IPv6 OSPFv3 authentication (MD5) not working

Similar Messages

• MAC Authentication does not work

  My MAC Authentication does not work.
  I have a ACS 3.0 server set. the MAC address is set in the user name field and in the password field.
  I can ping the ACS, I can ping my AP, I can ping my client.
  I don't want WEP and I don't want LEAP just MAC. So I set my authentication to "Open with MAC" My client has WEP set to NO WEP and authentication to OPEN
  I have the latest drivers for both AP and my 350 Client.
  I see that the client is associating and disassociating back and forth non stop. My AP log is full with the following message:
  Station 0009.7c9f.xxxx Authentication failed
  this is my config:
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname GOM_1200IOS
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  server 10.1.2.197 auth-port 1812 acct-port 1812
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa group server radius wlccp_rad_infra
  aaa group server radius wlccp_rad_eap
  aaa group server radius wlccp_rad_leap
  aaa group server radius wlccp_rad_mac
  aaa group server radius wlccp_rad_any
  aaa group server radius wlccp_rad_acct
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authentication login wlccp_infra group wlccp_rad_infra
  aaa authentication login wlccp_eap_client group wlccp_rad_eap
  aaa authentication login wlccp_leap_client group wlccp_rad_leap
  aaa authentication login wlccp_mac_client group wlccp_rad_mac
  aaa authentication login wlccp_any_client group wlccp_rad_any
  aaa authorization exec default local
  aaa authorization ipmobile default group rad_pmip
  aaa accounting network acct_methods start-stop group rad_acct
  aaa accounting network wlccp_acct_client start-stop group wlccp_rad_acct
  aaa session-id common
  enable secret xxxxxx
  username Cisco password xxxx
  ip subnet-zero
  iapp standby timeout 5
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption key 1 size 40bit 7 9DF1C10BF11A transmit-key
  ssid GOM_1230
  authentication open mac-address mac_methods
  speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
  rts threshold 2312
  channel 2462
  station-role root
  no cdp enable
  dot1x reauth-period server
  dot1x client-timeout 600
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no cdp enable
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 172.16.43.45 255.255.240.0
  no ip route-cache
  ip default-gateway 172.16.47.254
  ip http server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
  ip radius source-interface BVI1
  access-list 700 permit 000a.b74c.e8c9 0000.0000.0000
  access-list 700 permit 0009.7c9f.d6e0 0000.0000.0000
  access-list 700 permit 0006.25b1.2f79 0000.0000.0000
  access-list 700 permit 000a.b78b.2d19 0000.0000.0000
  access-list 700 permit 000b.5f6e.77c8 0000.0000.0000
  access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
  access-list 701 deny 000b.5f6e.77c8 0000.0000.0000
  access-list 701 permit 0000.0000.0000 ffff.ffff.ffff
  no cdp run
  snmp-server community GOM_AP1230 RO
  snmp-server enable traps tty
  radius-server local
  group AP1230
  user brazil nthash 7 1249523544595F517972017912677A3055325A25770B08770D5C5B4E4478087605 group AP1230
  radius-server host 10.1.2.197 auth-port 1812 acct-port 1812 key 7 00233C2B
  radius-server retransmit 3
  radius-server attribute 32 include-in-access-req format %h
  radius-server authorization permit missing Service-Type
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 5 15
  end
  What is wrong?
  Thanks very much for your help.

  I figured out what was wrong so thank you for stopping by.
  I will publish the config for other people to see.
  Regards,

• NGS Sponsors authentication does not work in case user has non-English character in his password

  Hi,
  we are using the NAC Guest Server v 2.0.1 and have Sponsors authentication done through Radius servers. Radius servers are Microsoft IAS using AD.
  Sponsors user authentication works okay in case user's password includes English characters, but does not work in case an user uses national characters like for example Umlauts in German.
  On Radius server I can see these error messages:
  User XXXX was denied access.
  Reason = Authentication was not successful because an unknown user name or incorrect password was used.
  As soon as an user changes his password and uses English characters only, it resolves.
  I guess this might be that NGS uses different coding while sending a password to Radius server, but not sure.
  Appreciate if anyone knows a root cause and what could be a workaround. Unfortunately our AD policy allows users to use national characters and we can hardly change it. So a change on NGS or Radius side would be more viable.
  Many thanks for your help.

  A case has been opened at Cisco and it is now quite clear that it is a problem with coding.
  According to Cisco development team NGS uses UTF-8 coding to send the password, of course encrypted, to the Radius server. This cannot be changed within NGS. We use Radius Microsoft IAS Version 5.2.3790.3959 running on VMWare Windows 2003 SP2. More tests are scheduled to be performed.

