Cisco WLC 2504 and ways to authenticate users

Similar Messages

• Configuration of Cisco WLC 2504 with Local LAN static IP and DHCP

  I want to configure Cisco WLC 2504 with Local LAN static IP and WLC 2504 with DHCP so that APs can be connect with controller.
  Currently i am using WLC 2504 with DHCP so can anyone suggest how to do that..

  Hi Sandeep
  The info is correct, if we're using code below 7.3.101.0.
  This issue is fixed via the below bug id.
  CSCto01390 Unable to ping AP's directly connected to a 2500 controller
  check the fix that is updated on 7.4, 7.5 RNE.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn75.html
  Note
  Directly connected APs are supported only in Local mode.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
  For quick and easy deployment Access Points can be connected directly to 2504 Wireless LAN Controller via two PoE (Power over Ethernet) ports
  Thanks
  Saravanan

• Cisco WLC 2504 webportal for Server 2008 R2 DC LDAP or RADIUS

  HI,Friends.
  I want to get my mobile or Notebook clients connecting to wireless and use my Domain users ,Cisco WLC 2504 to authenticate via LDAP or  RADIUS to our Windows Server 2008 Domain Controllers
  question:
  one,i can use my domain one Organizational Unit ,such as cn=use01,ou=test,dc=lzh,dc=com. now, noly user01 can logon on web, But how I make all my domain users can use web log it ? 
  I was using radius authentication or ldap certification to do web authentication ?which is good. ？？？
  I specified child ou, ou its users superiors can not be landed on

  hi ,Scott Fella
  Thank you,I am very happy to receive your reply,  I finally binding domain user authentication LDAP authentication done successfully. but You say the combination of nps I did not do the radius authentication is successful, I do not know where the problems.
  the err:
  <Event><Timestamp data_type="4">07/27/2014 18:33:36.845</Timestamp><Computer-Name data_type="1">PDC-CQ</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">11</User-Name><Service-Type data_type="0">1</Service-Type><NAS-IP-Address data_type="3">10.10.10.253</NAS-IP-Address><NAS-Port data_type="0">1</NAS-Port><NAS-Identifier data_type="1">WLC-CNNEWCITY</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Vendor-Specific data_type="2">00003763010600000001</Vendor-Specific><Calling-Station-Id data_type="1">10.12.0.11</Calling-Station-Id><Called-Station-Id data_type="1">10.10.10.253</Called-Station-Id><Client-IP-Address data_type="3">10.10.10.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WLC</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CNNEWCITY\11</SAM-Account-Name><Class data_type="1">311 1 10.10.10.1 07/27/2014 09:41:28 5</Class><Authentication-Type data_type="0">1</Authentication-Type><NP-Policy-Name data_type="1">Connections to other access servers</NP-Policy-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Fully-Qualifed-User-Name data_type="1">cnnewcity.com/user/test/11</Fully-Qualifed-User-Name><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
  <Event><Timestamp data_type="4">07/27/2014 18:33:36.845</Timestamp><Computer-Name data_type="1">PDC-CQ</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 10.10.10.1 07/27/2014 09:41:28 5</Class><Fully-Qualifed-User-Name data_type="1">cnnewcity.com/user/test/11</Fully-Qualifed-User-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Client-IP-Address data_type="3">10.10.10.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WLC</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CNNEWCITY\11</SAM-Account-Name><NP-Policy-Name data_type="1">Connections to other access servers</NP-Policy-Name><Authentication-Type data_type="0">1</Authentication-Type><Packet-Type data_type="0">3</Packet-Type><Reason-Code data_type="0">66</Reason-Code></Event>
  then,You gave two figures is that what you mean? what's the meaning it that services-type =login ?

• Best practices for network design on WLC 2504 and 5508

  Dear all:
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Maximum amount of AP per port
  The scenario when to use all ports in both WLC
  Maximum number of clients(users) per port
  Bandwidth comsumption of  management vs data in order to assign one port for management
  I've just found this:
  Cisco 5508 controllers have eight Gigabit Ethernet distribution system ports, through which the controller can manage multiple access points. The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller. Cisco 5508 controllers have no restrictions on the number of access points per port. However, Cisco recommends using link aggregation (LAG) or configuring dynamic AP-manager interfaces on each Gigabit Ethernet port to automatically balance the load. If more than 100 access points are connected to the 5500 series controller, make sure that more than one gigabit Ethernet interface is connected to the upstream switch.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60mint.html
  Thanks for your help.

  The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller.
  This is an old document.  5508 can now support up to 500 APs if you run firmware 7.X.  2504 can support up to 75 APs if you run firmware 7.4.X.
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Best practice and recommendation is to LAG all ports so you will be able to form a link redundancy.  If one link goes down, you have other link to push traffic. 

