Web redirecting issue when users reconnect guest ssid
We are facing new issue on our controller for Guest SSID. This SSID used for Guest users and it is web base redirected to Aruba CPPM. First time web page redirects to controller virtual IP address and then Aruba CCPM.
The scenario is as below
- The user fills the form and gets redirected to a page where there is a login button which is grayed out till the sponsor approves the mail.
-Once the sponsorer approves the mail, the login is highlighted and user connects to internet.
-Issue occurs when the user disconnects and connects to the SSID and tries to login again. There the user is redirected to controller management IP not on virtual IP.
Controller Make Model:-5508
IOS Version:- 7.5.102.0
Well... you should upgrade to v7.6.110.0 as that code is deferred. I don't know how you have your WLAN setup, is it use open and your using a pre-auth ACL? Have you also posted in the AirHeads forum for suggestion?
Post your show wlan <wlan ID>
Similar Messages
-
Guest Anchor - Web Passthrough - Apple device web redirect issue
Hi All,
I've setup a Guest Mobility Anchor at DMZ with 5508 WLC. I've setup the EoIP mobility tunnel and everything works so far.
Now, I was testing multiple clients to connect to the Guest SSID and observed that Apple devices are not redirecting url, resulting unsuccessful connection.
I looked Cisco docs and added the command "config network web-auth captive-bypass enable" on the Anchor as recommended.
Even after executing the command, I'm still facing web redirect issue with Apple Devices. I don't have any issues with other devices, except Apple.
My controller running code AirOS 7.6.130.0. I'm using DMZ controller as DHCP server for Guests and public DNS servers as 8.8.8.8 & 8.8.4.4
How to solve this web redirect issue? Will a Third-party generated CSR solves the problem?
Thanks,
CJHi All,
The issue was with WISPr Protocol with iOS Clients. After upgrading the AirOS Code on the controller to 8.0.100.0; the issue with Web Redirect is resolved.
Jagan -
Hi,
Problem Description:
After installing my new product version, when user does log-off and log in again into admin account
or switch from admin account to non-admin account, PATH environment variable shows incorrect path of my product (previous product version’s path) using command prompt.
It seems windows refresh issue during session changes (log off and log in / switch from Admin to
Non-admin account).
Why PATH environment variable is not refresh immediately after log off and log in again or Switch
from admin to non-admin mode?.
Please see my thread for more details http://social.msdn.microsoft.com/Forums/vstudio/en-US/445ab42c-bdff-405a-8d53-558e1b6c7d34/path-environment-variable-issue-when-user-logoff-and-login-or-switch-from-admin-to-nonadmin?forum=windowsgeneraldevelopmentissues
Also submitted bug for this in connect.microsoft.com portal.In that it has lots of information
like problem statement, Reproduction steps and Expected Results.
Bug ID: 871782
Could you please any body help me for this?. your support will be appreciated.
Thanks,
MarichamyWhy PATH environment variable is not refresh immediately after log off and log in again or Switch
from admin to non-admin mode?.
I wouldn't have any expectation of what you are doing to work the way you expect. E.g. why is the %ABC% being replaced at all? There is some help about this ambiguous scenario in the cmd help...
/V:ON Enable delayed environment variable expansion using ! as the
delimiter. For example, /V:ON would allow !var! to expand the
variable var at execution time. The var syntax expands variables
at input time, which is quite a different thing when inside of a FOR
loop.
/V:OFF Disable delayed environment expansion.
So, what's the setting for the /V: switch that your users would be using? Perhaps you should be using the ! instead of the % for your ABC variable?
Oh. There's more below where I found that...
Delayed environment variable expansion is NOT enabled by default. You
can enable or disable delayed environment variable expansion for a
particular invocation of CMD.EXE with the /V:ON or /V:OFF switch. You
can enable or disable delayed expansion for all invocations of CMD.EXE on a
machine and/or user logon session by setting either or both of the
following REG_DWORD values in the registry using REGEDIT.EXE:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
and/or
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
to either 0x1 or 0x0. The user specific setting takes precedence over
the machine setting. The command line switches take precedence over the
registry settings.
In a batch file the SETLOCAL ENABLEDELAYEDEXPANSION or DISABLEDELAYEDEXPANSION
arguments takes precedence over the /V:ON or /V:OFF switch. See SETLOCAL /?
for details.
