Bonjour Discovery browser and cisco WLC mDNS

Similar Messages

• Tablets and Cisco WLC Web Authentication

  Hi my name is Ivan
  I have a question:
  I would like to know which are the tablets that support Web Authentication in Cisco WLC?.
  Android, Samsung, others?
  And wich are the requeriments of the tablet to use this way to authentication?
  Regards
  Ivan

  Any device that has a browser which can generate HTTP(s) traffic utilizing a browser can use WLC Web Auth.  If you're question is regarding being presented "automatically" with the captive portal I have seen this can be dependent on OS.  From my reading about Droids (not hands on experience) the Android devices don't provide a captive portal query that would "automatically" bring up the WebAuth page when connected to an open network using L3 WebAuth security, but you then open your browser and try to hit any web page and you're fine.  Apple IOS can handle this automatically (in most cases)
  As long as the device can connect to the WLAN in question, open a browser, then try to navigate to some URL, it should work fine.

• Called-Station-ID attribute and Cisco WLC code 7.4

  Hello
  I have 2 WLCs configured with 2 SSIDs (one is [WPA2][Auth(802.1X)] and the other is Web-Auth). One of the WLCs is remote and its WLANs are configured with mobility anchors pointing to the other WLC. Both WLCs are configured with Called-Station-ID set to AP Mac Address:SSID. I use this attribute on ACS to authenticate/authorize users based on what SSID they connect to.
  This worked fine on WLC code 7.0 but on upgrading to 7.4 I started having some issues:
  clients on the remote WLC can still authenticate on the [WPA2][Auth(802.1X)] SSID as the Called-Station-ID attribute is still AP Mac Address:SSID
  clients on the remote WLC cannot authenticate on the Web-Auth SSID as the Called-Station-ID attribute now appears to be the Mac Address of the WLC anchor controller
  WLC models are 5508 and current code is 7.4.110.0 (APs are AIR-LAP1142N-E-K9). Can anyone tell me why I'm seeing this behaviour on the Web-Auth SSID on the remote WLC?
  Thanks
  Andy

  Since you have two AAA devices that's sending info, you can have your policy for the guest specifying the guest WLC. The SSID policy for the foreign WLC is only really needed if you have multiple 802.1x authentication from the foreign WLC and that's when you can use the regex to defiance the SSID per AD Group.
  Look at a successful authentication from one of the guest users. Look at the detailed log and then in that log, you will see all the attributes being sent that the radius can send back to the WLC. You can use any of those attributes in your policies.
  Called-Station-ID might not be sent like what your use to, because the foreign WLC has the access point the guest user associates to and tunnels it back to the anchor WLC. So this attribute might not be available. Things do change with code versions so you might just have to adjust your policies. I haven't played around with 7.0.x code with guest anchor and radius in a while, but I have in the past upgraded radius or the WLC and had to tweak my radius policies.
  Sent from Cisco Technical Support iPhone App

• BILLING SETUP WITH NOMADIX AND CISCO WLC

  Hai I need to implement cisco wireless controller along with nomadix box for bandwidth control and billing in a hotel . anybody implemented same ?.
  how the topology in this case ?.nessary config on wlc

  Refer the post: https://supportforums.cisco.com/discussion/11431756/wlc-and-nomadix
  https://supportforums.cisco.com/discussion/11601111/guest-ssid-redirect-nomadix-box

• ITunes 11 Stops Responding to Bonjour Discovery Multicast Broadcasts, Why?  This stops the the Apple TV 3 from being able to start a new stream from the home share and the iPad remote app can no longer see the home share too.

