable carries full-duplex Ethernet, DC power, and full-duplex console port (RS-232 connection)
From this link:
http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a00802252e1.html
Hope this helps!
Rob -
AP Authentication in 1242AG/1310G Autonomous Mode
Hi guys,
how does the AP Authentication feature in autonomous Cisco APs work ? In the SSID Manager you can select a defined AP Authentication credential. And I created exactly the same username/password on the Radius Server. But where can I define that it's mandatory for all APs to authenticate to the network via Radius ? Even if I enter a wrong password in the AP Authentication section the AP still is accepted by the Radius Server and can serve WiFi-Clients in the same SSID. Any help is greatly appreciated. Thanks.Go to Wireless Domain services -settings and configure the Radius server there.
-
Cisco aironet 1310G non_native vlan and dhcp
hi evrybody
i have problem with my cisco aironet 1310G
non-native vlan can not get(dynamicly)ip address from cisco aironet 1310G
this is all my configuration please can someone help me
ip dhcp excluded-address 20.20.20.20
ip dhcp excluded-address 20.0.0.0
ip dhcp excluded-address 30.0.0.0
ip dhcp excluded-address 30.30.30.30
ip dhcp excluded-address 10.0.0.0
ip dhcp excluded-address 10.0.0.10
ip dhcp excluded-address 10.1.0.0
ip dhcp excluded-address 10.1.0.10
ip dhcp pool d01
network 10.0.0.0 255.255.255.0
default-router 10.0.0.10
ip dhcp pool d02
network 20.0.0.0 255.255.255.0
default-router 20.20.20.20
ip dhcp pool d03
network 30.0.0.0 255.255.255.0
default-router 30.30.30.30
no aaa new-model
dot11 ssid vlan01
vlan 1
authentication open
dot11 ssid vlan02
vlan 2
authentication open
dot11 ssid vlan3
vlan 3
authentication open
username cisco password xxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
broadcast-key vlan 2 change 100
broadcast-key vlan 3 change 100
ssid vlan01
ssid vlan02
ssid vlan3
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root access-point
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
interface BVI1
ip address 10.0.0.10 255.255.255.0
no ip route-cache
interface BVI2
ip address 20.20.20.20 255.255.255.0
no ip route-cache
interface BVI3
ip address 30.30.30.30 255.255.255.0
no ip route-cache
control-plane
bridge 1 priority 9000
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 priority 10000
bridge 2 protocol ieee
bridge 3 priority 3100
bridge 3 protocol ieee
line con 0
line vty 0 4
login local
endhi friend
i did what you sugested but it is styl not working so plz find below the show run and debug ip dhcp server in ordr to help us thanks for all your suport
ip subnet-zero
ip dhcp excluded-address 20.0.0.20
ip dhcp excluded-address 30.0.0.30
ip dhcp excluded-address 10.0.0.10
ip dhcp pool d01
network 10.0.0.0 255.255.255.0
default-router 10.0.0.10
ip dhcp pool d02
network 20.0.0.0 255.255.255.0
default-router 20.0.0.20
ip dhcp pool d03
network 30.0.0.0 255.255.255.0
default-router 30.0.0.30
aaa new-model
dot11 ssid vlan01
vlan 1
authentication open
guest-mode
dot11 ssid vlan02
vlan 2
authentication open
dot11 ssid vlan03
vlan 3
authentication open
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
broadcast-key vlan 2 change 100
broadcast-key vlan 3 change 100
ssid vlan01
ssid vlan02
ssid vlan03
station-role root access-point
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
interface BVI1
ip address 10.0.0.10 255.255.255.0
no ip route-cache
interface BVI2
ip address 20.0.0.20 255.255.255.0
no ip route-cache
interface BVI3
ip address 30.0.0.30 255.255.255.0
ip helper-address 30.0.0.0
no ip route-cache
and debug ip dhcp server {events | packets | linkage}
*Mar 1 01:06:37.054: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0011.a304.2b65 Reason: Sending station has left the BSS
*Mar 1 01:06:40.140: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0011.a304
.2b65 Associated KEY_MGMT[NONE] -
Dears,
Please i need to know what is the difference in the features between Cisco prime infrastructure 1.2 and Cisco prime 1.4.
