Config network web-auth-port 8080
I configured the command config network web-auth-port 8080 in the controller. Now i want to revert it back to the previous settings.
Which command will revert back to the default setting?
Hi,
Just type the command again and put 0 as the redirect port:
config network web-auth-port 0
Save it and reboot the WLC. That will remove the additional port.
Thanks,
Lee
Similar Messages
-
Hello,
I am migrating Sharepoint 2010 my site content database to SharePoint 2013. First I have to create My site web application in SharePoint 2013. How can I synchronize 2010 content database with 2013.Hi ghsajith,
According to your description, my understanding is that you want to upgrade your SharePoint 2010 to SharePoint 2013.
There is an article for your reference:
http://blogs.msdn.com/b/alimaz/archive/2012/07/17/upgrading-from-sharepoint-2010-to-sharepoint-2013-step-by-step.aspx
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support -
I want the automatic redirection to the login page work when a proxy is configured in the IE parameters.
I used the command "config network web-auth-port 8080", but when I open IE, I'm not redirected to the login page (the DNS request works).
When I do a "telnet www.google.com 8080" and then "get http", I get the page.
Any idee?In my experience it does not work with a proxy. If you disable the proxy you will get the login and then get redirected, which will then fail until you enable the proxy settings. WLC will try to resolve the homepage of that user, which of course will fail since it doesn't know of the proxy. You will have to either use a term and condition on a custom WebAuth page or implement a content filter application like WebSense.
-
Web-Auth not working on Apple IOS devices
I am using L3 web-auth (when no mac filter match). I currently have downloaded the custom page to the controller. It works fine with Windows and Android. I can not get to the redirect page on Apple IOS though.
In my pre-auth ACL I have added rules to allow any traffic to and from 17.0.0.0/8. I can see that it is getting hits.
I have also tried the config netwrok web-auth captive-bypass enable command.
Neither of these have helped.
My Apple client is getting an IP address.
Any ideas? ThanksWLAN on Anchor controller:
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... HopeNet
Network Name (SSID).............................. HopeNet
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 2
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 3600 seconds
CHD per WLAN..................................... Enabled
--More-- or (q)uit
Webauth DHCP exclusion........................... Disabled
Interface........................................ guest-dmz
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
--More-- or (q)uit
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
LDAP Servers
Server 1...................................... 10.4.21.177 389
Server 2...................................... 10.4.21.178 389
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
--More-- or (q)uit
FT Support.................................... Enabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled-On-MACFilter-Failure
IPv4 ACL........................................ web-auth-test
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
--More-- or (q)uit
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
2 10.241.15.5 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
WLAN on foreign controller:
WLAN Identifier.................................. 4
Profile Name..................................... HopeNet
Network Name (SSID).............................. HopeNet
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 2
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 3600 seconds
CHD per WLAN..................................... Enabled
--More-- or (q)uit
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
--More-- or (q)uit
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
--More-- or (q)uit
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled-On-MACFilter-Failure
IPv4 ACL........................................ Unconfigured
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
4 10.241.15.5 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Interface detailed virtual on Anchor controller:
(Cisco Controller) >show interface detailed virtual
Interface Name................................... virtual
MAC Address...................................... 68:ef:bd:93:bd:00
IP Address....................................... 1.1.1.1
Virtual DNS Host Name............................ anchor.stjude.org
AP Manager....................................... No
Guest Interface.................................. No
Interface detailed virtual on Foreign controller:
(30-WiSM2-slot2-1) >show interface detailed virtual
Interface Name................................... virtual
MAC Address...................................... 2c:54:2d:3a:51:a0
IP Address....................................... 1.1.1.1
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No -
Running a web server along with Oracle XE - Port 8080 problem & solution
Hi,
My company is tight on computing power so we're using an older machine to run our Oracle XE instance and our Apache web server. The Apache server is using port 80 to host the website, while Oracle XE is using port 8080 for APEX.