• Authentication function not working in APEX but works in pl/sql

  Greetings, Jim here.
  I have written a very simple authentication funtion which uses the dbms_ldap package to authenticate using the userid and password from the login page.
  I've tested this function thru pl/sql and it returns true and false accordingly.
  I've created a custom authentication schema and in the authentication function I have return myfunction;
  The problem is, when called thru APEX, it appears to always return true and lets the login proceed, even if the password is correct. I know its using the function due to the fact that if I enter a bogus function as the authentication function, APEX spits up a message saying so.
  So, I know the function works, but I don't know why it does not work with APEX. Posting function below.
  CREATE OR REPLACE FUNCTION ODBS.CUSTAPEXLOGIN (p_username IN VARCHAR2,p_password IN VARCHAR2)
  RETURN BOOLEAN AS
  retval PLS_INTEGER;
  emp_session DBMS_LDAP.session;
  ldap_host VARCHAR2(256);
  ldap_port VARCHAR2(256);
  ldap_user VARCHAR2(256);
  ldap_passwd VARCHAR2(256);
  ldap_base VARCHAR2(256);
  BEGIN
  ldap_host := 'oraldap';
  ldap_port := '389';
  ldap_user := p_username;
  ldap_passwd := p_password;
  ldap_base := 'cn=users,dc=company,dc=com';
  emp_session := DBMS_LDAP.init(ldap_host,ldap_port);
  retval := DBMS_LDAP.simple_bind_s(emp_session,('cn=' || ldap_user || ',' || ldap_base),ldap_passwd);
  if retval = 0 then
  return true;
  else
  return false;
  end if;
  EXCEPTION
  WHEN OTHERS THEN
  begin
  if sqlcode = -31202 then
  return false;
  end if;
  end;
  END;
  /

  Hi Jim,
  Can you clarify this -
  The problem is, when called thru APEX, it appears to always return true and lets the login >proceed, even if the password is correctThat implies you're saying your authentication function ALWAYS returns true? Is that correct? Also 'even if the password is correct' doesn't read correctly to me, did you mean 'even if the password is incorrect'?
  You then say -
  now the function works, but I don't know why it does not work with APEX.So by 'does not work' you mean in APEX it is always returning true therefore allowing you to login regardless of the username/password you use? Is that correct?

• Client Authentication is not working

  Hi all..
  I have developed a web service with server and client authentication.. I had configured OC4J 10g successfully for client authentication but the problem is: I can NOT access the webservice from the browser the server says: no_certificate. the stub client works properly. I tried to install the certificate into IE explorer but it is not working. please help me ... Thanks in advance
  Khaled

  Hi
  How did you implement your solution to work with a client? I'm trying to authenticate users that try to access a webservice with basic authentication but I can't seem to make it work...
  Thanks in advanced
  Vitor

• CE7305 - Transparent mode authentication does not work.

  Hi,
  I’m doing a trial content engine 7305 for my customer. Everything worked well so far with the box except with the authentication feature.
  Authentication work well on proxy mode but when I turned it on with transparent mode it does not work. My customer is using LDAP for user authentication.
  I suspect there is something that I did not turn on in the configuration.
  Attached herewith is the show tech of the Cisco 7305 content engine.
  Please advise!
  Thanks in advance,
  Raymond Hew

  Hi Zach,
  My customer is using Novell LDAP.
  Right at the moment the CE is already working with the auth. after rebooted the CE 7305. Just can't explain why but it works after rebooting.
  Thanks for your fast respond.
  Best regards,
  Raymond Hew

• Pl/sql Custom Authentication is not working. DADs.conf is fine.

  Hi All,
  We have configured authentication mode to customowa in the dads.conf. same configuration is working in one instance, while it is not working on other instance.
  Please advice me to find the solution.
  Error message from the error_log is as follows.
  mod_plsql: /imguat/mvt_cover_page.Instructions HTTP-403 ORA-0
  Enabled the debug on in plsql.conf
  the log file shows the following information.
  if (owa_custom.authorize = TRUE) then
  :authorized := 'yes';
  else
  :authorized := 'no';
  end if;
  :realm := owa.protection_realm;
  end; successfully executed
  <835614824 ms>(wpca.c,389) wpcaexe: function owa_custom.authorize returned no
  <835614824 ms>(wpca.c,391) wpcaexe: Auth Realm set to
  <835614824 ms>(wpcs.c, 77) Executed 'begin dbms_session.reset_package; end;' (rc=0)
  <835614824 ms>(wpca.c,215) wpcauth: authorize returned 0
  <835614824 ms>Custom auth failed without setting realm
  <835614824 ms>/imguat/MVT_Web_Style.Style2 HTTP-403 ORA-0
  Your help is highly appreciated.
  Regards
  Jaani.

