Using MS Radius Server with WLC

Similar Messages

• Using RSA RADIUS Server and WLC 7.4 to dynamically asssign users to VLAN

  Hello,
  What we are trying to do:
  John logs on to wifi using RSA fob for password. RSA sends back auth request with attibutes to WLC 7.4 that magically knows how to interpret the attributes and puts John on vlan 10. Mary logs on with her fob and gets put on VLAN 20.
  We dont have ISE. We dont have ACS. We have RSA Authentication Manager 7.0
  We have looked high and low for documentation for this kind of setup and we find stuff that is close to a match but not quite.
  Here is what we are seeing
  1. dynamic vlan assignment is not working -- radius server is set with the attributes
  2. RSA authentication works
  3. John and Mary are always put into the VLAN where the MGMT interface is
  4. I can see that attributes are making it back to the WLC by sniffing
  We are stuck at this point. Any help would be much appreciated,
  P.

  Here is a little more background:
  We have created a dynamic interface in VLAN 157
  Wireless LAN has been assigned to MGMT interface which is on VLAN 35
  This is a VWLC ver 7.4.100
  AP is attached to VWLC (only FlexConnect mode is supported)
  RADIUS Server has been configured
  Users are getting assigned to VLAN 35
  Also I have attached some screenshots and two packet captures so you can see what the RSA is sending back with your own eyes
  I dont see any atttributes in the capture when RSA sends to the VWLC
  I see attributes in the capture when RSA send to my local RADIUS Client (My PC)
  And to answer your question we have sending a VLAN ID (157)

• Win 2008 R2 radius integration with WLC 5508

  Requires help in integrating Win 2008 R2 Radius server with WLC 5508

  Step by Step instructions - NPS & Wireless LAN Controller
  PEAP Authentication - http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html
  EAP-TLS
  https://kb.meraki.com/knowledge_base/radius-creating-a-policy-in-nps-to-support-eap-tls-authentication
  hope that helps, Please let me know if you have any other questions in regards to setting up your NPS server
  Please rate that post if it answers your question or helps you  to resolve the problem.

• Lobby ambsssador user authenticatio using a RADIUS server

  I have Wism installed in unified wireless network, MS IAS server is sittign in between enterprise AD and Wism. Wireless clients are getting authentincated via ISA againt enterprise AD without any issue.
  Now I want to authenticate the admin users in WLC ( for example Lobby admin users) also with AD using the same method.
  I tried adding a RADIUS server in WLC on "administraiton>AAA servers" . But the external authentication doesn't seems to be happaning. Does someone has any exmaple on this type of configuraiton ?

  you can use Radius to authenticate management user, but I'm afraid can't use it to authenticate Lobby admin user.
  To authen management user, you need:
  1. in WLC, when creating Radius server, need to enable "management"
  2. In Radius, you need to enable service type[006] to be administrative in user's IETF(Radius) attribute

• Configuring Radius server with Cisco MDS - 9606 switch

  Need help in configuring Radius server with cisco MDS - 9606
  please let me know if any document available

  rtt min/avg/max/mdev = 0.260/0.327/0.468/0.077 ms
  IFCBCCEMCSW2# sh version
  Cisco Storage Area Networking Operating System (SAN-OS) Software
  TAC support: http://www.cisco.com/tac
  Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software may be covered under the GNU Public
  License or the GNU Lesser General Public License. A copy of
  each such license is available at
  http://www.gnu.org/licenses/gpl.html and
  http://www.gnu.org/licenses/lgpl.html
  Software
  BIOS: version 1.1.0
  loader: version 1.2(2)
  kickstart: version 3.3(1c)
  system: version 3.3(1c)
  BIOS compile time: 10/24/03
  kickstart image file is: bootflash:/m9500-sf1ek9-kickstart-mz.3.3.1c.bin
  kickstart compile time: 5/23/2008 19:00:00 [06/19/2008 23:56:56]
  system image file is: bootflash:/m9500-sf1ek9-mz.3.3.1c.bin
  system compile time: 5/23/2008 19:00:00 [06/20/2008 00:26:51]
  Hardware
  cisco MDS 9506 ("Supervisor/Fabric-1")
  Intel(R) Pentium(R) III CPU with 1028596 kB of memory.
  Processor Board ID JAB094300ER
  bootflash: 250368 kB
  slot0: 0 kB

• Can I use Oracle app server with mysql

  Can I use Oracle app server with mysql. I seem to have the following error when trying to create a datastore. I have mysql.jar in my classpath. Can any one tell me what's wrong.
  Error initializing data-source 'jdbc/topup': DriverManagerDataSource driver 'org.gjt.mm.mysql.Driver' not found

  Yes you can forward requests from your own apache to the iAS. This can be done using mod_proxy. Some hints about how to do this are availlable on this forum.
  mod_oc4j is not a standard apache module, and therefore is not availlable when you download apache. There is no apparent reason to use mod_oc4j on a "regular" webserver (unless you want to build your own iAS). Also there might be some licenseing issues with using mod_oc4j module on a standard apache.
  You can encrypt data that is passed from a random Apache to you iAS.