Initially this did not pose any problems, but as when our consultants were at clients sites they weren't able to access port 8080. This was a huge problem for us since we use APEX for our time sheet system.
I could have used a 2nd computer to host the APEX engine on port 80 (if you want to know how to do this just search the forum), but I didn't have an extra machine at my disposal.
After doing some reading I found that I could modify the Apache httpd.conf file (/etc/httpd/conf/httpd.conf for linux systems) to handle this. I thought I'd post my results for others in the same situation:
- #Search for the mod_proxy section and add the following:
- ProxyRequests Off
- #This maps the :8080/apex to :80/apex
- ProxyPass /apex http://www.mydomain.com:8080/apex
- ProxyPassReverse /apex http://www.mydomain.com:8080/apex
- #This maps the :8080/i/ (for images) to :80/apex.
- #YOU NEED THIS since all images and js calls reference the /i/ directory
- ProxyPass /i http://www.mydomain.com:8080/i
- ProxyPassReverse /i http://www.mydomain.com:8080/i
- #Search for Alias and add the following:
- #This is optional. It will allow a simple url for your users to access a common application
- Redirect /myapps http://www.mydomain.com/apex/f?p=100
Of course you can add some restirctions, and verification for the apache module to the conf above, but I thought I'd keep it basic for this example.
Hope this helps others in the same sitation.Thanks for all the responses I got,
Martin, Thank you
I tried the same advises on my static IP address and it works fine, and very quickly some times, thank you.
My Appache function well and I test a sample webpage.
The domain name did not succeed in my network, may be because its a fake one, I do not really know but I already have an active domain but want to use it when the things will work for sure in all the aspects, and finish the tests.
Your advises were very useful for me.
But I still get the TCP_Error with timeout, some times, I think, the issue is related to the network now (not sure, but the tests takes long time and I prefere to let you know the development for now) , I'm trying to fix the network, as much as I can to get the perfect performance. But I just wonder about the Listener , may be there is something we need to change, still testing
Did you tried your applications onsite from multiple workstations at the same time in Oracle XE using your web server?
Appriciate your help and all other attendants.
Thanks -
Web debugging not using port 8080
empty
You're quick to answer!
My third question is when I start Tomcat from inside NitroX by using the
Run->Debug... menu - selecting my own server.xml in server config. -> Which
tags can I debug? Only JSP/Java or also Struts tags?
Again Thanx,
Nikolaj
"M7 Support" <[email protected]> wrote in message
news:[email protected]...
For the browser issue you have to wait for the next build. It hasexactly the options your are asking for.
You can see the server.xml we generate. After you start Tomcat take a
look at the end of the first line in the Console view. The name of the
file is there. You can copy it while the server is running.
Would you mind being more specific about the third issue? Do you start
Tomcat from inside NitroX by using the Run->Debug... menu or you are
trying to attach to it?
Regards,
M7 Support
Nikolaj Ravn wrote:
Thanks Support,
It was almost too obvious.
But when I run/debug a new browser session is opened still using port
8080.
1) How do I configure this browser to use another port (and other
params...)?
2) How do I prevent this browser from starting?
3) (and most important) How do I make my application hook up on the
Tomcat
being started. My breakpoints doesn't stop the code as expected. I guess
its
a common issue using the webcontainer. It would be nice to see your
server.xml that you use. Any help here?
Again thanx and you do have a nice product here. Anticipating your
pricing.
Nikolaj
"M7 Support" <[email protected]> wrote in message
news:[email protected]...
You can start with your own server.xml.
Open Window->Preferences->NitroX->Server configurations.
Select your configuration and press the Edit button.
In the Configuration tab select Existing configuration file and enter
the full path to it.
Close the dialogs with OK.
Start the debugger as usual.
M7 Support
Nikolaj Ravn wrote:
How do I make NitroX use another port for debugging than 8080?
