Some wireless clients can't discover or connection to local wired systems

Hi,
I've just upgraded my home wireless from an NetComm NB5540 + modem to a LinkSys X3000.
Internet access works fine for all devices, but some wireless devices can't "see" my Win7 desktop system that's on a wired connections to the router.
I've tried three devices...
Galaxy Note phone (running ICS 4.0.4) can discover and connect to file shares on my desktop system without any problems.
Asus Transformer Prime tablet (running JellyBean 4.1.1) can see the router on the local network, but can't see my desktop. Even if I manually type in the IP address it can't connect to it
Likewise my old WinXP laptop can see the router but can't see or connect to any other devices.
Any suggestions welcome.
Hugh
ps. I tried connecting the NetComm router with just Wifi configured to one of the ethernet ports on the X3000, so I've got two Wifi networks running in parallel. If I connect to this second WiFi network with any of the above devices then they can all discover and connect to my desktop system on the wired connection to the X3000.

Just to test network connectivity, why don't you ping the wired client from the wireless devices that are not able access it? Do post your results so we can further analyze this scenario. By the way, when you cascaded another access point (using the NetComm router) to the X3000, was it via LAN- LAN? Was the X3000 still the DHCP server for the wireless clients?

Similar Messages

HT4260 Can i control which wireless clients i like to betrol which wireless clients i like to be connected on my airport base station?

Can i control which wireless clients i like to betrol which wireless clients i like to be connected on my airport base station?

Yes. Use AirPort Utility's MAC Address Access Control.
AirPort Utility > select your base station > Edit button > Network tab > "Enable Access Control" > click the Timed Access Control button.
You need to specify the clients you want to control by their MAC address, which is usually printed on the device's exterior case.

Some Wireless clients won't authenticate to 887VA-W

Hi folks
I've swapped over a few months ago from an 877w router to an 887VAw which has a separate AP in-built, and there are a few wireless clients that had no problem authenticating to the 877w but just refuse to communicate to the 887VA-W.
The clients in question are set top box type devices : (1)Now TV and (2) Sky Wireless Adapter.
They have no problem seeing the SSID's being broadcast, and for troubleshooting I've setup an open test SSID without any encryption, but the clients still won't authenticate and grab an ip address, or more accurately they just don't get a dhcp ip address so I don't think authentication is really the issue. I don't know why these clients aren't happy with dhcp on the guest vlan (vlan2) where other clients get an ip address and work fine. Perhaps the fact I'm using vlan1 (being used for the Eap-Fast home wlan) as the native untagged vlan might have something to do with it? If I use a static ip address on the guest vlan (vlan 2 / ip 10.1.1.n ) then the Sky Wireless Adapter can send and receive packets across the wlan.
Can anybody please suggest some debugs or config changes to try and nail the problem? The relevant configs from the AP is pasted below, and the router below that.
Brgds, Tim
aaa new-model
aaa group server radius rad_eap
server name rs-local
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication ppp default local
aaa authorization exec default local
dot11 ssid home
   vlan 1
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa version 2
dot11 ssid guest
   vlan 2
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 abcdef123
dot11 ssid test
   vlan 3
   authentication open
   mbssid guest-mode
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 2 mode ciphers aes-ccm
broadcast-key vlan 1 change 30
broadcast-key vlan 2 change 43200
ssid home
ssid guest
ssid test
antenna gain 0
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 64 drop-packet
no preamble-short
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
no cdp enable
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
no cdp enable
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
interface GigabitEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
no bridge-group 3 source-learning
interface BVI1
ip address 172.27.44.2 255.255.255.0
no ip route-cache
ip default-gateway 172.27.44.1
****Router Config****
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered BVI1

