Prime MSE and WLC

Hi
Just installed Prime 1.3, currently upgrading wlc's to 7.0.240 (WiSM), we have a MSE as well, what version should this be on, currently on 7.0.230 as this matched the WCS?
I'm sure I read somewhere it had to be the same version as the controllers or the WCS.

Hi,
on this link you can find all compatibility information
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html

Similar Messages

  • Prime, MSE and WLC NMSP Status

    I have a 5508 WLC and have loaded a demo of Prime 2.1 and MSE 8.0.
    The NMSP status is showing as inactive in Prime and MSE and therefore the clients are not showing on the map I have loaded.
    Any ideas?

    MSE doesn't sync with WLC when added with PI 2.1.1
    CSCup93101
    Description
    Symptom:
    NMSP is not active between MSE and WLC when added using PI 2.1.1.
    Conditions:
    This applies to only MSE added Prime Infrastructure after upgrade to 2.1.1 on Prime Infrastructure.
    If the MSE was already added to Prime Infrastructure in 2.1 or previous releases, and then upgrade to PI 2.1.1 was performed customers will not run into the NMSP problem between MSE and WLC after the PI upgrade to PI 2.1.1.
    Workaround:
    Push a template (Templates > Features and Technologies > Controller > Security > AAA > AP or MSE Authorization) with MSE MAC address and key hash.
    Please contact Cisco TAC for a patch.
    Last Modified:
    Dec 11,2014
    Status:
    Fixed
    Severity:
    2 Severe
    Product:
    Network Level Service
    Known Affected Releases:
    (1)
    2.1(1)

  • MSE and WLC Operation

    Hello,
    I need to develop a solution of wIPS, but I'm not sure about the compatibility between the MSE and the WLC. My WLC is in 7.6.100 version and the MSE is 3310 model. Reviewing documentation, the MSE can only update until 7.3 version. Somebody knows if the version between wlc and mse must match, or which are the restrictions. Additionally, i can use Prime I or WSC, we have both systems.

    but I'm not sure about the compatibility between the MSE and the WLC.
    Here is the compatibility information.
    http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#pgfId-148604
    My WLC is in 7.6.100 version
    You should consider upgrade this to min 7.6.130.0  as that is the stable code of 7.6.x software train.
    MSE is 3310 model. Reviewing documentation, the MSE can only update until 7.3 version. Somebody knows if the version between wlc and mse must match, or which are the restrictions.
    It does not need to be exact match between WLC & MSE versions. Refer release notes of each product & version, it will listed the new features added in each releases. Since MSE 3310 not supporting 7.3.x onward, I would plan for MSE migration anyway. You can go with VM in later versions of MSE & no need to buy hardware for that.
    Additionally, i can use Prime I or WSC, we have both systems
    Go with Prime as WCS is not supported any longer. What's the reason still keeping the WCS ?
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Prime Infrastructure and WLC 2504 N+1 config syncronization

    I've setup 2 cisco 2504 WLC's in a N+1 configuration, before we purchased Prime Infrastructure.  Now I'm trying to syncronize the configurations between the two devices in PI.  I've setup a configuration group, and it seems using templates will keep the configuration syncronized between the two devices.  Is it possible for PI to automatically create the templates based on the current configuration of the device.  Plus with PI 2.1 it seems like I have to create a template for every section of the configuration, shouldn't there be just one large template that has all the configurations.

    Yes, you should be able to discover templates from the WLC
    HTH,
    Steve

  • Prime 1.3 and WLC 7.6 Can I push guest accounts?