If delayed environment variable expansion is enabled, then the exclamation
character can be used to substitute the value of an environment variable
at execution time.
So, I guess the essence of your "bug" will boil down to whether you
need the feature to get the result you want and the
truth of that first sentence but it certainly looks like a "can of worms" to me. ; )
HTH
Robert Aldwinckle -
Getting Redirect issue when clicked on CR controls after session expiry
Dear Experts,
I have a issue in my ASP.NET and crystal reports and the scenario is as follows:
I have implemented some reports in my my ASP.NET page. If the page is left alone for 15 mins (assuming 15 mins is configured as session time out), and then click on any buttons in the crystal report control tool bar (like export, navigate and etc), I am getting the following error.
Response.Redirect from inside an asynchronous callback method
I get this error beacuse in my base class I check for validity of the session and do a redirect to home page using Response.Redirect() when the session in invalid. This code apparently fails as crystal report make a asynchronous call to the page when the toolbar is clicked.
I got some links from other sites suggesting to add some java scripts to the response stream and etc. It did not work for me.
I am sure some one would have faces this issues and got a fix for this. If so, please share with me
TIA,
PremNot sure. The only thing that comes to mind is to check for the session variable to see if its still alive in the Page_Init. You might be able to trap it early enough there.
Other than that, I doubt this can be resolved in these forums and I'd recommend creating a phone case here:
http://store.businessobjects.com/store/bobjamer/DisplayProductByTypePage&parentCategoryID=&categoryID=11522300
Ludek -
Document web item issue when we attach a Word document
Hi experts,
I have created a word document in BW and i want this document to be displayed in the List of documents webitem where the users can add some more comments in the template i have added.
But even after the document is in place the document icon is not displayed but if i keep normal plain type text document then the document icon is visible with a edit option. but this edit option is also not avaialble for Worddocument
do i need to make some config settings.
thanks and regardsHi
Thanks for the info, okay but when i am creating the document its getting me into plain text instead of opening the MSWORD format.
i am doing this in portal from comments button.
thanks and regards -
I'm trying to send ajax-request with web-analytics data when user clicks on a link. But Firefox cancels the request and moves to the link location. Sync requests or waiting for response is not an option because performance is critical.
Correct me if I'm wrong here:
<code>jQuery.data()</code> saves the <code>{"foo": "bar"}</code> JSON object to variable <code>data</code>, and then the <code>s.tl()</code> call sends <code>data</code> to the server, right?
You could use jQuery's [http://api.jquery.com/event.preventDefault/ <code>event.preventDefault()</code>] method to stop the browser from automatically following the link on click. You could wait until the Ajax request was finished before following the link.
<hr>
I hope that solved your problem!
<i>If it did, would you please choose this answer as your solution? It would help other Firefox users to find help on the forums faster and more efficiently. Thanks!</i>
And of course, feel free to post back if you need more help!
Happy browsing! -
Web redirection doesn't work on WLC5508
Hello, Please I have configured WLC 5508 for supporting guest vlan mapped to in virtuel interface and associated to guest ssid wlan.
on guest ssid i have activate L3 security with web policy. both authentication and passtrought does'nt refirect web authentication page.
I can get DHCP param trought dhcp pool for the correct guest vlan.
addition information : i see that the control send a wrong redirect ip adresse.
WLC management interface is 10.7.1.10 and i seen 10.7.4.10. i remeber that this last ip was destinated as dns server ip add but i dont see where i can change it?
the dns ip adress configured on the pool is 10.7.1.10.
please any idea for this issue?Hello,
I have doing one modification. I have configured the ip addresse onf dns name us ip add of virtuel interface.
and after i can request webauth when access with GUEST SSID.