Hi Sebastian
Please see ip dhcp debug from 887VA-W showing the Sky client requesting an ip address but failing to get one. Also a debug from an 877-W showing successful dhcp assignment. Also the dhcp config as requested.The successful trace shows 2 mac addresses from the Sky wireless adapter/ Sky box each getting a dhcp address. I don't know whether the failure is a bug in the 887 dhcp code or some config in the embedded AP that needs tweaking.
Bregs, Tim
The Sky wired adapter (I think it's the mac of the sky box lan port) mac is 00:19:FB:A4:B2:1A
The Sky wireless mac is 18:28:61:99:7B:A8
887VA-W Debug - Failure:
887#term mon
887#sh deb
DHCP server packet debugging is on.
887#
887#
000141: Dec 16 07:03:02.082 London: DHCPD: ARP entry exists (10.1.1.10, e0c9.7ad6.24ee).
000142: Dec 16 07:03:02.082 London: DHCPD: unicasting BOOTREPLY to client e0c9.7ad6.24ee (10.1.1.10).
Denham_887#
000143: Dec 16 07:05:25.536 London: DHCPD: client's VPN is .
000144: Dec 16 07:05:25.536 London: DHCPD: No option 125
000145: Dec 16 07:05:25.536 London: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI1.
000146: Dec 16 07:05:25.536 London: DHCPD: Allocate an address without class information (10.1.1.0)
000147: Dec 16 07:05:25.536 London: DHCPD: Saving workspace (ID=0x4000009)
Denham_887#
000148: Dec 16 07:05:27.536 London: DHCPD: Reprocessing saved workspace (ID=0x4000009)
000149: Dec 16 07:05:27.536 London: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI1.
000150: Dec 16 07:05:27.536 London: DHCPD: Sending DHCPOFFER to client 0019.fba4.b21a (10.1.1.12).DHCPD: Setting only requested parameters
000151: Dec 16 07:05:27.536 London: DHCPD: no option 125
000152: Dec 16 07:05:27.536 London: DHCPD: broadcasting BOOTREPLY to client 0019.fba4.b21a.
Denham_887#
000153: Dec 16 07:05:32.468 London: DHCPD: New packet workspace 0x123EC554 (ID=0xC700000A)
000154: Dec 16 07:05:32.468 London: DHCPD: client's VPN is .
000155: Dec 16 07:05:32.468 London: DHCPD: No option 125
000156: Dec 16 07:05:32.468 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
000157: Dec 16 07:05:32.468 London: DHCPD: Allocate an address without class information (10.1.1.0)
000158: Dec 16 07:05:32.472 London: DHCPD: Saving workspace (ID=0xC700000A)
Denham_887#
000159: Dec 16 07:05:34.080 London: DHCPD: New packet workspace 0x1240A47C (ID=0x5500000B)
000160: Dec 16 07:05:34.080 London: DHCPD: client's VPN is .
000161: Dec 16 07:05:34.080 London: DHCPD: No option 125
000162: Dec 16 07:05:34.080 London: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI1.
000163: Dec 16 07:05:34.080 London: DHCPD: Sending DHCPOFFER to client 0019.fba4.b21a (10.1.1.12).DHCPD: Setting only requested parameters
000164: Dec 16 07:05:34.080 London: DHCPD: no option 125
000165: Dec 16 07:05:34.080 London: DHCPD: broadcasting BOOTREPLY to client 0019.fba4.b21a.
Denham_887#
000166: Dec 16 07:05:34.468 London: DHCPD: Reprocessing saved workspace (ID=0xC700000A)
000167: Dec 16 07:05:34.468 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
000168: Dec 16 07:05:34.468 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
000169: Dec 16 07:05:34.468 London: DHCPD: no option 125
000170: Dec 16 07:05:34.468 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
Denham_887#
000171: Dec 16 07:05:35.476 London: DHCPD: client's VPN is .
000172: Dec 16 07:05:35.476 London: DHCPD: No option 125
000173: Dec 16 07:05:35.476 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
000174: Dec 16 07:05:35.476 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
000175: Dec 16 07:05:35.476 London: DHCPD: no option 125
000176: Dec 16 07:05:35.476 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
Denham_887#
000177: Dec 16 07:05:37.520 London: DHCPD: client's VPN is .
000178: Dec 16 07:05:37.520 London: DHCPD: No option 125