  Hi All,
  We have configured authentication mode to customowa in the dads.conf. same configuration is working in one instance, while it is not working on other instance.
  Please advice me to find the solution.
  Error message from the error_log is as follows.
  mod_plsql: /imguat/mvt_cover_page.Instructions HTTP-403 ORA-0
  Enabled the debug on in plsql.conf
  the log file shows the following information.
  if (owa_custom.authorize = TRUE) then
  :authorized := 'yes';
  else
  :authorized := 'no';
  end if;
  :realm := owa.protection_realm;
  end; successfully executed
  <835614824 ms>(wpca.c,389) wpcaexe: function owa_custom.authorize returned no
  <835614824 ms>(wpca.c,391) wpcaexe: Auth Realm set to
  <835614824 ms>(wpcs.c, 77) Executed 'begin dbms_session.reset_package; end;' (rc=0)
  <835614824 ms>(wpca.c,215) wpcauth: authorize returned 0
  <835614824 ms>Custom auth failed without setting realm
  <835614824 ms>/imguat/MVT_Web_Style.Style2 HTTP-403 ORA-0
  Your help is highly appreciated.
  Regards
  Jaani.

• IP Address Changed on my AD - Now Authentication is not Working

  I got a new service provider for my home network, and as a result their router provided a new set of IP addresses. My home network is supported by an OD running on Mac OS X Server v 10.4.11. The laptops in the house seem to be OK, but my main machine (Mac Pro) and two others can no longer authenticate, and therefore cannot be used by anyone but their local admin accounts. All of my user info came from the OD. I went through the process of changing the DNS services on the Mac Server, and it seems to be working properly. And I have removed the old LDAP Path on the client computers, and re-initiated it. But I'm not having any success. I'm guessing that the problem may be in the actual data stored in the LDAP database (since I would likely now have a new Kerberos key, but am reluctant to attempt to recreate it, for fear of losing access to critical data under my regular login accounts.
  Can anyone point me to some documentation on how to handle a change of IP address on a Mac OS X server (which is my only server on this network).? I have obviously missed something - either on the server - or on the clients - or both.
  Thanks,
  C.

  1. There are No Tickers Available (I assume that any previous ones were wiped, when I removed and then re-created the client's directory entry through the Directory Utility.)
  The tickets will be generated the first time that you login to an OD server that has Kerberized services and will be used to access all services on the server that require authentication, if so configured, and will remain until you logout or the ticket expires. If you login to a client Mac as a local user and connect to the server as described previously, do you get the Kerberos login dialog, which will have the realm listed, or the standard login dialog?
  2. When I try to create a new ticket, I get the dialog box, but cannot continue because the drop down for the REALM is blank.
  The realm would be something on the order of, YOURSERVER.YOURDOMAIN.TLD. If the realm is not showing in Kerberos.app, then the client is not bound -or is incorrectly bound- to the server. Check your Server Admin app to see if Kerberos is running or not. Highlight the 'Open Directory' item under your server -it should show on the right as 'Running' or 'Stopped'.

• Client Authentication certificate not working in ADFS3.0

  Hi,
  I am currently working on integrating ADFS 3.o for Single Sign On to some 3rd party services along with PKI solution. The basic requirement is that I should be able to choose client authentication certificate as an authentication method in ADFS and then
  federate user credentials to 3rd party trust for single-sign-on.
  I had done this successfully with ADFS 2.0 and that setup is working fine. I have the setup as ADFS 3.0 client authentication method enabled. When I open browser to logon, the ADFS 3.0 page displays a message as "Select a certificate that you want to
  use for authentication. If you cancel the operation, please close your browser and try again." but the certificates are not displayed for selection.
  The certificates are valid and have valid chaining to CA. Could someone help me resolve this issue?
  Thanks!
  -Chinmaya Karve

  I am also having this problem where the certificate dialog (Windows Security is usually the title) is never prompted to the user. I tried it on several computers which are all part of the domain. The same computers can also login on another ADFS, so I have
  working certificates.
  I just get a page where a text says I should select a certificate but I never get the dialog to do so.
  Any updates on this issue?

