HA on WLC 5500 - setting username loop

Similar Messages

• WLC 5500 802.1x problems

  So here is the problem that i have.
  I have a WLC 5500 in site A ( let´s say city A too ) with its own set of wlans ( wlan 1 , wlan 2 ... ) that are used to differentiate different types of users ( teachers, students, etc )  using a RADIUS server and a AD for this client and using 802.1x. Everything on site A is working fine.
  Now i´m trying so set an access point in site B ( in city B ) with its own set of wlans ( wlan X, wlan Y ... ) that is also used to differentiate clients, site B as its own DHCP, its own RADIUS and its own AD. I´ve managed to connect the access point to the WLC and set wlans for site B. My problem now is that when a user tries to connect to wlan X and he is suppose to be in wlan Y, he is not forwarded to wlan Y and is left in wlan X. I´ve also configured HREAP.
  Does anyone as any idea why the clients aren't being assigned to the correct wlan??
  I´ve checked in the Radius server and its sending the correct wlan to the user.
  I now that the text is probably a little bit confusing, but i hope that someone can help me.
  Thanks in advanced.

  You are right, it is not supported:
  Note: If the APs are in H-REAP mode and locally switched at the remote site, the dynamic assignment of users to a specific VLAN based on the RADIUS server configuration is not supported. 
  Since you can't do dynamic vlan, why not have two policies, one for teachers and the other for students.  You will need to have then in seperate groups in AD also.  Then filter on the ssid and the AD group, so if students try to access the teachers ssid using their credentials, they get rejected and vice versa.
  I don't know what you mean by connecting two site without h-reap.  The only other way is switching the AP to local mode, which you better have some good bandwidth.
  Scott

• Wplus Base Licence WLC 5500

  Hi, I have a WLC 5500 with Software Version, 6.0.196.0, License Level Base, according to the "Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 6.0.196.0", says that the base license includes all features present in the wplus license. In the monitor page from the WLC the Licence Level say "base", and when I go to Managment License Level, and I set the License Level to "wplus" a messages say: Setting wplus as next level failed. Only with the version of Operating system is enough to have the functions of Wplus Licence, although the level of license showing base license, in the monitor page of the WLC.
  Thanks

  Thanks leolahoo,
  Your indicate that in the version 7 these functions are operative,  but because the guide says that from version 6.0.196  they are available?
  WPlus License Features Included in Base License
  All features included in a Wireless LAN Controller WPlus license are now  included in the base license; this change is introduced in release  6.0.196.0. There are no changes to WCS BASE and PLUS licensing.
  These WPlus license features are included in the base license:
  •Office Extend AP
  •Enterprise Mesh
  •CAPWAP Data Encryption
  The licensing change can affect features on your wireless LAN when you  upgrade or downgrade software releases, so you should be aware of these  guidelines:
  •If you have a WPlus license and  you upgrade from 6.0.18x to 6.0.196.0: Your license file contains both  Basic and WPlus license features. You won't see any disruption in  feature availability and operation.
  •If you have a WPlus license and  you downgrade from 6.0.196.0 to 6.0.188 or 6.0.182: The license file in  6.0.196.0 contains both Basic and WPlus license features, so you won't  see any disruption in feature availability and operation.
  •If you have a base license and  you downgrade from 6.0.196.0 to 6.0.188 or 6.0.182: When you downgrade,  you lose all WPlus features.

• How can I set one loop's frequency as a slave of another loop ?

  I have 2 loops in parallel. The first runs at 500Hz. The AIread controls the frequency. How can I set the second one at 100Hz ? It is very easy to set it with local variable, but really not clean. The second loop must not use the CPU while waiting the next 100Hz tick. Is it possible ? I am trying to use occurrence, but the second loop will always (I think) use CPU while waiting next tick !
  Is it possible to set one loop in one thread and the other one in another thread ? Then set each thread to a CPU (I use a bi-xeon PC)
  Thanks

  cariboo wrote in news:5065000000080000001EBE0000-
  [email protected]:
  > I have 2 loops in parallel. The first runs at 500Hz. The AIread
  > controls the frequency. How can I set the second one at 100Hz ? It is
  > very easy to set it with local variable, but really not clean. The
  > second loop must not use the CPU while waiting the next 100Hz tick. Is
  > it possible ? I am trying to use occurrence, but the second loop will
  > always (I think) use CPU while waiting next tick !
  > Is it possible to set one loop in one thread and the other one in
  > another thread ? Then set each thread to a CPU (I use a bi-xeon PC)
  > Thanks
  One solution is to place a case inside the loop which run at 500 Hz. Put
  your 100Hz code inside the True case. Use the "Quot
  ient & Remainder"
  funtion and the iteration counter to execute the true case every fift
  execution of the 500Hz loop.
  This may not work if the 100Hz code use to much time, it will then delay
  the 500Hz loop.
  I would go for the occurences solution. The wait will use some CPU
  resources while waiting but i don't think that should be any problem (when
  done correctly).
  Rolf

