Guest Wireless Tunnelling - DHCP Issue
Hi,
I'm attempting to implement Guest Anchor tunnelling between two WLC's but I've run into an odd issue I cannot find a clear answer to.
We have two 5508 WLC's, both Running 7.4.100.0.
The Guest Anchor Controller obviously resides in a DMZ, it's functionality has been proven by connecting an AP directly to it, and connecting the the guest WLAN.
The two controllers have been configured as Mobility Peers, the Mobility Tunnel between them is up (mping and eping both successful, status is up).
The Guest WLAN has been replicated on both controllers, I have set the Mobility Anchor on the WLAN. The Guest Anchor has itself as the mobility anchor and the Internal Controller has the Guest Anchor set.
DHCP is provided by the Guest Anchor's internal DHCP Server. DHCP Proxy is enabled on both Controllers, with the Option 82 format set to AP-MAC. Both Controllers WLAN settings are set to DHCP Server Override, pointed to the Management IP of the Guest Anchor and DHCP Addr. Assignment required.
The problem I'm experiencing is with connecting clients through the Internal WLC. The Client Associates to the Internal WLC and obtains a lease from the Guest Anchor and connects to the network. A few seconds later the client is dessociated from the internal controller. On every subsequent connection attempt, the client does not recieve a response to it's DHCP Requests, and hence ends up with an apipa address.
The Message logs on two controllers return the following errors:
INTERNAL CONTROLLER:
*apfReceiveTask: Jun 27 14:03:25.839: #APF-4-HANDOFF_END_RCVD: apf_mm.c:1626 Handoff end received in wrong role (peer Ip: 0.0.0.0, sender:GUEST_ANCHOR_IP, Role:0) for mobile Client_MAC
GUEST ANCHOR CONTROLLER:
*DHCP Server: Jun 27 14:03:14.466: #DHCP-4-REQIP_NOT_PRESENT: dhcpd.c:559 Received a packet without a requested ip!.
Has anyone else seen similar behaviour? Does anyone have an ideas what might be causing this?
Many Thanks,
Paul
Hi George,
Thanks for the reply.
The Guest WLAN on the Internal Controller is Anchored to the WLC in the DMZ. The Guest Anchor is anchored to itself.
There are only two controllers in the configuration, so breaking off one of the Anchors isn't really an option.
I have tested the Guest Anchor as a Standalone WLC by connecting an AP directly to it, in that configuration DHCP works as expected.
Similar Messages
-
Using X3500 as a Wireless Extender DHCP issue iPhone 6
Hi
Hopefully a simple question with a simple answer.
Background:
I've transitioned away from my ADSL ISP to a cable provider (VirginMedia). My new ISP comes with a cable modem (SuperHub 2 ac) and I've connected the two devices together to extend my home wireless network. The cable modem is The two routers are physically remote from each other - connected via just their Ethernet ports - via power-line technology (Devolo dLAN 1200+). The two routers have the same broadcast SSID albeit on separate channels.
Issue:
All devices in my house, laptops tablets, phones roam between the two wi-fi zones seamlessly *except* the iPhone 6 (iOS8.1), this works on the cable modem wi-fi - but not on the X3500 wi-fi. I also have an iPad Mini 2 (also iOS8.1) which also works - so rightly / wrongly I've ruled out iO8.1 as the issue. Oddly the iPhone 6 connects to the x3500 but doesn't obtain an IP address (the cable modem is the DHCP server). Even setting a static IP address doesn't help.
Observation(s):
If the X3500 is setup as a DHCP server, the iPhoen connects (and gets an IP address), but then the default gateway is incorrect (gatway is the IP address of the X3500 not the remote cable modem). I can't find anywhere to specify a default gateway in the setup.
Question
I'm beginning to think this is an issue with the iPhone 6 (knowing all other devices work correctly), but I just want to make sure I'm configuring the X3500 correctly. I'm specifically interested in the whether I'm using the right "Mode"ADSL / Ethernet. I've tried "Bridged Mode Only" (ADSL) and "Automatic DCHP Only" (Ethernet) but neither seem to resolve the issue that the iPhone 6 is having.
any suggestions on how to resolve / troubleshoot would be most welcomed.
Thanks!
Solved!
Go to Solution.Yes, there's a way for you to override the IP Address. It is on Router Address under Network Setup on the Basic Setup tab. If I'm not mistaken, one end of the Ethernet cable should be connected to the regular Ethernet port of the cable modem and the other end to the cable port of the X3500.
But if it's just the iPhone that won't connect to the X3500, it might be okay to retain the current configuration of the router, but try adjusting the wireless security mode or set the wireless channel to 11 and observe what happens. -
Extending Wireless Network - DHCP Issues
I have an Airport Extreme 802.11n and I want to extend the range of it with my Airport Express 802.11n. I found the "Designing Airport Networks Using Airport Utility" from the Apple support page. "Extending the Range of an 802.11n Network" on page 46 says to manually set up. Under "wireless" when I check the box to "Allow this network to be extended" I get a dialog box that says, Correct the 2 problems below before updating this Apple device. Those problems are DHCP Beginning Address 10.0.1.2 and DHCP Ending Address 10.0.1.200. The Airport Extreme has the IP Address of 10.0.1.33. It says the DHCP range you have entered conflicts with the WAN IP address of your wireless device. If I limit the beginning address to start at 10.0.1.34 should that solve my issue? Any help is appreciated.
Thank You!Sorry but I should have read your original post closer.
Since you already have a router distributing IP addresses, you don't need the AEBS doing that. Configure your AEBS so that it is acting as a bridge (not sharing a single IP address). -
Guest wireless in 7.0.98 hitting the splash page
I have set up Guest wireless before with my own customized splash screen for local authentication on version 5.xx on a 4404 controller.