Note: I have configured the wifi_guest dynamique interface as normal interface witout specify that is for guest user? it's normal? see configuration below.
config advanced 802.11b channel add 1
config advanced 802.11b channel add 6
config advanced 802.11b channel add 11
config advanced 802.11a channel add 36
config advanced 802.11a channel add 40
config advanced 802.11a channel add 44
config advanced 802.11a channel add 48
config advanced 802.11a channel add 52
config advanced 802.11a channel add 56
config advanced 802.11a channel add 60
config advanced 802.11a channel add 64
config certificate generate webauth
config interface address management 10.7.1.10 255.255.255.0 10.7.1.3
config interface port management 1
config interface vlan management 22
config interface dhcp management primary 10.7.1.3
config interface address service-port 10.7.0.1 255.255.255.0
config interface dhcp service-port disable
config interface address virtual 1.1.1.1
config interface hostname virtual 1.1.1.1
config interface address dynamic-interface wifi_data 10.7.3.1 255.255.255.0 10.7.3.3
config interface port wifi_data 1
config interface create wifi_data 3
config interface vlan wifi_data 3
config interface dhcp dynamic-interface wifi_data primary 10.7.3.3
config interface address dynamic-interface wifi_voice 10.7.6.1 255.255.255.0 10.7.6.3
config interface port wifi_voice 1
config interface create wifi_voice 24
config interface vlan wifi_voice 24
config interface dhcp dynamic-interface wifi_voice primary 10.7.6.3
config interface address dynamic-interface wifi_guest 10.7.10.1 255.255.255.0 10.7.10.3
config interface port wifi_guest 1
config interface create wifi_guest 10
config interface vlan wifi_guest 10
config interface dhcp dynamic-interface wifi_guest primary 10.7.10.3
config 802.11b 11gsupport enable
config logging console notifications
config logging console 5
config logging traceinfo disable debugging
config mobility group domain SICPA
config dhcp proxy disable bootp-broadcast disable
config custom-web redirecturl www.sicpa.com
config custom-web weblogo disable
config custom-web webmessage "Bienvenue sur le portail Wifi de SICPA MAROC, Accés autorisés seulement aux personnes autorisées."
config 802.11a disable network
config hreap group SICPA add
config hreap group SICPA radius ap authority info "Cisco A_ID"
config hreap group SICPA radius ap authority id 436973636f0000000000000000000000
config hreap group SICPA radius ap server-key encrypt 1 5f56d8b50959491103ea7315322e20bd 100acf2cefe3802796401ae06e1e523a259b8543 036a5066218ab032894b51738f93591e8fd97a3302f02740838f75184d327f
config database size 2048
config network rf-network-name default
config network master-base enable
config country FR
config mgmtuser add encrypt admin 1 1f5eb5b7c333109cfecdb1c217e4ed2a d422424c410e252a47d648b4598105130e00d26d 16 07b3ca92b2e8e8b44b22d7adb42341f40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write
config acl create Guest
config acl rule add Guest 65
config wlan session-timeout 1 1800
config wlan security wpa wpa1 ciphers aes enable 1
config wlan security wpa wpa1 enable 1
config wlan security wpa akm psk set-key hex encrypt 1 e935b271a9ff70fa79614dbb28bcf3bc 2b22b029985ff097772ba19b7149376ca01d276c 48 dba3595a974981bb7a8eb37b200005244fd7182b6859c9bc84f1b5d3c331f7122cb9a51478172c1217636e386617c7fe000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 1
config wlan security wpa akm psk enable 1
config wlan security wpa akm 802.1x disable 1
config wlan security wpa enable 1
config wlan session-timeout 2 1800
config wlan security wpa wpa1 ciphers aes enable 2
config wlan security wpa wpa1 enable 2
config wlan security wpa akm psk set-key hex encrypt 1 26a45869463e35b2d3b4fdde12ad314a 397f531ce6272483f4cf982355cc1b210dce9b51 48 1b9a6b62c870db4d23e7929f6053d205a2743719e692e55a25ac0653f120bb9a9549b24a68225076164faa1b434604f3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 2
config wlan security wpa akm psk enable 2
config wlan security wpa akm 802.1x disable 2
config wlan security wpa enable 2
config wlan session-timeout 3 1800
config wlan security wpa wpa2 disable 3
config wlan security wpa akm 802.1x disable 3
config wlan security wpa disable 3
config wlan security web-auth enable 3
config wlan apgroup add GRP_SICPA
config wlan apgroup interface-mapping add GRP_SICPA 1 wifi_data
config wlan apgroup interface-mapping add GRP_SICPA 2 wifi_voice
config wlan apgroup interface-mapping add GRP_SICPA 3 management
config wlan exclusionlist 1 60
config wlan exclusionlist 2 60
config wlan exclusionlist 3 60
