Does WLC 5508 Support LDAPS - Port 636

Similar Messages

• LDAP-Connector with LDAPS (Port 636)

  Hello everybody,
  i had read some answers but not the right in my opinion.
  I want to connect with the LDAP-Connector (T-Code: LDAP) with an LDAP-Server (OpenDS) over LDAPS (Port 636)?
  But I had read some Notes (456666 and 517755) which describs thats not poosible to connect on a LDAP-Server over LDAPS when the host-system is Linux-based, is it true?
  And one solution is to take the ldap_rfc.exe on a windows-based and use this, is this also right? and if it is rigth, how can i do this?
  The connection to OpenDS-LDAP-Server over Port 389 (LDAP) works fine also syncronisation of attributes.
  Eventually are exists other solutions for my very big problem.
  sorry for my bad english
  regards rene

  Hello René,
  SAP note 456666 is correct. Maintaining the LDAP (LDAPS) connection to the directory service is the task of the LDAP client library, which is not provided by SAP, but by the OS vendor of the system where the LDAP connector is located.
  Only the OS vendor can help on the task of configuring LDAPS with their implementation of the LDAP client library.
  If you intend to use a WIndows then yes, it should work: see the "Solution" section of note 456666.
  You can also refer:
  I hope this helps.
  All the best,
  Cristiano

• Does WLC 5508 (7.2) support PEAP to MS radius?

  Hi,
  I'm running version  7.2.111.3 on my WLC 5508 and I try to figure out how I can set PEAP towards my configurerd Radius servers.
  On my Local EAP profile I can specify PEAP, but how is it default configurerd when you just specify the radius servers on the "WLANs > Edit Test > security > AAA servers tab ?
  The MS radius logs tell me that it is EAP and not PEAP, so the questions is does the WLC support Microsoft: Protected EAP ???
  Dot1x_NW_MsgTask_0: Oct 10 11:02:27.279: 24:77:03:07:75:28 AAA EAP Packet created request = 0x1bd4647c.. !!!! -> should be AAA PEAP ???
  *Dot1x_NW_MsgTask_0: Oct 10 11:02:27.279: 24:77:03:07:75:28 Sending EAP Attribute (code=2, length=35, id=2) for mobile 24:77:03:07:75:28
  *Dot1x_NW_MsgTask_0: Oct 10 11:02:27.280: 24:77:03:07:75:28 [BE-req] Radius  EAP/Local WLAN 3.
  Thanks in advance,
  Michel

  you're right +5. looks like it sort of gives more granular selection/priority, if we don't want to use any AAA from global when all the configured AAA on WLAN failed then it will be useful.
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html
  Step 16
  Select the
  Network User
  check box to enable network user authentication (or accounting), or unselect it to disable this feature. The default value is selected. If you enable this feature, this entry is considered the RADIUS authentication (or accounting) server for network users. If you did not configure a RADIUS server entry on the WLAN, you must enable this option for network users.

• WLC 5508 support of Secure LDAP using TLS

  Hi,
  I have seen that the current WLC software release, 7.0.116.0, does not support secure LDAP using TLS. Are there any plans to incorporate this feature? (I've read that it was supported in previous releases to version 4.2). Is it in the roadmap of the product?
  Thank you very much for your help.
  Kind regards,

  I too am desiring this functionality.,,

• WLC 5508 custom syslog port

  We're using a Kibana server that utilizes udp port 1514, instead of the normal port 514. There doesn't appear to be a place to specify a custom port number. Does anyone know of a place to change this? If not, is Cisco going to provide a software fix for this? I can do it on our ASA easily.

  Unfortunately you cannot change syslog port in any of the legacy controllers (5508/2504/etc). Here is a post on the same topic
  https://supportforums.cisco.com/thread/2239795
  If it is NGWC (like 3850,etc) you can do this as it runs on IOS-XE instead of Aironet software image.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• How many AP will wlc 5508 support in HREAP Groups?

  Hi,
  I have a new deployment of 44 3502i AP's in 3 buildings at one of my campus'.
  The 5508 wlc is running latest 7.0.116.0 code.
  I have some users who take their work with them as they go from location to location on this campus.
  They need to be able to smoothly switch from AP to AP without having to reauthenticate each time the next AP takes over in the handoff.
  On the ssid in question we run 802.1x back to 1 auth server; there is no failover auth server.
  All APs are in one AP Group.
  My thought is to add all 44 of the APs to one HREAP Group.
  Will this be the best/simplest solution?
  Thank you

  Scott,
  Thanks!
  I thought hreap groups had a hard limit but I could not remember and I did not find the document when I went looking.
  That was exactly my question, how many APs can be in an hreap group.
  Since I have 44 APs I will probably break it into 2 hreap groups. The office group and the DC group.