000179: Dec 16 07:05:37.520 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
000180: Dec 16 07:05:37.520 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
000181: Dec 16 07:05:37.524 London: DHCPD: no option 125
000182: Dec 16 07:05:37.524 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
Denham_887#
000183: Dec 16 07:05:40.532 London: DHCPD: client's VPN is .
000184: Dec 16 07:05:40.532 London: DHCPD: No option 125
000185: Dec 16 07:05:40.532 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
000186: Dec 16 07:05:40.532 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
000187: Dec 16 07:05:40.532 London: DHCPD: no option 125
000188: Dec 16 07:05:40.532 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
Denham_887#
000189: Dec 16 07:05:43.540 London: DHCPD: client's VPN is .
000190: Dec 16 07:05:43.540 London: DHCPD: No option 125
000191: Dec 16 07:05:43.540 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
000192: Dec 16 07:05:43.540 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
000193: Dec 16 07:05:43.540 London: DHCPD: no option 125
000194: Dec 16 07:05:43.540 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
Denham_887#
000195: Dec 16 07:05:48.884 London: DHCPD: client's VPN is .
000196: Dec 16 07:05:48.884 London: DHCPD: No option 125
000197: Dec 16 07:05:48.884 London: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI1.
000198: Dec 16 07:05:48.884 London: DHCPD: Sending DHCPOFFER to client 0019.fba4.b21a (10.1.1.12).DHCPD: Setting only requested parameters
000199: Dec 16 07:05:48.884 London: DHCPD: no option 125
000200: Dec 16 07:05:48.884 London: DHCPD: broadcasting BOOTREPLY to client 0019.fba4.b21a.
887VA-W dhcp config:
887#sh run | section dhcp
no ip dhcp use vrf connected
ip dhcp binding cleanup interval 10
no ip dhcp conflict logging
ip dhcp pool home
network 172.27.44.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 172.27.44.1
ip dhcp pool test
import all
network 11.1.1.0 255.255.255.0
default-router 11.1.1.1
dns-server 208.67.222.222 208.67.220.220
ip dhcp pool guest
import all
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
dns-server 208.67.222.222 208.67.220.220
877-W Debug - Success:
877#deb ip dhcp se
877#deb ip dhcp server pa
DHCP server packet debugging is on.
877#deb ip dhcp server ev
DHCP server event debugging is on.
877#
000258: *Jun 23 22:20:07.087 BST: DHCPD: checking for expired leases.
000259: *Jun 23 22:20:14.684 BST: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   1828.6199.7ba9 Associated SSID[guest] AUTH_TYPE[OPEN] KEY_MGMT[WPAv2 PSK]
000260: *Jun 23 22:20:16.289 BST: DHCPD: Sending notification of DISCOVER:
000261: *Jun 23 22:20:16.289 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
000262: *Jun 23 22:20:16.289 BST:   DHCPD: remote id 020a00000a010101f2000000
000263: *Jun 23 22:20:16.289 BST:   DHCPD: circuit id 00000000
000264: *Jun 23 22:20:16.289 BST: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI2.
000265: *Jun 23 22:20:16.289 BST: DHCPD: Seeing if there is an internally specified pool class:
000266
*Jun 23 22:20:16.289 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
000267: *Jun 23 22:20:16.289 BST:   DHCPD: remote id 020a00000a010101f2000000
000268: *Jun 23 22:20:16.289 BST:   DHCPD: circuit id 00000000
000269: *Jun 23 22:20:16.289 BST: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.9).
000270: *Jun 23 22:20:16.289 BST: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
000271: *Jun 23 22:20:16.493 BST: DHCPD: DHCPREQUEST received from client 0118.2861.997b.a8.
000272: *Jun 23 22:20:16.493 BST: DHCPD: Sending notification of ASSIGNMENT:
000273: *Jun 23 22:20:16.493 BST: DHCPD: address 10.1.1.9 mask 255.255.255.0
000274: *Jun 23 22:20:16.493 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
