ISE 1.2 Guest Wireless Authentication
Hello, I need to somehow tie a guest user mac-address down to either an email address (first choice) or telehone number. What I would like to do is have a guest user redirect to a portal where they input their name and email address. They are then given say 5 minutes to retrieve a password that has been sent to them, they reauthenticate, and that way I can tie the email to the mac-address. Can the forum suggest any other ways of achieving this? I an open to all ideas!
TIA
xmal
you cannot tie guest mac-address with email address as of now in 1.2 but you have a option to restrict by limiting guests’ ability to create their own accounts based on their email domain
Similar Messages
-
Slow website responses from flash intensive sites on guest wireless
We are in the process of implementing Cisco ISE along with guest wireless. The guests are pulling their addresses from a WLCE 5508. Their DNS is coming from external servers, i.e. google dns. When we log on a tablet, phone or laptop to the guest wifi we are redirected to the auth page and then are allowed to surf.
The issue is that going to flash intensive sites such as www.cnn.com, www.espn.com, etc. the pages take 30 seconds to a minute to load, it's not a gradual load it loads all at once. If I goto a site such as google.com, cisco.com the page loads immediately. Speed tests show that we have plenty of bandwidth. It reminds me of an MTU issue I used to see on Cisco 1700 routers. If I changed the pc mtu the problem would go away.
Any ideas? Thanks in advance!I have a few clients that anchor guest traffic from their remote site all over the USA back to one of their DC. I haven't heard any complaints or concerns from them. The links vary in bandwidth. The only thing is different than what you have is that they are not using the anchor WLC as a dhcp. I have had many issues in the past using the WLC in large environments that I don't recommend it. Many of my customer also have redundant guest anchors but only a few would have a dedicated internet for guest. The others share the same internet pipe.
Sent from Cisco Technical Support iPhone App -
Guest Wireless Cisco ISE 1.3
I am setting up guest wireless in my enterprise using Cisco ISE 1.3.
I have set up Authorization profiles and Authentication conditions for Guest Wireless. I am however not sure of the Authentication results (the allowed protocol section). Since I want to give Guests INTERNET-ONLY access, I have configured WLC with a ACL and tied that ACL-name to ISE. However, when it comes to Authentication results à Allowed protocols, I am unsure of what to include. For instance, I have created an allowed protocol named ‘Wireless_Access’, screenshot attached below..
Please let me know what options have to be checked to suit a guest environment. Any help would be much appreciated.. thanks!Hi,
Below you can find a configuration example for guest access using ISE1.3.
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
Hope this helps.
Regards -
ISE Custom AUP for Guest Wireless
Hi All,
I am trying to setup Guest wireless using Cisco ISE for the first time. Under Multi-Portal Configurations, i was hoping to be able to edit the DefaultGuestPortal profile so that I could change the wording of the AUP from Cisco's Blurb. Can anyone point me in the direction where I can do this? The only alternative I can see is to create a new portal from scratch.
Cheers
BrianMultiPortal Configurations
Cisco ISE provides you with the ability to host multiple guest portals in the Cisco ISE server. The Guest user portal has a default Cisco look and feel. These pages are dynamically generated to offer portal features such as change password and self-registration in the Login Screen.
You can use the Multi-portal configuration to upload set of GUI pages specific to your organization to handle the Login, AUP, Change Password and Self Registration. In order to access an uploaded client portal the guest portal URL must include the name of the portal specified during the upload.
You can design and upload HTML pages to define new guest portals or replace the default guest portal. These pages must use plain HTML code and must contain form actions that point to the guest portal backend servlets. You must define separate HTML pages for login, acceptable use policy (AUP), the change-password function, and self-registration.
For Complete Configuration Guide, Please click on below link
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.pdf -
New Galaxy 5s. Trying to connect to a guest wireless that routes browser to a login screen. The wireless will not connect (gives authentication error), so will not pull up browser window. My previous Android did not have this problem (it would connect and immediately reroute to the login screeen).
Would you please try manually set the DNS address on client NIC to the IP of your server, then try run the connector again?
-
Setting up Guest wireless in ISE
I am setting up guest wireless in Cisco ISE 1.3. My question is do these guest wireless connections count to the concurrent ISE connections licensing?
Hi Abhishek,
Licenses are counted against concurrent, active sessions and hence guest users would be counted. You can also that in license consumption on ISE.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0111.html#task_DAB3467E79E84FAEB8F18B775407CB87
Regards,
Kanwal
Note: Please mark answers if they are helpful. -
ISE 1.3 laptop wireless connection issue & apple devices
hi all,
i am configuring ISE 1.3 with wireless lan controller 2504 with 7.4.121 version.
i am using EAP-tls method of authentication . my certificate server everything working fine. i have one issue which is that i am trying to connect from my laptop i am getting the following error
"The server "ISE.example.local" presented a valid certificate issued by "DC-CA", but "DC-CA" is not configured as a valid trust anchor for this profile. Further, the server "ISE.example.local" is not configured as a valid NPS server to connect to for this profile"
but still i am able to connect and my profiling is working fine, but other laptops when i try to connect i am not getting any this kind of error . it directly says connection cannot connect.
is this problem of certificate on the ISE or the laptop issue , the laptops are not in domain.
even in the apple devices also when we put AD authentication it is accepting after that when we open the browser it is not going to the guest portal it saying some apple captiva portal some thing like that.
please let me know anybody faced this issue?? what is the cause and solution.Dear, Freerk.