I'm using Tomcat 4.1 - and I need to use port 8070. I understand that
NitroX
is making its own server.xml for starting Tomcat - but from what? Not
my
server.xml, I guess.
Thanx,
Nikolaj -
I create the WiFi network using the internet sharing option in my Macbook Pro from a local ethernet connection..and set the HTTP proxy settings in my new iPad.Siri runs like a charm on an other WiFi connection which doesnt require proxy but on my University connection it says that it cant handle any requests right now..
We were having the same problem here at the School I work at. By looking at some traffic logs and doing some internal testing, it appears Siri attempts to make a direct connection to the outside network using HTTPS (port 443), without using any of the proxy settings you may have configured on the Wifi network.
We've reported it as a bug to Apple but haven't heard anything back yet.
To get around it in the meantime you'll have to punch a hole in your firewall to allow Siri traffic through.
Currently Siri appears to contact IP address 17.174.4.14 over port 443. The IP address may change in the future, but that will at least get you up and going for now. We went ahead and opened the entire 17.174.4.0/24 network, as the entire block of addressess is owned by Apple.
Again, there is no gaurentee that this will not change in the future and break again.
Good luck! -
Web server and apex running on same machine - port 8080 possible conflict
Hi Guys,
I have installed Apache Tomcat and currently in the process of installing Oracle 11G in the same machine.
The tomcat is using port 8080 and I understand from other installs, that APEX uses 8080 as well.
Is there way after installing Oracle 11G XE database, to shut down APEX so it doesn't conflict with Tomcat's use of 8080? I have no use for APEX at this point want to shut it down if its possible.
Alternatively, can it be configured to use another port?
Many thanks.You can do either, shut it down or change the port. So sad that you said you "have no use for Apex...". :(
What gateway are you using for Apex? Is it the EPG, OHS or the Apex Listener? If you're using the EPG then there is a whole command structure/API for that. Here are a couple that you can run from a SQLPlus session:
SELECT DBMS_XDB.GETHTTPPORT FROM DUAL;
EXEC DBMS_XDB.SETHTTPPORT(port);
For example:
EXEC DBMS_XDB.SETHTTPPORT(8080);
OR
EXEC DBMS_XDB.SETHTTPPORT(8181);If you're using OHS then you go to your OHS/Apache directory and find the OPM path and issue your shutdown startup commands from there. If it's the Apex Listener with Glassfish then you go to the Glassfish admin console and shutdown your Apex deployment from there. Specifics I'll leave to you.
Earl -
Guest WLAN and Web Auth?
Hi Guys,
Maybe someone can help me out?
I just finished setting up a trial "Cisco Virtual Wireless Controller" with nearly the same configuration as our Physical
"Cisco Wireless Controller" with the exception of having 2 ports. Anyhow, I managed to get everything working except for the WEB AUTH on the Guest WLAN. When a client connects, he gets a DHCP address from our ASA but when we try to get to a website, we never reach the WEB AUTH page.
What I tried so far is..
add a DNS Host Name to the virtual interface and assign it to our internal DNS server.dns name was resolving but we were unable to ping 1.1.1.1
changed the virtual ip from 1.1.1.1 to 2.2.2.2 and modified the DNS entrydns name resoved but still could not ping 2.2.2.2(I think this is normal)
changed the virtual IP to a private address of 192.168.102.1 and modified the dns entrysame result
I've attached some screenshots of our configuration.Troubleshooting Web Authentication
After you configure web authentication, if the feature does not work as expected, complete these
troubleshooting steps:
Check if the client gets an IP address. If not, users can uncheck
DHCP Required
on the WLAN and
give the wireless client a static IP address. This assumes association with the access point. Refer to
the
IP addressing issues
section of
Troubleshooting Client Issues in the Cisco Unified Wireless
Network for troubleshooting DHCP related issues
1.
On WLC versions earlier than 3.2.150.10, you must manually enter
https://1.1.1.1/login.html
in
order to navigate to the web authentication window.