I have the same task again but this time with a 2201 controller and the latest ios.
Try as hard as I can i cannot get a guest wireless user to hit the splash page where it gives the certificate warning or past that to the login box.
Is there some subtle difference in the set up with 7.0.98. I did notice that when setting up the DHCP scope for the 7.0.98 i had to use the DHCP server IP as the managment interface. On my last try with 5.x I used the 192.168.80.1 address (the guest WLAN) So there is a difference right there.
Anyway the clients get an IP address so no issue there but i cannot get the cert warning up let alone the splash page. Eveidently there is a tick box I am missing. I wouldnt mide but having done this a few times before I am really stumped. I have wiped the config and started again going through my old notes step by step plus digging out the cisco documentation.
If there any debugging I can stick on please let me know.
Thanks,
NeilThank you :-) Hopefully I have captured everything you need.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.06.27 09:22:56 =~=~=~=~=~=~=~=~=~=~=~=
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-WLC2112-K9, VID: V05, SN: JMX1520Z02W
Burned-in MAC Address............................ 64:00:F1:91:76:40
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.98.0
RTOS Version..................................... 7.0.98.0
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 7.0.98.0
Build Type....................................... DATA + WPS
System Name...................................... GB-LON-WLC1
System Location.................................. London GHO
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 10.y.y.22
System Up Time................................... 2 days 20 hrs 45 mins 31 secs
System Timezone Location.........................
Configured Country............................... GB - United Kingdom
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +48 C
--More or (q)uit current module or to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 0
Burned-in MAC Address............................ 64:00:F1:91:76:40
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. lon
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Multicast Address : 239.0.1.1
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE
1 Normal Forw Enable Auto 100 Full Up Enable N/A
2 Normal Disa Enable Auto Auto Down Enable N/A
3 Normal Disa Enable Auto Auto Down Enable N/A
4 Normal Disa Enable Auto Auto Down Enable N/A
5 Normal Disa Enable Auto Auto Down Enable N/A
6 Normal Disa Enable Auto Auto Down Enable N/A
7 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
8 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
londonap1 2 AIR-LAP1131G-E-K9 00:21:d8:48:2b:96 London GHO 1 GB 1
Press Enter to continue or to abort
AP Location
Site Name........................................ GUEST
Site Description................................. GUEST - WebAuth - London
WLAN ID Interface Network Admission Control
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 london-vlan10 Disabled
2 london-guest Disabled
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GB-LONdon 2 AIR-LAP1131G-E-K9 00:21:d8:48:2b:96 London GHO 1 GB 1
--More or (q)uit current module or to abort
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 8
Cisco AP Name.................................... Gb-london
Country code..................................... GB - United Kingdom
Regulatory Domain allowed by Country............. 802.11bg:-E 802.11a:-E
AP Country code.................................. GB - United Kingdom
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:48:2b:96
IP Address Configuration......................... DHCP
IP Address....................................... 10.y.y.12
IP NetMask....................................... 255.255.254.0
Gateway IP Addr.................................. 10.y.y.1
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Disabled
Cisco AP Location................................ London
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................ London
Primary Cisco Switch IP Address.................. 10.y.y.22
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.98.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131G-E-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FCW1244V0FQ
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 2 days, 10 h 19 m 12 s
AP LWAPP Up Time................................. 0 days, 00 h 32 m 36 s
Join Date and Time............................... Mon Jun 27 07:50:18 2011
Join Taken Time.................................. 0 days, 00 h 00 m 31 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211g
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
--More or (q)uit current module or to abort
Number Of WLANs ........................... 2
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:23:5e:4a:f9:b0
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ GB
--More or (q)uit current module or to abort
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 13
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 6
Tx Power Level 1 .......................... 14 dBm
Tx Power Level 2 .......................... 11 dBm
Tx Power Level 3 .......................... 8 dBm
Tx Power Level 4 .......................... 5 dBm
Tx Power Level 5 .......................... 2 dBm
Tx Power Level 6 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
--More or (q)uit current module or to abort
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11,12,
......................................... 13
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
--More or (q)uit current module or to abort
CleanAir Management Information
CleanAir Capable......................... No
AP does not have the 802.11a radio.