config wlan wmm allow 1
config wlan radius_server acct disable 1
config wlan radius_server auth disable 1
config wlan interface 1 wifi_data
config wlan create 1 WPF_SICPA SICPA
config wlan broadcast-ssid disable 1
config wlan channel-scan defer-priority 5 enable 1
config wlan channel-scan defer-priority 6 enable 1
config wlan mfp client enable 1
config wlan enable 1
config wlan wmm allow 2
config wlan radius_server acct disable 2
config wlan radius_server auth disable 2
config wlan interface 2 wifi_voice
config wlan create 2 Voice Voice
config wlan qos 2 platinum
config wlan broadcast-ssid disable 2
config wlan channel-scan defer-priority 5 enable 2
config wlan channel-scan defer-priority 6 enable 2
config wlan mfp client enable 2
config wlan dhcp_server 2 10.7.6.3 required
config wlan enable 2
config wlan wmm allow 3
config wlan radius_server acct disable 3
config wlan radius_server auth disable 3
config wlan interface 3 wifi_guest
config wlan create 3 "Sicpa Guest" SICGUEST
config wlan broadcast-ssid disable 3
config wlan channel-scan defer-priority 5 enable 3
config wlan channel-scan defer-priority 6 enable 3
config wlan mfp client enable 3
config wlan enable 3
config band-select probe-response enable
config sysname SICPAWLC01
config netuser add encrypt username guest password 1 ce43d82be4df6ee1abc1184f9f6ceffc 75f488240bd3ac7a423657a1d495a35a3b7088f9 16 a8b9fb1eaa64e838b2afd02c71544c420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 wlan 3 usertype guest lifetime 86400 description
config netuser add encrypt username adil password 1 6c5fe3e5ca24345a868c88dfcb761540 969e73d1739bbe4afea7348f8e3509d23fd1dd97 16 bf3028a95cda7e3299dcc8b4288611440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 wlan 3 usertype permanent description
transfer download serverip 10.7.12.41
transfer download filename ciscowlc.cfg
transfer download datatype config
transfer upload serverip 10.7.12.41
transfer upload filename ciscowlc.cfg
transfer upload datatype config -
A temporary change has occurred that requires you to connect to a different server. To connect, click the button below. For security reasons, you'll be asked to enter your user name and password again.
We have 2 DB's in DAG all databases are fine , only issue when users working from home login to OWA it redirects to drmail and that happens where DR site is hosted, the secondary server.
Please help , tried all done iis reset restarted services ,servers no luck , checked CAS file too.
Sumanth.S Exchange AdminHi ,
From your additional info i came to know the below mentioned things .
1.you are having server
EXCH-BLR in the
Default-First-Site-Name with the roles Mailbox, ClientAccess, HubTransport
2.Then you are having the server CH-EXCH
in the site CHN-DR with the roles Mailbox,
ClientAccess, HubTransport
3.Then you are having one edge server in the site CHN-DR.
Let me tell you my findings ,
You are trying to use two namespaces for owa external access .
1.)
https://mail.ansrsource.com/owa
2.) https://drmail.ansrsource.com/owa
On the above two you can use only the first
url for external owa access .why i am saying is when i try to resolve the mail.ansrsource.com
from external dns it is getting resolved in to two ip address .Because you have created two host A recorsd for that namespace and at the same time port no 443 is opened for both the ip address .
one more thing you need to ensure on your side like the namespace mail.ansrsource.com
should have to be present on the san certificate.
Most importantly you should have to check with the security team or network team to know whether they are
routing the external owa users queries for the name space mail.ansrsource.com to the appropriate
cas server which you would like whether it would be the server EXCH-BLR or CH-EXCH.
Then don,t forget to set the URL "https://mail.ansrsource.com/owa" as
the external url on the server which is choosed by you .
Let me tell you why you cannot use the namespace https://drmail.ansrsource.com/owa
.For that you have created one host a record in external dns and at the same time port 443 is not opened for the public ip address mapped on the host A record. Owa will be access will happen only on port no 443 (both internally and externally)
In case if you wanted to use the the namespace drmail.ansrsource.com
you should have to open the port no 443 in your firewall and also the external owa users queries coming from that namespace should have to be routed to the appropriate cas server which ever you would like whether it would be EXCH-BLR
or CH-EXCH.