• Monitor OSPFv3 via SNMP not working - Is OSPFv3 MIB supported?

  I need to be able to query the OSPFv3-MIB via SNMP to track the status of OSPFv3.
  I have setup a 3945 router in a test lab network and I have configured it in an Ipv6 network with OSPFv3.  The router has an active OSPFv3 neighbor and I can use that neighbor to send/receive data (the routing is working fine).  However, when I walk the SNMP MIBs I don't get a response for the OSPFv3-MIB.  According to the Cisco SNMP Object Navigator this MIB should be located at 1.3.6.1.3.102.*.  Below is an example trying to query a particular OID from the OSPFv3 MIB.
  C:\>snmpwalk -v 2c -c public 197.16.18.1 1.3.6.1.3.102.1.5.1.8
  SNMPv2-SMI::experimental.102.1.5.1.8 = No Such Object available on this agent at  this OID
  I can walk other parts of the MIB (For example the OSPFv2 MIB) and get responses, so I know the router has SNMP turned on.
  Looking at the Cisco IOS Mib Locator tool (http://tools.cisco.com/ITDIT/MIBS/MainServlet?IMAGE_NAME=c3900-universalk9-mz.SPA.152-4.M3.bin) for the current software version I am running (c3900-universalk9-mz.SPA.152-4.M3.bin) on a 3945 router it claims that the OSPFv3 MIB is supported in this image.  
  Maybe I need to configure something else?  Maybe my SW doesn't really support this MIB?  Could it be that I have to query the router over Ipv6 to get the OSPFv3-MIB (I have only been trying Ipv4)?

  Hi ,
  As Vinod suggested , you need to configure the "SNMP CONTEXT"
  Configure:
  ==========
  Basic configuration consists of 4 steps:
  Configure mapping between VRF name and SNMP context :
  snmp-server vrf <vrf_1> context <context_1>
  Create community string corresponding to the VRF :
  snmp-server community <vrf_1> RW
  Define context string
  snmp-server context <context_1>
  Configure mapping between context and community:
  snmp-server community-map <vrf_1> context <context_1>
  (optional) Configure snmp server traps for this VRF community
  snmp-server host <IP> traps version 2c <vrf_1>
  For e.g:
  snmp-server vrf miki
  context miki_bgp
  snmp-server community miki RW
  snmp-server context miki_bgp
  snmp-server community-map miki context miki_bgp
  Hope it will help
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• RV220W 1.0.6.6 IPv6 Tunnelbroker tunnel is not working

  With firmware 1.0.4.17 I have had our IPv6 tunnel working fine for a couple of years but it does not seem to work after upgrading to firmware 1.0.6.6
  I have followed the instructions in  43132-Connecting_RV220W_to_an_IPv6_Tunnel_broker.pdf to no avail.
  Has anybody been able to run an IPv6 6in4 tunnel with a firmware later than 1.0.4.17 and if yes, how ?
  This is also a question to Cisco

  I don't recall on which firmware version I set up the tunnel, but anyway I have fallen back to 1.0.4.17 with a factory reset.
  It may be important to follow the instructions in https://supportforums.cisco.com/sites/default/files/legacy/2/3/1/43132-Connecting_RV220W_to_an_IPv6_Tunnel_broker.pdf in the proper sequence.
  Pay attention to the two entries (different types) in the Advertisement Prefixes section.
  In the Tunneling section your tunnelbroker IP-adress will not show up in the IPv6 Tunnel Status Table. I have enabled and entered the Remote End Point IPv4 Address.

• BPELConsole Authentication is not working. Can't log in to BPEL Console

  I have installed the SOA Suite 10.1.3.10 which I have downloaded from OTN. I have selected the Standard Install and the installation was successful. I can start the SOA Suite without any problem. I can access the Oracle Application Server 10g Release 10.1.3.10 page.
  But when I click the BPEL Console (or any other link such as ESB Console) link from the right it opens a new window asking me to enter the username and password.
  After entering the username as oc4jadmin and the correct password which was specified as part of the installation, nothing happens and the Username/Password screen is displayed again without any error message. I have tried entering the username/password combination for more than 5 times and nothing happens. It appears that the web page is not communicating to the authentication server. Otherwise it should display an error if the password or username is not valid.
  I have checked the log files and can't find anything wrong. I have even disabled the firewall, but still get the same problem. I'm using Windows XP professional on a HP notebook which has 2GB RAM.
  I have re-installed the product three times and the same problem exists.
  Any help or ideas would be appreciated.
  Thanks
  Maha

