ISE1.2 MAC registration after LDAP web-auth
Have a situation where we want to just do a simple one time registration of the MAC address after a person successfully authenticates web-auth using LDAP.
It's very similar to guest authentication, but I'm not sure how to customize the another portal for this user group so I don't affect the current guest portal. Is there a better way?
I'm envisioning the following sequence:
1. User tries to log onto wireless for the first time and is redirected to a web page to enter LDAP credentials
2. User successfully authenticates credentials and ISE adds MAC address to a "VALID ENDPOINT" endpoint group
3. Next time user tries to access wireless they are seemlessly connected, but what happens is ISE sees their MAC in the "VALID ENDPOINT" group and MAB's them onto the network.
It looks very similar to the guest portal configuration, but I'm not sure how you tell it to register the MAC with an endpoint group.
Thanks in advance,
Mike
Yeah, I was looking at that as the fallback plan. Just wasn't sure if there was someway to adjust the guest portal authentication with some background scripting or something.
Thanks.
Similar Messages
-
What is the default web-auth required timeout period?
Hi,
As according to the cisco config example. (http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml),
it says:
If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a
web-auth required timeout period (for example, 300 seconds and this time is non-user configurable). All traffic from the client (allowed via Pre-Auth ACL) will be disrupted. If the client associates again, it will move back to the Webauth_Reqd state. If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a web-auth required timeout period (for example, 300 seconds and this time is non-user configurable). All traffic from the client (allowed via Pre-Auth ACL) will be disrupted. If the client associates again, it will move back to the Webauth_Reqd state.
What is the default web-auth required timeout period stated in the example?
Many thanks.Hi,
Yes it is 300 seconds and non-configurable to prevent DOS by depleting IP address on Guest wlan/vlan. There is an enhancement request filed esp. for your situation with Pre-auth ACL.
CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network
Thanks.Salil
CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network -
I am trying to setup a scenario where a user logs in via Web Auth and witha successfull connection the Mac Address is remembered for 7 days. That way if the user connects again during the course of 7 days they aren't required to authenticate via web auth again they just get access. After 7 days they will need to login again through the web auth. Similar scenario to what you see at a Hotel wireless network. Anyone know how I would go about setting up the dyanmic mac filtering and set the timer for 7 days? With that said I want it to be for a single SSID.
well, it's not possible with just the WLC.
You can do it, but you need to have a way to pull the MAC address from the webauth page, and insert that into a LDAP db, which you control the age out process in.
Then on a subsequent visits they get mac-authed instead of having to re-accept the page.
in the webauth config you would check the On MAC filter failure box.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Web Auth Type: Customized(downloaded) Redirect URL after login not working.
5508WLC as anchor controller with WLC1 and WLC2 with WCS. I have 2 public ssids set up to go directly to the internet.
Everything is working as it should. I downloaded the web auth bundle from Cisco and will just use a disclaimer page and then if the user clicks on the accept button they will be redirected to our company web page, and then they can get out to the internet.
I have edited the aup.html and login.html to say what I want it to. I have 2 different login.html pages and bundle to a .tar file like the documentation says. I download it via tftp to the controller and it is successful. The disclaimer page opens up when I connect and it looks as it should. The problem is I cannot seem to get the accept button to work. It redirects to a web page but it is undefined.
I must be missing some setting somewhere, but I just can not seem to find it. Is there any line I need to edit in the login.html files that will redirect the page. The config on the Web Login Page Redirect URL after login is http://www.mccg.org which is our home page.
Any help will be appreciated. I cannot seem to fine very good documentation, or I am just overlooking something.
Thanks
JohnYour HTML code is wrong. Attach your code if your okay with it and I can check.
Sent from Cisco Technical Support iPhone App -
MAC registration on the trusted network by employees on a web based url
Hi All,
I would like to configure web based url on cisco WLAN controller for MAC registration on the trusted network by employees. And same like as guest management (Lobby admin).
Is this possiable ?
Regards,
Satish.You would need a solution like Cisco Identity Services Engine to accomplish what you are describing. It will do exactly as you say and much, much more.
ISE Data Sheet
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/data_sheet_c78-656174.html
Device Registration Guide
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_mydevices.html#wp1069338 -
Dot1x (Switch) Question with MAC bypass & Web Auth
Is it possible to configure dot1x with MAC Auth bypass along with web authentication?
The goal is to first try dot1x
If machine doesn't support dot1x, then use MAC address. If MAC isn't in list, redirect through a web browser.
From what I read, it sounds like MAC bypass gives me half of what I need and using web auth as a fall back to dot1x gives me the other half. Can these be using in conjunction to accomplish what is needed here?
