Non-Cisco WGB and H-REAP

Anyone had success rolling out non-Cisco WGBs with H-REAP?
My customer is using WLC 5508 with code 7.0.116.0. As per WLC config guide ( http://goo.gl/6kX0d ), Cisco has tested multiple third-party devices for compatibility. Is it possible to get that device list somewhere? My customer is using TP-Link model TL-WA901N v2. The 5508 WLC does not recognize this device as a WGB. Rather, it displays the wired client behind the non-Cisco WGB.
Is H-REAP supported for non-Cisco WGBs? The WLC config guide says H-REAP is not supported with Cisco WGBs, but does not make a distinction for  non-Cisco WGBs.
Regards,
-steve w.

Hello Stephen,
Thanks for clarifying. Can Cisco disclose the third-party devices it has tested (non-Cisco WGB)?
TIA,
-steve w.

Similar Messages

  • SIP 7960 to non-Cisco Switch

    Does anyone know if a 7960 (SIP) phone can connect to a non-Cisco switch and separate the Voice traffic from the access port traffic?
    I tried connecting a 7960 to a baystack 450T, configuring the switchport as a "tagged trunk", and then changing the Admin Vlan ID on the phone to the desired voice vlan. It looks as though the switch wants the access port traffic to be tagged as well.
    Any help would be greatly appreciated!
    Thanks,
    Darin

    Hi !
    You need to configure a 802.1q trunk on your non-cisco switch. The 802.1q native vlan should be the one the PC is in. The voice vlan will be tagged.
    Configure all parameters (like voice-vlan-id etc) on the phone manually (obviously CDP does not work). I have done it and it works fine (but i never tried on the switch you mentioned).
    Inline Power will also not work because the 7960 is not 802.3af compliant (yet).
    Mike

  • Cisco Prime - non Cisco devices

    Hi
    We have started using Cisco Prime for our network management. On our sites we have a few devices managed by other vendors which are non cisco devices, we would like to keep these in the diagrams on cisco prime but since we don't manage them we don't want them to use up our licenses.
    Is there a way to retain the device info maybe as a note or something on the side of the diagram without the device using up a seat in the license?

    Which Prime? LMS or Infrastructure? ..or one of the others.
    LMS for example doesn't ever display a non-Cisco device in the Topology view. It does limited management of non-Cisco devices and they do not consume device licenses.

  • Using 802.1X and non-Cisco IP Phones

    Hi there,
    Having some questions about an 802.1x/non-Cisco ip phone setup and was hoping to find some answers/user-experience with this setup.
    Main questions i'm facing:
    1) When using non-Cisco ip phones (eg Nortel or Siemens) and a previous authorized client connected behind this ip phone gets disconnected. What will this action do with the authorized state of 802.1X on the switch port? WIll it stay authorized until the reauth timer expires or does it reject communication from any other device?
    2) What about EAPOL-Logoff messages from the ip phone to the switch. Are these only used by Cisco phones when they experience a link-status change on data ports?
    Thanks for sharing your thoughts

    Overall, you need to try and deal with the fact that a machine can disappear from the network and the network may not know about it directly (i.e. Link doesn't go down).
    I have no idea what other phones do, but Cisco phones send an EAPOL-Logoff when something is unplugged. This lets the switch know directly, and 1X session start is torn down immediately, closing what would be a security hole.
    Fundamentally, re-auth is a workaround only, and this is not the reason to enable re-auth to begin with.
    If your phone doesn't send an EAPOL-Logoff in this case, the switch might be left thinking an attack is underway when someone else tries to plug in (with presumably a different MAC). You do NOT want this to occur.
    Hope this helps,

  • Having 1 router and multiple WCCP cache devices: cisco and non-cisco

    I have a 6500 running WCCPv1. I have two devices single connected to the 6500: a CE565 and a non-cisco device that does WCCPv1. The 6500 is configured for WCCP redirection. What happens to the requests ? Are they serviced by both devices in parallel ? Is only one device servicing the request ? Load balanced ? I know a cluster won't be formed because the device is non-cisco. BTW, the non-cisco device only support WCCP v1.