The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client
connects to a WLAN configured for web authentication, the client obtains an IP address from the
DHCP server. The user opens a web browser and enters a website address. The client then performs
the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the
website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web
authentication login page.
2.
Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On
Windows, choose
Start > Run
, enter
CMD
in order to open a command window, and do a nslookup
www.cisco.com" and see if the IP address comes back.
On Macs/Linux: open a terminal window and do a nslookup www.cisco.com" and see if the IP
address comes back.
If you believe the client is not getting DNS resolution, you can either:
Enter either the IP address of the URL (for example, http://www.cisco.com is
http://198.133.219.25)
♦
Try to directly reach the controller's webauth page with
https:///login.html. Typically this is http://1.1.1.1/login.html.
♦
Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also
be a certificate problem. The controller, by default, uses a self−signed certificate and most web
browsers warn against using them.
3.
For web authentication using customized web page, ensure that the HTML code for the customized
web page is appropriate.
You can download a sample Web Authentication script from Cisco Software Downloads. For
example, for the 4400 controllers, choose
Products > Wireless > Wireless LAN Controller >
Standalone Controllers > Cisco 4400 Series Wireless LAN Controllers > Cisco 4404 Wireless
LAN Controller > Software on Chassis > Wireless Lan Controller Web Authentication
Bundle−1.0.1
and download the
webauth_bundle.zip
file.
These parameters are added to the URL when the user's Internet browser is redirected to the
customized login page:
4.
ap_mac The MAC address of the access point to which the wireless user is associated.
♦
switch_url The URL of the controller to which the user credentials should be posted.
♦
redirect The URL to which the user is redirected after authentication is successful.
♦
statusCode The status code returned from the controller's web authentication server.
♦
wlan The WLAN SSID to which the wireless user is associated.
♦
These are the available status codes:
Status Code 1: "You are already logged in. No further action is required on your part."
♦
Status Code 2: "You are not configured to authenticate against web portal. No further action
is required on your part."
♦
Status Code 3: "The username specified cannot be used at this time. Perhaps the username is
already logged into the system?"
♦
Status Code 4: "You have been excluded."
♦
Status Code 5: "The User Name and Password combination you have entered is invalid.
Please try again."
♦
All the files and pictures that need to appear on the Customized web page should be bundled into a
.tar file before uploading to the WLC. Ensure that one of the files included in the tar bundle is
login.html. You receive this error message if you do not include the login.html file:
Refer to the Guidelines for Customized Web Authentication section of Wireless LAN Controller Web
Authentication Configuration Example for more information on how to create a customized web
authentication window.
Note:
Files that are large and files that have long names will result in an extraction error. It is
recommended that pictures are in .jpg format.
5.
Internet Explorer 6.0 SP1 or later is the browser recommended for the use of web authentication.
Other browsers may or may not work.
6.
Ensure that the
Scripting
option is not blocked on the client browser as the customized web page on
the WLC is basically an HTML script. On IE 6.0, this is disabled by default for security purposes.
7.
Note:
The Pop Up blocker needs to be disabled on the browser if you have configured any Pop Up
messages for the user.
Note:
If you browse to an
https
site, redirection does not work. Refer to Cisco bug ID CSCar04580
(registered customers only) for more information.
If you have a
host name
configured for the
virtual interface
of the WLC, make sure that the DNS
resolution is available for the host name of the virtual interface.
Note:
Navigate to the
Controller > Interfaces
menu from the WLC GUI in order to assign a
DNS
hostname
to the virtual interface.
8.
Sometimes the firewall installed on the client computer blocks the web authentication login page.
Disable the firewall before you try to access the login page. The firewall can be enabled again once
the web authentication is completed.
9.
Topology/solution firewall can be placed between the client and web−auth server, which depends on
the network. As for each network design/solution implemented, the end user should make sure these
ports are allowed on the network firewall.