    Hi all
    My Customer needs to update the WLC to 7.6 (from 7.4) due to 3700 APs, but does not use the ac or other new features (yet).
    He has a Prime 1.3 update 4, where the guest Account are created.
    Can he, after the WLC Upgrade  to 7.6.130.0 still see the WLC from Prime 1.3 and Push guest accounts to the WLC?
    The migration to PI 2.1 will be planned.
    Thanks
    Willem

    Cisco Prime 1.3 doesn't support 7.6 please check the compatibility matrix
    Table 4 Cisco Prime Infrastructure and Cisco Wireless Release Compatibility Matrix
    Cisco Prime Infrastructure
    Cisco WLC
    Cisco MSE
    ISE
    Remarks
    Update 4 for 1.3.0.20
    Update 1 for 1.3.0.20
    1.3.0.20
    7.4.121.0
    7.4.110.0
    7.4.100.60
    7.4.100.0
    7.3.112.0
    7.3.101.0
    7.2.115.2
    7.2.111.3
    7.2.110.0
    7.2.103.0
    7.0.250.0
    7.0.240.0
    7.0.235.3
    7.0.235.0
    7.0.230.0
    7.1.91.0
    7.0.220.0
    7.0.116.0
    7.0.98.218
    7.0.98.0
    7.4.121.0
    7.4.110.0
    7.4.100.0
    7.3.101.0
    7.2.110.0
    7.2.103.0
    7.0.240.0
    7.0.230.0
    7.0.220.0
    7.0.201.204
    7.0.112.0
    7.0.105.0
    1.0
    1.1
    1.2