    Will this detection between devices work if the non-cisco device is not really a cache engine, but a web filter that uses WCCP? In reality, my ideal goal would be that traffic would be redirected to the web filter (non-Cisco), get filtered, and then redirected to the catalyst, and then again redirected to the cache engine to be cached. But I am not sure this will happen due to routing. So I guess is either one or the other, correct ? I don't have the option to connect the web filter in other box, neither the Cache Engine. I thoutht that they would not detect each other at all and the router would be doing a decision there. How do they detect each other ? via which protocol ? WCCP ?

  • AP1240 and non Cisco

    We have some non Cisco AP's that I am trying to configure a Cisco AP 1240 to associate with.
    The radio will not come out of "disabled"
    Antenna is connected and I have done the basic config, there is no security set up at all on the existing untit.
    What are the basic setup parameters for the raido to assiciate with teh other side?
    are there any debugs I could look at?

    Hello,
    The issue is that Cisco IOS Autonomous APs will only bridge with other Cisco model APs and Bridges. If these APs can act like client then the Cisco AP will associate as a client but this is not common for an AP. Hope this helps.
    Regards,
    Aaron

  • AP1262 bridge to Non-Cisco Access Point?

    I would like to use a Cisco AP1262 in a mobile command vehicle to bridge to any WiFi Access Point that I know the SSID and Pasword to.  Will the 1262 Bridge to a Non-Cisco Access Point?
    If so, any assistance in finding an example configuration would be appreciated.
    Thanks,
    Brian

    Hi Brian,
    Yes, you can configure 1262 as Universal Workgroup bridge where it will associate to any cisco or non-cisco root AP. You can only connect one wired client behind universal WGB.
    You just need to configure "station-role workgroup-bridge universal <wired_client_MAC>" under radio interface of WGB. (1262)
    Something similar should work for your 1262, if you want it in 5GHz, otherwise configure radio 0 interface for WGB
    hostname WGB
    dot11 ssid <SSID-NAME>
       authentication open 
       authentication key-management wpa version 2
       wpa-psk ascii <PASSWORD>
    interface Dot11Radio1
     encryption mode ciphers aes-ccm
     station-role workgroup-bridge universal 068d.098a.d422 <- Ur wired MAC
     ssid <SSID-NAME>
     bridge-group 1
    interface GigabitEthernet0
     bridge-group 1
    NB: I haven't tested this, so you  have to test & confirm. If WPA2/AES is not supported then you may need to choose suitable security protocol & encryption mechanism.
    HTH
    Rasika
    *** Pls rate all useful responses ****

  • Cisco ISE and SecurID Integration Questions

    I'm looking for some clarity trying to understand something conceptually. I want to integrate Cisco ISE with RSA SecurID, the idea being that if the user authenticates with RSA SecurID they end up on one VLAN, however, if they don't authenticate with (or don't use, or don't have) SecurID they'll end up on another VLAN. Note that I'm not using SecurID for wireless access...all PCs are wired to Ethernet.
    We have been using RSA SecurID for a while and are currently on version 8.0. Our users are authenticating via the RSA Agent typically on Windows 8.1. Instead of the usual Windows login prompt, the RSA Agent first prompts for the username and passcode (they use an app on their smartphones to get the passcode), then after a moment or two, it prompts for their Windows domain password.
    We have recently installed Cisco ISE version 1.3. With the help of a local Cisco engineer and going through the "Cisco Identity Services Engine User Guide", I have it set up and running along with a few 'test' ports on our Cisco 6809 switch, it basically works...as a test it's simply set up that if they authenticate they're on one VLAN, if not, they end up on another (this is currently without using RSA...just out-of-the-box Windows authentication).
    The Cisco engineer was unable to help me with RSA SecurID, so pressing on without him, out of the same user guide I have followed the directions for "RSA Identity Sources" under the "Managing Users and External Identity Sources", and that went well as far as ISE is concerned; I am now ready to get serious about getting ISE and SecurID working together.
    My mistake in this design so far was assuming that the RSA agent on the Windows client PCs would communicate with Cisco ISE...there doesn't seem to be a way to have them point to a non-RSA SecurID server for authentication. The concept I'm missing is what, or how, the end-user machine is supposed to authenticate taking advantage of both ISE and SecurID.
    I have dug deeper into the Cisco ISE documentation but it seems heavily biased towards Wi-Fi and BYOD implementations and it's not clear to me what applies to wired vs wireless. Perhaps it's a case that I'm not seeing the forest for the trees, but I'm not understanding what the end-user authentication looks like. It apears that as I learn more about ISE, it should become the primary SSO source, that SecurID becomes just an identity source and the PC clients would no-longer directly communicate with the SecurID servers. That being the case, do I need to replace the SecurID client on the PCs and something else Cisco-ish fills this role? An agent for ISE? How do they continue to use their passcode without the RSA agent?
    Thanks!

