Guest WLC not talking to ISE it is in a DMZ

Similar Messages

• Client Exclusion Policies on WLC not working with ISE as RADIUS Server

  Hi,
  for our Guest WLAN (Security Setting for this SSID:Layer2: MAC filtering, Layer3:none) we use ISE as RADIUS Server. On WLC I enabled client exclusion polices and checked all options (Excessive 802.11 Auth. Failures etc..).. But even if a client fails 20times at authentication, it is not excluded on the wlc. It works with other SSIDs, where security settings are set to 802.1x.
  Am I missing any settings here or do you have some tipps on how to troubleshoot this?
  Thanks very much!

  Hi Renata,
  If those guest failures are not associated with valid guest users (i.e. people who have forgotten their account or entering the wrong password) there isn't anything that can be done. The main point of Guest WLAN is to make it as easy as possible for Guests - individuals with device configurations you don't want to deal with or know about, to connect your network for internet access. From a WiFi/802.11 perspective, the standard Guest WLAN setup means its easy for any device to connect.
  If your Guest WLAN has the following:
  SSID is broadcast enabled, Security = OPEN, Encryption = none, then any 802.11 device can find the WLAN via passive scanning and connect. And any device that connects will get the ISE portal. Once recieveing that portal they can guess away at valid username/password.
  I would suspect that unless your Guest WiFi is adjacent to a Mall, school, hotel or other hi-density area of individuals  with time and electronics on their hands, other than alerts in your ops window and logs, resources associated with this (WLC & ISE) are very low.
  You can try and dull the noise a few ways.
  Option 1. create and ISE log filter on those alerts so they don't cluter the console.
  Option 2. Stop broadcasting the SSID.  This is not a security measure, but will cut volume of people connecting to the SSID significantly. You will have to tell your guests what SSID or include it in their credential communication.
  Option 3. Put a very simple PSK on the SSID. The PSK will become a public secret - shared with valid guests, doesn't have change as it's purpose is not security.  You will have to include this information on their credential communication.
  Option 4 - both 2 and 3
  The most effective option would be 3.
  Good Luck!

• When WLC will dACL from ISE

  Hi all !
  We are used ISE for aaa our users, but our problems is not simple configuration ACL for users access on WLC,
  When Cisco make support dACL on WLC (not airspaceACL), it's very important.
  Because using GUI WCL for create ACL with limit 64 entry, you think it's normal?
  We are do not use VLAN assignment, because it's not work correctly in PEAP MS Windows DomainMachine or User authen, and after DomainMachine auth, User auth not vlan assignment, and user should reconnect to WLAN for correct VLAN  assignment.
  Thanks

  To further expand, I think Cisco and the industry is heading towards SGT/SGA so dACLs are going to be the "old-way" of doing things.
  Thank you for rating helpful posts!

• Guests are not getting IP & webpage

  Guests are not getting IP & webpage.
  I have a 4400  ( 6.0.199.4 ) WLC configured with a guest wlan using web authentication & DHCP is configured on ASA . & ADSL line is connected to ASA ( for internet)...this was working , from last 2 days it is not working. guest users are not to get the IP address & login web page. Error message is Limitted connectivty.
  My observation.
  ADSL linterent connetion is working fine & from ASA to switch connection is fine & VLAN is also up.
  from WLAN end, all parameter are looks good, nothing changed.

  please see the log, which I took from WCS ..it look WLC is receving request from client ...i think it is not getting responce from DHCP ...
  it make sence ?
  ime :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1)
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   xid: 0x41839660 (1099142752), secs: 5247, flags: 0
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   chaddr: d8:2a:7e:d2:d9:92
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1)
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   xid: 0xd4b2de62 (3568492130), secs: 5251, flags: 0
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   chaddr: d8:2a:7e:d2:d9:92
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  Time :11/24/2011 13:27:17 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1)

• I cannot find a way to sort the bookmark folders themselves alphabetically by name.I am not talking about in a view mode but in the way they are displayed when I click on my bookmarks tab. Can someone explain to me how to accomplish this.

  I have a lot of various book mark folders with websites contained within each folder. I am able to sort the websites within each folder alphabetically by name but I cannot find a way to sort the bookmark folders themselves alphabetically by name.I am not talking about in a view mode but in the way they are displayed when I click on my bookmarks tab. Can someone explain to me how to accomplish this other than manually dragging them as this is extremely hard for me due to the fact that I am a quadriplegic with limited hand movement dexterity

  Bookmark folders that you created are in the Bookmarks Menu folder. "Sort" that folder.
  http://kb.mozillazine.org/Sorting_bookmarks_alphabetically

• MBP suddenly not talking to projector or LCD screen.