  • Virtualized WLC + Prime + MSE solution

    Dear all,
    we are facing some problem to deploy a virtualized localization solution made of WLC, Prime Infrastructure and MSE.
    We constructed, in our lab, on a UCS C220M3 with VMWare 5.1 the following solution:
    Virtual WLC version 7.3.101 (ip address 10.0.1.249)
    Prime Infrastructure 1.2.0.103 (ip address 10.0.1.250)
    Virtual MSE 7.3.101 (ip address 10.0.1.247)
    WLC is working properly, can register APs and is properly integrated with the Prime. For the localization solution we deployed three access points:  
    -one 3502 in flex connect mode
    -two 1142 in monitor mode
    The problem came out  when we started to work with the MSE. MSE has been registered inside Prime and synchronized with maps and controller.
    After that we checked the maps but no information was displayed. So we started facing the problem and we found that the NMSP protocol remained inactive even if the troubleshooting windows didn't report any explicit issue.
    At this stage we started checking the debug messages and in particular, for the NMSP we countinuously received the follwing message:
    *nmspRxServerTask: Nov 17 17:55:09.777: Allocated new NMSP connection 0
    *nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit:  SSL_new() conn ssl 0x2aaaae71ab88
    *nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
    *nmspRxServerTask: Nov 17 17:55:09.778: -- returns WANT_READ for conn ssl 0x2aaaae71ab88
    *nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit() success with Connection state: INIT, SSL state: HANDSHAKING
    *nmspRxServerTask: Nov 17 17:55:09.785: doSSLRecvLoop: Handshake has not completed for conn 0
    *nmspRxServerTask: Nov 17 17:55:09.785: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
    *nmspRxServerTask: Nov 17 17:55:09.785: -- returns WANT_READ for conn ssl 0x2aaaae71ab88
    *nmspRxServerTask: Nov 17 17:55:10.100: doSSLRecvLoop: Handshake has not completed for conn 0
    *nmspRxServerTask: Nov 17 17:55:10.100: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
    *nmspRxServerTask: Nov 17 17:55:10.100: -- handshake failed for conn ssl 0x2aaaae71ab88,error = error:00000000:lib(0):func(0):reason(0)
    *nmspRxServerTask: Nov 17 17:55:10.100:  freeing Nmsp conn ssl 0x2aaaae71ab88, conn id 0
    Also the statistics for the NMSP protocol emphatized an SSL error:
    (Cisco Controller) >show nmsp statistics summary
    NMSP Global Counters
    Client Measure Send Fail......................... 0
    Send RSSI with no entry.......................... 0
    APP msg too big.................................. 0
    Failed Select on Accept Socket................... 0
    Failed SSL write................................. 0
    Partial SSL write................................ 0
    SSL write returned zero.......................... 0
    SSL write attempts to want read.................. 0
    SSL write attempts to want write................. 0
    SSL write got default error...................... 0
    SSL write max data length sent................... 0
    SSL write max attempts to write in loop.......... 0
    SSL read returned zero........................... 0
    SSL read attempts to want read................... 0
    SSL read attempts to want write.................. 0
    SSL read got default error....................... 0
    Failed SSL read - Con Rx buf freed............... 0
    Failed SSL read - Con/SSL freed.................. 0
    Max records read before exiting SSL read......... 0
    --More-- or (q)uit
    Highest Prio Tx Q full........................... 0
    Normal Prio Tx Q full............................ 0
    Highest Prio Tx Q Sent........................... 0
    Normal Prio Tx Q Sent............................ 0
    Highest Prio Tx Q count.......................... 0
    Normal Prio Tx Q count........................... 0
    Messages sent by APPs to Highest Prio TxQ........ 0
    Max Measure Notify Msg........................... 0
    Max Info Notify Msg.............................. 0
    Max Highest Prio Tx Q Size....................... 0
    Max Normal Prio Tx Q Size........................ 0
    Max Rx Size...................................... 1
    Max Info Notify Q Size........................... 0
    Max Client Info Notify Delay..................... 0
    Max Rogue AP Info Notify Delay................... 0
    Max Rogue Client Info Notify Delay............... 0
    Max Client Measure Notify Delay.................. 0
    Max Tag Measure Notify Delay..................... 0
    Max Rogue AP Measure Notify Delay................ 0
    Max Rogue Client Measure Notify Delay............ 0
    Max Client Stats Notify Delay.................... 0
    Max RFID Stats Notify Delay...................... 0
    RFID Measurement Periodic........................ 0
    --More-- or (q)uit
    RFID Measurement Immediate....................... 0
    SSL Handshake failed............................. 1319
    NMSP Rx detected con failure..................... 0
    NMSP Tx detected con failure..................... 0
    NMSP Tx buf size exceeded........................ 0
    NMSP Tx Invalid msg id .......................... 0
    Reconnect Before Conn Timeout.................... 0
    Rogue AP Info Changed DB Full.................... 0
    Rogue AP Meas Changed DB Full.................... 0
    Rogue Client Info Changed DB Full................ 0
    Rogue Client Meas Changed DB Full................ 0
    Looking around the Internet we found a similar case where the issue was solved dealing with the authorization list upon the wireless lan controller but after the suggested check we saw that the MSE is correctly authorized inside the controller: Here's the "show auth-list" on the WLC:
    (Cisco Controller) >show auth-list
    Authorize MIC APs against AAA ................... disabled
    Authorize LSC APs against Auth-List ............. disabled
    APs Allowed to Join
      AP with Manufacturing Installed Certificate.... no
      AP with Self-Signed Certificate................ no
      AP with Locally Significant Certificate........ no
    Mac Addr                  Cert Type    Key Hash
    00:0c:29:68:c8:57         LBS-SSC      6d6703ef9cccfb5a430e04b3ad128f8170fb435c
    that perfectly matches what was on the MSE:
    cmd> show server-auth-info
    invoke command: com.aes.server.cli.CmdGetServerAuthInfo
    AesLog queue high mark: 50000
    AesLog queue low mark: 500
    Server Auth Info
    MAC Address: 00:0c:29:68:c8:57
    Key Hash: 6d6703ef9cccfb5a430e04b3ad128f8170fb435c
    Certificate Type: SSC
    Finally I tried to look around the MSE logs and here what I found tailing the locserver errors:
    ==> /opt/mse/logs/locserver/locserver-error-0-0.log <==
    11/17/12 17:54:13.513 ERROR[locp] [36] Error in ConnectHandler(endPoint) <LocpSessionTarget mode=CLIENT><LocpEndPoint status=HANDSHAKE totalBytesSent=72000 totalBytesReceived=1315800><LocpEndPoint.Key host=10.0.1.249 port=16113/></LocpEndPoint></LocpSessionTarget>
    11/17/12 17:54:13.513 ERROR[com.aes] [36] [ConnectHandler:handle-09] THROW
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem
            at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)
            at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485)
            at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1128)
            at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1100)
            at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)
            at com.aes.server.locp.transport.IOChannelSecure.doHandshake(IOChannelSecure.java:230)
            at com.aes.server.locp.transport.LocpTransportService$ConnectHandler.handle(LocpTransportService.java:354)
            at com.aes.server.locp.transport.ChannelEventDispatcherImpl$HandlerTask.run(ChannelEventDispatcherImpl.java:348)
            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
            at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
            at java.util.concurrent.FutureTask.run(FutureTask.java:138)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
            at java.lang.Thread.run(Thread.java:662)
    Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1528)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533)
            at java.security.AccessController.doPrivileged(Native Method)
            at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952)
            at com.aes.server.locp.transport.IOChannelSecure.doTasks(IOChannelSecure.java:265)
            at com.aes.server.locp.transport.IOChannelSecure.doHandshake(IOChannelSecure.java:193)
            ... 8 more
    Caused by: sun.security.validator.ValidatorException: No trusted certificate found
            at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:346)
            at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:111)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
            ... 15 more
    Everything seems to bring to a certificate error but I don't know, from a side if this is the right direction of investigfation and, from the other, where to check for this certificate and how to find a solution.
    May someone  give us some help?
    Thank in advance to all.
    Regards.
    Marco

