Local RADIUS in AP1242 with non-cisco WinXP wireless clients
I'd like to configure local RADIUS in AP1242 and connect non-cisco WinXP wireless clients (for example notebook with integrated radio) with it. I did configuration (config1.txt) like in instruction: http://cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
But I can't connect non-cisco WinXP wireless client with AP1242 anyway. At once Cisco wireless client with Aironet Desktop Utility connects with it without any problem. I've done some other configuration (config2.txt), but with the same result. Second configuration is rather then first.
How can I connect non-cisco WinXP wireless clients with AP1242 with local RADIUS?
Hi Stephen,
Thanks for the quick reply. Below is the switchport config. I am able to ping the AP from the switch and connect to its web page from any workstations.
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 151
switchport mode trunk
end
Similar Messages
-
Hi there,
I know that with WLC 5.1 and NAC 4.5 Cisco started to support OOB, NAC implementation. Now here is my question:
A customer has CISCO environment except for the wireless which is another vendor. What are the options to bring wireless traffic into NAC server? Is OOB deployment possible?
Thanks,
rdianatSo what is the solution for this scenario?
remote site has non-cisco autonomous wireless AP. NAC is centralized. I can not use OOB since there is no support for non-cisco AP in OOB mode. As a result I use InBand mode. This means that local wireless trffic in remote site must travel to central site, go through NAC Server and go back to remote site. Is this correct? -
I understand that access points can be configured to forwards all the probe requests to cisco wifi controller. cisco MSE(mobility service engine) gets the probes from wifi controller to find the location of the mobile devices.
My question, can cisco MSE(mobility service engine) be configured to work with non-cisco access points?No and the reason why is the NMSP communication from the MSE to the WLC. Other vendors don't support this so there is no communication happening.
-Scott -
Auto Smartports with non-Cisco devices
I have used auto smartports in the past and have been successful creating macros that use mac-addresses.
My question is can I create a macro that works with non-Cisco devices that are CDP capable?
We have Motorolla access points that use CDP and I would like to use auto smartports to put them on their own VLANs.
Can it be done using CDP? What version of the IOS would I need to be on? Currently the 3750-Xs are on 12.2.(55).
Are there any guides or configuration examples? I've searched but have been unsuccessful in find anything so far.
I have seen some articles that reference device sensors and device profiles, but have no idea where to begin.
Thanks in advance for your support.You may need to create a Cisco TAC case for this.
If not, then move this thread to the EEM section. If the Moto AP supports CDP then you can get someone (like Joe Clark) to build a small EEM script.
EEM is supported up to the 3560/3750. -
Can WAE be integrated with non-cisco devices?
So far, all documentation that I read, WAE is used in conjunction with Cisco devices. Can WAE be integrated with non-cisco devices?
I guess, In-line mode should work ok, but how about off-path mode? An example or link will be appreciated.
Thanks!
JoeHi Joe,
It should be possible to use WAAS with non-cisco routers, as long as they support WCCP.
There are no documents on this because, the configuration from WAAS point of view would be the same, and the router configuration would depend on the vendor.
Regards
Daniel -
802.1x problem with non-Cisco IP Phone, VVID enabled.
I am testing with a 3750 PoE switch running 12.2(25)SEE1 and trying to configure 802.1x to work with Mitel IP phones.
I have voice and data vlans configured on each port. Turning on 802.1x causes the phone to hang and timeout in DHCP Discovery. The port status from the switch is "Unauthorized".
interface FastEthernet1/0/2
switchport access vlan 1
switchport mode access
switchport voice vlan 2
dot1x pae authenticator
dot1x port-control auto
no mdix auto
spanning-tree portfast
end
Should anything be configured besides the Voice VLAN to let phones onto the network? There is no computer behind the phone right now. The only information I can find says I need a VVID, and any clients behind it will cross the PVID.
Thanks.Yes it does.
Apparently the Mitel phones (testing a 5215 dual-mode) we have support EAP-MD5, but we have a primarily PEAP/EAP-TTLS environment. Apparently the phones need to use a username/password entered on each phone before they will send that to a Radius server doing EAP-MD5. Our PEAP clients authenticate to a Microsoft Radius server, and our EAP-TTLS to a Funk box. Hopefully the Microsoft can support both EAP-MD5 phones and PEAP on the laptops, I'll have to find out.
I was hoping this was a quick and easy Cisco configuration error... oh well. -
Interconnecting cisco switches with non-cisco switches
I need help concerning interconnecting two Cisco switches (3550s) using a non-Cisco switch or hub on the LAN. I have noticed that the two Cisco switches connected using a non-Cisco switch are able to communicate well, however a PC connected to the non-Cisco switch/hub can not ping any device on the LAN. The non-Cisco device is a working one. When the two Cisco switches are connected using a Cisco switch, PCs connected to the interconnecting switch are able to ping. Whats the explanation? Please help.