• How to set a loop on an .flv so that an exported .swf loops?

  hi there. i am using Flash CS4 and I would like to know how to set a loop in an flv file so that when it is exported to swf, the movie will loop. Basically i have taken an existing interactive flash movie and have decompiled it into its individual flv counterparts. what i intend to do is take out all the nonsense from each flv file and then reconstruct the flash movie, export each file to swf and then convert each swf to avi or some other video format. to do this i will be using sothink swf to avi converter which allows you to convert swf files to avi files. this program allows you to convert swf files that loop by looping the swf file for as long as you want until you stop it, in which a video file is created from "the recording"
  after i decompiled the original file, many of the existing flv files were already set to loop. i know this because when exported to swf the swf file would loop. now when i went ahead and went into each flv file to edit a couple things, when i went to export them to swf, the swf files wouldn't loop. mind you, some of them did loop, and some of them did not loop. the ones i have edited are all supposed to loop and i cannot figure out what it is thats preventing some of the flv or exported swf files to loop. all i did was take out a few unnecessary frames from the beginning of each flv and nothing more. i am pretty new to Flash and do not know anything about coding and know very little about flash settings.
  i figured that selecting the "loop playback" option in the control drop down menu might help seeing as the flv file does loop when played in the editor, but again when exported to swf the swf file does not loop. what confuses me the most is that some of the exported swf files do loop. ALL of the exported swf files need to loop and my guess is that in order to make that happen, something in the flv file needs to be set correctly.
  can someone please assist me with this issue? if there is a way to simply loop an existing swf file that does not loop, can someone tell me how to do that? any help with this problem is greatly appreciated and i appologize if something like this has been asked before.... i just couldnt stand looking through 22 pages of search results to find the exact solution to my problem
  thank you!!!

  Hi,
  You can use shortDesc property. Something like
  <af:commandToolbarButton text="Some Button"
        id="ctb1" shortDesc="This button does something.."/>-Arun

• How set  UserName and Password for HTTP Basic Authentication for a servlet

  Hi..
  How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
  Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
  But i dont know how do it in JBOSS..
  I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
  Thank u

  Hi Raj,
  You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
  Store the user information in a database table and check the username and password when the user enters it.
  You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
    CASE sy-ucomm.
      WHEN 'BACK'.
        LEAVE PROGRAM.
      WHEN <fcode for submit>.
        SELECT SINGLE uname pwd
         FROM <DB table>
         INTO (user, pass)
         WHERE username = user AND
                 password = passwd.
        IF sy-subrc = 0.
  <Go to next screen for further processing>
        ELSE.
  <Display Error message and exit>
        ENDIF.
    ENDCASE.
  Regards,
  Amit
  Message was edited by:
          Amit Kumar

• How to set username in securityContext??

  ADF Security uses SecurityContext to retrieve username and display page using roles of a particular user...... and we add users and application roles in jazn-data.xml
  Actually my website created in adf doesn't have any login page..... It will receive user information from another website....
  Now i want to display pages and their content based on user and their role....
  Can u please tell me how to set Username in securityContext such that my website will work on the username retrieved from another website via token....
  Please answer this question.....

  This may help...
  public String doLogin() {
  String un = _username;
  byte[] pw = _password.getBytes();
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  try {
  Subject subject =
  Authentication.login(new URLCallbackHandler(un, pw));
  weblogic.servlet.security.ServletAuthentication.runAs(subject,
  request);
  String loginUrl =
  "/adfAuthentication?success_url=/faces/DashBoard";
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  sendForward(request, response, loginUrl);
  } catch (FailedLoginException fle) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
  "An incorrect Username or Password was specified");
  ctx.addMessage(null, msg);
  } catch (LoginException le) {private void reportUnexpectedLoginError(String errType, Exception e) {
          FacesMessage msg =
              new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error during login",
                               "Unexpected error during login (" + errType +
                               "), please consult logs for detail");
          FacesContext.getCurrentInstance().addMessage(null, msg);
           e.printStackTrace();
  reportUnexpectedLoginError("LoginException", le);
  return null;3
  private void reportUnexpectedLoginError(String errType, Exception e) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error during login",
  "Unexpected error during login (" + errType +
  "), please consult logs for detail");
  FacesContext.getCurrentInstance().addMessage(null, msg);
  e.printStackTrace();
  Thanks,
  CM.