  After using my MBP 15" at the same venue as before it suddenyl would not talk to the projector (or the other way round), either via TB port or HDMI. It now won't hook up to my LCD screen either. It looks as though the display settings on the MBP are screwed up. I have found a fix online by resetting PRAM (by pressing Option + Command + P +R at start up) but this has only actually worked once. I am currently unable to do presentations and unable to use a desktop LCD. The sleep mode of the MBP also seems to be affected and it often won't wake up. Any solutions or similar issues out there please?

  After using my MBP 15" at the same venue as before it suddenyl would not talk to the projector (or the other way round), either via TB port or HDMI. It now won't hook up to my LCD screen either. It looks as though the display settings on the MBP are screwed up. I have found a fix online by resetting PRAM (by pressing Option + Command + P +R at start up) but this has only actually worked once. I am currently unable to do presentations and unable to use a desktop LCD. The sleep mode of the MBP also seems to be affected and it often won't wake up. Any solutions or similar issues out there please?

• Itunes 7 and ipod will not talk.  No WAY TO RESTORE FACTORY SETTINGS!

  Hi,
  update to itunes 7, plugged in my ipod and got the message "itunes cannon read the contents of the ipod "IPOD" Go to the Summary tab in ipod prefrences and click Restore to restore the ipod to factory settings".
  But there is no ipod prefrences tab in itunes becuase itunes can't read the contents of the ipod! A reset through the ipod did no good!
  I am now stuck with a ipod that can not talk to itunes! How can I reset my ipod to factory defaults if itunes does not see it? And no, the old updater does not work, it says you must update through itunes 7.
  How do I fix this ?

  This is all interesting and much of it consistent with problems I'm having across of the iPODs we have within our household since migrating to iTunes Release 7! Both our past generation and current iPOD can no longer be synched with iTunes. I seriously hope Apple addresses this issue soon! I've tried numerous approaches. I can't get my wife and daughter's iPOD minis to synch at all! My generation 3 I am able to force it to update by unstalling and reinstalling the driver in Windows. Then by uninstalling and reinstalling iTunes. It will then load the music from iTunes on to my iPOD. iTunes will indicate the update is complete but the iPOD will not indicate the update is complete. Appreciate any thoughts or ideas that others may discover to resolve. I'm currently convinced this is an issue with iTunes Release 7 though as I'm not able to get any of our iPODs to work which includes my gen 3, our minis or nanos.
    Windows XP  
    Windows XP  

• Can I place an image in the Note section of Contact book . I use a MacBook Pro with Yosemite 10.10 . I am NOT talking about using an image to identify the contact, just an image that contains some information relevant to the contact. I have tr

  I want to place an image in the Note section of my Contact book . I use a MacBook Pro with Yosemite 10.10 . I am NOT talking about using an image to identify the contact, just an image that contains some information relevant to the contact. I have tried copying and pasting, dragging and dropping.

  From reading Vista forums support for SSD is one of the things Vista SP2 and Windows 7 hope (need) to improve upon. I was in a similar discussion once befoe on SSDs:
  http://discussions.apple.com/thread.jspa?messageID=8482110
  http://news.cnet.com/8301-13924_3-10026010-64.html
  http://www.intel.com/design/flash/nand/mainstream/index.htm
  http://www.google.com/search?hl=en&rls=com.microsoft%3Aen-US&q=IntelSSDVista
  I don't think it is EFI issue, but with XP and drivers, lack, and wonder if you can try with Vista?
  http://arstechnica.com/news.ars/post/20080908-intel-tosses-hat-into-ssd-ring-wit h-80gb-launch.html
  That won't solve performance issues, but should work.
  http://www.reghardware.co.uk/2008/07/22/sandiskssd_vistabeef/
  "My guess is that [Samsung and Microsoft] are maybe working on the OS recognizing an SSD with a 4K-byte sector size instead of a hard disk drive with a 512-byte sector size," Wong said.
  Sun is already working with Samsung to bulk up SSD support on the ZFS (Zettabyte File System), which is included in the Solaris OS, and will also be supported in Apple's upcoming Mac OS X 10.6, codenamed Snow Leopard. Sun is adding capabilities to boost the durability and performance of SSDs on ZFS-based operating systems. For example, Sun may add defragmentation capabilities for SSDs, which organizes data in a particular order to enable quicker data access.
  SSDs were not considered ideal for defragmentation because of limited read-and-write capabilities, Wong said. However, Samsung and Sun in July jointly announced an 8G-byte SSD that bumped up durability from 100,000 read-and-write cycles to 500,000. That brings defragmentation in SSDs closer to reality, which could improve its caching and provide quicker access to data. Sun plans to put SSDs into storage products later this year.
  http://www.itworld.com/operating-systems/54115/samsung-microsoft-talks-speed-ssd s-vista

• SCSFileDownloadServlet fails: User 'guest' does not have sufficient priv.