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Number Of Slots.................................. 2
AP Name.......................................... londonap1
MAC Address...................................... 00:21:d8:48:2b:96
Slot ID........................................ 0
Radio Type..................................... RADIO_TYPE_80211b/g
Sub-band Type.................................. All
Noise Information
Noise Profile................................ PASSED
Channel 1.................................... -91 dBm
Channel 2.................................... -88 dBm
Channel 3.................................... -88 dBm
Channel 4.................................... -86 dBm
Channel 5.................................... -86 dBm
Channel 6.................................... -87 dBm
Channel 7.................................... -84 dBm
Channel 8.................................... -88 dBm
Channel 9.................................... -90 dBm
Channel 10................................... -85 dBm
Channel 11................................... -83 dBm
Channel 12................................... -89 dBm
Channel 13................................... -89 dBm
Interference Information
--More or (q)uit current module or to abort
Interference Profile......................... PASSED
Channel 1.................................... -63 dBm @ 1 % busy
Channel 2.................................... -128 dBm @ 0 % busy
Channel 3.................................... -63 dBm @ 2 % busy
Channel 4.................................... -46 dBm @ 8 % busy
Channel 5.................................... -44 dBm @ 2 % busy
Channel 6.................................... -64 dBm @ 1 % busy
Channel 7.................................... -46 dBm @ 4 % busy
Channel 8.................................... -128 dBm @ 0 % busy
Channel 9.................................... -70 dBm @ 4 % busy
Channel 10................................... -128 dBm @ 0 % busy
Channel 11................................... -65 dBm @ 14 % busy
Channel 12................................... -128 dBm @ 0 % busy
Channel 13................................... -128 dBm @ 0 % busy
Load Information
Load Profile................................. PASSED
Receive Utilization.......................... 0 %
Transmit Utilization......................... 9 %
Channel Utilization.......................... 14 %
Attached Clients............................. 0 clients
Coverage Information
Coverage Profile............................. PASSED
Failed Clients............................... 0 clients
--More or (q)uit current module or to abort
Client Signal Strengths
RSSI -100 dbm................................ 0 clients
RSSI -92 dbm................................ 0 clients
RSSI -84 dbm................................ 0 clients
RSSI -76 dbm................................ 0 clients
RSSI -68 dbm................................ 0 clients
RSSI -60 dbm................................ 0 clients
RSSI -52 dbm................................ 0 clients
Client Signal To Noise Ratios
SNR 0 dB.................................. 0 clients
SNR 5 dB.................................. 0 clients
SNR 10 dB.................................. 0 clients
SNR 15 dB.................................. 0 clients
SNR 20 dB.................................. 0 clients
SNR 25 dB.................................. 0 clients
SNR 30 dB.................................. 0 clients
SNR 35 dB.................................. 0 clients
SNR 40 dB.................................. 0 clients
SNR 45 dB.................................. 0 clients
Nearby APs
Radar Information
Channel Assignment Information
Current Channel Average Energy............... unknown
--More or (q)uit current module or to abort
Previous Channel Average Energy.............. unknown
Channel Change Count......................... 0
Last Channel Change Time..................... Mon Jun 27 07:50:15 2011
Recommended Best Channel..................... 1
RF Parameter Recommendations
Power Level.................................. 1
RTS/CTS Threshold............................ 2347
Fragmentation Tnreshold...................... 2346
Antenna Pattern.............................. 0
Persistent Interference Devices
Classtype Channel DC (%%) RSSI (dBm) Last Update Time
All third party trademarks are the property of their respective owners.
AP does not have the 802.11a radio.
Press Enter to continue or to abort
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Enabled
Priority 5............................... Enabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Guard Interval .............................. Any
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More or (q)uit current module or to abort
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice max limit on number of call............. 0
CAC SIP-Voice configuration
SIP Codec Type ............................... CODEC_TYPE_G711
--More or (q)uit current module or to abort
SIP call bandwidth ........................... 64
SIP call bandwith sample-size ................ 20
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Best-effort AC - Admission control (ACM)...... Disabled
Background AC - Admission control (ACM)....... Disabled
Press Enter to continue or to abort
802.11a Advanced Configuration
AP Name MAC Address Admin State Operation State Channel TxPower
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -100 dBm
Max Transmit Power............................. 100 dBm
Transmit Power Update Contribution............. SNI..
Transmit Power Assignment Leader............... GB-LON-WLC1 (10.y.y.22)
Last Run....................................... 116 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI..
CleanAir Event-driven RRM option............... Disabled
CleanAir Event-driven RRM sensitivity.......... Medium
Channel Assignment Leader...................... GB-LON-WLC1 (10.y.y.22)
Last Run....................................... 116 seconds ago
DCA Sensitivity Level.......................... MEDIUM (15 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
--More or (q)uit current module or to abort
Radio RF Grouping
802.11a Group Mode............................. AUTO
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... GB-LON-WLC1 (10.44.64.22)
802.11a Group Member......................... GB-LON-WLC1 (10.44.64.22)
802.11a Last Run............................... 116 seconds ago
802.11a CleanAir Configuration
Clean Air Solution............................... Disabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35
Interference Device Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
TDD Transmitter.......................... Enabled
Jammer................................... Enabled
Continuous Transmitter................... Enabled
DECT-like Phone.......................... Enabled
Video Camera............................. Enabled
WiFi Inverted............................ Enabled
--More or (q)uit current module or to abort
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Enabled
Canopy................................... Enabled
WiMax Mobile............................. Enabled
WiMax Fixed.............................. Enabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
TDD Transmitter.......................... Disabled
Jammer................................... Enabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Disabled
Canopy................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Additional Clean Air Settings:
CleanAir Event-driven RRM State.............. Disabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
--More or (q)uit current module or to abort
802.11a CleanAir AirQuality Summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
Press Enter to continue or to abort
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Enabled
Priority 5............................... Enabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Guard Interval .............................. Any
Beacon Interval.................................. 100
--More or (q)uit current module or to abort
CF Pollable mode................................. Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
--More or (q)uit current module or to abort
Voice AC - Admission control (ACM)............ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice max limit on number of call............. 0
CAC SIP-Voice configuration
SIP Codec Type ............................... CODEC_TYPE_G711
SIP call bandwidth: .......................... 64
SIP call bandwidth sample-size ............... 20
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
Best-effort AC - Admission control (ACM)...... Disabled
Background AC - Admission control (ACM)....... Disabled
Press Enter to continue or to abort
802.11b Advanced Configuration
AP Name MAC Address Admin State Operation State Channel TxPower
londonap1 00:23:5e:4a:f9:b0 ENABLED UP 1* 1(*)
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
--More or (q)uit current module or to abort
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -100 dBm
Max Transmit Power............................. 100 dBm
Transmit Power Update Contribution............. SNI..
Transmit Power Assignment Leader............... GB-LON-WLC1 (10.44.64.22)
Last Run....................................... 530 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds
--More or (q)uit current module or to abort
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI..