• Who has figured out how to use a print server with LR 2.1?

  Who has figured out how to use a print server with LR 2.1?
  Mac OS 10.4.11, G5 2.3 dual, 8 GB RAM. PS CS 3 Dual monitors
  Print server is Mac G4 dual 533 (audio)
  Epson Pro 9600 and Epson R2400 Both are connect by USB. Could be connected with FW 400.
  I can use a print server with PS However color management does not come through when using a print server and LR. Image prints, but color horrendous.
  All custom .icc profiles are on both the G5 and the print server, G4 dual 533 (audio)

  Hi,
  Based on my research, if we want to filter events based on user name, we need to edit the XML query.
  Please refer to this blog below:
  Advanced XML filtering in the Windows Event Viewer
  http://blogs.technet.com/b/askds/archive/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer.aspx
  Best Regards,
  Amy

• We are using SharePoint 2010 server with service pack 1 want to remove/delete old user profiles & site from server

  Hi Team,
  We are using SharePoint 2010 server with service pack 1, we want to remove/delete old user profiles, access & site from server
  is there any script or feature available using that we can only remove dactivated/deleted/old user profiles, access & site.
  Thanks
  NPratik

  Take a look at Metalogix ControlPoint, which will compare user accounts on SharePoint to Active Directory and remove accounts that no longer exist in AD (or are disabled).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Server 2008 R2 RADIUS Server with a Cisco Aironet 1040 Wireless AP

  I am trying to get Server 2008 R2 RADIUS Server to work with a Cisco Aironet 1040 Wireless AP. I have installed the RADIUS server by MS standards and performed some searches on Google to configure the Cisco Aironet. I see others using a Wireless LAN Controller, which I do not have. I found this post below:
  https://supportforums.cisco.com/discussion/11546056/wlc-2504-radius-2008-r2-server
  But I have yet to locate a good step by step document on how to set it up and I have found so many different ways that others have set it up, but none have yet to work. I am having authentication issues that I have know of and I do not see any errors in the Windows Event Viewer and I do not know where the Acess Point stores it logs for any sort of error. Keep in mind this is the first time I am doing this. I do not have a Wireless LAN Controller and all my network / domain services are on individually built servers and not on one single server as I have seen with most of the documentation they all say the same thing by putting the Certificate Services, Domain Services (AD / ADS, etc), and NPS. I do not want that configuration and my setup should not be any different, but something is not right. I know from reading that this is not rocket science, but from someone who has never done it before this is difficult as I keep reading on and so many people do it different ways including what I have been reading according to what Cisco says to configure in the environment. Does anyone know where I can find good step by step documentation along with where I can look for logs on either device? I find that all the documentation I see on Cisco's website and from searching that it is old and outdated and not been updated in a long time so it is hard to determine what works and what does not work. I am stumped here and have been doing this for several weeks now with no luck. Thank you in advance.

  I did configure the Server 2008 R2 RADIUS Server using this video below: 
  https://www.youtube.com/watch?v=g-0MM_tK-Tk
  I also referenced Technet to make sure it was configured correctly as well. I am still not sure if I am 100% setup correctly on the Windows Server side, but I for sure want to make sure I have the AP side setup correctly. Do you know of a better article for the Windows Server 2008 R2 setup? Does it matter that I do not have all the services installed on the same server? Instead I have them installed on multiple servers.
  I have image number c1140-k9w7-tar.124.25d.JA1 on the AP. The part that confused me in that article, which I have seen before was the part about "Setting up access point must be configured in the authentication server as an AAA client." What is the AAA Client? I also am not aware of having Cisco Secure ACS anywhere built into the AP as that part through me off completely. Do I need to skip these steps? Thank you for help on this.