Protocol
Port
HTTP/HTTPS Traffic
TCP port 80/443
CAPWAP Data/Control Traffic
UDP port 5247/5246
LWAPP Data/Control Traffic
(before rel 5.0)
UDP port 12222/12223
EOIP packets
IP protocol 97
Mobility
UDP port 16666 (non
secured) UDP port 16667
(secured IPSEC tunnel)
10.
For web authentication to occur, the client should first associate to the appropriate WLAN on the
WLC. Navigate to the
Monitor > Clients
menu on the WLC GUI in order to see if the client is
associated to the WLC. Check if the client has a valid IP address.
11.
Disable the Proxy Settings on the client browser until web authentication is completed.
12.
The default web authentication method is PAP. Ensure that PAP authentication is allowed on the
RADIUS server for this to work. In order to check the status of client authentication, check the
debugs and log messages from the RADIUS server. You can use the
debug aaa all
command on the
WLC to view the debugs from the RADIUS server.
13.
Update the hardware driver on the computer to the latest code from manufacturer's website.
14.
Verify settings in the supplicant (program on laptop).
15.
When you use the Windows Zero Config supplicant built into Windows:
Verify user has latest patches installed.
♦
Run debugs on supplicant.
♦
16.
On the client, turn on the EAPOL (WPA+WPA2) and RASTLS logs from a command window, Start
> Run > CMD:
netsh ras set tracing eapol enable
netsh ras set tracing rastls enable
In order to disable the logs, run the same command but replace enable with disable. For XP, all logs
will be located in C:\Windows\tracing.
17.
If you still have no login web page, collect and analyze this output from a single client:
debug client
debug dhcp message enable
18.
debug aaa all enable
debug dot1x aaa enable
debug mobility handoff enable
If the issue is not resolved after you complete these steps, collect these debugs and use the TAC
Service Request Tool (registered customers only) in order to open a Service Request.
debug pm ssh−appgw enable
debug pm ssh−tcp enable
debug pm rules enable
debug emweb server enable
debug pm ssh−engine enable packet -
10g Express Edition install doesn't start HTTP server on port 8080
I've just done (several) installs of 10g XE on a Windows XP (SP2) box which appears to install correctly, but there's nothing listening on port 8080 (which is available)
The services OracleServiceXE and OracleXETNSListener are both started (and can be stopped/restarted too).
Looking in C:\oraclexe\app\oracle\product\10.2.0\server\config\log\postDBCreation.log (and other log files in that directory), I see some worrying lines like this:
SQL> connect "SYS"/"&&sysPassword" as SYSDBA
ERROR:
ORA-12638: Credential retrieval failed
Also running SQLPLUS from a CMD window fails:
C:\oraclexe\app\oracle\product\10.2.0\server\BIN>sqlplus sys
SQL*Plus: Release 10.2.0.1.0 - Production on Thu Jun 19 15:31:59 2008
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-12638: Credential retrieval failed
I already have some Oracle client software installed, PL/SQL developer 7.0.1.1066.
ORACLE_HOME is not set.
Is there an installation log file I can examine that might indicate what's gone wrong?
Tony.Interesting error. See http://oracle-unix.blogspot.com/2007/08/ora-12638-credential-retrieval-failed.html for a blog entry (and workaround).
As for the 8080 web connection failing, I assume that this is related - the listener unable to hand off the web browser request to the Dispatcher.
Also note that by default it only listens on localhost port 8080. So using the hostname or IP of your machine won't work until that default config is changed. -
ISE web auth for non-cisco switch(D-link 3528)
Is it possible to use ISE(inline posture node) to redirect the wired users to ISE guest portal ?
And the wired users will get full network access after they pass the web auth.you can use ISE ln-line posture node with 3rd part switches
RADIUS access device must supply the following RADIUS attributes:
Calling-Station-Id (for MAC_ADDRESS)
User-Name
NAS-Port-Type
RADIUS accounting message must have the Framed-IP-Address attribute
VLAN, DACL features can be used but again it depends on switch models let us know specific switch models . Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality, -
WLC 5508 Web Auth and EAP / PEAP
Morning all, I'm looking for some clarification.