CleanAir Event-driven RRM option............... Disabled
CleanAir Event-driven RRM sensitivity.......... Medium
Channel Assignment Leader...................... GB-LON-WLC1 (10.44.64.22)
Last Run....................................... 530 seconds ago
DCA Sensitivity Level: ...................... MEDIUM (10 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... 0 days, 00 h 33 m 07 s
Average...................................... 0 days, 00 h 33 m 07 s
Maximum...................................... 0 days, 00 h 33 m 07 s
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... GB-LON-WLC1 (10.44.64.22)
--More or (q)uit current module or to abort
802.11b Group Member......................... GB-LON-WLC1 (10.44.64.22)
802.11b Last Run............................... 530 seconds ago
802.11a CleanAir Configuration
Clean Air Solution............................... Disabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35
Interference Device Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
Bluetooth Link........................... Enabled
Microwave Oven........................... Enabled
802.11 FH................................ Enabled
Bluetooth Discovery...................... Enabled
TDD Transmitter.......................... Enabled
Jammer................................... Enabled
Continuous Transmitter................... Enabled
DECT-like Phone.......................... Enabled
Video Camera............................. Enabled
802.15.4................................. Enabled
--More or (q)uit current module or to abort
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Enabled
Canopy................................... Enabled
Xbox..................................... Enabled
WiMax Mobile............................. Enabled
WiMax Fixed.............................. Enabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
Bluetooth Link........................... Disabled
Microwave Oven........................... Disabled
802.11 FH................................ Disabled
Bluetooth Discovery...................... Disabled
TDD Transmitter.......................... Disabled
Jammer................................... Enabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
802.15.4................................. Disabled
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Disabled
Canopy................................... Disabled
--More or (q)uit current module or to abort
Xbox..................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Additional Clean Air Settings:
CleanAir Event-driven RRM State.............. Disabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
802.11a CleanAir AirQuality Summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
Press Enter to continue or to abort
q
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... lon
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x209c
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Status
64:00:f1:91:76:40 10.44.64.22 lon 0.0.0.0 Up
Press Enter to continue or to abort
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 2
Probe request rate-limiting interval............. 500 msec
Aggregate Probe request interval................. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Press Enter to continue or to abort
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango State:Disabled
Press Enter to continue or to abort
Interface Configuration
Interface Name................................... ap-manager
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.y.y.23
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.y.y.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Physical Port.................................... 1
Primary DHCP Server.............................. 10.y.y.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... guest
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 192.168.x.1
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.x.2
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 80
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... london-vlan10
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.x.x.149
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.x.x.20
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 10
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 10.44.64.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... management
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.y.y.22
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.y.y.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 10.y.y.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
Press Enter to continue or to abort
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... corporate
Network Name (SSID).............................. corporate
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ london-vlan10
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More or (q)uit current module or to abort
WLAN Configuration
WLAN Identifier.................................. 2
Profile Name..................................... Guest
Network Name (SSID).............................. GUEST
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ Guest-network
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.44.64.22
DHCP Address Assignment Required................. Enabled
--More or (q)uit current module or to abort
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
--More or (q)uit current module or to abort
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More or (q)uit current module or to abort
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
Press Enter to continue or to abort
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimite -
Guest wireless - too slow to get an IP
Hi All,
I am testing our new guest wireless using anchor controllers in the DMZ. The data path and the control path are both up and I can do eping and mping. The WLAN is configured to do a web passthrough. Whenever I try connecting to this new guest SSID, it always gets a 169.254.x.x address and it takes about 60 to 90 seconds before I get the right IP.
Currently, I am using the internal DHCP server on the anchor controllers since I only have a couple of users testing it but eventually I am planning to move the DHCP services to an external server.
Does anyone know why it is taking a long time to get an IP and start working? The client's MAC address shows up on the foreign controller and shows the status as associated and the policy manager status shows "RUN". I cannot seem to find any problems other than the slowness initially. Once I am connected, everything works as I expected.
Any ideas?
MeenaWhat code are you on ? There are known issues (bugs) with 6.x and 7.x code. In fact cisco has a special TAC release 7.0.98.4 that fixes the DHCP issue.
I would however, not use the DHCP on the controller. You have problems with leases after reboot etc ... Best to put it on a real DHCP server. -
Guest Wireless with Web Portal
I have my guest wireless accepting terms through a web portal, but it seems they have to accept these terms about every 30 minutes to an hour to get access to the internet again. They are not idle, their session just stops working, and when they open a new browser it redirects them to the web portal. Is there a timer for this somewhere that I am missing?
I installed v7.5 configured the sleeping client feature and I'm not getting the desired result. My test device (Ipod model MD067LL/A) isn't being added to the sleeping clients list. I saw the following in the configuration guide.
The authentication of sleepling clients feature is not supported with Layer 2 security and web authentication enabled.
I don't think that applies to my situation.
The WLANs configuration is below.
WLAN Identifier.................................. 4
Profile Name..................................... xxxxxxxxxx
Network Name (SSID).............................. xxxxxxxxxx
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. 36000 seconds
User Idle Timeout................................ 300 seconds
Sleep Client..................................... enable
Sleep Client Timeout............................. 8 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... xxxxxxxxxxxxxxx
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ xxxxxxxxxx
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
PMIPv6 MAG Profile........................... Unconfigured
PMIPv6 Default Realm......................... Unconfigured
PMIPv6 NAI Type.............................. Hexadecimal
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Disabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Enabled
IPv4 ACL........................................ Unconfigured
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Email Input..................................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Disabled
Client MFP.................................... Disabled
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60 -
VLAN Configuration for Internal and Guest Wireless
Hello,
We are using the following hardware…
SG300-52MP switch -- latest firmware
ASA 5512-X firewall -- 9.1
Aironet AP1131AG WAP
We have the following networks…
10.252.4.0/24 = Internal = ASA-01 interface = VLAN1
10.252.6.0/24 = Guest = ASA-02 interface = VLAN6
10.252.6.0/24 = VOIP = ASA-03 interface = VLAN3
The Aironet supports two SSIDs, Secure (RADIUS) and Guest (WPA2), which are supposed to provide access to the appropriate interface on the ASA.