There is also Web Auth with Automatic MAC Check, but there is mention of this only working in "web auth standalone mode." Can anyone comment on this?
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/sw8021x.html#wp1281903
Help is much appreciated.
Thanks,
JasonIs it possible to configure dot1x with MAC Auth bypass along with web authentication?
The goal is to first try dot1x
If machine doesn't support dot1x, then use MAC address. If MAC isn't in list, redirect through a web browser.
From what I read, it sounds like MAC bypass gives me half of what I need and using web auth as a fall back to dot1x gives me the other half. Can these be using in conjunction to accomplish what is needed here?
There is also Web Auth with Automatic MAC Check, but there is mention of this only working in "web auth standalone mode." Can anyone comment on this?
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/sw8021x.html#wp1281903
Help is much appreciated.
Thanks,
Jason -
Many users reported after IPAD wake up , They usually need to do Web-Authentication from Guest wireless network ,
Current , the Guest network is using "passthrough" Web -Auth, and seem this is only happen on IPAD .
I configured " eap bcast-key-interval seconds" to 12 hours, but this won't help ,
Anyone knows what is problem here?Fan: I fully agree with George. The idle-timeout timer is the timer you need to modify. You set it to a suitable value for your network.
the value of eap bcast-key-interval has no effect here since this only has an effect with users using 802.1x authentication, not web-authentication.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
After i installed updates for my mac mini server, the web services for the server app wont start, it gives an error massage: "Error Reading Settings"
The system logs reads:
Mar 29 22:06:25 server servermgrd[82]: servermgr_web: Error Domain=XSServerFoundationErrorDomain Code=4 "Failed to read settings: Exception:
undefined method `downcase' for nil:NilClass
." UserInfo=0x7fc547901080 {NSLocalizedDescription=Failed to read settings: Exception:
undefined method `downcase' for nil:NilClassTo check the local network for some of the common configuration problems, launch Terminal.app and issue the following diagnostic command:
sudo changeip -checkhostname
That'll report some local configuration information and then either no errors detected and no changes required, or it'll point to whatever configuration errors or issues it might detect. That doesn't catch everything, but it catches the common errors.
FWIW, 192.168.0.0/24 and 192.168.1.0/24 are poor choices for the local network, as VPNs are based on IP routing and IP routing gets tangled when the same subnet is used on both ends of the VPN. 192.168.0.0/24 and 192.168.1.0/24 are near ubiquitous in home networks and coffee shops. -
Guest Anchor with web auth using ISE guest portal
Hello All,
Before launching into my exact issues, could anyone confirm if they have completed a wireless Guest anchor setup using 2504 controllers on 7.4 as the anchor (5508 is the foreign) with webauth external redirection at ISE 1.1.3 using ISE Guest Services?
I am attempting this for an internal POC and have hit a couple of issues. Firstly I am looking for correct configuration confirmation prior to going in depth with a couple of the issues. I've been using the TrustSec 2.1 how to guides to build the parts I am not strong on so if anyone has actual completed this setup, I'd love to go through it with you.
massive thanks to anyone that can assist.
JS.Thanks for the reply RikJonAtk.
so to start with, based on the trust sec documents, of the guest WLAN on the anchor I need to configure mac filtering at the layer 2 security menu as well as enable RADIUS NAC under the Advanced tab. But when I do this, I get an error message that states that mac filitering and RADIUS NAC cannot be enable at the same time.
Additionally, if I just enable the RADIUS NAC setting under the Advanced tab in the WLAN, I get another error message that states that the priority order for Web-Auth can only be set for radius, so I go to the AAA server tab and send local and LDAP to the not use column and hit apply. If I move to another menu then check the priority order again under the AAA servers tab, the local and LDAP have been moved back to the menu field to be used again. So I initially though it might be a bug, but I was hoping to find someone here that has done this already and can look at my issues and maybe walk me through their configs, which I'll mirror and see how it goes.
Thanks in Advanced,
JS -
ISE, WLC: web auth, blocking user account
Hello!
We are implementing BYOD concept with ISE (1.1.4) and WLC 5508 (7.4.100).
On WLC there is SSID(WLAN) with MAC filtering without L2 security. For authentication user is redirected to the ISE Guest Portal.
Credentials are created at the ISE sponsor portal.
We create user account in ISE sponsor portal with one hour lease.
In 10 minutes we delete (or block) user credentials.
In spite of it the user is still able to work. Even if we manually disconnect client and reconnect it again, client opens the browser and there is no redirection to the ISE web auth page.