Current setup:
I work in a school, a few years age I installed a 4400 WLC and several APs as a proof of concept exercise to see whether wireless technology would be of benefit to teaching and learning. It was deemed to be so.
This summer I installed 2 x 5508 WLCs and increased AP coverage to 50 - copied over the configs from the old controller - all works fine.
Currently only the staff can access the WLANs with the exception of a public WLAN in the canteen area.
Because there are a limited number of devices, WPA2 in conjunction with MAC filtering was used. However the school wants to open the wireless network to all of the students - potentially this means up to 1000 devices that will no doubt change on a regular basis so MAC filtering is out.
In line with child protection policies I need an 'auditable' trail when students access wireless resources.
Planned setup:
I have setup a test WLAN that uses Web Auth - the WLC is configured to pass authentication requests ( through an ASA ) onto a RADIUS server which is tied into AD. I have a CA setup as well as a NAP server.
There is no layer 2 security set on the test WLAN and layer 3 is just web authentication. From any mobile device I can authenticate against AD and gain access to the Internet.
Clarification:
With no layer 2 security the WLAN is exposed so I need to introduce some form of end to end encryption - so I am looking at deploying EAP / PEAP.
Would the introduction of EAP / PEAP keep the network as secure as if I was using WPA2 ?
Many thanks.If you are web authentication you cannot use dot1x as L2 security , so EAP is not an option.
But you can use preshared security , like WPA2 AES with web auth to insure that the traffic is encrypted.
or you can define a wlan profile with dot1x security on l2 and nothing on l3 , by doing so you would definetely hit the utmost security poossible.
Check the following link which contain couple of EAP config examples:
http://www.cisco.com/en/US/partner/tech/tk722/tk809/tech_configuration_examples_list.html
Please make sure to rate correct answers -
5760 Central Web Auth with ISE
Hi,
I am having problems with getting central web auth to work on the 5760, I cant seem to find any documentation for the 5760-Central Web Auth.
The setup is with a Cisco 5760 and Cisco ISE, for guest users to be re-directed to ISE guest portal to authenticate. Has anyone configured this or have any advice, that would be great.
ThanksHi Roger,
I have gotten CWA running on the 5760 with ISE, below is the config for the guest SSID:
wlan Guest 1 TEST-guest
aaa-override
ip dhcp required
mac-filtering cwa_macfilter
mobility anchor 10.1.1.100
nac
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security dot1x authentication-list ISE_Auth_Group
session-timeout 14400
no shutdown
! ***You will need the following commands as well:
ip http server
ip http authentication local
ip http secure-server
aaa authentication login ISE_Auth_Group group ISE
aaa authorization network cwa_macfilter group ISE
Hope it helps =) -
Port 8080 is already bound error when i try to bind it with Tomcat
Hi,
I use Oracle 9i AS version 2 on Sun Solaris.
I start the oracle service with the following shell script
#orastart.sh
ORACLE_BASE=/users/ora9ias
export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/orainfra
export ORACLE_HOME
ORACLE_SID=iasdb
export ORACLE_SID
LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib:/usr/local/lib
export LD_LIBRARY_PATH
PATH=${PATH}:$ORACLE_HOME/bin:$ORACLE_HOME/Apache/Apache/bin
PATH=${PATH}:$ORACLE_HOME/dcm/bin:$ORACLE_HOME/opmn/bin
export PATH
lsnrctl start
sqlplus
#Enter user-name: connect as sysdba
#Enter password: manager
#SQL>startup
#SQL>exit
oidmon start
oidctl server=oidldapd instance=1 configset=1 start
dcmctl start -cl
I also run Tomcat Web Server on port 8080.
When I run the orastart.sh before running the Tomcat Web Server than I am not able to run the web server because the port 8080 is already bound by some process in Oracle 9i AS.