  I think the problem could be linked to the computer name. If I start the OAS Welcome page using localhost ie., http://localhost:8888 and click the BPELConsole then the URL shows http://localhost:8888/BPELConsole. With this, the username/password works.
  In one of the old posts in the forum the people have complained that having an underscore in the computer name ie., xxx_yyy causes this problem. I haven't tried chaging the computer name, but the localhost works.
  All the controls are working with localhost, but I have issues with the "Application Server Control". After accepting the oc4jadmin/<password> it comes up with an error asking me to "Supply Administration Credentials". The screen shows the username/password fields with the "Store Credentials" button. It also states that I have logged in as "oc4jadmin". The error message is shown below.
  ++++++++
  This OC4J is configured to make JMX connections via RMIS and fall back to RMI if the RMIS port is not configured. The RMIS connection on the OC4J instance home on Application Server shara.SHARA_HP is configured but a connection could not be established. The JMX protocol is specified by the oracle.oc4j.jmx.internal.connection.protocol property in opmn.xml
  +++++
  I don't know whether I need to set the URL to localhost in any of the config files.
  Has any one encountered this issue?
  I will check search the forum and then post a new message for this issue.
  Thanks for all the responses for the original problem.

• Roles authenticed externally not working

  i have created a role OPS$dummy which is authenticated externally..
  i have also set the initialization paramters os_roles and remote_os_roles to true
  but now when i manually try to set the role at the client side it says
  ora 01989 role ops$dummy not authorized by operating system.
  please guys can you just guide to solve this problem...

  oracle linux 5... any how got the solution... i created groups on teh server and then added the users to that... it worked..
  can this os_authent_prefix value be added to the name of the role at the beggining...

• Web Service Call with Basic Authentication does not work

  If I try to use Basic Authentication in my Web Service Client with the automatically created methods
  setUsername(inUserName)
  setPassword(inPassword)
  setAddress(inAddress)
  the application does not make a call. Did I forget something?
  Is it possible to use "Test Method" with Basic Authentication?
  Thank you.

  Thank you for your answer.
  But: I already read this article. And it doesn't help me.
  I use the following code:
              getMyServiceClient1().setUsername(inUserName);
              getMyServiceClient1().setPassword(inPassword);With this code I always get a java.lang.NullPointerException.
  The methods setUsername and setPassword are definded as follows:
  public void setUsername(String inUserName) {
          myStub._setProperty(Stub.USERNAME_PROPERTY, inUserName);
    public void setPassword(String inPassword) {
          myStub._setProperty(Stub.PASSWORD_PROPERTY, inPassword);
    }But if I look at the methods which are generated automatically by Sun Java Studio Creator I cannot find _setProperty.
  I also found this thread in your forum:
  http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54773

• Cisco Wireless AP 2602 - Web Authentication/Pass NOT working?

  Product/Model                                       Number:
  AIR-CAP2602E-A-K9
  Top                                       Assembly Serial Number:
  System                                       Software Filename:
  ap3g2-k9w7-xx.152-4.JB3a
  System                                       Software Version:
  15.2(4)JB3a
  Bootloader                                       Version:
  BOOTLDR: C2600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
  When "Web Authentication/Pass" option checked, it is totally unaccessible to internal or external network, any clue/advice?
  Thanks in advance.