  I'm having an issue where my Apple TV 3 and all our iPads periodically seem to loose connectivity to an iTunes home share on a Windows 7 PC.  Using a network protocol analyser on the PC I have identified that the point of failure corresponds to the ATV3 sending a bonjour discovery request and getting no reply from iTunes.  Why the ATV3 'forgets' where the home share is is possibly another issue but the root cause of the failure is that iTunes, or more specifically the mDNSResponder service, is not responding to the UDP multicast port 5353 broadcast discovery packet sent by the ATV3 or iPad.  The mDNSResponder service does start responding again after iTunes is restarted thus making the home share accessible once more, however, this frequent drop out is unacceptable and often happens after only a single TV show has been watched from the home share making the solution unworkable for a family, we simply cannot be restarting iTunes constantly it ruins the user experience completely!
  The nature of this failure indicates that the ATV3, the iPads, the host PC and network are all working correctly and the point of failure here is the lack of response to the bonjour discovery protocol with the net result of either a spinning 'connecting to home share' message or the home share just disappearing from the computers section.
  If there is a configuration fix for this please let me know as I haven't located a fix!  Otherwise this seems very much to be a code flaw in iTunes 11 or the mDNSResponder and I would appreciate some input from Apple!  Going on other questions in these forums it would seem the problem is not limited to Windows PCs but also Macs too.  NB: This is not a TCP issue, when the ATV3 or iPad knows the IP of the iTunes server all works flawlessly, it just periodically they seem to refresh the list of home shares and at this point they loose the information about the home share they have just been using because of the non-response to the UDP multicast discovery broadcast packet, that is arriving at the host PC and isn't being blocked by the firewall.
  Many Thanks!

  In my case there was no import from a former mac.
  My problem (at least mine) is that no app that offers media sharing works properly. Neither itunes home sharing nor AirVideo nor EyeTV sharing.
  So I'm pretty sure that this is network issue.
  Adding another user on my mac and sharing a new library works not also. But sharing from another laptop in my WiFi works. So this has to be a network issue on my mac, not only my user, but an issue of the whole system.
  But I'm not willing to reinstall MacOS X for that if I don't have to.

• Cisco APs get disconnected from cisco WLC after 30 min when connected on Juniper SRX

  Hi,
  I am connecting all my Cisco 1131AG APs via Juniper SRX 240 box and Cisco WLC is placed in the LAN.
  We are running LWAPP in layer 3 mode. The APs get dissassociated form the WLC after 30 min.
  The Setup is like :-
  AP->AccessSwitch-->JuniperSRX(reth2.0)-->JuniperSRX(reth1.0)-->CoreSwitch-->CiscoWLC
  could anyone please help me to resolve this issue.

  Firmware for WLC is AIR-WLC4400-K9-4-2-99-0
  Firmware for AP is 12.4(10b)JA1
  The logs form WLC during disconnection :-
  Mon Sep 6 20:05:52 2010 AP Disassociated. Base Radio MAC:00:1f:ca:2d:4e:a0
  1 Mon Sep 6 20:05:52 2010 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1f:ca:2d:4e:a0 Cause=Heartbeat Timeout
  2 Mon Sep 6 20:05:51 2010 AP Disassociated. Base Radio MAC:00:1f:9e:c1:0d:30
  3 Mon Sep 6 20:05:51 2010 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1f:9e:c1:0d:30 Cause=Heartbeat Timeout

• Certificate based authentication with Cisco WLC and Juniper IC

  Hi
  I have a cisco WLC 4400 and Juniper IC which works as the external Radius server.
  I want the wireless clients to be authenticated using certificates. I know the Juniper IC can understand certificates.
  My question is can cisco WLC understand that the information being presented to it by the client is not username/pwd but a user certificate.
  i have also looked at this article :
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
  What i don't understand here is the need of WLC authenticating the user with his credentials by LDAP when it has authenticated the user cert.
  All your help is appreciated.

  Hi,
  Since you use an external radius server you don't have to worry for this.
  The only config that you need to do on WLC is to define the radius server under Security-AAA-Radius-Authentication and on your WLAN-Security-AAA.
  The doc you refer is only for Local Radius on WLC.
  Hope this helps
  Regards,
  Christos

• Cisco WLC 5508 and LACP

  Hi Fellows,
  I wanna know if 5508 Cisco WLC support LACP or not. Actually i work in a project where i must
  connect WLC 5508 in Enterasys Switches with Link Aggregation.
  Enterasys Switches support LACP 802.3ad but when i learn Cisco Books i see that WLC 5508
  doesn't support LACP.
  Can you help please ?
  Sincerely
  Joseph