This happens because WLC thinks, that client is still associated.
There are session and idle timeout timers in WLC WLAN, but they can't solve the problem of automatic client session removing.
From my point of you, ISE must send some kind of reauth request to the user after account deletion, to make user authentication impossible .
In practice, ISE doesn't tell wlc or user, that client sesssion is blocked.
How the user account blocking process can be automated without manually deleting the client session from WLC client database?It seems that there is some bug about CoA when deleting Guest accounts
CSCuc82135
Guests need to be removed from the network on Suspend/Delete/Expiration
When a guest user is deleted from the system, the RADIUS sessions associated with that guest user still exists.
Workaround Reissue the Change of Authorization using the session information from Monitoring reports for the sessions associated with that guest user.
http://www.cisco.com/en/US/docs/security/ise/1.1.1/release_notes/ise111_rn.html#wp411891
from BUG Toolkit there is Release-Pending in "Fixed-in" option. -
Hi Guys,
Maybe someone can help me out?
I just finished setting up a trial "Cisco Virtual Wireless Controller" with nearly the same configuration as our Physical
"Cisco Wireless Controller" with the exception of having 2 ports. Anyhow, I managed to get everything working except for the WEB AUTH on the Guest WLAN. When a client connects, he gets a DHCP address from our ASA but when we try to get to a website, we never reach the WEB AUTH page.
What I tried so far is..
add a DNS Host Name to the virtual interface and assign it to our internal DNS server.dns name was resolving but we were unable to ping 1.1.1.1
changed the virtual ip from 1.1.1.1 to 2.2.2.2 and modified the DNS entrydns name resoved but still could not ping 2.2.2.2(I think this is normal)
changed the virtual IP to a private address of 192.168.102.1 and modified the dns entrysame result
I've attached some screenshots of our configuration.Troubleshooting Web Authentication
After you configure web authentication, if the feature does not work as expected, complete these
troubleshooting steps:
Check if the client gets an IP address. If not, users can uncheck
DHCP Required
on the WLAN and
give the wireless client a static IP address. This assumes association with the access point. Refer to
the
IP addressing issues
section of
Troubleshooting Client Issues in the Cisco Unified Wireless
Network for troubleshooting DHCP related issues
1.
On WLC versions earlier than 3.2.150.10, you must manually enter
https://1.1.1.1/login.html
in
order to navigate to the web authentication window.
The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client
connects to a WLAN configured for web authentication, the client obtains an IP address from the
DHCP server. The user opens a web browser and enters a website address. The client then performs
the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the
website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web
authentication login page.
2.
Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On
Windows, choose
Start > Run
, enter
CMD
in order to open a command window, and do a nslookup
www.cisco.com" and see if the IP address comes back.
On Macs/Linux: open a terminal window and do a nslookup www.cisco.com" and see if the IP
address comes back.
If you believe the client is not getting DNS resolution, you can either:
Enter either the IP address of the URL (for example, http://www.cisco.com is
http://198.133.219.25)
♦
Try to directly reach the controller's webauth page with
https:///login.html. Typically this is http://1.1.1.1/login.html.
♦
Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also
be a certificate problem. The controller, by default, uses a self−signed certificate and most web
browsers warn against using them.
3.
For web authentication using customized web page, ensure that the HTML code for the customized
web page is appropriate.
You can download a sample Web Authentication script from Cisco Software Downloads. For
example, for the 4400 controllers, choose
Products > Wireless > Wireless LAN Controller >
Standalone Controllers > Cisco 4400 Series Wireless LAN Controllers > Cisco 4404 Wireless
LAN Controller > Software on Chassis > Wireless Lan Controller Web Authentication
Bundle−1.0.1
and download the
webauth_bundle.zip
file.
These parameters are added to the URL when the user's Internet browser is redirected to the
customized login page:
4.
ap_mac The MAC address of the access point to which the wireless user is associated.
♦
switch_url The URL of the controller to which the user credentials should be posted.
♦
redirect The URL to which the user is redirected after authentication is successful.
♦
statusCode The status code returned from the controller's web authentication server.
♦
wlan The WLAN SSID to which the wireless user is associated.
♦
These are the available status codes:
Status Code 1: "You are already logged in. No further action is required on your part."
♦
Status Code 2: "You are not configured to authenticate against web portal. No further action
is required on your part."
♦
Status Code 3: "The username specified cannot be used at this time. Perhaps the username is
already logged into the system?"
♦
Status Code 4: "You have been excluded."
♦
Status Code 5: "The User Name and Password combination you have entered is invalid.