Thank you for your information.
I'd like to try captive bypass function then look at the traffic flow to understand very well, however, it looks like required reboot the controller.
ours is not able to do rebooting process so that, only the choice will be I must search testing result by my self... if you have a result from your lab, could you share with me?
Result message after enable captive bypassing configuration.
(Cisco Controller) config>network web-auth captive-bypass enable
Web-auth support for Captive-Bypass will be enabled.
You must reset system for this setting to take effect. -
I have setup a Sponsored Guest Wifi on a 2504 with ISE 1.3. I can create Guests, they can associate, and get re-directed to a Web Auth. It all works great.
I have a few guest types, one of which is a 5 day guest. With the 5 day guest with access hours between 8am - 6pm, I'd like to have the end user login to the network every morning. As it works now, the guest can login once during, and they are good for the entire 5 days.
I have two Auth Profiles setup. The first one is to do the CWA to get the user to sign on to the network. The 2nd Profile is to allow guest endpoints access to the network. I set the Reauthentication timer in the "Access" policy to 6000 seconds, however I am not sure that is working as expected.
Any hints on pushing Guest users back to the portal for authentication periodically?Not sure if this will apply to wireless but this is how I did it for wired devices. On my system, ISE adds the guest users mac address to the appropriate endpoint identity group based on the Guest Type profile. I setup a re-authentication timer on the Authorization Profile and created a Endpoint Purge rule to remove any devices in the endpoint identity group. This was the only thing I could think of to make sure guest users where kicked off daily and login again the next day.
-
Setting up webauth for guest wireless access
Hi there,
I'm trying to set up guest wireless access. having no experience with this at all, I'm beginning to struggle.
Equipment:
2x 3850 stacked and acting as one switch running 03.06.00E
4x 1602E AP's registered to the WLC running on the 3850
The infrastructure is sound and corporate wireless access works ok.
I need a config that allows a guest user to connect to the guest SSID, DHCP an address, then when they open a browser, they are automatically redirected to a splash screen for them to log on. Once they log on with the supplied username and password they are then forwarded to whatever site it is they wish to go to; So far my config looks like this (removed unnecessary parts for brevity);
Building configuration...
user-name test
creation-time 1414684496
privilege 0
password 7 051F031C35
type network-user description test guest-user lifetime year 0 month 0 day 0 hour 23 minute 59 second 4
aaa new-model
aaa authentication login aaa_guest_webauth local
aaa authentication login local_login local
aaa authorization exec local_authorise local
aaa authorization network guest_authorisation local
aaa authorization credential-download default local
aaa session-id common
switch 1 provision ws-c3850-24t
switch 2 provision ws-c3850-24t
service-template webauth-global-inactive
inactivity-timer 3600
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
hw-switch switch 2 logging onboard message level 3
parameter-map type webauth global
virtual-ip ipv4 1.2.3.4
parameter-map type webauth guest-webauth
type webauth
redirect on-success http://www.google.com
banner text ^CC test text test ^C
custom-page login device flash-1:login.html
custom-page failure device flash-1:failed.html
class-map match-any non-client-nrt-class
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
interface VlanXXX
description "Guest-Access-VLAN"
ip address 10.x.x.126 255.255.255.128
ip helper-address x.x.x.x
ip helper-address x.x.x.x
line vty 0 4
exec-timeout 7 0
authorization exec local_authorise
login authentication local_login
transport input ssh
line vty 5 15
exec-timeout 7 0
authorization exec local_authorise
login authentication local_login
transport input ssh
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
wireless mobility controller
wlan Wireless-Guest-Access 24 wireless-guest
client vlan Guest-Access-VLAN
ip access-group GUEST-ACCESS
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security web-auth
security web-auth authentication-list aaa_guest_webauth
security web-auth parameter-map guest-webauth
session-timeout 1800
no shutdown
ap country GB
ap group default-group
ap group BUS-AP-Group
wlan Wireless-Corporate-Access
vlan BUS-CORP-DATA-VLAN
wlan Wireless-Guest-Access
vlan Guest-Access-VLAN
end
I carried out a wireshark trace and can see the dhcp ok, then see DNS queries to the DNS name serever and the replies, followed by a TCP SYN to the resolved IP of the website requested - but that's it, there is no SYN ACK reply or redirect to the login page which i have placed on the flash and specified under 'custom-page login'
I am under the impression that the way this should work is as follows;
1. Client connects to SSID and carries out DHCP DORA and is assigned an IP address
2. open browser on client and carry out name resolution
3. once name is resolved, carry TCP three way handshake with requested site (e.g. google)
4. once three way handshake is completed client carries out an HTTP GET request
5. WLC holds the response and redirects to the login page
6. on successful login, original requested page is forwarded to client.