Already i see the release note for each one but the release indicate only the New feature for every one. so i need to know the difference between them not new features.
Wait your kind feedback plz
Regards,Hi,
New Features and Enhancements
The following topics describe new features and enhancements in Cisco Prime Infrastructure 1.4.
Management Support for WLC Release 7.5
Support for 802.11ac Module
Support for Cisco AP 700
Policy Classification Engine
FlexConnect Audit Support
Autonomous AP Support
Client Stateful Switchover
Cable Modem Monitoring
Support for Secure File Transfer Protocol
and please go through the link and check the data sheet for further clearance.
http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/datasheet-c78-729879.html -
802.1x Critical Authentication feature 12.2(25)SEE
The critical authentication feature does not seem to work. Port does not move to authorized state if RADIUS (ACS) server is not available. In fact, it even seems to break the Authentication Fail VLAN functionality.
If RADIUS server is not available and user/machine tries to authenticate, the port fails authentication and remains in unauthorized state and does not even move to AuthFail VLAN.
Any ideas?dot1x and aaa related switch configuration follows:
Global Config:
aaa new-model
aaa group server radius acsrad
server A.B.C.D auth-port 1645 acct-port 1646
server W.X.Y.Z auth-port 1645 acct-port 1646
aaa group server tacacs+ acstac
server A.B.C.D
server W.X.Y.Z
aaa authentication login default group acstac local
aaa authentication dot1x default group acsrad
aaa authorization exec default group acstac if-authenticated
aaa authorization network default group acsrad if-authenticated
aaa accounting update periodic 5
aaa nas port extended
aaa session-id common
tacacs-server host A.B.C.D key 7 XXXXXXXXXXX
tacacs-server host W.X.Y.Z key 7 XXXXXXXXX
tacacs-server directed-request
radius-server dead-criteria time 5 tries 2
radius-server host A.B.C.D auth-port 1645 acct-port 1646 test username XXXX idle-time 1 key 7 XXXXXXXXXX
radius-server host W.X.Y.Z auth-port 1645 acct-port 1646 test username XXXX idle-time 1 key 7 XXXXXXXXXXXX
radius-server source-ports 1645-1646
radius-server deadtime 1
radius-server vsa send authentication
dot1x system-auth-control
dot1x critical recovery delay 2000
dot1x critical eapol
Interface configuration:
switchport access vlan x1
switchport mode access
dot1x critical recovery action reinitialize
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 30
dot1x timeout server-timeout 5
dot1x reauthentication
dot1x guest-vlan x2
dot1x auth-fail vlan x2
dot1x critical vlan 101
arp timeout 60
spanning-tree portfast
================================
I have tried making the critical vlan to be the same as the access vlan as well as the Auth-Fail vlan but the results are same. -
Drag and Drop dialing Feature on Cisco IP Communicator
Hi everyone,
First of all I'm a beginner of voip. I'm searching feature of Cisco IP communicator ver 7.0. and found this document http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cipc/7_0/english/user/guide/CIPCUG70.html there is feature drag and drop dialing.you can drag the phone number from another application on window and drop to ip communicator for dial.I try to drag file type html,xml,xls,word and txt . it not work. please guide me to use this feature.
Thanks for your help.
Piyawat JinsangHi,
You can drag a phone number from another application and drop it into Cisco IP Communicator to initiate a call.
do you drag number or the file itself ?
HTH
Anas
don't forget to rate the helpful posts -
How many cisco 1242AG non-root AP can assiocate with root APs in an mesh design?
thanksHi,
the below link may help you!!