  Hi,
  We have an ADF application that is using SCSFileDownloadServlet to get documents from UCM. We added the servlet in web.xml and we are using this link to download the documents: /getfile?adapterName=our_adapter_name&dDocName=document12345&dID=12345
  The issue is that sometimes it works but sometimes it fails throwing this message in the logs:
  Event generated by user 'guest' at host 'CIS'. Unable to download 'COR-ER-421722'. User 'guest' does not have sufficient privileges. [ Details ]
  An error has occurred. The stack trace below shows more information.
  !csUserEventMessage,guest,CIS!$!csUnableToDownload,COR-ER-421722!csUserInsufficientAccess,guest
  intradoc.common.ServiceException: !csUnableToDownload,COR-ER-421722!csUserInsufficientAccess,guest
  *ScriptStack GET_FILE
  3:checkSecurity,dID=421317,dDocName=COR-ER-421722
  at intradoc.server.ServiceRequestImplementor.buildServiceException(ServiceRequestImplementor.java:2115)
  at intradoc.server.Service.buildServiceException(Service.java:2260)
  at intradoc.server.Service.createServiceExceptionEx(Service.java:2254)
  at intradoc.server.ServiceSecurityImplementor.validateSecurityPrivilegeLevel(ServiceSecurityImplementor.java:813)
  at intradoc.server.DocumentAccessSecurity.checkSecurity(DocumentAccessSecurity.java:170)
  at intradoc.server.DocumentAccessSecurity.checkSecurity(DocumentAccessSecurity.java:121)
  at intradoc.server.ServiceSecurityImplementor.checkSecurity(ServiceSecurityImplementor.java:371)
  at intradoc.server.Service.checkSecurity(Service.java:2829)
  at intradoc.server.FileService.checkSecurity(FileService.java:337)
  at intradoc.server.Service.checkSecurity(Service.java:2807)
  at sun.reflect.GeneratedMethodAccessor456.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  Is it possible to set a user/password to this servlet so it is able to download the documents everytime?
  Thanks,
  Josue

  Hi go9189,
  According to your description, you come across the error that User 'guest' does not have permission to run DBCC checkprimaryfile. This issue could happen when the login account doesn't have CREATE DATABASE, CREATE ANY DATABASE,
  or ALTER ANY DATABASE permission in SQL Server instance, or that the login account has no access to the mdf and ldf files when attaching database, so SQL Server recognize the login account as a "Guest".
  To solve the issue, you could pay attention to the points below.
  1. Ensure that the login account has at least CREATE DATABASE, CREATE ANY DATABASE, or ALTER ANY DATABASE permission. You could grant the fixed server role 'dbcreator' or 'sysadmin' to the login account following the steps below.
  a. Connect to SQL Server instance with the login account which has sysadmin fix server role.
  b. Expand the folder 'Security', right click the login, and select Properties.
  c. In the Server Roles tab, check the checkbox for 'dbcreator' or 'sysadmin'.
  2. Make sure that the the login account has full control permission on the mdf and ldf files. For how to grant the login account with full control permission on the mdf and ldf files, please refer to the steps in the following article:
  http://msdn.microsoft.com/en-us/library/bb727008.aspx
  There is a similar thread for your reference:
  https://social.technet.microsoft.com/Forums/en-US/e463df4c-8d26-46cf-aa2e-bddd97c7a9b8/user-guest-does-not-have-permission-to-run-dbcc-checkprimaryfile?forum=sqlgetstarted
  Regards,
  Michelle Li

• Why is the wifi reception on my iPhone 5 so poor. I'm not talking about in my own home with my own router. I'm talking about AT

  Why is the wifi reception on my iPhone 5 so poor. I'm not talking about in my own home with my own router. I'm talking about AT&T hotspots, public hotspots, etc. I can hold my 3GS and my 5 side by side, the 3GS picks up more signals with more strength. The 5 seems to have a weaker wireless network than its predecessors. It's very frustrating because I can be 20 feet from a wireless router, and still only show 2 bars, if I don't end up losing the connection. What gives??

  I've done the resets...no real help at all.  Im Also on my 2nd iPhone 5. The first was replaced because of a faulty external speaker module. Both phones wifi reception pretty much suck. ESPECIALLY if the case is on. I'll luck out a little bit by taking the case off...but not much.