• Radius Server with Active Directory

  I have an XSERVE with 10.6.7. It is an OD Master that is also bound to Active Directory.
  I am trying to set up the RADIUS service to provide authentication to users on the wireless network.
  So far, I have been able to set it up to the point where the wireless access point is attempting to authenticate to the server. The client is asked for user ID and password. I will even see the self-signed certificate on the client. However, I am never able to connect to the wireless system.
  I tried using an Air Port Express with all the automatic settings from the server, and got the same results.
  I tried authenticating with a local OD test user, and that did not work, either.
  When I tried it on my network at home (no Active Directory), the RADIUS server worked exactly as expected.
  Is there some other setting that must be modified to make this work with AD?

  Here are some links:
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml

• Windows 2k8 Radius Server with Cisco Wireless Controllers

  We currently are using a Cisco 4400 wireless controller with an older Cisco Secure ACS appliance that is going EOL.  My hope was to just connect our 4400 Wireless Controller to a Windows Server 2008 Radius Server (Just using Microsoft's Network Policy Server) but have not had any luck in getting this to work.  Does anyone have an easy to follow set of instructions on configuration of Microsoft Windows Server 2008 NPS for use with Cisco Wireless Controllers?  Any advise would be greatly appreciated.
  Thank You,
  Jim

  Hi NPT,
  Here is the post which may help you!!
  https://supportforums.cisco.com/message/3073519
  Regards
  Surendra

• OTP of ASDM using external radius server ( Not RSA )

  Hello,
  Just seeing if the ASDM will support OTP using an external radius server, and not RSA.  I see there was a feature added to 8.2 that states its possible with RSA, but nothing of any other support.  Just checking to see if someone know for sure.
  Thanks,
  Jason

  I did see in the Release notes for ASDM 6.2, that SDI is support with RSA.  Can anyone confirm or not if it works with Radius too ( OTP ).
  http://www.cisco.com/en/US/docs/security/asdm/6_2/release/notes/asdmrn62.html

• Multiple stand alone servers using one radius server?

  Hello, I have a question.
  I'm working for a company and our problem is we need a username and password for every server.
  We would like to set up a Radius server using an extension so it can use a SQL database for the users.
  Is it possible to put 1 username and 1 password for each user in this database so we don't need more then one for each server?
  Also can we set up policy's for those users so they can't access every stand-alone server.
  Kind Regards,
  Michael

  Hi,
  Based on my research, when a RADIUS client (access server) sends connection requests and accounting messages to a RADIUS server, the RADIUS server will sends back an Access-Accept message or sends back an Access-Reject message to authenticate and authorize
  the connection requests based on a set of rules and the information in the user account database. The Access-Accept message can contain connection restrictions that are implemented by the access server for the duration of the connection.
  In addition, according to your description, it seems that you used the SQL database as the User account database. Did you use NPS as a RADIUS server? If yes, maybe you can configure related network policy to restrict access. I would appreciate it if you can
  introduce more detailed information about your environment. The link below may be helpful:
  Configuring Microsoft NPS (Network Policy Server) / (Internet Authentication Service)IAS as Wireless LAN Controller (WLC) RADIUS Server
  Best regards,
  Susie

• How to Use Team Foundation Server With SharePoint 2013 For Development

  Hi All,
  As i am new to team foundation server and i want to use team foundation server for our development. Please give me good startup point.

  Hi,
  If you wanted to integrate Team Foundation Server with SharePoint 2013,
  there are two articles for your reference:
  http://dumians.wordpress.com/2013/04/01/integrate-team-foundation-server-with-sharepoint-2013/
  http://nakedalm.com/integrate-sharepoint-2013-with-team-foundation-server-2013/
  By the way, you can also post the question in in Visual Studio Team Foundation Server forums and more experts will assist you.
  Team Foundation Server – General  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=tfsgeneral
  More information:
  SharePoint Products requirements for Team Foundation Server:
  http://msdn.microsoft.com/en-us/library/hh667648.aspx
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• How to use Crystal Report Server with Crystal Reports for Eclipse

  Hi,
  is it possible to use Crystal Reports for Eclipse with the Crystal Report Server
  like i can do it in Crystal Reports.
  For Example open a Report file directly from the server edit and save there.
  Thanks
  Thomas

  Yes, you can use the CR Server product in your Eclipse project.  However, you will need to use the RAS SDK in your project instead of the CR4E SDK. 
  For more information about the RAS SDK, visit the DevLibrary.
  http://devlibrary.businessobjects.com/BusinessObjectsXIR2SP2/en/devsuite.htm
  -MJ