Please try again."
♦
All the files and pictures that need to appear on the Customized web page should be bundled into a
.tar file before uploading to the WLC. Ensure that one of the files included in the tar bundle is
login.html. You receive this error message if you do not include the login.html file:
Refer to the Guidelines for Customized Web Authentication section of Wireless LAN Controller Web
Authentication Configuration Example for more information on how to create a customized web
authentication window.
Note:
Files that are large and files that have long names will result in an extraction error. It is
recommended that pictures are in .jpg format.
5.
Internet Explorer 6.0 SP1 or later is the browser recommended for the use of web authentication.
Other browsers may or may not work.
6.
Ensure that the
Scripting
option is not blocked on the client browser as the customized web page on
the WLC is basically an HTML script. On IE 6.0, this is disabled by default for security purposes.
7.
Note:
The Pop Up blocker needs to be disabled on the browser if you have configured any Pop Up
messages for the user.
Note:
If you browse to an
https
site, redirection does not work. Refer to Cisco bug ID CSCar04580
(registered customers only) for more information.
If you have a
host name
configured for the
virtual interface
of the WLC, make sure that the DNS
resolution is available for the host name of the virtual interface.
Note:
Navigate to the
Controller > Interfaces
menu from the WLC GUI in order to assign a
DNS
hostname
to the virtual interface.
8.
Sometimes the firewall installed on the client computer blocks the web authentication login page.
Disable the firewall before you try to access the login page. The firewall can be enabled again once
the web authentication is completed.
9.
Topology/solution firewall can be placed between the client and web−auth server, which depends on
the network. As for each network design/solution implemented, the end user should make sure these
ports are allowed on the network firewall.
Protocol
Port
HTTP/HTTPS Traffic
TCP port 80/443
CAPWAP Data/Control Traffic
UDP port 5247/5246
LWAPP Data/Control Traffic
(before rel 5.0)
UDP port 12222/12223
EOIP packets
IP protocol 97
Mobility
UDP port 16666 (non
secured) UDP port 16667
(secured IPSEC tunnel)
10.
For web authentication to occur, the client should first associate to the appropriate WLAN on the
WLC. Navigate to the
Monitor > Clients
menu on the WLC GUI in order to see if the client is
associated to the WLC. Check if the client has a valid IP address.
11.
Disable the Proxy Settings on the client browser until web authentication is completed.
12.
The default web authentication method is PAP. Ensure that PAP authentication is allowed on the
RADIUS server for this to work. In order to check the status of client authentication, check the
debugs and log messages from the RADIUS server. You can use the
debug aaa all
command on the
WLC to view the debugs from the RADIUS server.
13.
Update the hardware driver on the computer to the latest code from manufacturer's website.
14.
Verify settings in the supplicant (program on laptop).
15.
When you use the Windows Zero Config supplicant built into Windows:
Verify user has latest patches installed.
♦
Run debugs on supplicant.
♦
16.
On the client, turn on the EAPOL (WPA+WPA2) and RASTLS logs from a command window, Start
> Run > CMD:
netsh ras set tracing eapol enable
netsh ras set tracing rastls enable
In order to disable the logs, run the same command but replace enable with disable. For XP, all logs
will be located in C:\Windows\tracing.
17.
If you still have no login web page, collect and analyze this output from a single client:
debug client
debug dhcp message enable
18.
debug aaa all enable
debug dot1x aaa enable
debug mobility handoff enable
If the issue is not resolved after you complete these steps, collect these debugs and use the TAC
Service Request Tool (registered customers only) in order to open a Service Request.
debug pm ssh−appgw enable
debug pm ssh−tcp enable
debug pm rules enable
debug emweb server enable
debug pm ssh−engine enable packet -
Hello all!
I have a Cisco WLC 2500 running software version 7.0.220.0 and one of its WLANs it´s configured to Web Auth with LDAP (Microsoft AD) and it´s working fine.
Now i need to figure out how to list all the authenticated users, they IP Address, AP Name and some other informations located in the Clients > Detail page.
Is there any CLI command that will show the information I need? Or even another way to retrieve that information?
Thanks in advance.
Valdecir
São Paulo, Brazil.The only way you can see this detail is from the CLI of the WLC:
show client summary
Find the mac address of the user
show client detail <mac address> -
I'm using 4404 controllers and 1131 access points. Im on version 6.0.188.0
My Web Auth Page stoped working. I switched our webauth page back to the built in one to test weather or not it was my custome webauth was giving me the problem. It still didn't work. I switched an AP over to my second controller and used the built in webauth and it worked.