Building configuration...
Current configuration : 3342 bytes
! No configuration change since last restart
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
clock timezone GMT -2
ip subnet-zero
ip rcmd rcp-enable
ip rcmd remote-username cwuser
spanning-tree mode pvst
spanning-tree extend system-id
interface FastEthernet0/1
switchport mode dynamic desirable
interface FastEthernet0/2
switchport mode dynamic desirable
interface FastEthernet0/3
switchport mode dynamic desirable
interface FastEthernet0/4
switchport mode dynamic desirable
interface FastEthernet0/5
switchport mode dynamic desirable
interface FastEthernet0/6
switchport mode dynamic desirable
interface FastEthernet0/7
switchport mode dynamic desirable
interface FastEthernet0/8
switchport mode dynamic desirable
interface FastEthernet0/9
switchport mode dynamic desirable
interface FastEthernet0/10
switchport mode dynamic desirable
interface FastEthernet0/11
switchport mode dynamic desirable
interface FastEthernet0/12
switchport mode dynamic desirable
interface FastEthernet0/13
switchport mode dynamic desirable
interface FastEthernet0/14
switchport mode dynamic desirable
interface FastEthernet0/15
switchport mode dynamic desirable
interface FastEthernet0/16
switchport mode dynamic desirable
interface FastEthernet0/17
switchport mode dynamic desirable
interface FastEthernet0/18
switchport mode dynamic desirable
interface FastEthernet0/19
switchport mode dynamic desirable
interface FastEthernet0/20
switchport mode dynamic desirable
interface FastEthernet0/21
switchport mode dynamic desirable
interface FastEthernet0/22
switchport mode dynamic desirable
interface FastEthernet0/23
switchport mode dynamic desirable
interface FastEthernet0/24
switchport mode dynamic desirable
interface GigabitEthernet0/1
switchport mode dynamic desirable
interface GigabitEthernet0/2
switchport mode dynamic desirable
interface Vlan1
ip address
ip default-gateway
ip classless
ip http server
snmp-server community
snmp-server community
snmp-server location
snmp-server system-shutdown
snmp-server enable traps snmp authentication warmstart linkdown linkup coldstart
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps flash insertion removal
snmp-server enable traps bridge
snmp-server enable traps stpx
snmp-server enable traps rtr
snmp-server enable traps port-security
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps MAC-Notification
snmp-server enable traps hsrp
snmp-server enable traps cluster
snmp-server enable traps copy-config
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
line con 0
line vty 0 4
login
line vty 5 15
login
ntp clock-period 17180064
end -
Using SVTI with non Cisco peers
Hello Community,
I have a particular setup in mind, but can't get it to work in a GNS3 environment to have it tested before trying it in our production setup.
We have a setup using two VPN routers (3845) with HSRP, BGP and VRF (with rri), using a classical setup with crypto maps, connecting other parties to our DC. We do not manage the peer hardware in these cases.
I'm have been looking into the possibilities to move from this setup, to a setup using SVTI with IPSEC. This change must be transparant to our peers; no config changes should be needed on their component(s).
So I've build our setup in GNS3 (apart from the BGP and VRF) to test this. I have the current IPSEC VPN with crypto maps working in GNS3, with both sides using the same (Cisco) setup in terms of ISAKPM and IPSEC with an ACL.
I've made the changes on "our" HSRP VPN setup according to "IPsec Virtual Tunnel Interface" guide from the Cisco site in GNS3 (can't seem to find the link to the online doc).
It looks like the tunnel is being build, but phase two is not completing, because of, I think, the mismatch between both peers on the ecnryption domain. the VTI side uses routing through the Tunnel interface, sending "IP any any", to the peer, whereas the peer uses a ACL expecting a specifc source and destination.
Here's a debug snippet (ignore the date/time) seen from the peer (using an ACL):
*Mar 1 02:02:45.199: IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local address xx.xx.xx.xx
*Mar 1 02:02:45.199: ISAKMP:(0:9:SW:1): IPSec policy invalidated proposal
*Mar 1 02:02:45.199: ISAKMP:(0:9:SW:1): phase 2 SA policy not acceptable! (local xx.xx.xx.xx remote yy.yy.yy.yy)
*Mar 1 02:02:45.199: ISAKMP:(0:9:SW:1):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
In this post, https://supportforums.cisco.com/message/3052235#3052235, it is suggested that when using a setup with VTI's, both sides/peers should use the same kind of setup i.e. VTI. I can imagine this to be realistic when you manage both peers.