• How to set username and password at line vty 0 4?

  hi guys,
  would like to know how i can set username and password so when i telnet to the router, i can login as username and password..?
  thks,
  ken

  Hi,
  for a simple telnet password with user name & password, find the steps below,
  aaa new-model
  username password
  line vty 0 4
  password
  login local
  if you wanted different types of users to login with different privilagez,do the following
  username privilege 15 password
  username privilege 5 password
  privilege exec level 15 conf t
  privilege exec level 5 show
  line vty 0 4
  password
  login local
  in the above statement "privilege exec level 15 "will have full access, "privilege exec level 5" will have the limited like "show" related
  hope this helps.
  rate this post if cleared.

• How to set username and password when using Proxy class for SOCKS5?

  Hi all,
  I use the proxy class for SOCKS5, so need to set username and password, I don't find where can I set the value. whether the API support it.
  Thanks in advance!

  System.getProperties().put("proxySet", "true");That does nothing. Remove.
  System.getProperties().put("proxyHost", getProxyHost());
  System.getProperties().put("proxyPort", getProxyPort());You should be setting socks.proxyHost and socks.proxyPort here.
  System.setProperty("java.net.socks.username", getSOCKSUsername());
  System.setProperty("java.net.socks.password", getSOCKSPassword());
  Authenticator.setDefault(new ProxyAuth(getSOCKSUsername(), getSOCKSPassword()));You either need the first two lines or the third, not both. See the last link posted above.
  1. After I set the value, I connect internet by proxy, how the proxy server knows the values?Because Java tells it during the SOCKS handshake.
  2. In my app, I just set the values in the system properties, then JVM does remaining work? Remaining work is not concerned?Should be OK unless you have to connect to a different SOCKS proxy from the same JVM, but that kind of thing is problematic anyway due to the curious Authenticator design which is set globally, not per connection as you might expect.

• WLC 5500 and ISE

  Hello,
  I am going to deploy Cisco ISE with WLC 5500. I have two kinds of users one for which I want to deploy just open access Wi-Fi network, without working with Cisco ISE and Second group of Users for which I want to deploy Cisco ISE services like advanced authentication, posture and profiling. For both users I have just one WLC. Is there any problem to just deploy two SSID one for open access (without Cisco ISE) and second Secure with Cisco ISE ?

  Thank you for helping.
  I have read your proposed document, but didn't understand details beside SNMP probes.
  The reason I don't want to enable ISE authentication/profiling and posture for guest is that I don't have enough licenses for all guests. I am planning to create separate SSID for guest which will have just open “authentication” without any key or ISE. In this case why ISE will profile guest users, it even doesn’t be associated with this WLAN profile?

• How does WLC prevent layer 2 loops between mesh and different wired networks

  hi all,
  i have a question in regards to layer 2 loops. in my network i have clients devices moving between 2 separated mesh networks. from WLC prespective, the mac addresses should've moved between multiple bridge group and wired network.
  can someone please enlighten me how WLC prevent layer 2 loops?
  i understand spanning tree in the wired network, but WLC is not using SPT in mesh
  thank you

  Thanks for your help! This really helps a lot! We actually only want to replace the autonmous access point with the controller solution and make one WLAN available at another site. From what I can see, this is possible with our current solution - we just need to switch from Layer 2 to Layer 3 and purchase the corresponding amount of supported Access Points (I think we should be able to get some refurbished ones).
  Am I correct in assuming that the Access Points we want to replace (AIR-AP1230B-E-K9 with 802.11b radio only) cannot be upgraded to lightweight ones? Since if I understood document http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html correctly, this is not possible with access points that only have 802.11b radios.
  Regarding the switch from Layer 2 to Layer 3: Do we really only need to perform the steps I described in my first post?
  And one last question regarding REAP. As far as I understood this is only needed when local traffic needs to be maintained in case the connection to the WLC becomes unavailable. So we really don't need it if we want to access resources that are only available over the WLC?
  Thanks again for your help!
  Michael

• Wlc 5500 authentication timeout

  I have a WLC 5500 controller. I have two WLANS (OBSD-Internal and OBSD-BYOD). I have authentication setup to the WLC for the BYOD WLAN using LDAP (users connect with an AD user account). They are required to re authenticate every few minutes. This only happens on the BYOD WLAN (not Internal)                  