    Hi Pongsatorn,
    This is caused by a bug with the ID - CSCub42987. And yes, it only applies to the Virtual WLC's.
    Here is the work-around: (need to be performed from the CLI of the MSE as follows)
    1. cmdshell
    2. config unauthenticated-nmsp true
    3. exit
    4. service msed restart
    Ram.

  • MSE and Zones (Cisco Connected Mobile Experience)

    Hello everybody,
    I am trying to do Cisco Connected Mobile Experience work using Cisco Prime 1.3, MSE 7.4, WLC 7.4 (everything virtual appliance) and Meridian App.
    It is working well, but although I have configured some zones on Cisco Prime, it is not shown on MSE and Meridian.
    What can be happening? Why aren't zones shown?

    Dear andre.ortega,
    we have similar project.
    And may be you can help me, geting answers for my questions.
    1. MSE v 7.5 will support navigation features. Can MSE output this information via API to Mobile Apps?
    2. did u investigate other solutions for mobile apps then Meridian?
    thank you.

  • Migrating APs and WLCs to other subnets

    At the moment we have 2 and WLCs with 50 licenses and almost 100 LAPs (with fixed IP-address and with configured controller address).
    I want to move the WLCs to VLAN 150 (192.168.150.0/24) and the LAPs to VLAN (192.168.160/24). 
    To do this do I need to change the fixed configuration of every AP to the correct IP-address and than place them in de correct VLAN and if all LAPs changed the IP-address of the controller and place him in correct VLAN? Our is there a easier way to do this.
    I have read something about giving a option in the DHCP scope but I don't think that wil work in my situation because I have 2 controllers.