I tired restarting my first 4404 controller help.
I doubt it but maybe it has something to do with another problem i posted about. https://supportforums.cisco.com/message/3042441#3042441
does anyone have any ideas on what to do?I might have found a clue. I went under the security tab and clicked LDAP. I notice that server state was set to disable on controller 1. I looked at controller 2 and it was enable.
I made controller 1 enabled then pressed apply. I tried to login again and it didn't work. I went back and hit the apply button again and a message box poped up. It said "failed to set retransmit Timeout."
after I clicked ok (the only option) it set server state was disabled again. -
SSL web auth equals encyrption?
If you use a self signed cert/SSL web auth page that uses LDAP usernames and passwords is the traffic there on considered encrypted or is it only my user name and password that gets encrypted ?
If there is no layer 2 encryption going on, then only the authentication piece is encrypted by SSL. After the user is authenticated, there's no more encrypted communication with the AP/controller. You'd need layer 2 encryption (AES, TKIP, WEP), VPN, or possibly some sort of SSL proxy for additional encryption.
-
Web-Auth not working on Apple IOS devices
I am using L3 web-auth (when no mac filter match). I currently have downloaded the custom page to the controller. It works fine with Windows and Android. I can not get to the redirect page on Apple IOS though.
In my pre-auth ACL I have added rules to allow any traffic to and from 17.0.0.0/8. I can see that it is getting hits.
I have also tried the config netwrok web-auth captive-bypass enable command.
Neither of these have helped.
My Apple client is getting an IP address.
Any ideas? ThanksWLAN on Anchor controller:
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... HopeNet
Network Name (SSID).............................. HopeNet
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 2
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 3600 seconds
CHD per WLAN..................................... Enabled
--More-- or (q)uit
Webauth DHCP exclusion........................... Disabled
Interface........................................ guest-dmz
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
--More-- or (q)uit
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
LDAP Servers
Server 1...................................... 10.4.21.177 389
Server 2...................................... 10.4.21.178 389
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
--More-- or (q)uit
FT Support.................................... Enabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled-On-MACFilter-Failure
IPv4 ACL........................................ web-auth-test
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
--More-- or (q)uit
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
2 10.241.15.5 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
WLAN on foreign controller:
WLAN Identifier.................................. 4
Profile Name..................................... HopeNet
Network Name (SSID).............................. HopeNet
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 2
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 3600 seconds
CHD per WLAN..................................... Enabled
--More-- or (q)uit
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
--More-- or (q)uit
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
--More-- or (q)uit
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled-On-MACFilter-Failure
IPv4 ACL........................................ Unconfigured
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
4 10.241.15.5 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Interface detailed virtual on Anchor controller:
(Cisco Controller) >show interface detailed virtual
Interface Name................................... virtual
MAC Address...................................... 68:ef:bd:93:bd:00
IP Address....................................... 1.1.1.1
Virtual DNS Host Name............................ anchor.stjude.org
AP Manager....................................... No
Guest Interface.................................. No
Interface detailed virtual on Foreign controller:
(30-WiSM2-slot2-1) >show interface detailed virtual
Interface Name................................... virtual
MAC Address...................................... 2c:54:2d:3a:51:a0
IP Address....................................... 1.1.1.1
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
Maybe you are looking for
-
How do I control my fan speed?
Hello, I have a HP ENVY dv6 laptop, and from time to time it gets really hot, so i would like to have the opportunity to control my fan speed manual. Is there any way I can do that? Please Help Sincerely Crab
-
Running 10.9.2 on a Mav Mini. This morning while surfing in Safari my dock vanished. It was there the it was gone. I opened system preferences and if I chaged the size of the dock using the slider there it showed up. When I released the slider it van
-
Different document restrictions in Acrobat and Reader for the same document
When I create a PDF in Acrobat Professional 9 with no security, the document restrictions summary shows comments as allowed and I can add comments in Acrobat Professional, but when the same document is opened in Adobe Reader 7, 8 or 9, the document r
-
Not able to run openscript scripts in prod/staging siebel env works fine in QA
Hi All, I designed certain scripts to be run on prod env and ran it in QA with all the automation features enabled andSiebel Server Set up for call center auto enabled. As described in this discussion https://forums.oracle.com/thread/970136 Done all
-
Messieurs, Depuis que j'ai installé Montain Lion sur mon Macbook Pro, c'est l'enfer. Mon ordi est d'une lenteur redoutable je suis revenu 15 ans en arrière. Tout est lent pour s'ouvrir (firefox Mail Word) La pale revien à votre salté d'iphoto. Là C'e