Relevant parts of the WAP configuration are…
dot11 ssid GUEST
vlan 6
dot11 ssid SECURE
vlan 1
interface Dot11Radio0
no ip address
ssid GUEST
ssid SECURE
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface Dot11Radio1
no ip address
no ip route-cache
ssid GUEST
ssid SECURE
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface Dot11Radio1.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface FastEthernet0
no ip address
no ip route-cache
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface FastEthernet0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface BVI1
ip address 10.252.4.4 255.255.255.0
no ip route-cache
ip default-gateway 10.252.4.1
We can manage the WAP through it’s Internal IP address (10.252.4.4).
And the “Guest” wireless network is working -- connecting to that SSID provides the client with the correct IP addressing (10.242.6.X from VLAN6/ASA-02). [Note: the VOIP DHCP and network access also works correctly.]
The “Secure” wireless network is not working however -- the client never receives an Internal DHCP address from ASA-01, and even if you hard-code the client’s IP, no IP4 traffic ever passes.
[Note: connecting a device to a SG300 port with the “Default” configuration provides the client with an Internal DHCP configuration, and it works as intended.]
While this may be a problem with the WAP configuration, I would like to confirm that it is not an issue with the switch not passing traffic correctly.
I have a feeling that I have configured the VLANs on the ports incorrectly.
Relevant parts of the SG300 configuration are...
v1.3.0.62 / R750_NIK_1_3_647_260
vlan database
vlan 3,6
ip dhcp snooping
ip dhcp relay address 10.252.4.1
ip dhcp relay enable
bonjour interface range vlan 1
interface vlan 1
ip address 10.252.4.2 255.255.255.0
no ip address dhcp
interface vlan 3
name VOIP
interface vlan 6
name Guest
interface gigabitethernet45 -- Access mode, Untagged VLAN6
description ASA-Guest
ip dhcp snooping trust
switchport mode access
switchport access vlan 6
interface gigabitethernet46 -- Access mode, Untagged VLAN3
description ASA-VOIP
ip dhcp snooping trust
switchport mode access
switchport access vlan 3
interface gigabitethernet47 -- Trunk mode, Untagged VLAN1 and Tagged VLAN6
description WAP1
switchport trunk allowed vlan add 6
interface gigabitethernet48 -- Trunk mode
description ASA-Internal
ip dhcp snooping trust
ip dhcp relay enable
Can someone who understands this switch better than I do please confirm the VLAN configuration? THANK YOU!Welcome to the discussion area!
+PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration. -
E4200 guest wireless redirect failure in Bridged Mode: cause & solution.
Background:
I have two E4200 v1 routers, both running the 1.0.04 firmware, both running in Bridged Mode.
On one, guest wireless redirect works perfectly: select the Network-guest SSID, open a browser and you get the Cisco login page, enter the passphrase and bingo, you're connected.
On the other unit, the redirect seems to fail. You are never presented with the login page and so, you are never connected.
After hours of mucking about, including some time on the phone with a very patient engineer, I believe I have stumbled on what's actually going on and possibly, what needs to be done to fix it.
The Problem
The firmware assumes that in Bridged Mode, DNS should come from the Gateway IP address.
The Fix
Linksys should include a field in Bridged Mode that allows you to specify an IP for the DNS server.
Diagnostics
To diagnose the problem, I used a Mac OS X machine.
The network is set up like this:
Router (not the E4200) is at 10.0.0.1
DNS server is at 10.0.0.2
E4200, Bridged Mode as a WAP, is at 10.0.0.253.
E4200's network settings are:
IP: 10.0.0.253
Subnet: 255.255.255.0
Gateway: 10.0.0.1
The problem is that the Linksys firmware assumes that DNS and the gateway are at the same IP. You will note that there is no place in the Bridged Mode settings to specify a DNS server IP address. You can prove this by doing the following:
1. Connect to the guest wireless.
2. In a Terminal window, type cat /etc/resolv.conf and press Enter. You'll see this:
nameserver 10.0.0.1
nameserver 192.168.33.1
This tells us that when you're on the guest network, your machine is looking for DNS results from 10.0.0.1. Except that on many networks, the gateway does not supply DNS. You can prove that DNS is working by typing this into a Terminal window:
dig yahoo.com
You should see a result similar to this:
; <<>> DiG 9.6-ESV-R4-P3 <<>> yahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45182
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 13
;; QUESTION SECTION:
;yahoo.com. IN A
;; ANSWER SECTION:
yahoo.com. 3063 IN A 209.191.122.70
yahoo.com. 3063 IN A 72.30.38.140
yahoo.com. 3063 IN A 98.139.183.24
;; AUTHORITY SECTION:
. 24651 IN NS a.root-servers.net.
. 24651 IN NS j.root-servers.net.
. 24651 IN NS l.root-servers.net.
. 24651 IN NS c.root-servers.net.
. 24651 IN NS e.root-servers.net.
. 24651 IN NS d.root-servers.net.
. 24651 IN NS f.root-servers.net.
. 24651 IN NS m.root-servers.net.
. 24651 IN NS g.root-servers.net.
. 24651 IN NS b.root-servers.net.
. 24651 IN NS i.root-servers.net.
. 24651 IN NS h.root-servers.net.