• WLC 5508 and AIR-LAP1042N

  Hi everyone!
  Question is simple, but I cannot find it in google.
  Does WLC 5508 support AIR-LAP1042N?
  Reagrds,
  Aleksei

  One more question.
  What poe injector is supported on AIR-LAP1042N?
  I have found poe injectors for other APs.
  1.AIR-PWR-B=
  2.AIR-PWRINJ4
  Will anyone of these support this AP?

• WLC 5508 and Microsoft Radius Server 2008

  Hi, I am trying to setup WLC 5508 for a customer who want to use MS NPS for Radius authentication, however there aren't many good documents showing how to configure the MS NPS.
  I have couple of questions:
  1, Does WLC 5508 support MS NPS on Server 2008 R2?
  2, Are there any good document showing how to configure this?
  Thanks

  Hadisharifi,
  There is no single document that we can pick for configuring WLC and NPS. However, you may visit the below listed document for NPS  and WLC side configuration:
  Configure the WLC for RADIUS Authentication through an External RADIUS Server
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml#c2
  Fo the NPS side configuration, you may consider the attached document.
  Regds,
  JK
  Do rate helpful posts-

• WLC 5508 LDAP Windows 2008 Server - auth based on AD groups

  hi NG,
  i'm trying to web-authenticate my Wifi user of an WLC 5508 against LDAP.
  Thereby i'm trying to autenticate all users within a GROUP, not an OU within the MS Active Directory based upon an Windows 2008 Server.
  I can authenticate against a user, witch is beeing put into an OU, according to examples based here: https://www.cisco.com/en/US/products/ps6366/prod_configuration_examples_list.html
  Checking based upon Users within OUs works fine.
  But i have not got all of those users wihin one single OU!
  Need help for following:    LDAP-Auth based on AD Groups:
  Using:
  MS-Domain:                          MY-DOMAIN.CH
  AD-GROUP:                          VPN-USERS
  AD-Structure:
  MY-DOMAIN.CH
  |
  GROUPS
          |
      Administrative Groups
                        |
                   VPN-USERS
                            (-> Member of this Groups (Wireless1, Wirless2, ...)
  Server Adress:               IP.IP.IP.IP
  Port:                                 389
  Enable Server Stats      YES
  Simple Bind                    Authenticated
  Bind Username              LDAP-USER
  Bind Password               supersecret
  Bind Passw. confirm      supersecret
  User Base DN:               ?-1-?
  User Attribute:                ?-2-?
  User Object Type:          Person
  Server Timeout               2
  What happens for instance, if i put a GROUP within a GROUP regarding the LDAP Authentication.
  I guess i have to authenticate against the "upper" GROUP, or do i have to create an entry on the WLC for every GROUP i'm questoning?
  Could some one provide my with an example, since i have not found documentation regarding this topic.
  Thank you.

  Hi,
  User Base DN : this is in case you want to restrict the search area. If you put "dc=mydomain,dc=CH", you will search your whole AD. Depending on the size, it can be slow ...
  Remember that the User Base DN is also used for the admin user.
  In conclusion, User Base DN should be the most restrictive path that leads to both the admins and the users you want to authenticate.
  Example :
  OU=Employees,OU=Humans,DC=Mydomain,DC=CH
  This would prevent to search in machines or any assets. This implies that the admin you bind with is an employee and you are only authenticating employees. You can have any number of OUs under employees, it doesn't matter
  Attribute : This is the object attribute that the WLC uses to compare with the user name. In general, you would go with sAMAccountName in AD. CN would be another common example for LDAP databases.
  If what you are looking for is to restrict access and only authenticate people who belong to a certain group. Then you need a radius server like ACS.
  That server will be able to make selections and check the "memberOf" attribute to make sure it is in a certain group.
  Nicolas
  ===
  Don't forget to rate answers that you find useful

• Does MSIKT4V Supports game port?

  Hi, i've built my pc myself using MSI KT4V motherboard, athlon xp 2200, with 512MB DDR RAM. And the realtek sound card was built in.
  I tried to install a cmedia 8738 sound card for it's gameport. I can get everything enable in the device manager but when i plug joypad into the gameport, nothing happens...???
  Does my motherboard support game port, or what kind of problem am i looking at here?Software or hardware??
  Thanks !!