    The external db not operation indicates that there is no communication between ACS and RSA. Did you fetch the package.cab file to analyse the auth.log file?
    Have you already gone through the below listed link?
    http://www.security-solutions.co.za/cisco-CSACS-1113-SE-4.2-RSA-Authentication-Manager-Integration-Configuration-Example.html
    Regards,
    Jatin Katyal
    - Do rate helpful posts -

  • Multicast for Aironet 1310 WGB and 1242 AP

    I have configured a Aironet 1310 bridge as a WGB and is connected to a Aironet 1242AG AP wirelessly!
    A sensor(IP device) is wired into the 1310WGB. The sensor needs MULTICAST to operate!
    I checked the DETAILED STATUS of the RADIO and both the 1310 and 1242 are blocking multicast!
    The RELIABLE MULTICAST TO WGB option is enabled on the 1242AP already! No luck as yet!
    Any thoughts??

    Have you seen this thread??
    https://supportforums.cisco.com/message/3061760#3061760
    Worked for me.
    AndyH

  • Non CISCO unknown devices are being discovered in LMS

    Hi!
    I have had no problem with discovery which was used on cdp basis so far.
    Now the CDP packets do not arrive via new MPLS backbone network.  I have to use the "ping sweep feature in IP range" feature. I had to enter more than 400 subnet from file before there are more than 400 branches. ( etc. 10.31-9.1-50.252 255.255.255.252 )
    I have experienced two problems
    1. The discovery never end ( now this is not important ) :-)
    2. The common services -- device management shows discovered unknown devices whose ip addresses out side the range what are entered by me in the ping sweep range and theirs OID is not CISCO.
    (  1.3.6.1.4.1.2001.1.1.1.1  ,  1.3.6.1.4.1.11.2.3.9.1  ,  1.3.6.1.4.1.674.10892.2  , 1.3.6.1.4.1.18334.1.1.1.2.1.7.1.2 and even more )
    Due to more than 300 unknown devices the LMS device number is beyond the license number!!!!!
    Our questions.
    Why does lms add the unknown devices ( non cisco devices ) to the inventory ?
    How could lms discover  these devices ??? ) ( theirs IP are out of ping sweep range and non cdp capable devices )
    Thanks in advance!

    Thank you!
    The unknown devices were in unreachable state and they were added to DCR.
    I don't use include or exclude filter what were referred by bug.
    In spite of i use seed device list from file the LMS ping sweep debug log shows that LMS try to ping other IP addresses!!!!
    You're right, it is not normally operation may be TAC will be needed to  solve it.
    ( whether who tested it ?)
    Regards,

  • ISE web auth for non-cisco switch(D-link 3528)

    Is it possible to use ISE(inline posture node) to redirect the wired users to ISE guest portal ?
    And the wired users will get full network access after they pass the web auth.