000275: *Jun 23 22:20:16.493 BST:   DHCPD: lease time remaining (secs) = 86400
000276: *Jun 23 22:20:16.493 BST: DHCPD: Appending system default domain
000278: *Jun 23 22:20:16.493 BST: DHCPD: Sending DHCPACK to client 0118.2861.997b.a8 (10.1.1.9).
000279: *Jun 23 22:20:16.493 BST: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
000280: *Jun 23 22:20:17.089 BST: DHCPD: checking for expired leases.
000281: *Jun 23 22:20:18.097 BST: %SYS-5-CONFIG_I: Configured from console by vty0
Denham#
000282: *Jun 23 22:20:21.314 BST: DHCPD: Sending notification of DISCOVER:
000283: *Jun 23 22:20:21.314 BST:   DHCPD: htype 1 chaddr 0019.fba4.b21a
000284: *Jun 23 22:20:21.314 BST:   DHCPD: remote id 020a00000a010101f2000000
000285: *Jun 23 22:20:21.314 BST:   DHCPD: circuit id 00000000
000286: *Jun 23 22:20:21.314 BST: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI2.
000287: *Jun 23 22:20:21.314 BST: DHCPD: Seeing if there is an internally specified pool class:
000288: *
Jun 23 22:20:21.314 BST:   DHCPD: htype 1 chaddr 0019.fba4.b21a
000289: *Jun 23 22:20:21.314 BST:   DHCPD: remote id 020a00000a010101f2000000
000290: *Jun 23 22:20:21.314 BST:   DHCPD: circuit id 00000000
000291: *Jun 23 22:20:21.314 BST: DHCPD: Sending DHCPOFFER to client 0019.fba4.b21a (10.1.1.8).
000292: *Jun 23 22:20:21.314 BST: DHCPD: broadcasting BOOTREPLY to client 0019.fba4.b21a.
000293: *Jun 23 22:20:21.406 BST: DHCPD: DHCPREQUEST received from client 0019.fba4.b21a.
000294: *Jun 23 22:20:21
406 BST: DHCPD: Sending notification of ASSIGNMENT:
000295: *Jun 23 22:20:21.406 BST: DHCPD: address 10.1.1.8 mask 255.255.255.0
000296: *Jun 23 22:20:21.406 BST:   DHCPD: htype 1 chaddr 0019.fba4.b21a
000297: *Jun 23 22:20:21.406 BST:   DHCPD: lease time remaining (secs) = 86400
000298: *Jun 23 22:20:21.406 BST: DHCPD: Can't find any hostname to update
000299: *Jun 23 22:20:21.406 BST: DHCPD: Sending DHCPACK to client 0019.fba4.b21a (10.1.1.8).
000300: *Jun 23 22:20:21.406 BST: DHCPD: broadcasting
BOOTREPLY to client 0019.fba4.b21a.
000302: *Jun 23 22:20:33.049 BST: DHCPD: Sending notification of DISCOVER:
000303: *Jun 23 22:20:33.049 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
000304: *Jun 23 22:20:33.049 BST:   DHCPD: remote id 020a00000a010101f2000000
000305: *Jun 23 22:20:33.049 BST:   DHCPD: circuit id 00000000
000306: *Jun 23 22:20:33.049 BST: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI2.
000307: *Jun 23 22:20:33.049 BST: DHCPD: Seeing if there is an internally specified pool class:
000308
Denham#: *Jun 23 22:20:33.049 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
000309: *Jun 23 22:20:33.049 BST:   DHCPD: remote id 020a00000a010101f2000000
000310: *Jun 23 22:20:33.049 BST:   DHCPD: circuit id 00000000
000311: *Jun 23 22:20:33.049 BST: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.9).
000312: *Jun 23 22:20:33.053 BST: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
000313: *Jun 23 22:20:33.081 BST: DHCPD: DHCPREQUEST received from client 0118.2861.997b.a8.
000314: *Jun 23
Denham# 22:20:33.081 BST: DHCPD: Sending notification of ASSIGNMENT:
000315: *Jun 23 22:20:33.081 BST: DHCPD: address 10.1.1.9 mask 255.255.255.0
000316: *Jun 23 22:20:33.081 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
000317: *Jun 23 22:20:33.081 BST:   DHCPD: lease time remaining (secs) = 86400
000318: *Jun 23 22:20:33.081 BST: DHCPD: Appending system default domain
000319: *Jun 23 22:20:33.085 BST: DHCPD: Using hostname 'skywirelessconnector.indahouse.dyndns.org.' for dynamic update (from hostname opti
indahouse#uon)
000320: *Jun 23 22:20:33.085 BST: DHCPD: Sending DHCPACK to client 0118.2861.997b.a8 (10.1.1.9).
000321: *Jun 23 22:20:33.085 BST: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.