All Cisco docs assume both peers use (S|D)VTI.
My questions:
1. Is it possible to have a setup where PeerA (Cisco hadrware) uses SVTI with IPSEC and PeerB is unknown (can be any vendor) or uses some kind of ACL and given that all other encryption settings match
2. Does anyone has experience with such a setup ? If so can you provide me with an example configuration
3. Is there an other similair solution using a virtual interfaces or a loopback interface ?
Thank you kindly for your input.
Avinash
I hope you can help meHi there,
Here is the related info for BE3000;
Q. Does Cisco Business Edition 3000 support third-party SIP phones and shared-port-adapter (SPA) phones?
A. No.
From;
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps11370/qa_c67-697016.html
Cheers!
Rob
"Talk about a dream
Try to make it real"
- Springsteen -
Cisco Aironet FW 15.2 Does not work with Non-Cisco Media Bridges
I have a Cisco Aironet 1142i that was just updated from 12.4(23c)JY to 15.2(4)JA1 (don’t think model matters as the issue seem to be the firmware) and now I cannot get my media bridges (3 different ones) to either connect to the 1142 AP or obtain and pass the DHCP addresses to other device connected to the built in switch. If I reload the 1142 AP firmware to 12.4, than this works fine. I have not seen anything in the release notes that changed how this works or if there is I could not find it.
Does anyone know why this changed and if there is any settings that I need to enabled / disable?
Any help on this would be greatly appreciatedMore info to add to this.
AIR-AP1142N-A-K9 Hardware Version of v06 works with firmware 15.2.
AIR-AP1142N-A-K9 Hardware Version v05 does not work with firmware 15.2, but will when downgraded to firmware 12.4.
I'm also having this issue with Cisco Aironet 3602 Fw 15.2(2)JB and 3502 Fw 15.2(2)JB$ that's on a Cisco 2500 WLAN Controller Sw Ver. 7.4.100.0.
Any help on this would be greatly appreciated -
Catalyst Express 500 802.1q with non-Cisco Phones
This weekend we spent hours trying to get 802.1q tagging to work on a VLAN with ShoreTel phones. The user interface on this switch seems to only allow "Cisco-Voice" VLAN, without any specifics. This didn't work. The specs on this switch say that the .1q is supported, but we couldn't figure it out. The more expensive switches were easier to configure for Voip QoS.
Can anyone advise me on the tricks to getting this to work with the lower end Catalyst Express 500? Or does this switch only support 802.1q with Cisco phones?Cisco IP Phone uses CDP to let the ip phone know what vlan it's suppose to be (via voice-vlan). shore tel would definitely not use CDP since CDP is cisco proprietory, so it's voice vlan must be defined on it, I rememer Avaya being the same way. So, having said that, just make sure that the Shore tel Ip phone are in the right vlan. what does not work anyway? shore Tel IP Phone will not come up? Will not get it's configuration from it's software PBX? Use the smartport configuration on CE500.
Please rate all posts. -
What Non-Cisco Cards or Built-in Cards work with LEAP?
I have just installed ACS and LEAP and have several Laptops in my office that have built in Wireless NIC's. I have read many posts that say this one or that one works with the right drivers, but none that list all the one's that will work with LEAP. Thanks for any assistance you can give.
David Beaverhttp://www.cisco.com/en/US/partners/pr46/pr147/partners_pgm_partners_0900aecd800a7907.html
Cisco Compatible wireless clients will feature the Cisco Wireless Security Suite, which includes the Cisco EAP (LEAP) 802.1X authentication type. Customers can implement the award-winning Cisco security solution across Cisco clients and those of other suppliers. The program provides complete support for Cisco VLANs, providing benefits such as flexible security schemes in a mixed client environment and optimized performance in Cisco VLAN deployments. And because Cisco Compatible wireless clients are IEEE 802.11 compliant and Wi-Fi certified, they are fully compatible with other Wi-Fi certified products. -
ISE web auth for non-cisco switch(D-link 3528)
Is it possible to use ISE(inline posture node) to redirect the wired users to ISE guest portal ?
And the wired users will get full network access after they pass the web auth.you can use ISE ln-line posture node with 3rd part switches
RADIUS access device must supply the following RADIUS attributes:
Calling-Station-Id (for MAC_ADDRESS)
User-Name
NAS-Port-Type
RADIUS accounting message must have the Framed-IP-Address attribute
VLAN, DACL features can be used but again it depends on switch models let us know specific switch models . Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality, -
Yet another PEAP question...non-Cisco cards...