    There are multiple ways of doing this.
    If you have WCS or Prime, you could push Primary Controller information to all you AP with new controller IP information (since it is not live, it won't affect AP). In this way one you change the WLC IP, AP will join your new controller as primary controller.
    As Leo suggested you can use DNS or DHCP option 43 method as well. In DHCP option 43, you can give multiple controllers IP if you want. But if these two controllers are in same mobility group, irrespective of the option 43 config, AP will get to know about available controllers as long as they reach any one of your controller.
    HTH
    Rasika
    *** Pls rate all useful responses ****

  • Ask the Expert: Cisco BYOD Wireless Solution: ISE and WLC Integration

    With Jacob Ideji, Richard Hamby  and Raphael Ohaemenyi   
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about  the new Identity Solutions Engine (ISE) and Wireless LAN Controller (WLC) hardware/software, integration, features, specifications, client details, or just questions about  Cisco's Bring-your-own device (BYOD) solution with cisco Experts Richard Hamby, Jacob Ideji, and Raphael Ohaemenyi. The interest in BYOD (Bring You Own Device) solutions in the enterprise has grown exponentially as guests and company users increasingly desire to use personal devices to access .  Cisco BYOD enhances user experience and productivity while providing security, ease-of-administration, and performance. The heart of the Cisco wireless BYOD solution is Identity Solutions Engine (ISE) utilizing the Cisco Unified Wireless portfolio.  Starting with ISE v1.1.1MR and WLC (Wireless LAN Controller) code v7.2.110.0 and higher, end-to-end wireless BYOD integration is reality. 
    Jacob Ideji is the technical team lead in the Cisco authentication, authorization and accounting (AAA) security team in Richardson, Texas. During his four years of experience at Cisco he has worked with Cisco VPN products, Cisco Network Admission Control (NAC) Appliance, Cisco Secure Access Control Server, and Dot1x technology as well as the current Cisco Identity Services Engine. He has a total of more than 12 years experience in the networking industry. Ideji holds CCNA, CCNP, CCSP, CCDA, CCDP, and CISM certifications from Cisco plus other industry certifications.
    Richard Hamby  works on the Cisco BYOD Plan, Design, Implement (PDI) Help Desk for Borderless Networks, where he is the subject matter expert on wireless, supporting partners in the deployment of Cisco Unified Wireless and Identity Services Engine solutions. Prior to his current position, Hamby was a customer support engineer with the Cisco Technical Assistance Center for 3 years on the authentication, authorization, accounting (AAA) and wireless technology teams. 
    Raphael Ohaemenyi  Raphael Ohaemenyi is a customer support engineer with the authentication, authorization and accounting (AAA) team in the Technical Assistance Center in Richardson, Texas, where he supports Cisco customers in identity management technologies. His areas of expertise include Cisco Access Control Server, Cisco Network Admission Control (NAC) Appliance, Cisco Identity Services Engine, and IEEE 802.1X technologies. He has been at Cisco for more than 2 years and has worked in the networking industry for 8 years. He holds CCNP, CCDP, and CCSP certification.
    Remember to use the rating system to let Jacob, Richard and Raphael know if you have received an adequate response.  
    Jacob, Richard and Raphael might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the wireless mobility sub community forum shortly after the event. This event lasts through Oct 5th, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

    OOPS !!
    I will repost the whole messaqge with the correct external URL's:
    In  general, the Trustsec design and deployment guides address the specific  support for the various features of the 'whole' Cisco TS (and other  security) solution frameworks.  And then a drill-down (usually the  proper links are embedded) to the specifc feature, and then that feature  on a given device.  TS 2.1 defines the use of ISE or ACS5 as the policy  server, and confiugration examples for the platforms will include and  refer to them.
    TrustSec Home Page
    http://www.cisco.com/en/US/netsol/ns1051/index.html
    http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/at_a_glance_c45-654884.pdf
    I find this page very helpful as a top-level start to what features and capabilities exist per device:
    http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
    The TS 2.1 Design Guides
    http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
    DesignZone has some updated docs as well
    http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#~bng
    As  the SGT functionality (at this point) is really more of a  router/LAN/client solution, the most detailed information will be in the  IOS TS guides like :
    http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x.html
    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/sec-usr-cts-xe-3s-asr1000-book.html
    http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html