Wireless client can't get an IP but can associate with the Cisco 1200 AP

Hi!
Good day to everyone.
I guess i need some help with regards to a problem of mine.
I have a Cisco 1200 AP with IOS 12.3(2), the client is MS Win XP on an IBM notebook with an onboard intel wireless client.
the RADIUS server is a MS IAS and it is integrated with MS Active directory where I authenticate.
somehow the client can associate with WPA and TKIP however it won't receive an IP add after logging into domain. I have tried clearing out the TKIP and WPA and leave authentication open and guest mode on the config. this would be successful.
I also want to ask what does the "list_name" on the methods of authentication on EAP? Is this a RADIUS server's name or the AD server's name?
Attach is the configuration I made on the AP.
Thanks in advance,
Chris

I have this same issue, it seems the AP is not supplying the group key needed to complete the authentiction...so your being authenticated, but not fully with the AP. I have a sniffer of a good connect and a bad one, its got something to do with the key (if you look at the link status, you will probably see something like this beside security
TKIP, WEP, Key Absent
The Key Absent portion is bad. Its whats stopping us from getting fully "connected" with our AP's, but i have yet to figure out why.

Can't Add Wireless Clients; Can't Type PIN into Setup Field

I have an Airport Express "n" station, set to be compatible with "b" and "g" as well.
I would like to use the Add Wireless Clients feature of 7.3.2.
In the Airport Utility, when I go to:
Base Station > Add Wireless Clients
and follow the prompts, it never finds any first-time clients to assign a PIN to, even when there's one present that already has logged in and out of the network with a password.
Am I misunderstanding the way this function works? I assume from the Help page that when a client is within range, you can assign it a PIN for 24 hours or permanently. But I can't seem to make it work.

Since writing the title of this post, I was able to type numbers into the setup field; I forgot to delete that from the title. Apologies.

Wireless Clients can't connect post WLC Upgrade to version 7.4.100.0

Upgraded WLC Flex 7500 controller to: 7.4.100.0
Previous WLC Controller version: 7.2.111.3
After the upgrade, all AP's reported back to the controller and looked like working. We have 50+ branch sites that connect back via Layer 2 to the main office. The main office SSID's were broadcasting and users could connect and get the proper IP's. Users that connected back through FlexConnect AP's couldn't obtain an IP address. The client would authenticate to the WLC and accept the SSID key, but would not get an IP address. I see with the 7.4.100.0 upgrade there are more options for DHCP for each interface, which we don't use interfaces for all sites as we did in the early days, now we make sure the flex connect tab has the vlan identifier in the tab and the traffic goes out the local firewall etc. Each remote site has a Linux based firewall and DHCP server.
Looking for any insight with the 7.4.100.0 upgrade that may cause clients to not connect and obtain an IP address.
We have since back dated our WLC Software to: 7.2.111.3 to allow things to work pre upgrade which everything worked fine.
Any suggestions would be great, we had to upgrade version 7.4.100.0 to support our AP 1602.
Thanks in advance.
Matt

Verify that you have an upgraded FUS image. Second, make sure your WLAN to vlan mapping on the FlexConnect AP's have the correct vlan mapping. I have seen these change to the default vlan mapping.
Sent from Cisco Technical Support iPhone App

Wireless Client Authentication issues when roaming Access Points (Local)