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch8_MESH.html
The mesh design constrains will let u know.. lemme know if this answered your question
Regards
Surendra -
Softphone feature for Cisco Jabber Client
Hello everyone,
I have a CUCM cluster v.8.6.2 and a CUPS v.8.6.4. I've installed my full CUWL licenses as well as my CUP Licenses AND the Jabber for Everyone COP file. I've managed to install Jabber on Mac and on Windows and have all the features such as Chat, Desktop phone integration and Visual Voicemail with Cisco Unity Connection working as well. The only feature I'm having a huge hassle getting to work is the Softphone feature. I've tried adding a CUPC device with the user (btw everything is integrated and uses LDAP for authentication) as the digest account for it as well as the Owner ID. I've tried adding a CSF device as well (I remember reading it somewhere) but the Jabber client never discovers a Softphone device and all of the options on the client are grayed out for me to put in the device settings. I thought I saw it once looking for a device name CSFACILLI (ACILLI being my username) in the System Diagnostics for the Jabber for Mac client but now it just shows:
Soft Phone Server
Server Address: cucm02.mycompany.net
Server Port: 2748
Server Protocol: --
Device: --
Line ID: --
Status: Disconnected
Any help or thoughts on this would be greatly appreciated! Thanks!
TonyAaron,
Here's the bit I found interesting from the reporting function:
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CCUCMClient::downloadConfig -- begin:
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CCUCMClient::getCnfFile -- begin: , strDeviceName.c_str()=CSFacill, bHttp=FALSE
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CTFTPClient::Get -- begin: , remotefile=CTLFile.tlv, host=cucm02.mycompany.net, bIsAsyMode=TRUE, port=69
-- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] - TFTP_Error Select error
-- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] - TFTP_Error Can't get packet, retrycount=3
-- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] - CTFTPClient::ContinueGet -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CTFTPClient::Get -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] - CTFTPClient::ReceiveData -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CCUCMClient::getCnfFile -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CCUCMClient::downloadConfig -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CPhone::setPhoneMode -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xb030b000] - CTFTPClient::ReceiveData -- begin: , nCookie=5, bIsAsyMode=TRUE
It looks like it's trying to get CTLFile.tlv from my TFTP servers (which are my subscribers). I went under TFTP File Management under OS Administration on the Subscribers and no such file exists. Is this something I have to download from Cisco? It does look like it's trying for the correct device, just can't get the Configuration File it needs... Your thoughts?
Thanks,
Tony -
Ciscoworks 2000 and Cisco 1242AG-LAP
hi
i have a problem with my cisco works,the software is manages all the devices in my network including the 19 1242AG-LAPs,even thogh the LAPs appear on the management software they are appearing as red which in normal conditions indicate a faulty device.How do i make sure that the access-points appear as green.The access-points are managed through the Cisco WLC 4402.Make sure LMS 2.6 in order to get the AP1200 v3.0 package to support 1240 APs.
-
Hi,
We are trying to setup ASA to do cut-through authentication proxy, and use ISE as RADIUS. We can successfully authenticate the user from Radius on the ASA, while he opens a web-page, but then it displays the error: authorization denied.
What we want:
ISE to allocate a security group tag to the user session when he logs in, that tag would carried within out cisco network infrastrucutre to define the access
policy for that user.
Can someone please help me with a sort of step by step thing for ISE configuration to allocate SGTs/SGACL for the user session after authentication is completed.
Thanks
LovleenPlease refer to below step by step config guide for security group access policies
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sga_pol.html -
These problem about features in Cisco PI 1.2
Dear Cisco Support Team ,
Currently , I am using PI 1.2 .I have some confuses about these features on this .
1. Alarm and Event :
- When 1 port on any devices down , I don't see any alarm about this . Plz tell me What kinds of alarm in PI ?
- I can't receive any syslog on these devices although I have configured and received on LMS .
2. Client and Users :
- What is the client ? On some Switchs just has 24 ports but show more 24 clients .
Thanks!Hi Predrag ,
Thanks for advisors .
- About the syslog :
I have configured syslog on device to send to PI , some devices can send to PI , almost switchs .We monitor 40 devices , have 9 switchs in the network but on PI just see syslog on 2 switchs , no syslog on all router ? The flowing is status on PI :
Last login: Mon Apr 8 14:08:41 2013 from 10.7.15.224
srv-pi-01/admin# ncs status
Health Monitor Server is running.