. 24651 IN NS k.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 24651 IN A 198.41.0.4
b.root-servers.net. 24651 IN A 192.228.79.201
c.root-servers.net. 24651 IN A 192.33.4.12
d.root-servers.net. 24651 IN A 128.8.10.90
e.root-servers.net. 24651 IN A 192.203.230.10
f.root-servers.net. 24651 IN A 192.5.5.241
g.root-servers.net. 24651 IN A 192.112.36.4
h. root-servers.net. 24651 IN A 128.63.2.53
i.root-servers.net. 24651 IN A 192.36.148.17
j.root-servers.net. 24651 IN A 192.58.128.30
k.root-servers.net. 24651 IN A 193.0.14.129
l.root-servers.net. 24651 IN A 199.7.83.42
m.root-servers.net. 24651 IN A 202.12.27.33
;; Query time: 73 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Thu Apr 5 10:51:02 2012
;; MSG SIZE rcvd: 494
Note the section at the bottom that says ;; SERVER: 10.0.0.1#53(10.0.0.1). This tells you that the DNS query was answered by the DNS server at 10.0.0.1.
But in fact, if DNS is NOT served by your Gateway, you'll see this:
dig yahoo.com
; <<>> DiG 9.6-ESV-R4-P3 <<>> @10.0.0.1 yahoo.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Lucky:~ aball$
As a side note: the reason that the login page is never presented is most likely that the login page is only presented the first time that your Mac OS X machine connects to the network. Thereafter, the network is remembered and the WAP allows you access without a password. So, once you've connected a second time to the network, the WAP says "I know you" and lets you sail on through to wherever your browser is pointed, but then the browser, unable to find a DNS server, returns a blank page which appears to be a failure to present the login page but is, in fact, a DNS failure.
Hope someone finds this useful. And here's hoping that Linksys fixes this obvious issue with the firmware.I do understand what you were trying to do here since you would like to have only 2 SSIDs (main & guest) for perhaps easy connectivity. The reason why you were not having problems getting online wirelessly when you were connected to the main network it’s because the computer was connected to only one DHCP server since the 2 bridge routers were just acting as a switch or a passthrough device. Now with guest network access it is a different scenario, a guest network is a virtual network meaning to say it’s like your having another router embedded on your router. Since it is a virtual network, then it does not follow the parameters of the main network, hence even if the router was set to bridge mode those routers will still have their own ip address of either 192.168.33.1 or 192.168.3.1.
-
Hi
I have two controllers running code 6.0.182 and one guest controller with same version.
I can see the tunnel UP(Both control and data path) in both controller.
Guest users are authenticated by web authentication.Suddenly guest users become too slow to access internet.Web authentication is successfull.But its too slow to access internet.Did anyone face the same issue.Pls reply me at the earliest.
Regards
Danish AhammedHi Tiago,
I just want to inform you that the AP can not connect to GUEST . Here are the information for trouble shooting.
1.
Oct 18 14:17:03.120: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:17:30.080: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:17:30.141: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:04.439: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:04.606: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:05.650: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:10.229: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:42.313: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:46.923: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:19:04.485: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:19:18.970: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:19:34.492: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:20:20.041: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:20:50.049: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:21:01.792: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:21:31.799: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:21:45.636: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:22:15.647: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:22:34.543: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
2. show ip int brief :
ocol
VLAN1 10.21.48.44 YES NVRAM up up >>>>>>>>>>> NATIVE VLAN
VLAN9 unassigned YES unset administratively down down
VLAN40 10.21.41.2 YES manual administratively down down>>>> GUEST VLAN
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
3. on AP show ip int brief
ocol
BVI1 10.10.48.X YES NVRAM up up
Dot11Radio0 unassigned YES NVRAM up up
Dot11Radio0.1 unassigned YES unset up up
Dot11Radio0.30 unassigned YES unset up up
Dot11Radio0.40 unassigned YES unset up up
GigabitEthernet0 unassigned YES NVRAM up up
GigabitEthernet0.1 unassigned YES unset up up
GigabitEthernet0.40 unassigned YES unset up up
4. Trunk Port configure and AP install in Switch port as well
Building configuration..
Current configuration:
interface FastEthernet0/25
description TRUNK-to- GUEST Wireless
speed 100
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,40,1002-1005
switchport mode trunk
spanning-tree portfast
spanning-tree rootguard
5. Admin User can connect and browse internet ,but the Guest user can not connect.
This is where i need solution>
I read the pdf you sent, and my Configuration is nearly the same. except hat i used TACAC & Radius server.
Regards,
Dak -
Airport Extreme - possible DHCP issues on UTP ports?
I have a recent (late 2012) iMac which has been consistently connected to my Airport Extreme via UTP with no issues until recently. The Airport Extreme is connected to my single port Motorola 5101 Bigpond Cable Modem.
Connected to the Airport Extreme via UTP are the iMac and a Lacie 4TB NAS media server. There are generally multiple devices connected wirelessly (iPhone, iPad, PS3, XBox) again with no issue.
I have a PC connected to an Airport Express at the other end of the house (PC has no wireless card) and the Express and Extreme are bridged with a common SSID.
Saturday night the "house network" occasionally lost wireless (iPhone switching to 3G) but after resetting the Extreme and the iPhone this seemed to settle down and has been working fine since then (4 days prior to this post).
Later on the Saturday night my iMac lost internet connectivity and resetting the Airport Extreme and resetting the Motorola 5101 did not help. Eventually rebooted the iMac and the Extreme and the 5101 and eventually (after a few minutes) internet connectivity was restored. (Error was "no IP address" and Airport Utility could not see either the Extreme or Express). Connectivity was restored by first turning on WiFi on iMac which immediately got an iP (10.x.x.x) allocated and then after a few minutes the UTP link also came up and remained up when WiFi was turned off.