I have a Cisco 5508 with Software version 7.4.121.0 and Field Recovery 7.6.101.1.
There are a handful of clients that when roaming between AP's with the same SSID that get an authentication issue and have to restart the wireless to get back on.
From Cisco ISE
Event
5400 Authentication failed
Failure Reason
11514 Unexpectedly received empty TLS message; treating as a rejection by the client
Resolution
Ensure that the client's supplicant does not have any known compatibility issues and that it is properly configured. Also ensure that the ISE server certificate is trusted by the client, by configuring the supplicant with the CA certificate that signed the ISE server certificate. It is strongly recommended to not disable the server certificate validation on the client!
Root cause
While trying to negotiate a TLS handshake with the client, ISE expected to receive a non-empty TLS message or TLS alert message, but instead received an empty TLS message. This could be due to an inconformity in the implementation of the protocol between ISE and the supplicant. For example, it is a known issue that the XP supplicant sends an empty TLS message instead of a non-empty TLS alert message. It might also involve the supplicant not trusting the ISE server certificate for some reason. ISE treated the unexpected message as a sign that the client rejected the tunnel establishment.
I am having a hard time figuring out what is causing this. My assumption is if there were a problem with the Controller or AP configurations then it would happen to everyone. My further assumption is if the client had a problem with their laptop (windows 7) then why does work at other times? So I have checked and the ISE certificate is trusted by client.
Is something happening that the previous access point is holding on to the mac and the return authentication traffic is going to the old AP instead of the new one or something like that which is corrupting the data?
I also had this from Splunk for the same client:
Mar 5 13:44:51 usstlz-piseps01 CISE_Failed_Attempts 0014809622 1 0 2015-03-05 13:44:51.952 +00:00 0865003824 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario
FailureReason="12929 NAS sends RADIUS accounting update messages too frequently"
Any help on this would be appreciated. These error messages give me an idea but doesn't give me the exact answer to why the problem occurred and what needs to be done to fix it.
Thanks

Further detail From ISE for the failure:
11001
Received RADIUS Access-Request
11017
RADIUS created a new session
15049
Evaluating Policy Group
15008
Evaluating Service Selection Policy
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
11507
Extracted EAP-Response/Identity
12500
Prepared EAP-Request proposing EAP-TLS with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12301
Extracted EAP-Response/NAK requesting to use PEAP instead
12300
Prepared EAP-Request proposing PEAP with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12302
Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
12318
Successfully negotiated PEAP version 0
12800
Extracted first TLS record; TLS handshake started
12805
Extracted TLS ClientHello message
12806
Prepared TLS ServerHello message
12807
Prepared TLS Certificate message
12810
Prepared TLS ServerDone message
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
11514
Unexpectedly received empty TLS message; treating as a rejection by the client
12512
Treat the unexpected TLS acknowledge message as a rejection from the client
11504
Prepared EAP-Failure
11003
Returned RADIUS Access-Reject

HTML Client - can I use authentication when debugging locally inside Visual Studio

This should be so simple, but I cannot find it, is it possible to enable authentication when debugging an HTML client locally inside VS so that the Login page is shown and you have to log in when you run the app?
We are adding additional code into the Login page and need to debug this... at the moment the only way we can find to do this is to actually deploy the app.
There must be a way?
Regards, Xander. My Blog

In this post Security with HTML Client Huy said the following:
"Unfortunately at debug time the runtime will always use a Test Account with Administrator permission and there's no good way to change this behavior."
So there is no "good" (i.e. easy) way to do this, but perhaps there is a work around?
Regards, Xander. My Blog

How can i Store rtmp streaming into local File System?

I use socket and netstream.appendBytes to receive and play flv frames.
now I got the BytesArray,but how can i store them into local File?
FlashPlayer can't use Air File APIs.

This is by design. Content on the Internet does not have access to your local filesystem. We offer Local Shared Objects (LSOs) for storing small amounts of information, but this would not be suitable for scraping a video feed to disk.

How many wireless devices can connect to an Express which is wired and extending an Extreme network?

How many wireless devices can connect to an Express which is wired and extending an Extreme network?

That is great news I have A1392s. One more question...
If I have an Airport Extreme setup as a router and feeding internet from a modem/ I wire an express (A1392) and "create a wireless network" the airport utility puts the express into bridge mode automatically.
How many wireless clients can I connect simultaneously to the express?
How many wireless clients can I connect simultaneously to the extreme assuming I am using all 50 at the express?
In other words, Could I have 50 wireless clients connected to each device simultaneously giving me a total of 100 wireless clients?
Thans

Local RADIUS in AP1242 with non-cisco WinXP wireless clients

I'd like to configure local RADIUS in AP1242 and connect non-cisco WinXP wireless clients (for example notebook with integrated radio) with it. I did configuration (config1.txt) like in instruction: http://cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
But I can't connect non-cisco WinXP wireless client with AP1242 anyway. At once Cisco wireless client with Aironet Desktop Utility connects with it without any problem. I've done some other configuration (config2.txt), but with the same result. Second configuration is rather then first.
How can I connect non-cisco WinXP wireless clients with AP1242 with local RADIUS?