  I had the same problem with a logitech joystick I had... but I was using a sound blaster sound card, every time I tried to install it it would crash or do something I didn't like, I actually had to get the updated driver from logitech and then it worked sweet.  But that will only work if the gameport is being detected, you might need to visit C-Media's website to obtain the latest drivers for that card, if after all that it still doesn't work I recommend updating to a creative sound card, those work good with KT4V  

• Error in people search when connecting through ldaps port

  Hello,
  I am getting following error when doing windows people search through ldaps port(636).
  The specified directory service could not be reached.
  The service may be temporarily unavailable or the server name may be incorrect.
  It is working fine when i am connecting thro ldap port.
  Could any one help me in this regard
  -mala

  Just setting the port in the console does not enable SSL. Do you have a certificate installed on that instance? If so, does your ldap client have that certificate (or its CA certificate) as a trusted cert? If not, you may need to run certutil to create/update the client certificate database.

• WLC 5508, LAP1262, Security Features Design

  Dears,
  I am planning to get the following Hardware;
  AIR-CT5508-50-K9
  5508 Series Controller for up to 50 APs
  AIR-LAP1262N-E-K9
  802.11a/g/n Ctrlr-based AP; Ext Ant; E Reg Domain
  During my design, i am considering to get the following security features.
  NOTE: I don't have WCS and Mobility Services Engine (MSE).
  Managing Access Points at remote/WAN office.
  wIPS configuration (without WCS and MSE)
  How Rouge APs will be detected and Prevented. Can Automated prevention be implemented.
  Is wIPS (with WLC 5508) support to detect and prevent Rouge AP.
  Is Proxy Redirection supported on WLC so that the traffic from Wireless clients will automatically be redirected to Proxy (without adding the proxy in explorers of Wireless Clients).
  Unfortunatelly i dont have LAB to test these features, so please respond.......

  Dear Scott,
  Thanks for your detailed response. I still have confusion regarding the Point5. Find the following details;
  Current Design:
  All the Internet traffic (http, https) for Wired and Wireless users is forwarded to proxy server (microsoft ISA/10.1.100.1)) for internet access.
  For this purpose, all users have to add proxy to their explorers.
  New Design/Requirements for Wireless Guest Users:
  For the Wireless Guests users to get internet, they will have to add the proxy in their Explorers.
  I would like to provide them Internet Access without additing proxy in their Explorers (not to bother them with configuring their laptops).
  Is it possible, if WLC can automatically redirect the Internet traffic from Guests users to proxy Server (10.1.100.1).

• How many AP does 2504 Controller Supports

  Hi,
  I would like to know how many AP's does WLC 2504 supports? As per the data sheets it supports 75 AP then why is the part number is still AIR-CT2504-50-K9 (where 50 is AP?)
  Thanks.
  Shakeer.

  Hi Shakeer,
  You are correct as per model AIR-CT2504-50-K9, 50 means that the maximum number of APs supported on this WLC is 50.
  But, 7.4 WLC release increased scale on 2504 WLC. Previously, it could support max of 50 APs.
  From the 7.4 WLC release notes:
  "Increased scale for Cisco 2500 Series Controllers to support 75 access points and 1000 clients."
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
  I suggest if you upgrade to 7.4 you will get the full AP count as expected.
  HTH.
  Thanks,
  Ishant
  *** Please rate the post if you find it useful ***

• Whether WLC support LDAP Secure ?..

  Hi ,
  We are using 5508 WLC with software version of 7.4.100.60 . Whether this code will support that ? When we tried LDAP on with port number 389 , we are able to authenticate the user . But with LDAPS on port number 636 we are not getting response from AD?
  Any clue on this...
  Thanks,
  Regards,
  Vijay.

  You can change the port, but you are not changing how it communicates by changing the port. If you search for WLC LDAP Configuration, you will not see any reference to supporting LDAPS. If there was a setting on the WLC to choose to use LDAP or LDAPS, then it would work. You have also tested it and you can see it doesn't work. Sniff the traffic and see if it is secure or not as that will also tell you.
  You can alway contact your local SE and put in for a feature request for that.
  Sent from Cisco Technical Support iPhone App

• Change WLC 5508 port speed

  I connect a copper SFP on port 2 of WLC 5508 to a ASA 5510 firewall.  The links between two devices are down.  Since ASA 5510 only support 100 full, how do I change port speed on port 2 to 100.
  Thanks

  Does this mean, I couldn't change port speed on the WLC?
  Yes you can.  You can change the speed setting to GIGABIT, nothing less. 
  Why do I need to buy another Gigbit switch for 2 connection?
  What do you mean by "another"????   Do you have an existing GigabitEthernet switch that you can connect the WLC into?
  You need a GigabitEthernet port to connect the WLC's GigabitEthernet port.  And then you can have a FastEthernet port to connect the SAME SWITCH to your ASA.
  WLC --- (1000BaseTx) --- Switch --- (10/100BaseTx) --- ASA
  Does this make sense to you?