If I run the web server first than the orastart.sh then there is no problem in anything.
As per requirements by the client we have to run the web server on port 8080 only. There is absolutely no guarantee that the client will run the processes in some specified order i.e. orastart first then Tomcat or vice-versa. Please provide me help so that i can change the port 8080 used by some oracle process to some other port number, so that it does not conflict with the port 8080 used by Tomcat.
AnuragHi Tugdual,
I have done as u have mentioned, but in $ORACLE_HOME/install/portlist.ini there is no service that listens to the port 8080.
I only get this problem when I run my script before running the Tomcat web server, when i run the Tomcat web server before the script then i face no problem.
I am also pasting the output of the lsnrctl command. This shows that Oracle 9i AS is listening to port 8080.
LSNRCTL> stat
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Solaris: Version 9.0.1.3.0 - Production
Start Date 26-NOV-2003 12:18:09
Uptime 0 days 2 hr. 13 min. 16 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File /users/ora9ias/orainfra/network/admin/listener.ora
Listener Log File /users/ora9ias/orainfra/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ikon.india.ipolicynet.com)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=0.0.0.0)(PORT=2482))(PRESENTATION=GIOP)(SESSION=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=2481))(PRESENTATION=GIOP)(SESSION=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=0.0.0.0)(PORT=9090))(PRESENTATION=http://admin)(SESSION=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=8080))(PRESENTATION=http://admin)(SESSION=RAW))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "iasdb.ikon.india.ipolicynet.com" has 2 instance(s).
Instance "iasdb", status UNKNOWN, has 1 handler(s) for this service...
Instance "iasdb", status READY, has 3 handler(s) for this service...
The command completed successfully
LSNRCTL>
Please help me in this, as this is very urgent. Our client already uses the Oracle 9i AS 2 (on Solaris) for some other application and I have to use the same machine and also the client wants the Tomcat web server to listen to port 8080 only. He has asked us to change the port of Oracle 9i Service that uses the port 8080.
thanx
Anurag -
I am trying to setup a scenario where a user logs in via Web Auth and witha successfull connection the Mac Address is remembered for 7 days. That way if the user connects again during the course of 7 days they aren't required to authenticate via web auth again they just get access. After 7 days they will need to login again through the web auth. Similar scenario to what you see at a Hotel wireless network. Anyone know how I would go about setting up the dyanmic mac filtering and set the timer for 7 days? With that said I want it to be for a single SSID.
well, it's not possible with just the WLC.
You can do it, but you need to have a way to pull the MAC address from the webauth page, and insert that into a LDAP db, which you control the age out process in.
Then on a subsequent visits they get mac-authed instead of having to re-accept the page.
in the webauth config you would check the On MAC filter failure box.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered
Maybe you are looking for
-
Microsoft Office Professional Plus 2010 VBA error
This question has been asked many times and I have yet to find an answer that actually works. I am running Windows 7 Professional with Microsoft Office Professional Plus 2010. It has been working perfectly until now. When I start Word I get the er
-
Budget Error BP629 Eventhough budget already exists.
Hi We have migrated into BCS from FBS, now we are facing the probelm the newly posted budget which is posted from FMBB. Profile we are using 101 with Payment budget. Scenario Example: Budget Uploaded in F1+FC1+CI1 = 10000 FMAVCR01 is showing in Consu
-
Display custom attributes in UWL view
Hi all, we're using the UWL to display SAP Business Workflow items of an SAP ERP system within SAP Portal 7.3 EHP1. The workflow items have some custom attributes we want to display within a custom UWL view. The following image shows the basic data f
-
Transforming xml and DataGrids
Hello I am reading data from a large xml file. I read it in using HTTPService and the result type is "E4X". It contains information about items in a warehouse. like this <Inventory> <warehouse name="Texas"> <chairs count="900"/> <tables count="40"/>
-
how to replace an existing .com with a ready to publish Muse site?