  Thanks, seems I missed the RADIUS part; after I done that it's still no luck, here are some tech support info, are you able to help?
  ------------------ show version ------------------
  Cisco IOS Software, C2600 Software (AP3G2-K9W7-M), Version 15.2(4)JB3a, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Mon 23-Dec-13 08:11 by prod_rel_team
  ROM: Bootstrap program is C2600 boot loader
  BOOTLDR: C2600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
  WuGa-CiscoAP uptime is 3 days, 19 minutes
  System returned to ROM by power-on
  System restarted at 23:18:39 +0800 Mon Feb 10 2014
  System image file is "flash:/ap3g2-k9w7-mx.152-4.JB3a/ap3g2-k9w7-xx.152-4.JB3a"
  Last reload reason:
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-SAP2602E-A-K9 (PowerPC) processor (revision A0) with 204790K/57344K bytes of memory.
  Processor board ID FGL1650Z5X3
  PowerPC CPU at 800Mhz, revision number 0x2151
  Last reset from power-on
  1 Gigabit Ethernet interface
  2 802.11 Radios
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: E0:2F:6D:A3:4D:0B
  Part Number                          : 73-14511-02
  PCA Assembly Number                  : 800-37898-01
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC164889AN
  Top Assembly Part Number             : 800-38357-01
  Top Assembly Serial Number           : FGL1650Z5X3
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-CAP2602E-A-K9  
  Configuration register is 0xF
  ------------------ show running-config ------------------
  Building configuration...
  Current configuration : 5276 bytes
  ! Last configuration change at 23:36:14 +0800 Thu Feb 13 2014
  ! NVRAM config last updated at 23:36:14 +0800 Thu Feb 13 2014
  ! NVRAM config last updated at 23:36:14 +0800 Thu Feb 13 2014
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  hostname WuGa-CiscoAP
  logging rate-limit console 9
  enable secret 5
  aaa new-model
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login webauth group radius
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authentication login web_list group radius
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone +0800 8 0
  no ip cef
  ip admission name webpass consent
  ip admission name webauth proxy http
  ip admission name webauth method-list authentication web_list
  ip admission name web_auth proxy http
  ip admission name web_auth method-list authentication web_list
  ip admission name web-auth proxy http
  ip admission name web-auth method-list authentication web_list
  ip name-server 8.8.8.8
  dot11 syslog
  dot11 vlan-name GuestVLAN vlan 2
  dot11 vlan-name InternalVLAN vlan 1
  dot11 ssid Guest
     vlan 2
     web-auth
     authentication open
     mbssid guest-mode
  dot11 ssid WuGa-6
     vlan 1
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 0211115C0A555C721F1D5A4A5644
  dot11 ssid WuGa-60
     vlan 1
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 7 03084C070900721F1D5A4A56444158
  dot11 guest
    username wuga lifetime 360 password 7 030D5704100A36594908
  username Cisco privilege 15 password 7
  bridge irb
  interface Dot11Radio0
  no ip address
  encryption mode ciphers aes-ccm
  encryption vlan 1 mode ciphers aes-ccm
  ssid Guest
  ssid WuGa-6
  antenna gain 2
  stbc
  mbssid
  speed  basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
  channel 2452
  station-role root
  dot11 dot11r pre-authentication over-air
  dot11 dot11r reassociation-time value 500
  ip admission web-auth
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Dot11Radio0.2
  encapsulation dot1Q 2
  bridge-group 2
  bridge-group 2 subscriber-loop-control
  bridge-group 2 spanning-disabled
  bridge-group 2 block-unknown-source
  no bridge-group 2 source-learning
  no bridge-group 2 unicast-flooding
  ip admission webauth
  interface Dot11Radio1
  no ip address
  encryption mode ciphers aes-ccm
  encryption vlan 1 mode ciphers aes-ccm
  ssid WuGa-60
  antenna gain 4
  peakdetect
  no dfs band block
  stbc
  speed  basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
  power local 5
  channel width 40-above
  channel dfs
  station-role root
  dot11 dot11r pre-authentication over-air
  dot11 dot11r reassociation-time value 500
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface GigabitEthernet0
  no ip address
  duplex auto
  speed 1000
  interface GigabitEthernet0.1
  encapsulation dot1Q 1 native
  bridge-group 1
  bridge-group 1 spanning-disabled
  no bridge-group 1 source-learning
  interface GigabitEthernet0.2
  encapsulation dot1Q 2
  bridge-group 2
  bridge-group 2 spanning-disabled
  no bridge-group 2 source-learning
  interface BVI1
  ip address 192.168.133.213 255.255.255.0
  ip default-gateway 192.168.133.200
  ip forward-protocol nd
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip route 0.0.0.0 0.0.0.0 192.168.133.200
  ip radius source-interface BVI1
  ip access-list extended ALL
  permit ip any host 0.0.0.0
  permit ip any any
  permit ip 0.0.0.0 255.255.255.0 any
  ip access-list extended All
  permit tcp any any established
  permit tcp any any eq www
  permit ip any any
  radius-server local
    nas 192.168.133.213 key 7 070C285F4D06
  radius-server attribute 32 include-in-access-req format %h
  radius-server vsa send accounting
  radius server 192.168.10.2
  address ipv4 192.168.10.2 auth-port 1812 acct-port 1646
  radius server local
  address ipv4 192.168.133.213 auth-port 1812 acct-port 1813
  key 7
  bridge 1 route ip
  line con 0
  terminal-type teletype
  line vty 0 4
  terminal-type teletype
  transport input all
  sntp server 128.138.141.172
  sntp broadcast client
  end