• Query About Cisco WLC 2504 TDLS

  Dear Friends,
  One of my client want to encrypt data over the wireless. I have cisco WLC 2504 IOS Version 7.2.0.0.
  Please help me on this. I think by-default data encrypt is enable. If not so how can I enable it. If I enable it is there any impact to my wireless user's.
  Please help me out .....
  Thanks & Regards,
  Rahul Wankhade

  How to enable:
  http://www.cisco.com/c/en/us/support/docs/wireless/2500-series-wireless-controllers/113034-2500-deploy-guide-00.html#enable
  Impact:
  2500, WiSM2, WLC2—These platforms by default will not contain DTLS. To turn on data DTLS, you must install a license. These platforms will have a single image with data DTLS turned off. To use data DTLS you will need to have a license.
  http://www.cisco.com/c/en/us/products/collateral/wireless/2500-series-wireless-controllers/data_sheet_c78-645111.html
  AS per cisco: Encryption limits throughput at both the controller and the access point.
  Regards
  Dont forget to rate helpful posts

• Cisco WLC 2504 sofware update

  Dear Friends,
  I am using Cisco WLC 2504 current software version is 7.0.220.0 and I want to upgrade it to the latest version which is 8.x.x.x.
  Could you please help and advice the best way of doing it? Also can I upgrade direct to the latest version or do I have to upgrade step by step?
  Thank you very much for your help and support.
  Thanks
  Umar

  Hi
  Could you please help and advice the best way of doing it? Also can I upgrade direct to the latest version or do I have to upgrade step by step?
  Yes, you can go directly to 8.0.x from 7.0.x code. Refer below link
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr1.html#68333
  Make sure you refer the release notes for any known issues with this code. Also upgrade FUS to 1.9.0.0 as well. This will take around 30 min downtime as well.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/fus_rn_OL-31390-01.html
  If you have different AP models, MSE, Prime products, refer this compatibility matrix as reference.
  http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Compatible APs for Cisco WLC 2504

  Is the cisco wlc 2504 compatible with the AIR-CAP-3602l and if so what firmware would i need to be running on the WLC ? My firm rushed out and bought a mesh solution without doing their homework

  Hi Doug,
  Data sheet for 3602 access point shows it support 2500 series WLC. Please refer to the link below.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps11983/data_sheet_c78-686782.html
  You may need firmware version above 7.2 to support 3602.
  http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
  Hope that  helps
  Regards
  Najaf
  Please rate when applicable or helpful !!!

• DHCP Error with WLC 2504 and Aironet 2600 setup across subnets

  Hey guys
  I have just setup a new WLC 2504 controller to manage a WiFi service that will span 6 geographic locations.  The local networks at each location are on different subnets (all 192.168.x.x) and are linked up via IPSEC VPN links, and there is Active Directory spanning the sites, with DNS and DHCP servers running at each location.
  I tested the WLC at our main office with a single AP, and it worked fine.  The AP set itself up, and wireless devices connect with no probs. Great!  Yesterday I headed out to one of our remote sites, and connected an AP to their network - and that seemed to work fine too.  Within a few minutes I was able to see the WiFi network I'd setup, and my smartphone connected to it straight away (as I'd rpeviously connected at the main office), so I was pretty happy that all was working well.
  This morning however I've had notification that wifi performance at the remote site isn't great.  I've got someone to check their ip address, and I've found that their IP address and default gateway match the LAN at the main office where the WLC is based - NOT the LAN where the wireless client is.  Obvioulsy this is not ideal!
  So I guess my question is, what have I done wrong?  (I guess I HAVE done something wrong!?).  And how can I get wireless clients at remote sites to pick up an IP from the DHCP server at THEIR site?
  Any help would be greatly appreciated! 
  Thanks!           

  Hello Tim,
  What mode your APs are in? Local mode? or FlexConnect mode?
  If local mode, then all the traffic will be tunnelled to the WLC and they'll be same as if you are connecting from the WLC location.
  If you use FlexConnect APs (which is recommended for remote sites) you can configure FlexConnect groups on the WLC and add each location in a specific group. In that group you can decide what VLAN the users should be in.
  Check this link for FlexConnect group configuration
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1230080
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Cisco WLC 5508 and LACP

  Hi Fellows,
  I wanna know if 5508 Cisco WLC support LACP or not. Actually i work in a project where i must
  connect WLC 5508 in Enterasys Switches with Link Aggregation.
  Enterasys Switches support LACP 802.3ad but when i learn Cisco Books i see that WLC 5508
  doesn't support LACP.
  Can you help please ?
  Sincerely
  Joseph