I can't seem to get a response - even if I remove the ACL.
Am i heading in the right direction or am I trying to achieve something which is not possible with my setup?
Cheersalso, forgot to say, make sure your files are preceeded with webauth for your html and js and web_auth for image files
38725 -rw- 4265 Nov 4 2014 12:21:28 +00:00 webauth_login.html
38726 -rw- 6937 Nov 4 2014 12:11:03 +00:00 webauth_aup.html
38727 -rw- 1356 Nov 4 2014 12:11:30 +00:00 webauth_logout.html
38728 -rw- 662 Nov 4 2014 12:11:43 +00:00 webauth_failed.html
38729 -rw- 318 Nov 4 2014 12:11:58 +00:00 webauth_loginscript.js
38731 -rw- 82940 Nov 4 2014 12:12:28 +00:00 web_auth_image.jpg
CORE-SW01#sho run | s param
parameter-map type webauth global
type webauth
virtual-ip ipv4 1.1.1.1
custom-page login device flash:webauth_login.html
custom-page failure device flash:webauth_failed.html
parameter-map type webauth guest-webauth
type webauth
custom-page login device flash:webauth_login.html
custom-page failure device flash:webauth_failed.html
security web-auth parameter-map guest-webauth
CORE-SW01# -
ISE 1.1 - 24492 Machine authentication against AD has failed
We implement Cisco ISE 802.1X and Machine Authentication With EAP-TLS.
Authentication Summary
Logged At:
March 11,2015 7:00:13.374 AM
RADIUS Status:
RADIUS Request dropped : 24492 Machine authentication against Active Directory has failed
NAS Failure:
Username:
[email protected]
MAC/IP Address:
00:26:82:F1:E6:32
Network Device:
WLC : 192.168.1.225 :
Allowed Protocol:
TDS-PEAP-TLS
Identity Store:
AD1
Authorization Profiles:
SGA Security Group:
Authentication Protocol :
EAP-TLS
Authentication Result
RadiusPacketType=Drop
AuthenticationResult=Error
Related Events
Authentication Details
Logged At:
March 11,2015 7:00:13.374 AM
Occurred At:
March 11,2015 7:00:13.374 AM
Server:
ISE-TDS
Authentication Method:
dot1x
EAP Authentication Method :
EAP-TLS
EAP Tunnel Method :
Username:
[email protected]
RADIUS Username :
host/LENOVO-PC.tdsouth.com
Calling Station ID:
00:26:82:F1:E6:32
Framed IP Address:
Use Case:
Network Device:
WLC
Network Device Groups:
Device Type#All Device Types,Location#All Locations
NAS IP Address:
192.168.1.225
NAS Identifier:
WLC-TDS
NAS Port:
4
NAS Port ID:
NAS Port Type:
Wireless - IEEE 802.11
Allowed Protocol:
TDS-PEAP-TLS
Service Type:
Framed
Identity Store:
AD1
Authorization Profiles:
Active Directory Domain:
tdsouth.com
Identity Group:
Allowed Protocol Selection Matched Rule:
TDS-WLAN-DOT1X-EAP-TLS
Identity Policy Matched Rule:
Default
Selected Identity Stores:
Authorization Policy Matched Rule:
SGA Security Group:
AAA Session ID:
ISE-TDS/215430381/40
Audit Session ID:
c0a801e10000007f54ffe828
Tunnel Details:
Cisco-AVPairs:
audit-session-id=c0a801e10000007f54ffe828
Other Attributes:
ConfigVersionId=7,Device Port=32768,DestinationPort=1812,RadiusPacketType=AccessRequest,Protocol=Radius,Framed-MTU=1300,State=37CPMSessionID=c0a801e10000007f54ffe828;30SessionID=ISE-TDS/215430381/40;,Airespace-Wlan-Id=1,CPMSessionID=c0a801e10000007f54ffe828,EndPointMACAddress=00-26-82-F1-E6-32,GroupsOrAttributesProcessFailure=true,Device Type=Device Type#All Device Types,Location=Location#All Locations,Device IP Address=192.168.1.225,Called-Station-ID=e0-d1-73-28-a7-70:TDS-Corp
Posture Status:
EPS Status:
Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
15048 Queried PIP
15048 Queried PIP
15004 Matched rule
11507 Extracted EAP-Response/Identity
12500 Prepared EAP-Request proposing EAP-TLS with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12502 Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
12800 Extracted first TLS record; TLS handshake started
12805 Extracted TLS ClientHello message
12806 Prepared TLS ServerHello message
12807 Prepared TLS Certificate message
12809 Prepared TLS CertificateRequest message
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12571 ISE will continue to CRL verification if it is configured for specific CA
12571 ISE will continue to CRL verification if it is configured for specific CA
12811 Extracted TLS Certificate message containing client certificate
12812 Extracted TLS ClientKeyExchange message
12813 Extracted TLS CertificateVerify message
12804 Extracted TLS Finished message
12801 Prepared TLS ChangeCipherSpec message
12802 Prepared TLS Finished message
12816 TLS handshake succeeded
12509 EAP-TLS full handshake finished successfully