  • Web Redirection Problem on Cisco ISE 1.2 and WLC 7.5

    Hello,
    We are at initial phase of deploying ISE 1.2 in our environment for Wireless Guest Users.
    I have configured ISE and WLC to talk to each other which is working fine. An SSID with MAC-Filtering is also configured on WLC and ACL only allowing ISE and DNS traffice.
    I have configured proper authentication and authorization policies on ISE. Now, when I try to connect my device (laptop and android mobile), I see my device gets associated with the SSID (Demo) and gets the right IP Address from DHCP and right VLAN from WLC. The log process on ISE is as follows.
    11001
    Received RADIUS Access-Request
    11017
    RADIUS created a new session
    11027
    Detected Host Lookup UseCase (Service-Type = Call Check (10))
    15049
    Evaluating Policy Group
    15008
    Evaluating Service Selection Policy
    15048
    Queried PIP
    15048
    Queried PIP
    15004
    Matched rule
    15041
    Evaluating Identity Policy
    15006
    Matched Default Rule
    15013
    Selected Identity Source - Internal Endpoints
    24210
    Looking up User in Internal Users IDStore - B8:B4:2E:A6:7D:75
    24216
    The user is not found in the internal users identity store
    24209
    Looking up Endpoint in Internal Endpoints IDStore - B8:B4:2E:A6:7D:75
    24211
    Found Endpoint in Internal Endpoints IDStore
    22037
    Authentication Passed
    15036
    Evaluating Authorization Policy
    15048
    Queried PIP
    15048
    Queried PIP
    15048
    Queried PIP
    15004
    Matched rule - Guest Redirection
    15016
    Selected Authorization Profile - Test_Profile
    11002
    Returned RADIUS Access-Accept
    I also see a redirect url in the detailed authentication logs. But the problem is that when I open my browser on my device, it doesn't get redirected to the guest portal url. Now since I can't get there, I can't continue with the rest of the process of authentication, COA and final ACL for internet access.
    Can some one please either guide me the correct steps that I need to follow, if I have mis configured something or advise if this is a bug.
    Thanks in advance.
    Jay

    The ACL is definitely used to define what traffic is re-directed to ISE and what traffic is not redirected. Having the permit-all statement at the end will break redirection. If you are using flex-connect then you will need to use flex-connect ACLs and apply those to the flex-connect APs. The links below should give you an idea of what needs to be done:
    http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html
    http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html
    Thank you for rating helpful posts! 

  • Hp prime Copy and pasting problems

    Does any one know why the HP prime copy and paste function does not work properly. For example when I copy and past form the spreadsheet to the statistics 1 var app nothing happens. Perhaps there is a work around that will allow me to avoid this problem or another firmware that I can download.
    Please note that i am using Software version: 2015 6 17 (8151)
    Hardware Version: A
    CAS Version: 1.1.2-11
    Operating System: 4CY35605VB I don’t think I’m doing anything wrong, however I should point out that when I copy from statistic 1 or 2 Var apps and paste to the spreadsheet app that everything works fine. The problem persists when when I reverse the direction, and copy from the spreadsheet and paste to the statistics 1 or 2 Var apps. I should also note that this problem does not occur with the HP Prime emulator.

    Hi!, mu271314: I'm have a HP PRIME GRAPHING CALCULATOR, with same Software Version and run OK. Try ...In the Statistic 1Var, write your data, p.e.D1              D2               D312                 9                  936                 9                  9  2                 9                  6Now, for copy you must, select with More, the option 3Select and 3BoxIn Choose Prog Function, select Row's and Column, as ...Row: 1                Column: 1Row: 3                Column: 3Press Ok. Now with arrow, select the box and press Shift+CopyNow, with Esc, select Apps, Statistics 2Var and StartIn C1, put block and press Shift+Paste ... 1{{12,9,9},{36,9,9},{ > Press Ok and 1 Grid data Note: You can see, with examples, from ... www-fourier.ujf-grenoble.fr/~parisse/calc/hprime.pdf 

  • Rogue AP - Not in sync with WCS and WLC

    WCS - 7.0.164.0 and WLC - 7.0.98.0.
    For some reason, I am seeing rogue ap alert on WLC and am not seeing on WCS.   How do I clean up database and sync with WCS and WLC.
    I am seeing same thing with coverage holes.
    - Allen -

    Allen,
         On the WLC go to Management > SNMP > Trap Controls, make sure that you have the traps checked.
    HTH,
    Steve
    *Please remember to rate helpful posts*

  • WCS and WLC AP values not fully in sync.