  Hi,
  Please take a look into the config guide:
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1277652.
  You can read there:
  Once the EtherChannel is configured as on at both  ends of the link, it does not matter if the Catalyst switch is  configured for either Link Aggregation Control Protocol (LACP) or Cisco  proprietary Port Aggregation Protocol (PAgP) because no channel  negotiation is done between the controller and the switch. Additionally,  LACP and PAgP are not supported on the controller.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• Cisco WLC 2504 and ways to authenticate users

  Hi All,
       What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
       and any one can give me case study for this issue
  System consist of Cisco 2504 and Cisco LAP 1140
  Thanks

  To implement radius based authentication is the best practice for the small & enterprise environment.
  Information About RADIUS
  Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
  •Authentication—The process of verifying users when they attempt to log into the controller.
  Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
  •Accounting—The process of recording user actions and changes.
  Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
  RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
  You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on. 
  For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947

• Cisco wlc and steel belted radius

  we have cisco wlc controller  that have  two ssid  one for user and one for guest
  we need the  user in ssid 1 take user name and password from  user group in active directory through steel belted radiu
  please send to me any integrated guide between cisco wlc and steel belted radius
  regards

  Hi                                                      Mohammad,
  I am unaware of a specific Steel Belted RADIUS intrgration guide for the WLCs, however the configuration process on the controller will be the same:
  Cisco WLC Configuration Guide 7.0 - Configuring RADIUS:
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1388328
  You may wish to contact your RADIUS vendor for additional configuration steps on the server.
  Best,
  Drew

• Cisco WLC and Microsoft NAP

  Hi, I want to integrate my Cisco WLC directly into Microsoft NAP. Is this possible?
  Thanks

  follow the table in the link http://www.cisco.com/en/US/docs/security/nac-nap/1.0/release/notes/NACNAPRN.html#wp1134942 for the integration of WLC and Microsoft NAP

• Mobility between Cisco WLC and Meraki(other vendor)

  Is it possible that users can roam between Cisco WLC and other vendor wireless gear? Meraki keeps saying it is possible.
  They keep saying it is a IEEE feature and everone should support but I do not understand how?

  While theoretically possible with the adoption of capwap, it would require all the manufacturers to follow the specs exactly the same. Kind of like hearding cats, not impossible, but highly unlikely.. That's just my opinion
  Sent from Cisco Technical Support iPad App

• Configuration of Cisco WLC 2504 with Local LAN static IP and DHCP

  I want to configure Cisco WLC 2504 with Local LAN static IP and WLC 2504 with DHCP so that APs can be connect with controller.
  Currently i am using WLC 2504 with DHCP so can anyone suggest how to do that..

  Hi Sandeep
  The info is correct, if we're using code below 7.3.101.0.
  This issue is fixed via the below bug id.
  CSCto01390 Unable to ping AP's directly connected to a 2500 controller
  check the fix that is updated on 7.4, 7.5 RNE.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn75.html
  Note
  Directly connected APs are supported only in Local mode.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
  For quick and easy deployment Access Points can be connected directly to 2504 Wireless LAN Controller via two PoE (Power over Ethernet) ports
  Thanks
  Saravanan

• Cisco WLC : AP automatic configuration for flexconnect parameters and ap group

  Hello !
  Is there a way to configure cisco WLC to automatically set flexconnect parameters such as Vlan support and Native Vlan ID when an access point join the controller ? 
  Same question to assign the access point to a specific AP Group ?
  PS: The access points are set with usine parameters and the WLC is in version 7.4
  Thank you for your answers !
  Stephane

  To my knowledge these features are not available in 7.4, but from what I understand 8.0 will have similar features. I can say that 7.6 has global commands, not sure if its part of 7.4.
  If it is you can navigate there Wireless>Access Points>Global Configuration you can do things like configure your primary and backup controllers, set login credentials, pre-download images to AP's.
  Please rate if you find the information helpful.
  HTH

• Cisco WLC and Airtight SS-300AT-C-60

  Hello Guys, I have some AirTight APs, SS-300AT-C-60, which are working standalone as WIPS. Those devices can work as AP too but
  I was wondering if a Cisco WLC can support it. I mean, is there any way to manage these AirTight devices via CAPWAP using a Cisco Controller ??

  Why not?  Because AirTight ain't owned by Cisco.  And if they are, Cisco's customer base and AirTight's customer base are two different and distinct group.