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
Evaluating Identity Policy
15006 Matched Default Rule
24433 Looking up machine/host in Active Directory - [email protected]
24492 Machine authentication against Active Directory has failed
22059 The advanced option that is configured for process failure is used
22062 The 'Drop' advanced option is configured in case of a failed authentication request
But the user can authenticated by EAP-TLS
AAA Protocol > RADIUS Authentication Detail
RADIUS Audit Session ID :
c0a801e10000007f54ffe828
AAA session ID :
ISE-TDS/215430381/59
Date :
March 11,2015
Generated on March 11, 2015 2:48:43 PM ICT
Actions
Troubleshoot Authentication
View Diagnostic MessagesAudit Network Device Configuration
View Network Device Configuration
View Server Configuration Changes
Authentication Summary
Logged At:
March 11,2015 7:27:32.475 AM
RADIUS Status:
Authentication succeeded
NAS Failure:
Username:
[email protected]
MAC/IP Address:
00:26:82:F1:E6:32
Network Device:
WLC : 192.168.1.225 :
Allowed Protocol:
TDS-PEAP-TLS
Identity Store:
AD1
Authorization Profiles:
TDS-WLAN-PERMIT-ALL
SGA Security Group:
Authentication Protocol :
EAP-TLS
Authentication Result
[email protected]
State=ReauthSession:c0a801e10000007f54ffe828
Class=CACS:c0a801e10000007f54ffe828:ISE-TDS/215430381/59
Termination-Action=RADIUS-Request
cisco-av-pair=ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-PERMIT_ALL_TRAFFIC-508adc03
MS-MPPE-Send-Key=5a:9a:ca:b0:0b:2a:fe:7d:fc:2f:8f:d8:96:25:50:bb:c8:7d:91:ba:4c:09:63:57:3e:6e:4e:93:5d:5c:b0:5d
MS-MPPE-Recv-Key=24:fa:8d:c3:65:94:d8:29:77:aa:71:93:05:1b:0f:a5:58:f8:a2:9c:d0:0e:80:2d:b6:12:ae:c3:8c:46:22:48
Airespace-Wlan-Id=1
Related Events
Authentication Details
Logged At:
March 11,2015 7:27:32.475 AM
Occurred At:
March 11,2015 7:27:32.474 AM
Server:
ISE-TDS
Authentication Method:
dot1x
EAP Authentication Method :
EAP-TLS
EAP Tunnel Method :
Username:
[email protected]
RADIUS Username :
[email protected]
Calling Station ID:
00:26:82:F1:E6:32
Framed IP Address:
Use Case:
Network Device:
WLC
Network Device Groups:
Device Type#All Device Types,Location#All Locations
NAS IP Address:
192.168.1.225
NAS Identifier:
WLC-TDS
NAS Port:
4
NAS Port ID:
NAS Port Type:
Wireless - IEEE 802.11
Allowed Protocol:Hello,
I am analyzing your question and seeing the ISE logs i can see that the machine credentials was LENOVO-PC. Do you have shure that these credentials has in your Active Directory to validate this machine ? The machine certificate has the correct machine credentials from the domain ? The group mapped in the ISE rule has the machine inside this group ?
Differently from the user authentication that happens with success because the domain credentials can be validate from the Active Directory and get access to the network. -
Hi.
I was wondering if someone could help me with the easiest way to set up a Web Page to control Guest Wireless access on Cisco AP 1130AG.
I was using PEAP and Dot1x to Active Directory but the messing around required on some clients (namely XP and Vista) means it is not ideal for random and unexpected guests.
How can I set up an Open Authentication method (or whatever I need) that then defaults to a web page or logon page for access to the network itself? I have seen this in other companies so it must be do-able.
Just for information a standard WPA2 key for the SSID is insufficient as we want a logon page and user credentials that are changeable.
I hope someone can help.Are you using the AP with a lightweight controller, or standalone (autonomous)?
The lightweight controllers have this capability. Standalone APs do not. -
Cisco ISE AD (Windows Server 2013) Authentication Problem
Background:
Deployed two Cisco ISE 1.1.3. ISE will be used to authenticate wireless users, admin access to WLC and switches. Backend database is Microsoft AD running on Windows Server 2012. Existing Cisco ACS 4.2 still running and authenticating users. There are two Cisco WLCs version 7.2.111.3.
Wireless users authenticates to AD through ACS 4.2 works. Admin access to WLC and switches to AD through ISE works. Wireless authentication using PEAP-MSCHAPv2 and admin access wtih PAP/ASCII.
Problem:
Wireless users cannot authenticate to AD through ISE. The below is the error message "11051 RADIUS packet contains invalid state attribute" & "24444 Active Directory operation has failed because of an unspecified error in the ISE".