Hi Stephen,
Thanks for the quick reply. Below is the switchport config. I am able to ping the AP from the switch and connect to its web page from any workstations.
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 151
switchport mode trunk
end

Aironet 1310 non-root with wireless clients

I have two 1310s. One set as a root-bridge with wireless clients, another as a non-root bridge with wireless clients. The wireless side of things is working fine, but I'm having trouble when I try to connect a windows work station to the non-root bridge via ethernet. I'm getting an IP address from the router attached to the root bridge via DHCP, and I am able to connect to the configuration page of both 1310 APs, but I'm not getting any internet connectivity. Have I misunderstood what 'non-root bridge with wireless clients' means? If not, is there an obvious problem which might cause the wireless clients to work fine, but interfere with a wired client? Thanks.

Thanks Seth,
It's good to know that this is how it is supposed to work. The thing that has me scratching my head is that the wireless clients are working fine from this bridge--it is only the client hooked up to the ethernet interface that is not getting out.
I'll take a look at the gateway settings and see what I can find. I appreciate the tip.

Airport Extreme and Dlink dwl-2000AP+ as wireless client

Hi,
i'm trying to let an old iMac G3 without any airport card, join an existing lan using an Airport Extreme as router, connecting an old D-Link access point configured as wireless client and connected via ethernet to the iMac G3. All my setup works fine if the wireless connection is open without encryption, but it won't work using any protection like WPA or WEP.
When the airport express wireless connection is protected via WPA, the dlink won't be present in wireless clients list panel. When i use WEP (with a password of 13 characters) i can see in the wireless clients list both the MAC address of the iMac's ethernet and of the dwl-2000AP+ etherenet. But the connection won't work.
I'm sure i'm not configuring right the DWL-2000AP+ wireless protection:
i can't understand if i can change the airport express WEP encryption to a 64 bits or to a 128 bit, if the WEP method used is with a shared key or not.
The only info i get from it to let the clients connect are the WEP ASCII plain-text 13 characters password and its conversion in HEX base.
I'm assuming, since the password is a 13 character, that in WEP encryption the Airport Extreme uses a 128 bits key, but, again, how i can understand if it is used in shared way or in open way?
And why the dlink AP that is WPA capable cannot connect as wireless client to the airport express when is using WPA/WPA2 Personal encryption?
I upgraded the DWL-2000AP+ to its latest firmware that (they sayd)fixes any issue with the wireless client mode on WPA or WEP protected connections.
Thanks in advance for any help given.
P.S.: sorry for my "broken" english
Message was edited by: Rayced

Resolved by myself. It works only setting the Dlink dwl-2000AP+ wireless client connection (wireless pane in the admin control of it) as open with WEP 128bits and using as key an ascii password of 13 charcaters. The Airport Extreme's wireless encryption should be set as WEP, using the same password of 13 charcaters. I still can't uderstand why the WPA/WPA2 encryption wouldn't work since the Dlink dwl-2000AP is WPA capable.
Maybe it could be so because the Airport Extreme is WPA2 and at the first negotiation between it and the dwl-2000AP+, the Airport Extreme won't downgrade to WPA encryption? Does anybody else tried to connect a WPA wireless client to the Airport Extreme setup as WPA2/WPA Personal?
@wallstreet 04: try to setup your Airport Extreme's wireless encryption to WEP and use a 13 chars password, then do the same on the Dlink wireless client you are trying to connect to the base, i don't know how is its control panel but the wireless should be setup as open with WEP 128, as key use that 13 chars password you put in the Extreme's as WEP password. If in the Dlink WEP 128 bits key field you have to put an HEX value instead of the ASCII, you can get that from the Airport Utility from the menu BASE AIRPOT select PASSWORD NETWORK... (the one before the last choice that should be ADD WIRELESS CLIENT).
I hope it will help.