  Hi,
  Please take a look into the config guide:
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1277652.
  You can read there:
  Once the EtherChannel is configured as on at both  ends of the link, it does not matter if the Catalyst switch is  configured for either Link Aggregation Control Protocol (LACP) or Cisco  proprietary Port Aggregation Protocol (PAgP) because no channel  negotiation is done between the controller and the switch. Additionally,  LACP and PAgP are not supported on the controller.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• DAC server start-up error and Can't authenticate user

  HI,
       we have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
  while starting DAC services in Unix server it throws an error like
  ANOMALY INFO An exception occurred. Shutting down server...
  MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
  EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
  Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
  we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
  How to start the DAC services?
  How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
  Pls help in this regard.
  Thanks in advance.

  EddyLau wrote:
  Hi,
  I encounter the "Can't authenticate user" error in DAC first setup after installation when it prompt up to ask for setting up administrator id and password.
  here's my sql statement to create database schema for dac in oracle database.
  grant dba, connect, resource, create view, create session to SSE_ROLE;
  create user DEV_DAC identified by "password";
  grant DEV_DAC to SSE_ROLE;
  grant dba, connect, resource, create view, create session, grant any role to DEV_DAC;
  I tried dropping the data schema and create it again but still fail to authenticate.
  did I grant enough privileges to the database schema?
  Please help.
  Thanks,
  EddyLogin to DEV_DAC using the credentials from SQL Developer or sql
  Then do select * from W_ETL_USER -- here you will see 2 Administrator id's listed
  now run the command Delete From W_ETL_USER
  Now login to dac client with Administrator and pwd which you have set earlier.
  Mark as helpful or correct if it helps
  Thanks,
  RM

• Backing up config on Cisco WLC 2504

  I need to upgrade the software on my controller but first need to take a backup of the config.
  I log into the GUI of the controller and then go to Commands / Upload File, I then select my options:
  File Type: Configuration
  Transfer Mode: TFTP
  IP: 10.x.x.x
  File Path: C:\Cisco\WLC
  File Name: ciscowlc.cfg
  Click Upload
  After about a minute it receive the following error:
  % Error: Config file transfer failed - Error from server: The specified operation is not supported.
  I can't seem to find any information on this error.
  Any help would be greatly appreciated.
  Thanks,
  James

  What TFTP server are you using... I use 3CDeamon and I also select the folder from the TFTP server so my path would just be ./
  Make sure that the firewall on the tftp server is disabled and also make sure your doing the tftp to a wired machine and not a wireless machine.  TFTP and FTP is not allowed when your associated to an AP that is joined to that WLC.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• TFTP image to Cisco WLC 2504

  I am trying to TFTP an image to a Cisco 2504 WLC. The management interface is 10.1.1.1 /24 and I have my PC connected to a port on the WLC with the IP address 10.1.1.10. However, I still do not have connectivity between the PC and WLC. Any advice?

  If you are connected directly to the WLC, you need to make sure the management interface is untagged, set to '0'.
  You really should be connecting the WLC to a switch since the WLC isn't really a switch and TAC doesn't support connecting devices like AP's or PCs to the WLC.
  Sent from Cisco Technical Support iPhone App

• About max local MAC filtering can be register in WLC 2504 and 5508

  Hi all
  My customer is considering to use WLC with MAC filtering feature (use local database not external Radius). So they are concerning about maximum local MAC filtering entries that can be register on WLC2504 and WLC5508 to buy (the number of APs is about 20, but the MAC is more than 200)
  I tried to search, but I could not find any specs mention it. If anyone knows, please help to answer
  Rgds

  I looked at this before. I want to say its maxed at 2048 regardless of the model ..
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html

• CISCO WLC , connecting SSID with local net user

  Dears,
  Created Local Net User
  created SSID and Broadcasted, users can connect to SSID with PSK
  But not able to connect using Local net user created in WLC
  Edwin

  Hi,
  What kind of Layer 2 Security are you using on your SSID?
  You can't have both PSK and Local user database authentication on the same SSID.
  Best regards,
  Sebastian

• Cisco WLC 2125 and AIR-LAP1252AG-A-K9 access points

  We are running into a little issue here and looking for some help. We have the Controller configured and it appears to be working properly the issue we are running into is that we can only get the above mentioned access points to only join the controller if they are plugged directly into the controller. I would assume that we should be able to plug these access points into any of our switches and they should be able to join the controller correct? Obviously there has to be a configuration issue somewhere and am hoping someone can point us in the right direction.

  WAP to Switch - Access port
  WLC to Switch - dot1Q trunk on the switch and tagged on the WLC side