Conducted a detailed test of AD from ISE. The test was successful and the output seems all right except for the below:
xxdc01.xx.com (10.21.3.1)
Pinged:0 Mins Ago
State:down
xxdc02.xx.com (10.21.3.2)
Pinged:0 Mins Ago
State:down
xxdc01.xx.com
Last Success:Thu Jan 1 10:00:00 1970
Last Failure:Mon Mar 11 11:18:04 2013
Successes:0
Failures:11006
xxdc02.xx.com
Last Success:Mon Mar 11 09:43:31 2013
Last Failure:Mon Mar 11 11:18:04 2013
Successes:25
Failures:11006
Domain Controller: xxdc02.xx.com:389
Domain Controller Type: Unknown DC Functional Level: 5
Domain Name: xx.COM
IsGlobalCatalogReady: TRUE
DomainFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
ForestFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Action Taken:
Log on to Cisco ISE and WLC using AD credentials. This rules out AD connection, clock and AAA shared secret as the problem.
2) Tested wireless authentication using EAP-FAST but same problem occurs.
3) Detailed error message shows the below. This rules out any authentication and authorization polices. Before even hitting the authentication policy, the AD lookup fails.
12304 Extracted EAP-Response containing PEAP challenge-response
11808 Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - AD1
24430 Authenticating user against Active Directory
24444 Active Directory operation has failed because of an unspecified error in the ISE
4) Enabled AD debugging logging and had a look at the logging. Nothing significant and no clues to the problem.
5) Tested wireless on different laptos and mobile phones with same error
6) Delete and add again AAA Client/Devices on both Cisco ISE and WLC
7) Restarted ISE services
8) Rejoin domain on Cisco ISE
9) Checked release notes of ISE 1.1.3 and WLC 7.2.111.3 for any open caveats. Nothing found related to this problem.
10) There are two ISE and two WLC deployed. Tested different combination of ISE1 to WLC1, ISE1 to WLC2 etc. This rules out hardware issue of WLC.
Other possibilities/action:
1) Test it out on a different WLC version. Will have to wait outage approval to upgrade WLC software.
2) Incompatibility of Cisco ISE and AD running on Microsoft Windows Server 2012
Anyone out there experienced something similar of have any ideas on why this is happening?
Thanks.
Update:
1) Built another Cisco ISE 1.1.3 sever in another datacentre that uses the same domain but different domain controller. Thais domain controller is running Windows Server 2008. This works and authentication successful.
2) My colleague tested out in a lab environment of Cisco ISE 1.1.2 with Windows Server 2012. He got the same problem as described.
This leads me to think there is a compatibility issue of Cisco ISE with Windows Server 2012.Does anyone know if ISE 1.1.3 p1 supports AD DCs running 2012, if not which patch is required ot version?
Worryingly when ISE joins a 2012 DC it states it's connected successfully, and if another 2003 DC is available in that datacentre it will perform the auths against that DC whilst actually advertising (Connections in the GUI) that it's connected to the 2012 DC. We ended up mapping 8 PSN IP’s to another datacentre which has one Win2003 servers whilst the old 2003 DC is being promoted back, the 8 ISE servers started working, even though they still advertised they were connected to the 2012 DCs in the original datacentre - I performed a leave and join on one PSN and only then did it advertise that the node was connected to a DC in a different datacentre -
Guest Wireless and URL re-direct failure
Hi,
We have a successful guest wireless service with authentication via a Cisco NAC server. One MAC user is having difficulty accessing the authentication URL (https://1.1.1.1/login.html) - this is using either Safari, Firefox or Google Chrome browsers. The browsers do not automatically re-direct and when I enter the authentication URL manually, if it does appear, when entering the username/password combination, the screen just returns to the authentication URL and does not display the successful authentication sub-window.
There are no proxy settings on the browser - does anybody have any suggestions?
Many thanksWhen you say, "One MAC user" you mean every other client works except for this one MAC device? If other MAC devices work, then it must be something on the client device that is having issues. The only issue that I have ran into, is html code that might not be supported in certain browsers if you are runing a custom webauth page.
-
Guest Wireless access over WAN
Hello Everyone,
We have around 45 remote location , all are connected with GRE Tunnels.
44 location have there own WLC which are managed by NCS and ISE in HQ , All 44 location have Wireless access for Guest and INternal Staff.
Now my Question is :
One location(45th) have only 10 users and I dont want to put a WLC there.
How can I provide the Guest wireless access on this location over WAN from HQ.
We can buy APs.
Please give me some ideas to solve this problem.
Here I am attaching my default plan :
ThanksYou just configure the access point in FlexConnect mode and then on the guest SSID you would central switch the WLAN. Central switching tunnels back traffic to the WLC and local switching drops traffic off at the local site. Here are some guides to look at.
https://supportforums.cisco.com/docs/DOC-24082
http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml
Sent from Cisco Technical Support iPhone App -
Guest wireless in 7.0.98 hitting the splash page
I have set up Guest wireless before with my own customized splash screen for local authentication on version 5.xx on a 4404 controller.
I have the same task again but this time with a 2201 controller and the latest ios.
Try as hard as I can i cannot get a guest wireless user to hit the splash page where it gives the certificate warning or past that to the login box.
Is there some subtle difference in the set up with 7.0.98. I did notice that when setting up the DHCP scope for the 7.0.98 i had to use the DHCP server IP as the managment interface. On my last try with 5.x I used the 192.168.80.1 address (the guest WLAN) So there is a difference right there.