  Scott-
  Here are the results of the sho WLAN cmd:
  (Cisco Controller) >show wlan 3
  WLAN Identifier.................................. 3
  Profile Name..................................... OBSD BYOD
  Network Name (SSID).............................. OBSD-BYOD
  Status........................................... Enabled
  MAC Filtering.................................... Disabled
  Broadcast SSID................................... Enabled
  AAA Policy Override.............................. Disabled
  Network Admission Control
    Radius-NAC State............................... Disabled
    SNMP-NAC State................................. Disabled
    Quarantine VLAN................................ 0
  Maximum number of Associated Clients............. 0
  Number of Active Clients......................... 25
  Exclusionlist Timeout............................ 60 seconds
  Session Timeout.................................. Infinity
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ g9c-guest
  Multicast Interface.............................. Not Configured
  --More-- or (q)uit
  WLAN ACL......................................... Guest WiFi Internet Only
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  Static IP client tunneling....................... Disabled
  Quality of Service............................... Silver (best effort)
  Scan Defer Priority.............................. 4,5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  WMM UAPSD Compliant Client Support............... Disabled
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  Passive Client Feature........................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
     Authentication................................ Global Servers
  --More-- or (q)uit
     Accounting.................................... Global Servers
     Dynamic Interface............................. Disabled
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Disabled
     CKIP ......................................... Disabled
     Web Based Authentication...................... Enabled
  ACL............................................. Web Auth
  Web Authentication server precedence:
  1............................................... local
  2............................................... radius
  3............................................... ldap
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     H-REAP Local Switching........................ Disabled
     H-REAP Local Authentication................... Disabled
     H-REAP Learn IP Address....................... Enabled
  --More-- or (q)uit
     Client MFP.................................... Optional but inactive (WPA2 not configured)
     Tkip MIC Countermeasure Hold-down Timer....... 60
  Call Snooping.................................... Disabled
  Roamed Call Re-Anchor Policy..................... Disabled
  SIP CAC Fail Send-486-Busy Policy................ Enabled
  SIP CAC Fail Send Dis-Association Policy......... Disabled
  Band Select...................................... Disabled
  Load Balancing................................... Disabled
  Mobility Anchor List
  WLAN ID     IP Address            Status

• WLC 5500

  Dear All,
  i have WLC 5500 with 50 AP Base license with LAP 3500i APs,
  so, do i need license for the WLC to work with the cleanair technology even it software ver 7  ?????
  and also i have WCS with base license so do i need a license also for the WCS to work with clean air technology????
  thanks
  Ahmed

  You do not need extra license for either WLC or WCS to work with cleanair. But if you buy 10 AP pack 3500 APs, you will get WCS Plus upgrade license (for 100 APs) for free.
  More info can be found here:
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10981/qa_c67-604158.html
  zhenning

• WLC 5500 with multiple APs

  We have a WLC 5500 apliance, but i have a problem, the APs have a administrative IP in a diferent segment, only conected to WLC the AP have same segment of the management interface, the 5500 don´t have APmanager interface.
  How configurate the WLC to conected and administrate all AP with different segment IP
  Product Version.................................. 6.0.182.0
  chasis:        AIR-CT5508-K9

  You may check this article about the discovery process:
  http://tiny.cc/lqu1zw
  Now, with what Steve above is trying to say is that with 5508 the management interface itself is the AP manager interface (by default). so, management and ap-manager interfaces are merged into one interface with same IP address. You can change this behavior but this is the default.
  The article will tell you what mechanisms can be used to direct the APs to join the WLC even if they are on different subnet.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• WLC 5500 Bonjour issue

  Hi,
  I have a WLC 5500 with image 7.0.98, and I can not use bonjour services.
  My broadcast and multicast are enabled.
  Ethernet Multicast Forwarding............... Enable
  Ethernet Broadcast Forwarding............... Enable
  AP Multicast/Broadcast Mode................. Multicast   Address : 235.0.0.1
  IGMP snooping............................... Enabled
  the only thing that makes me crazy, is that I am migrating from all the network 3com, to CISCO, now all my switches, and routers are Cisco, my new wlan is CISCO, but for some reasons I have to use for a while the old wireless 3com infraestructure, and I dont have any issue like this in 3com wireless.
  I really does not what to do.
  Any idea???

  Just curious.. Since we are using Multicast - Multicast mode..make sure the Multicast routing should be enabled on..
  >>  MGMT interface and AP manager int's int VLAN where the routing is happening
  >> VLAN on which the AP are lying
  >> VLAN on whihc the clients are on.
  Ex - If the Management and the AP manager is on VLAN 10 and AP are in VLAn 20 and CLients are on VLAN 30, then on VLANs 10, 20, 30 the multicast routing should be enabled..
  Regards
  Surendra