I can't get the connect to work after base installion.

Hello, everyone, I am new to Arch Linux.
I follow the installation guide install Arch Linux, Everything run pretty smooth, except at the part when I need to choose the package, I am not so sure what I am doing. So I choose everything except for the thing that I am sure I would never need.
When the installation is complete, I try to go to the next setup which update my system, but some how, I can't get the connection working, switch mean, I couldn't do anything beyond that. (both wireless and wired network, BTW I am using DSL and I do try the adsl thing)
Every thing seem make sense to me during the installation, but I just can't get the network connection working.
BTW: my laptop is a Toshiba portege M100.
Any idea?
Thanks
Last edited by ioky (2008-06-25 06:18:58)

Try typing in:
dhcpcd eth0 (or whatever interface you are using)
and hit enter, I had the same type of problem and this woke up my network connection.
Edit: Also, once you gain your connection up and running, you might want to install ifplugd. It is a daemon which will automatically configure your Ethernet device when a cable is plugged in and automatically unconfigure it if the cable is pulled, which is good for laptops. Once installed make sure you put it in /etc/rc.conf under the DAEMONS section.
Here is some info in the wiki http://wiki.archlinux.org/index.php/Configuring_network
Last edited by ArchGentoo (2008-06-26 01:22:45)

Wireless clients cannot get to internet

Hi All,
I'm fairly new to networking and have been trying to troubleshoot an issue with my home lab.
I have a Cisco 2800 router with 2 interfaces, gig0/0 that is the "external" interface and gets an IP via DHCP, and gig0/1 that is the internal interface with IP 10.10.10.1 and a DHCP pool of 10.10.10.100 - 10.10.10.254. A nat pool containing the external interface IP (192.168.1.110) exists.
Current configuration : 3229 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp pool dpool1
import all
network 10.10.10.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 10.10.10.1
ip domain name home.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
multilink bundle-name authenticated
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
interface FastEthernet0/3/0
shutdown
interface FastEthernet0/3/1
shutdown
interface FastEthernet0/3/2
shutdown
interface FastEthernet0/3/3
shutdown
interface Vlan1
no ip address
shutdown
ip http server
ip http authentication local
ip http secure-server
ip nat pool ovrld 192.168.1.110 192.168.1.110 prefix-length 30
ip nat inside source list 1 pool ovrld
access-list 1 permit 10.10.10.0 0.0.0.255
snmp-server community public RO
control-plane
scheduler allocate 20000 1000
end
Coming off the internal interface is a 3750, and attached to that 3750 is a 4400 Wireless Lan Controller.
I'm able to create a wireless network that uses the router for DHCP and clients can connect to this wireless network and obtain an IP from that DHCP pool. The wireless clients can ping the default gateway (10.10.10.1) as well as every other device on that network, including hard-wired devices on the 3750. The arp table on the router also shows the wireless clients.
However, only clients connected via ethernet can access the outside (internet), wireless clients, who appear to get the exact same network config, are unable to access the internet they can only access other devices on that 10.10.10.0 network.
So I'm confused as to why with what appears to be the proper default gateway (10.10.10.1) and a valid IP from the router, what could be broken so hard-wired clients can NAT to the outside while wireless clients can't? I can't find any setting on the WLC 4400 that would be restricting wireless clients from leaving the local network.
Any clarification on my issue/my understanding of the problem would be greatly appreciated. Cheers!

Hello smorrissey,
May I ask, how many end devices do you have connected to the switch? And if you tried to connect wireless clients simultaneously with wired devices?
Because from your config it seems you're using only dynamic NAT:
ip nat inside source list 1 pool ovrld // this command will translate IP picked by ACL 1 to address in pool named ovrld. Because you have only 1 address in this pool, only 1 inside device will be able to communicate with outside world (Internet) at a time.
I would suggest to add keyword "overload" at the end of this command (ip nat inside source list 1 pool ovrld overload) to enable PAT, which will allow multiple LAN devices to use 1 outside address at the same time thanks to port address translation.
Hope this will help.
Michal

Some wireless clients can't discover or connection to local wired systems

Similar Messages

Maybe you are looking for