Anyway the clients get an IP address so no issue there but i cannot get the cert warning up let alone the splash page. Eveidently there is a tick box I am missing. I wouldnt mide but having done this a few times before I am really stumped. I have wiped the config and started again going through my old notes step by step plus digging out the cisco documentation.
If there any debugging I can stick on please let me know.
Thanks,
NeilThank you :-) Hopefully I have captured everything you need.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.06.27 09:22:56 =~=~=~=~=~=~=~=~=~=~=~=
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-WLC2112-K9, VID: V05, SN: JMX1520Z02W
Burned-in MAC Address............................ 64:00:F1:91:76:40
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.98.0
RTOS Version..................................... 7.0.98.0
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 7.0.98.0
Build Type....................................... DATA + WPS
System Name...................................... GB-LON-WLC1
System Location.................................. London GHO
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 10.y.y.22
System Up Time................................... 2 days 20 hrs 45 mins 31 secs
System Timezone Location.........................
Configured Country............................... GB - United Kingdom
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +48 C
--More or (q)uit current module or to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 0
Burned-in MAC Address............................ 64:00:F1:91:76:40
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. lon
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Multicast Address : 239.0.1.1
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE
1 Normal Forw Enable Auto 100 Full Up Enable N/A
2 Normal Disa Enable Auto Auto Down Enable N/A
3 Normal Disa Enable Auto Auto Down Enable N/A
4 Normal Disa Enable Auto Auto Down Enable N/A
5 Normal Disa Enable Auto Auto Down Enable N/A
6 Normal Disa Enable Auto Auto Down Enable N/A
7 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
8 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
londonap1 2 AIR-LAP1131G-E-K9 00:21:d8:48:2b:96 London GHO 1 GB 1
Press Enter to continue or to abort
AP Location
Site Name........................................ GUEST
Site Description................................. GUEST - WebAuth - London
WLAN ID Interface Network Admission Control
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 london-vlan10 Disabled
2 london-guest Disabled
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GB-LONdon 2 AIR-LAP1131G-E-K9 00:21:d8:48:2b:96 London GHO 1 GB 1
--More or (q)uit current module or to abort
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 8
Cisco AP Name.................................... Gb-london
Country code..................................... GB - United Kingdom
Regulatory Domain allowed by Country............. 802.11bg:-E 802.11a:-E
AP Country code.................................. GB - United Kingdom
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:48:2b:96
IP Address Configuration......................... DHCP
IP Address....................................... 10.y.y.12
IP NetMask....................................... 255.255.254.0
Gateway IP Addr.................................. 10.y.y.1
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Disabled
Cisco AP Location................................ London
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................ London
Primary Cisco Switch IP Address.................. 10.y.y.22
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.98.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131G-E-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FCW1244V0FQ
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 2 days, 10 h 19 m 12 s
AP LWAPP Up Time................................. 0 days, 00 h 32 m 36 s
Join Date and Time............................... Mon Jun 27 07:50:18 2011
Join Taken Time.................................. 0 days, 00 h 00 m 31 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211g
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
--More or (q)uit current module or to abort
Number Of WLANs ........................... 2
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:23:5e:4a:f9:b0
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ GB
--More or (q)uit current module or to abort
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 13
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 6
Tx Power Level 1 .......................... 14 dBm
Tx Power Level 2 .......................... 11 dBm
Tx Power Level 3 .......................... 8 dBm
Tx Power Level 4 .......................... 5 dBm
Tx Power Level 5 .......................... 2 dBm
Tx Power Level 6 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
--More or (q)uit current module or to abort
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11,12,
......................................... 13
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
--More or (q)uit current module or to abort
CleanAir Management Information
CleanAir Capable......................... No
AP does not have the 802.11a radio.