So, we are about to embark on building a wireless network infrastructure using 1220 AP's. So far all wireless clients use Cisco cards and Win2k.
People are interested in all sorts of wireless devices now, some including built in wireless nics or no pci or pcmcia card slots.
We have ACS 3.1.1. Can we use PEAP in our situation with a client using say a Compaq tablet PC with an integrated NIC? Or, how about a desktop PC running Win2k using something other than a Cisco card? If so, what are the required pieces? PEAP supplicants? etc?
Thanks!Hi ,
In short answer is
a) If ACS supports eap-chap ( which microsoft supports ) , you can use
non cisco card with microsoft supplicant and will work fine
I believe acs 3.2 will support is , I am not sure on acs3.1.1
b) You can buy 3rd party supplicant like meeting house etc and can use
non cisco card
http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml
http://www.cisco.com/en/US/partner/products/hw/wireless/ps458/prod_bulletin09186a0080100194.html
http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/products_qanda_item09186a008010018c.shtml
PEAP is hybrid process ( combination of leap and eap tls )
To download server side certificate on ACS you can use eap tls doc.
Depending on AP use either of following doc
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i1224ja/i1224icg/ivicgaut.htm
You have to careful while selecting the client supplicant , you can choose Cisco peap supplicant or Microsoft peap supplicant
You can have Microsoft peap supplicant or Cisco Peap supplicant .
If you have windows 2000 OS , than if you load service pack3 , Microsoft peap supplicant is installed . On top of this if you install ACU 5.05 microsoft supplicant wil be overwritten by Cisco supplicant .
In case of XP , if you install service pack 1 , it will install microsoft peap supplicant , if you install ACU 5.05 it will be overwriteen by Cisco Peap supplicant .
Microsoft peap supplicant send eap-Chap in EAP tunnel and Cisco support EAP-GTC in eap tunnel .
with non cisco card it depends on which radius server and database you are running .
At present ACS 3.1 supports EAP-GTC so it will not interoperate with Microsoft supllicant . In later release ACS will have support for EAP-Chap so
that you can use 3rd party card with Microsoft supplicant and ACS3.2
http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml
http://www.cisco.com/en/US/products/hw/wireless
Nilesh -
Non-Cisco devices support in LMS 4.1
Hi! How i could import third party MIB file for my devices? Is there any guide/manual for working with non-cisco devices?
Specifically which module are you talking about?
The most flexibile module is HUM which has support for third party devices
Most modules do not support non cisco devices, compelte list is here:
http://www.cisco.com/en/US/products/ps11200/products_device_support_tables_list.html
Regards
Farrukh -
Inline Posture deployment for non Cisco Wireless Controler
Hi all of you
I have to deploy an Inline Posture to manage non Cisco Wireless Controler ( ZoneDirecteur 1000 Ruckus), It seem easy but I don't know from where to start. All documentation I rode it's about Inline Posture for VPN. I want just to use this Inline Posture to manage Wireless user through ZoneDirector wirelss controler. Thank you.
Regards
KouassiSo what is the solution for this scenario?
remote site has non-cisco autonomous wireless AP. NAC is centralized. I can not use OOB since there is no support for non-cisco AP in OOB mode. As a result I use InBand mode. This means that local wireless trffic in remote site must travel to central site, go through NAC Server and go back to remote site. Is this correct?
Maybe you are looking for
-
Search of Personal Onlive Archive Not Working in Outlook or OWA
Whenever I try to search messages content contained in the archive mailbox from Outlook 2010 or OWA 2010, there are zero matches found even when I search for a keyword that I can see in the subject of a message in the archive. Searching for messages
-
Enabling JNDI Debug messages in WLS 8.1
Hi All, Someone knows how to enable domain server debug logs for JNDI channel? We want to see JNDI lifecycle events like bind(...) regards Sebastian
-
From binaries. 1. I was able to get the command line execution of 01.php to work with php w/o Apache. 2. I am able to get normal PHP to work in Apache and I'm able to load up some php extensions that come with PHP such as php_zip.dll which show up as
-
I'm having a bizarre message evrytime I'm starting my Mac. Even if I don't have Norton Utlities I always got the error message: NORTON UTILITIES HAS DETECTED A NEW VERSION OF MAC OS X. YOU MAY NEED TO UPDATE YOUR INSTALLED NORTON UTILITIES OR NORTON
-
When trying to print anything from the Web, only the left portion of the page will print, nothing from the middle to the right of the page showing. It shows this on the print preview. I tried taking it off shrink to fit and it still doesn't show the