Reporting Server is running
Ftp Server is running
Database server is running
Tftp Server is running
Matlab Server is running
NMS Server is running.
SAM Daemon is running ...
DA Daemon is running ...
Syslog Daemon is running ...
status
- About the Client :
For example :
I have 2 switchs . They have connected ( Switch A-- Switch B on port 24 ). On 1 switch A have connect 1 router A , from router A connected router B .
When I show client on PI on Switch B I see router B as client although it not connect with Switch B .
Plz help to check this problem .
Regards -
Wireless Point to Point Cisco 1242ag
Hi
Is it possible to set up some sort of authentication where the root bridge and non-root bridge only associate with the opposites MAC address?Have a look at the link provided. There are ways of adding encryption and passwords to your point-to-point bridge. My recommendation is to go this way. It's alot quicker and easier to maintain.
Wireless Bridges Point-to-Point Link Configuration Example
http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml
I hope this will help.
Please don't forget to rate useful posts. Thanks. -
Automatic contain feature in cisco wlc for rouge AP
hi all,
I need to know what is the meaning of "contain" for the detected rouge AP on cisco wireless lan controller ??
thanks in advanceRogue Containment
Containment is a method of using over-the-air packets to temporarily interrupt service on a rogue device until it can physically be removed. Containment works by spoofing de-authentication packets with the spoofed source address of the rogue AP so that any clients associated are kicked off.
Source:
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html -
How to enable pin authentication features for hp laserjet 9050dn printers for all users?
There Is A requirement to Enable Pin Authentication for all the users . We have hp laserjet 9050dn Pinters
We would Like to Save Papper hence wanted to enable this feature to all our printers.
We would like to enable Pin authentication for all the users so that when a user fire a print out it would be in queue and when the user enters the PIN manually on the printer it would print and if the user doesnt require the pintout that he fired he dosent have to entr the PIN. Thus End of the day all such unrequired prints that were fired out will be in queu and they will be deleted end of th day.
Thus we could save lots of Paper ..
Can Some one Help Me to get this done...... Please post you Comments It Would be really Helpful....The product you have seems to be a commercial printer. For the best chance at finding a solution I would suggest posting in the forum for HP Business Support!
You may find the Commercial Laserjet board here.
http://h30499.www3.hp.com/t5/Printers-LaserJet/bd-p/bsc-413
You can also find the article related to this product here:
http://h20000.www2.hp.com/bizsupport/TechSupport/Home.jsp?lang=en&cc=us&prodTypeId=18972&prodSeriesI...
(User manual, troubleshooting tips, drivers, and more info)
Hope this helps!
Help the community by marking this post as a solution if it solved your issue!.
If my post helped you in any way, please click the blue KUDOS star under my name! It would mean a great deal.
Maybe you are looking for
-
ICloud no longer syncs with devices.
iCloud no longer syncs with devices. Error message reads "The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk." I am not p
-
I can't use keyboard in firefox
<i>Locking duplicate thread.<br>Please continue here: [[/questions/1001917]]</i> it happens when i typed one word many times<br /> a dilague box appears with the options yes or no<br /> i press no<br /> taaadaaa i can't use my keyboard
-
Mapping validates and generates ok but get pl/sql warn in deploy
Hi there Can validate and generate mapping ok but when deploy get various pl/sql error messages such as error ... coulmn ignored Anybody seen this sort of thing? I'm new to OWB but would have hoped the validate stuff would pick up any bugs otherwise
-
Newbie in portal and need help
Hi, In portal, is there any view (like data dictionary views) where I can get the name of the reports and the name of the tables or views that they are based on example. let's say I have 2 reports. 1- rept_dept based on scott.dept table 2- rept_emp b
-
Any Interface for transaction IQ01
Hi All , I want to create an ISU Meter equipment in a report program. I used the BAPI interface BAPI_EQUI_CREATE. I see that the BAPI is very different from the IQ01 Material Serial Number Creation. The BAPI does not have the option to pass the Regis