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Number Of Slots.................................. 2
AP Name.......................................... londonap1
MAC Address...................................... 00:21:d8:48:2b:96
Slot ID........................................ 0
Radio Type..................................... RADIO_TYPE_80211b/g
Sub-band Type.................................. All
Noise Information
Noise Profile................................ PASSED
Channel 1.................................... -91 dBm
Channel 2.................................... -88 dBm
Channel 3.................................... -88 dBm
Channel 4.................................... -86 dBm
Channel 5.................................... -86 dBm
Channel 6.................................... -87 dBm
Channel 7.................................... -84 dBm
Channel 8.................................... -88 dBm
Channel 9.................................... -90 dBm
Channel 10................................... -85 dBm
Channel 11................................... -83 dBm
Channel 12................................... -89 dBm
Channel 13................................... -89 dBm
Interference Information
--More or (q)uit current module or to abort
Interference Profile......................... PASSED
Channel 1.................................... -63 dBm @ 1 % busy
Channel 2.................................... -128 dBm @ 0 % busy
Channel 3.................................... -63 dBm @ 2 % busy
Channel 4.................................... -46 dBm @ 8 % busy
Channel 5.................................... -44 dBm @ 2 % busy
Channel 6.................................... -64 dBm @ 1 % busy
Channel 7.................................... -46 dBm @ 4 % busy
Channel 8.................................... -128 dBm @ 0 % busy
Channel 9.................................... -70 dBm @ 4 % busy
Channel 10................................... -128 dBm @ 0 % busy
Channel 11................................... -65 dBm @ 14 % busy
Channel 12................................... -128 dBm @ 0 % busy
Channel 13................................... -128 dBm @ 0 % busy
Load Information
Load Profile................................. PASSED
Receive Utilization.......................... 0 %
Transmit Utilization......................... 9 %
Channel Utilization.......................... 14 %
Attached Clients............................. 0 clients
Coverage Information
Coverage Profile............................. PASSED
Failed Clients............................... 0 clients
--More or (q)uit current module or to abort
Client Signal Strengths
RSSI -100 dbm................................ 0 clients
RSSI -92 dbm................................ 0 clients
RSSI -84 dbm................................ 0 clients
RSSI -76 dbm................................ 0 clients
RSSI -68 dbm................................ 0 clients
RSSI -60 dbm................................ 0 clients
RSSI -52 dbm................................ 0 clients
Client Signal To Noise Ratios
SNR 0 dB.................................. 0 clients
SNR 5 dB.................................. 0 clients
SNR 10 dB.................................. 0 clients
SNR 15 dB.................................. 0 clients
SNR 20 dB.................................. 0 clients
SNR 25 dB.................................. 0 clients
SNR 30 dB.................................. 0 clients
SNR 35 dB.................................. 0 clients
SNR 40 dB.................................. 0 clients
SNR 45 dB.................................. 0 clients
Nearby APs
Radar Information
Channel Assignment Information
Current Channel Average Energy............... unknown
--More or (q)uit current module or to abort
Previous Channel Average Energy.............. unknown
Channel Change Count......................... 0
Last Channel Change Time..................... Mon Jun 27 07:50:15 2011
Recommended Best Channel..................... 1
RF Parameter Recommendations
Power Level.................................. 1
RTS/CTS Threshold............................ 2347
Fragmentation Tnreshold...................... 2346
Antenna Pattern.............................. 0
Persistent Interference Devices
Classtype Channel DC (%%) RSSI (dBm) Last Update Time
All third party trademarks are the property of their respective owners.
AP does not have the 802.11a radio.
Press Enter to continue or to abort
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Enabled
Priority 5............................... Enabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Guard Interval .............................. Any
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More or (q)uit current module or to abort
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice max limit on number of call............. 0
CAC SIP-Voice configuration
SIP Codec Type ............................... CODEC_TYPE_G711
--More or (q)uit current module or to abort
SIP call bandwidth ........................... 64
SIP call bandwith sample-size ................ 20
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Best-effort AC - Admission control (ACM)...... Disabled
Background AC - Admission control (ACM)....... Disabled
Press Enter to continue or to abort
802.11a Advanced Configuration
AP Name MAC Address Admin State Operation State Channel TxPower
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -100 dBm
Max Transmit Power............................. 100 dBm
Transmit Power Update Contribution............. SNI..
Transmit Power Assignment Leader............... GB-LON-WLC1 (10.y.y.22)
Last Run....................................... 116 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI..
CleanAir Event-driven RRM option............... Disabled
CleanAir Event-driven RRM sensitivity.......... Medium
Channel Assignment Leader...................... GB-LON-WLC1 (10.y.y.22)
Last Run....................................... 116 seconds ago
DCA Sensitivity Level.......................... MEDIUM (15 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
--More or (q)uit current module or to abort
Radio RF Grouping
802.11a Group Mode............................. AUTO
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... GB-LON-WLC1 (10.44.64.22)
802.11a Group Member......................... GB-LON-WLC1 (10.44.64.22)
802.11a Last Run............................... 116 seconds ago
802.11a CleanAir Configuration
Clean Air Solution............................... Disabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35
Interference Device Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
TDD Transmitter.......................... Enabled
Jammer................................... Enabled
Continuous Transmitter................... Enabled
DECT-like Phone.......................... Enabled
Video Camera............................. Enabled
WiFi Inverted............................ Enabled
--More or (q)uit current module or to abort
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Enabled
Canopy................................... Enabled
WiMax Mobile............................. Enabled
WiMax Fixed.............................. Enabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
TDD Transmitter.......................... Disabled
Jammer................................... Enabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Disabled
Canopy................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Additional Clean Air Settings:
CleanAir Event-driven RRM State.............. Disabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
--More or (q)uit current module or to abort
802.11a CleanAir AirQuality Summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
Press Enter to continue or to abort
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Enabled
Priority 5............................... Enabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Guard Interval .............................. Any
Beacon Interval.................................. 100
--More or (q)uit current module or to abort
CF Pollable mode................................. Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
--More or (q)uit current module or to abort
Voice AC - Admission control (ACM)............ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice max limit on number of call............. 0
CAC SIP-Voice configuration
SIP Codec Type ............................... CODEC_TYPE_G711
SIP call bandwidth: .......................... 64
SIP call bandwidth sample-size ............... 20
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
Best-effort AC - Admission control (ACM)...... Disabled
Background AC - Admission control (ACM)....... Disabled
Press Enter to continue or to abort
802.11b Advanced Configuration
AP Name MAC Address Admin State Operation State Channel TxPower
londonap1 00:23:5e:4a:f9:b0 ENABLED UP 1* 1(*)
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
--More or (q)uit current module or to abort
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -100 dBm
Max Transmit Power............................. 100 dBm
Transmit Power Update Contribution............. SNI..