    you can use ISE ln-line posture node with 3rd part switches
    RADIUS access device must supply the following RADIUS attributes:
        Calling-Station-Id (for MAC_ADDRESS)
        User-Name
        NAS-Port-Type
        RADIUS accounting message must have the Framed-IP-Address attribute
    VLAN, DACL features can be used  but again it depends on switch models let us know  specific switch  models . Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality,

  • Strange behavior with Cisco AP and Intel 3945 wireles card

    Hi,
    I have an interesting problem with an Intel 3945 A/G card, and my cisco APs.
    1. Given:
    Cisco 1100 and 1200 AP running IOS 12.3.8-JEA
    Two laptop, one with Intel 2200 MPCI Card, the other with Intel 3945 MPCI Card
    Microsoft AD with IAS radius server
    a. 1 SSID with Simple EAP-TLS configuration Enterprise WPA/TKIP, no vlans, broadcast SSID. both card associate correctly and operate normally.
    b. 2 SSID, 1 with simple EAP-TLS configuration Enterprise WPA/TKIP (broadcast), and 2nd SSID Open/No encryption/No authentication (not broadcasted), both cards associate correctly and operate normally.
    c. 2 SSID, 1 with simple EAP-TLS configuration Enterprise WPA/TKIP (broadcast), and 2nd SSID WPS-PSK (not broadcasted), both cards operate normally.
    Now it gets interesting:
    c. 2 SSID, 1 with EAP-TLS/WPA Enterprise on its own VLAN 102, 2nd SSID Open/No Encryption/No authentication on a separate VLAN 105, VLAN 1 is used for admin and radius backhaul to IAS.
    If both SSID are broadcasted via mbssid guest-mode both Intel cards work as expected
    If neither SSID are broadcasted, both Intel cards work as expected
    If either SSID is broadcasted via normal guest-mode command, the Intel 2200 associates and works correctly, but the Intel 3945 refuses to assocate to the AP.
    Has anyone heard of side-effect?
    Alan

    I'm seeing a similar issue with the 3945 right now. However in my example the following is the case;
    APs are 1200 series IOS upgraded running 802.11b interfaces only. There are multiple SSIDs NONE of which are broadcasting.
    We've got a few different client types. The Cisco CB21ABG cards are fine, as are the Intel 2200 and 7920 phones. It's only the 3945 that has a problem and it's running Intel's 10.5.1.68 driver which is the latest. I'm considering downgrading it to an older driver.
    Anybody got a definate fix for this Intel card???

  • Cisco 871w and LAN (What did I get myself Into!)