• I have CS5 and LR5. they will not talk anymore. Everything was working 5 days ago. I can no longer access CS5 from LR5 edit, then drop it back into LR5. Need support

  I have CS5 and LR5. they will not talk anymore. Everything was working 5 days ago. I can no longer access CS5 from LR5 edit, then drop it back into LR5. Need support

  BOILERPLATE TEXT:
  If you give complete and detailed information about your setup and the issue at hand, such as your platform (Mac or Win), exact versions of your OS, of Photoshop ("CS5" won't do for instance; we would need CS5 vers 12.0.2 or whatever) and of Bridge, machine specs, such as total installed RAM, scratch file HDs, video card specs, what troubleshooting steps you have taken so far, what error message(s) you receive, if having issues opening raw files also the exact camera make and model that generated them, etc., someone may be able to help you.
  A screen shot could be very helpful too.
  Please read this FAQ for advice on how to ask your questions correctly for quicker and better answers:
  http://forums.adobe.com/thread/419981?tstart=0
  Thanks!

• When i turned on my i pod a white apple logo was shown which then turned to rainbow colours and the i pod started buffering, this is all it does, i cannot get it to stop and my computer will not talk to the i pod, help?

  when i turned on my i pod a white apple logo was shown which then turned to rainbow colours and the i pod started buffering, this is all it does, i cannot get it to stop and my computer will not talk to the i pod, help?

  Try:
  - iOS: Not responding or does not turn on
  - Also try DFU mode after try recovery mode
  How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
  - If not successful and you can't fully turn the iOS device fully off, let the battery fully drain. After charging for an least an hour try the above again.
  - If still not successful that usually indicates a hardware problem and an appointment at the Genius Bar of an Apple store is in order.
  Apple Retail Store - Genius Bar       

• NAC Agent is not responding to ISE

  Hi All,
  Cisco NAC Agent got downloaded to the client during client provisioning. After that also Posture status is showing as 'Not applicable'.
  Also Redirection is only happening if i type any ip address ex.1.1.1.1 on the browser. if i type google.com, its not redirecting.
  ISE is in Cluster mode 1 Admin, 1 Monitor, 1 PSN. Version 1.2.1.198.
  Note: Before the upgrade it was showing 'Posture Pending' status. 

  what is the NAC version?
  could be a bug CSCuq52821

• NetWeaver XI components are not talking to each other

  I am an XI  consultant, i dont have proper Basis support at my client, since they are fond of only ABAP stack.
  They installed netweaver xi from the market place.
  I am unable to import any SWCV (even SAP BASIS) from SLD to IR and IR menu is blank.
  Unable to find list of adapters in Integration Directory.
  RWB -component monitoring is blank .
  SLD- creation of products,SWCV,Technical Sys,Buss Sys is possible.
  In conclusion i can say that they all are not co-operative and not talking to each other
  And also i want to know wheather xi 7.0 is compatable to databases Oracle 8.0.3 and Oracle 8.0.4

  Hi Venkata,
  Does the XI post Installation steps done by the team or not? It seems that there is some steps missing while doing the XI installation. Talk to to the BASIS team and tryu to find out the solution.
  >>> Unable to find list of adapters in Integration Directory.
  Check thisblog for it:
  /people/venugopalarao.immadisetty/blog/2007/03/15/adapter-engine-cannot-be-found-in-integration-directory
  >>> And also i want to know wheather xi 7.0 is compatable to databases Oracle 8.0.3 and Oracle 8.0.4
  In my view, yes. XI is compatible with all the versions of Oracle Database above version 8 but never tried it.
  Reward points if helpful. *
  Regards,
  Subhasha Ranjan

• ERROR: NO_GUEST: Guest login not allowed from client startup

  we are getting the following error with express 6.3.4 when connectting to the express server from Objects using a connection editor.
  The error message is
  Error #12150 in XPCUBE: Non-fatal (0300): Data Manager is unable to generate transmission.
  Error #10300 in XDMRESP: Non-fatal (0300): ERROR: NO_GUEST: Guest login not allowed from client startup
  Encountered similar error while calling from OLAP web application.
  In stored procedure XWD_RAMSTARTUP: The following Express
  Server error occurred: NO_GUEST: Guest login not allowed from
  client startup
  Which I believe is the same reason.
  Can you pls suggest what could be the problem and how can we over come this.

  In the Connection Editor, under "Relational Data-> Settings" did you check the "Personal Configuration" box?
  If you did, you should ensure the Authentication type is not set to "None".