Transmit Power Assignment Leader............... GB-LON-WLC1 (10.44.64.22)
Last Run....................................... 530 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds
--More or (q)uit current module or to abort
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI..
CleanAir Event-driven RRM option............... Disabled
CleanAir Event-driven RRM sensitivity.......... Medium
Channel Assignment Leader...................... GB-LON-WLC1 (10.44.64.22)
Last Run....................................... 530 seconds ago
DCA Sensitivity Level: ...................... MEDIUM (10 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... 0 days, 00 h 33 m 07 s
Average...................................... 0 days, 00 h 33 m 07 s
Maximum...................................... 0 days, 00 h 33 m 07 s
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... GB-LON-WLC1 (10.44.64.22)
--More or (q)uit current module or to abort
802.11b Group Member......................... GB-LON-WLC1 (10.44.64.22)
802.11b Last Run............................... 530 seconds ago
802.11a CleanAir Configuration
Clean Air Solution............................... Disabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35
Interference Device Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
Bluetooth Link........................... Enabled
Microwave Oven........................... Enabled
802.11 FH................................ Enabled
Bluetooth Discovery...................... Enabled
TDD Transmitter.......................... Enabled
Jammer................................... Enabled
Continuous Transmitter................... Enabled
DECT-like Phone.......................... Enabled
Video Camera............................. Enabled
802.15.4................................. Enabled
--More or (q)uit current module or to abort
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Enabled
Canopy................................... Enabled
Xbox..................................... Enabled
WiMax Mobile............................. Enabled
WiMax Fixed.............................. Enabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
Bluetooth Link........................... Disabled
Microwave Oven........................... Disabled
802.11 FH................................ Disabled
Bluetooth Discovery...................... Disabled
TDD Transmitter.......................... Disabled
Jammer................................... Enabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
802.15.4................................. Disabled
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Disabled
Canopy................................... Disabled
--More or (q)uit current module or to abort
Xbox..................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Additional Clean Air Settings:
CleanAir Event-driven RRM State.............. Disabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
802.11a CleanAir AirQuality Summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
Press Enter to continue or to abort
q
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... lon
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x209c
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Status
64:00:f1:91:76:40 10.44.64.22 lon 0.0.0.0 Up
Press Enter to continue or to abort
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 2
Probe request rate-limiting interval............. 500 msec
Aggregate Probe request interval................. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Press Enter to continue or to abort
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango State:Disabled
Press Enter to continue or to abort
Interface Configuration
Interface Name................................... ap-manager
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.y.y.23
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.y.y.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Physical Port.................................... 1
Primary DHCP Server.............................. 10.y.y.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... guest
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 192.168.x.1
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.x.2
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 80
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... london-vlan10
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.x.x.149
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.x.x.20
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 10
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 10.44.64.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... management
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.y.y.22
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.y.y.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 10.y.y.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
Press Enter to continue or to abort
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... corporate
Network Name (SSID).............................. corporate
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ london-vlan10
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More or (q)uit current module or to abort
WLAN Configuration
WLAN Identifier.................................. 2
Profile Name..................................... Guest
Network Name (SSID).............................. GUEST
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ Guest-network
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.44.64.22
DHCP Address Assignment Required................. Enabled
--More or (q)uit current module or to abort
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
--More or (q)uit current module or to abort
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More or (q)uit current module or to abort
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
Press Enter to continue or to abort
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimite
Maybe you are looking for
-
Regd creation of New Sales Order Type - Credit Memo Request
Hello Gurus, I have created a New Sales Order Type as per the given requirements. This is a Credit Memo Request. I have done all that are needed from SD perspective. Can you please let me know what needs to be done from FI-CO perspective when a New S
-
Is it possible to get pictures/videos from an iPhone5 that will not turn on?
My phone has been water damaged and my latest back up is a few months old. Is there anyway I can get my pictures from the damaged phone and put them onto my new
-
I Need Help Getting Flash to Work
I am trying to watch videos on ExpertVillage.com and can not get them to open. My Flash Player has been uninstalled and reinstalled with a new downloaded version. I can see a black box where the video should be but no download, therefore no video. Ru
-
External Monitoring with Decklink
First of all: CS 6 really is an epic improvement! It feels almost like a fcp 8. Almost... (system: Mac OSx 10.7.3, prp CS 6.0.1, deckllnk studio pro, 9.5.2) There some bugs, I think, that make life not sunny all the way through. 1. External monitorin
-
How do I get my music from my iphone into itunes library
I have tried everything I can see to get my music from my iphone to my itunes library? I've just got a new iphone 4 and want all my music put onto my new phone but again I don't know what else to do.