The iMac has since "lost internet connection" around 3 times in total and a similar process to the above has not always restored connectivity – i.e. doing all the above worked some of the times and did not work others.
When this problem is happening on the iMac UTP connection there are no issues with wireless devices getting an IP allocated.
I am now running the iMac on WiFi with the UTP cable removed. Today I will try a new UTP cable between the iMac and the Airport Extreme to see if there is perhaps some intermittent cable issue.
The Airport Extreme and Airport Express (both a few years old) are running 7.6.4 firmware. I had recently setup timed access for a few wireless devices and also trialled the "guest wireless account" but these were set up around 1 week prior to the recent issues occurring. I have now removed both of these so that the Apple network devices are back to the settings they had which worked fine for years (albeit with different firmware versions over this time).
My diagnosis is that it seems that there is a problem with IPs being allocated by DHCP to devices connected to UTP ports but not over wireless. The only thing that seems to contradict this is that the Lacie NAS drive which is UTP connected (to UTP port 3) seems to still work and be accessible without issue.
So am also wondering if there is some intermittent iMac issue with the UTP port or with the cable. Will change the cable today as mentioned above to confirm or otherwise.
Any advice on further diagnostic processes and/or thoughts on Airport Extreme issues (hardware or firmware) etc would be appreciated. A search of the forums did not show anything similar but my search was not super-extensive.
Thank you for any help anyone can provide.
AndrewIn the end after LOTS of troubleshooting and testing - and WAY too much frustration Apple - this issue has proved to simply be what I assume is a bug in the Automatic network location management under Mavericks and I had this issue to a lesser degree with 10.8.5.
I have now setup a "Home" new network location and my connection has been 150% stable ever since.
So nice to not need to reboot my Mac 7 times a day or more after several weeks of significant frustration. -
Slow website responses from flash intensive sites on guest wireless
We are in the process of implementing Cisco ISE along with guest wireless. The guests are pulling their addresses from a WLCE 5508. Their DNS is coming from external servers, i.e. google dns. When we log on a tablet, phone or laptop to the guest wifi we are redirected to the auth page and then are allowed to surf.
The issue is that going to flash intensive sites such as www.cnn.com, www.espn.com, etc. the pages take 30 seconds to a minute to load, it's not a gradual load it loads all at once. If I goto a site such as google.com, cisco.com the page loads immediately. Speed tests show that we have plenty of bandwidth. It reminds me of an MTU issue I used to see on Cisco 1700 routers. If I changed the pc mtu the problem would go away.
Any ideas? Thanks in advance!I have a few clients that anchor guest traffic from their remote site all over the USA back to one of their DC. I haven't heard any complaints or concerns from them. The links vary in bandwidth. The only thing is different than what you have is that they are not using the anchor WLC as a dhcp. I have had many issues in the past using the WLC in large environments that I don't recommend it. Many of my customer also have redundant guest anchors but only a few would have a dedicated internet for guest. The others share the same internet pipe.
Sent from Cisco Technical Support iPhone App -
Cisco Guest Wireless Access Solution - Local Printing
Hi,
Does Cisco have a solution that provides printing for a guest WLAN. Cisco Guest wireless deployment solutions recommend terminating the guest WLAN on an anchor controller in the DMZ which causes issues when needed to print locally as the print traffic will need to traverse the DMZ anchor controller causing excessive WAN link usage.
Is there a better solution to enable a guest WLAN to print locally?FlexConnect with Split tunneling may work.
Read about this feature & see how that can be used in your branch setup. Here is the Ciscolive presentation slides the above came from.
BRKEWN-2016: Architecting Network for Branch Offices with Cisco Unified Wireless
HTH
Rasika
**** Pls rate all useful responses **** -
Setting up webauth for guest wireless access
Hi there,
I'm trying to set up guest wireless access. having no experience with this at all, I'm beginning to struggle.
Equipment:
2x 3850 stacked and acting as one switch running 03.06.00E
4x 1602E AP's registered to the WLC running on the 3850
The infrastructure is sound and corporate wireless access works ok.
I need a config that allows a guest user to connect to the guest SSID, DHCP an address, then when they open a browser, they are automatically redirected to a splash screen for them to log on. Once they log on with the supplied username and password they are then forwarded to whatever site it is they wish to go to; So far my config looks like this (removed unnecessary parts for brevity);
Building configuration...