    I have recently added several new aps on my network,after they connect to the controller, I set a hostname, and change the ip address to a static. However, WCS still sees the aps by the old ip and host name despite going into each one, hitting audit, and then save, any way to fix this? Thanks.

    You may want to also consider the following:
    1) Both the WCS and the WLC need to be at the same major revs (i.e.: The if the WCS is at v4.2, then the WLC should also be at 4.2). Failure to do so results in some significantly bizarre behavior such as errors after an audit - at least that was my experience.
    2) You may have better success if you make the change from the WCS which pushes the change to the WLC and that way the WCS is already aware of the change. (Normally, this should work - I know of one instance where it does not: changing Master Controller Mode from the WCS).
    3) If you feel strongly about making the change in the WLC (and are running a newer version of code in the WCS/WLC - i.e.: 4.x), there is a setting that forces the WLC to send configuration changes to the WCS once APPLY and "Save Configuration" are clicked:
    From the *WCS*, click on Configure->Controllers and click on the controller you wish to change, and check the "Refresh on Save Config Trap" check box and click OK.
    This will cause the controller to push any configuration changes up to the WCS after an APPLY and "Save Configuration" are clicked.
    4) In terms of getting the WCS to actually synch up with the controller (assuming the WCS and WLC are at the same rev. levels), you may need to do what I did (this was subsequent to upgrading to v4.2 in both the WLC and WCS and having chronic "mismatch" status between the WCS and WLC):
    From the WCS:
    Configure->Controllers, check the controllers you wish to synch up. From the dropdown, select "refresh config from controller"
    Next, select the DELETE option (instead of the RETAIN option). I believe that there are bugs in the software that upgrades earlier revisions to 4.2. I know that it might seem undesirable to DELETE information in the WCS, however, if you choose "DELETE", it seems to get rid of the residual information from the previous revisions that did not upgrade properly and the WCS will now be in synch with the controllers. DELETING the other settings makes the audit errors go away.
    Subsequent audits may go better for you after performing the step shown above. However, you may need to repeat this process in item 4 above once or twice more until the database gets cleaned up, but after that my own experience has been that the WCS and WLC will eventually stay in synch.
    It is unfortunate that we are forced to come up with workarounds like these when the software should clearly be able to handle this on its own, but we do what we must to get the job done.
    Hope this helps,
    - John
    (Please rate helpful posts)

  • WCS and WLC WLAN Config not fully in sync

    Hi,
    We're facing the issue WCS and WLC WLAN Config is not fully in sync. WLC  showing server 1 is IP:10.160.22.151, Port:1812 but WCS server showing none even  after click on “Audit” button. Any idea how to resolve this issue? Is this causing any wireless problem? Attached is screen captured. Thanks for your help.

    You mentioned "audit". Have you done a WCS audit so the WLC and WCS are in SYNC?
    If you make a change on the WLC you will not see it in WCS UNLESS they are SYNC. You will see the term "mismatch".
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • ISE and WLC

    Dear friends,
    We are using ISE and WLC integrity in our network, we have Corporate and Guest SSID, we configured it but client cant connect to this ssid and cant be authenticated, please see attached files and tell me if i done something wrong in configuration of WLC
    10.10.17.201 is ISE
    Thank you for attention

    Hi,
    After viewing the Trap logs it seems you have checked on validate machine.
    On the client side, make sure you don't check validate machine and then try.

Maybe you are looking for