    Hey all,
    Little background info:
    - Took the CCNA1-4 via college course about 3 years ago, haven't used the knowlege since
    - most of my experience in the real world has been non-managed networks, but taking care of Windows Terminal Servers.
    - basically I think I need to re-educate myself
    Current Network:
    Windows Domain
    45 workstations
    4 buildings
    Breakdown
    Head Office:
    - Main Distribution point
    - WAN: Cisco Router and DSL modem owned by provider
    - Firewall: WatchGuard Firewall (/w 5 VPN connections)
    - 1 x 48 port Managed Switch (acting as simple switch)
    - Windows SBS 2003 server with Exchange, SQL, and using VPN here as well
    - We have about 6 other switches that are not managed in the build
    - 1 cable run through building. At the end of this building is a fiber connection to the next building
    - 15 workstations
    BUilding 2:
    - Fiber connection from Head Office
    - 1 single CAT 5e from Fiber switch to Unmanaged Switch (Switch 1)
    - 1 single CAT 5e from unamanaged switch to half-way point of building where we have another unmanaged switch (Switch 2)
    - 1 single CAT 5e from from Switch 1 to another small building (building 4) with a small unmanaged switch and 2 workstations
    - 1 single CAT 5e from Switch 2 - to end of building, underground to building 3
    - 1 Workstation attached to Switch 2
    Building 3:
    1 x 24 port Managed Switch with connection from Building 2 (this switch being used as a normal switch)
    25 workstations in here, various distances with small workstation switches throughout.
    Working with new equipment:
    - we upgraded DSL (cheaper) to a 5 Static IP package, this is a seperate circuit for now - so I can configure everything and
    not disrupt current services.
    - using test PC and connection on this DSL to make sure most everything is working.
    - Purchased 871w to replace their router and to replace our Firewall which has a faulty nic and is limited in functionality.
    - 6 months from now, adding Fortigate 100A Appliance
    - over next 2 years - all switches will be managed
    First question: Anyone have a real good resource on how inside local, inside global, outside local, outside global works for ACL's? Isn't there something similar for NAT/PAT?
    Second Question: Just looking for some best practice solutions. Should I bother with VLAN's at this time, just leave everything on VLAN since
    there can be no real seperation throughout the company. Suggestions?
    Outside Services required:
    - Webmail - using OWA:
    - host header: webmail.companyname.com
    - can the router block all requests to this that are made via port 80 and allow the HTTPS ones through?
    - since i have 5 statics, using NAT can I have one of the external IP's used for webmail... this can be done using static NAT and firewall rules?
    - Exchange Server forwards all SMTP requests to ISP mail server.
    - No RDP directly to network resources without vpn activity - taken care of implicet deny.
    - Will it be possible to use my other 4 static IP's, say I create a DNS entry for ftp.companyname.com. I assume a static entry in NAT will take care of sending all requests to another network box.
    VPN:
    Will require VPN connections, there seems to be a ton of different ones. What is the easiest to create for a few home systems
    that the VPN client can be installed and configured? Can this be managed with a push policy, can different user accounts be
    created with different policies:
    i.e: * Steve logs in via VPN, can RDP to a desktop to access server resources but I don't want him to be able to connect to \\serverip\share
    * Bob is a user, bob currently vpn's and obtains an IP 10.0.0.249, bob shares a printer that we use to print to. I don't want bob to be able to access any other resources on our network, but users can print to Bob's remote printer.
    I'm over thinking all this, and getting confused - a nice simple step approach required - I feel like I'm drowning -lol

    try the following links
    inter vlan
    http://www.cisco.com/en/US/products/hw/switches/ps672/products_configuration_example09186a00800941b4.shtml
    NAT
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080881718.shtml
    how NAT works
    http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml
    VPN
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml
    useful vpn links
    http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_configuration_examples_list.html
    good luck
    Please, if helpful Rate

  • Non cisco/Third party phones are compatible with CCX 9 or not?

    Dear Guys,
    I have a CCX 9 server integrated with CUCM 9 and also non cisco based/Third party phones (SNOM IP Phones) as agent for CCX server. when i try to log in to CAD software with User ID and password that assigned to SNOM phone  i got JTAPI error but with CIPC(Cisco IP Communicator) works fine and i could log on without any issue. i checked RMuser controlled device and also allow controlled CTI port,all configured. i checked all documents about this issue but it is not mentioned anything about SNOM phone used as agent. any idea for that? any documents for compatibility list between CCX and agent platform...
    i have checked below links
    http://www.cisco.com/en/US/prod/collateral/voicesw/custcosw/ps5693/ps1844/prod_qas0900aecd80422e66.pdf
    http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_compatibility/matrix/crscomtx.pdf
    Special thanks in advance for your help
    Sara

    Hi Sara,
    If you do not see it in the UCCX comp matirx, than please remember that you will not get support from Cisco TAC incase if you hit any issues with this deployment.
    http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_compatibility/matrix/crscomtx.pdf
    Thanks,
    Anand

  • MARS topology in non-Cisco environment

    In a heterogeneous, non-Cisco environment (e.g. Dell switches, Sidewinder firewall), is it possible to obtain accurate topology/visualization information? If so, how is this accomplished? Any other best-practices/gotchas for getting the most out of MARS in such environment would be helpful as well. Thank you.

    We don't really have any topology information in MARS, and for the most part don't pay much attention to the topology or attack graphs/charts. Don't even use the summary page. We don't use the MARS for anything but collecting events. Maybe I don't know what I'm missing, but we get along just fine without(we even have a mostly Cisco network).

Maybe you are looking for