user-name test
creation-time 1414684496
privilege 0
password 7 051F031C35
type network-user description test guest-user lifetime year 0 month 0 day 0 hour 23 minute 59 second 4
aaa new-model
aaa authentication login aaa_guest_webauth local
aaa authentication login local_login local
aaa authorization exec local_authorise local
aaa authorization network guest_authorisation local
aaa authorization credential-download default local
aaa session-id common
switch 1 provision ws-c3850-24t
switch 2 provision ws-c3850-24t
service-template webauth-global-inactive
inactivity-timer 3600
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
hw-switch switch 2 logging onboard message level 3
parameter-map type webauth global
virtual-ip ipv4 1.2.3.4
parameter-map type webauth guest-webauth
type webauth
redirect on-success http://www.google.com
banner text ^CC test text test ^C
custom-page login device flash-1:login.html
custom-page failure device flash-1:failed.html
class-map match-any non-client-nrt-class
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
interface VlanXXX
description "Guest-Access-VLAN"
ip address 10.x.x.126 255.255.255.128
ip helper-address x.x.x.x
ip helper-address x.x.x.x
line vty 0 4
exec-timeout 7 0
authorization exec local_authorise
login authentication local_login
transport input ssh
line vty 5 15
exec-timeout 7 0
authorization exec local_authorise
login authentication local_login
transport input ssh
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
wireless mobility controller
wlan Wireless-Guest-Access 24 wireless-guest
client vlan Guest-Access-VLAN
ip access-group GUEST-ACCESS
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security web-auth
security web-auth authentication-list aaa_guest_webauth
security web-auth parameter-map guest-webauth
session-timeout 1800
no shutdown
ap country GB
ap group default-group
ap group BUS-AP-Group
wlan Wireless-Corporate-Access
vlan BUS-CORP-DATA-VLAN
wlan Wireless-Guest-Access
vlan Guest-Access-VLAN
end
I carried out a wireshark trace and can see the dhcp ok, then see DNS queries to the DNS name serever and the replies, followed by a TCP SYN to the resolved IP of the website requested - but that's it, there is no SYN ACK reply or redirect to the login page which i have placed on the flash and specified under 'custom-page login'
I am under the impression that the way this should work is as follows;
1. Client connects to SSID and carries out DHCP DORA and is assigned an IP address
2. open browser on client and carry out name resolution
3. once name is resolved, carry TCP three way handshake with requested site (e.g. google)
4. once three way handshake is completed client carries out an HTTP GET request
5. WLC holds the response and redirects to the login page
6. on successful login, original requested page is forwarded to client.
I can't seem to get a response - even if I remove the ACL.
Am i heading in the right direction or am I trying to achieve something which is not possible with my setup?
Cheersalso, forgot to say, make sure your files are preceeded with webauth for your html and js and web_auth for image files
38725 -rw- 4265 Nov 4 2014 12:21:28 +00:00 webauth_login.html
38726 -rw- 6937 Nov 4 2014 12:11:03 +00:00 webauth_aup.html
38727 -rw- 1356 Nov 4 2014 12:11:30 +00:00 webauth_logout.html
38728 -rw- 662 Nov 4 2014 12:11:43 +00:00 webauth_failed.html
38729 -rw- 318 Nov 4 2014 12:11:58 +00:00 webauth_loginscript.js
38731 -rw- 82940 Nov 4 2014 12:12:28 +00:00 web_auth_image.jpg
CORE-SW01#sho run | s param
parameter-map type webauth global
type webauth
virtual-ip ipv4 1.1.1.1
custom-page login device flash:webauth_login.html
custom-page failure device flash:webauth_failed.html
parameter-map type webauth guest-webauth
type webauth
custom-page login device flash:webauth_login.html
custom-page failure device flash:webauth_failed.html
security web-auth parameter-map guest-webauth
CORE-SW01# -
Guest Wireless - procedures for support ??
Hi
We are just on the cusp of deploying Guest wireless for
external non-employee visitors to our organisation, using WLC's and the lobby
admin functionality. However the issue of support procedures for these guest
devices is sticking.
Our Desktop support dept will not support potential technically challenged
guest user and his mis configured end device (for want of a better phrase......)
Ourselves in networks by policy do not support end devices as such.
We need a completely remote 'no-remote-human-presence' way to test a user
attaching to a SSID, firing up a browser and authing thru the re-directed to
web interface. Remoting to a PC attached to the remote secure wired network
is NOT ideal as we will then be bridging secure wired corp and non-secure
guest wireless (altho it may have to end up being a variation of that.)
I would be interested to hear how people here troubleshoot their
guest wireless service availability.
thnks
martynWe have no way of easily testing on-site availibility of our guest wireless network, but the guest wireless wlan is available in our office. So, if an issue arises, basic troubleshooting steps can be taken by trying to connect to the guest ssid from the office. Otherwise, you would have to get creative with something like you're talking about.
-
Guest Wireless and URL re-direct failure
Hi,
We have a successful guest wireless service with authentication via a Cisco NAC server. One MAC user is having difficulty accessing the authentication URL (https://1.1.1.1/login.html) - this is using either Safari, Firefox or Google Chrome browsers. The browsers do not automatically re-direct and when I enter the authentication URL manually, if it does appear, when entering the username/password combination, the screen just returns to the authentication URL and does not display the successful authentication sub-window.
There are no proxy settings on the browser - does anybody have any suggestions?
Many thanksWhen you say, "One MAC user" you mean every other client works except for this one MAC device? If other MAC devices work, then it must be something on the client device that is having issues. The only issue that I have ran into, is html code that might not be supported in certain browsers if you are runing a custom webauth page.
Maybe you are looking for
-
Publishing a Web ABAP Service with ABAP stack
Hi, We are only running ABAP Stack (we don't have Java Stack) in a SAP ECC 6.0 version. We have a RFC (or BAPI), for instance BAPI_CUSTOMER_GETDETAIL. How could we publish a Web ABAP Service? Thanks. Regards, Marta.
-
Hi all I am new to BW, Can you tel me what are the Reports are there in BW?? If you have any material please send me to my id <b>[email protected] </b>.Please send me as soon as possible. Thanks in advance Senthil
-
Hi everyone, first of all, sorry for my poor english. I'm trying developing a simple app using Flash CS5. I've tested my app on a pc and it was ok but when I tried it on the Iphone performances became pretty bad. I did some animation using the timel
-
Pull Results from the search bar
Hello Have iLife 08, love the search bar feature that you can add to your site, is there any way that you can see what people have been searching for, so that you can draw on that and make your site better? Im sure it must use some more code, but jus
-
Stock tra from plant to plant, Freight vendor liability
Hi Sap gurus, I am doing stock transfer from one plant to other plant. The freight component we want to inventorized. Also we want to create a liability for freight vendor. How this can be done from stock transfer. Thanks Cheers