Then don,t forget to set the URL "https://drmail.ansrsource.com/owa"
as the external url on the server which is choosed by you .
one more thing i need to include on this ,If you have planned to use the namespace drmail.ansrsource.com
and that should have to be present on the san certificate .
You can use mxtoolbox and ping.eu to check the port details and also about dns name resolution .
Please reply me if you have any queries.
Regards
S.Nithyanandham
Thanks S.Nithyanandham -
Web-redirect to external radius not wokring on some browsers for Guest SSID
Hi,
We are using Cisco 5760 with 3.7, and the guest SSID doesn't perform web-redirect to external radius (cisco NAC appliance), for some browsers. Although the same works on Cisco 5508 and 4402 WLC with the same NAC appliance for all browsers.
working browsers: IE9.0 and IE 11.0
Non-working: Chrome all versions, Firefox all versions, Safari all versions.
Can anyone provide some help if they have seen this issue before.?You need to check the compatibility guide of Cisco WLC and check if those browsers are supported or not.
-
Https redirection issue for Wireless Guest CWA - ISE 1.3
Our Setup is
ISE 1.3 (Patch level 2) running on ACS 1121
2 nodes clustered with Admin, monitoring, policy service enabled ( Primary and Secondary ).
Configured SSID Guest for Centralized web authentication with ISE.
We have issues in web redirection with chrome . It is not redirecting to the ISE page but rather showing " Page cannot be displayed".
By default chrome is pointing to https. For example if we type https://google.com it is not redirecting to ISE page. But when I specify the same as http://google.com it works.
There is no issue with IE, Firefox as it is redirecting to ISE page with default https and i can see it is hitting our rule.
Please advice.Hi Neno
They are using a third party certificate (digi cert) for client auth. They have confirmed even if they use a self-signed-cert the result is same.
So basically none of the https page is not loading. If we manually browse some https site from Firefox, IE the result is same showing " page cannot be displayed".
Redirection to https is the problem which i have never faced with my other customer. This is the upgraded version of ISE from 1.2 to 1.3. -
3850 WLC - 5760 Anchor: Multiple Guest SSIDs issue
Hi,
I have configured a 3850 Foreign WLC and a 5760 as anchor WLC in a DMZ behind an ASA FW. The Anchor Controller is configured to advertise 3 GUEST Wireless:
(INSIDE) ---- ASA FW (guest in interface) -------------------------- (Te1/0/1) 5760 ANCHOR (Te1/0/2) -------------------- L3 Link-------------------- (guest out interface) ASA FW ---- (OUTSIDE)
GUEST1: 10.9.65.0/24 – VLAN 11
GUEST2: 10.9.66.0/24 – VLAN 12
GUEST3: 10.9.67.0/24 – VLAN 13
Management VLAN 1: 10.8.252.1 (Anchor Management VLAN – Mobility)
The link between the WLC and the Guest OUT Interface on the ASA Firewall is a L3 Link, NOT a Trunk.
The 5760 WLC is also a DHCP server for the three client VLANs above. I have also configured 3 SVIs as default gateways for these VLANs:
Interface vlan 11 – 10.9.65.1
Interface vlan 12 – 10.9.66.1
Interface vlan 13 – 10.9.67.1
wgh-anchorwlc5760-primary#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 10.8.252.1 YES NVRAM up up
Vlan11 10.9.65.1 YES manual up up
Vlan12 10.9.66.1 YES manual up up
Vlan13 10.9.67.1 YES manual up up
GigabitEthernet0/0 10.8.252.85 YES NVRAM down down
Te1/0/1 unassigned YES unset up up
Te1/0/2 10.8.253.1 YES NVRAM up up
Capwap0 unassigned YES unset up up
If a client connects to GUEST1 SSID it gets an IP address in VLAN 11 and its default gateway is 10.9.65.1.
If a client connects to GUEST2 SSID it gets an IP address in VLAN 12 and its default gateway is 10.9.66.1.
If a client connects to GUEST3 SSID it gets an IP address in VLAN 13 and its default gateway is 10.9.67.1.
Mobility is UP and I can see clients connected to the Anchor WLC either in IPLEARN or WEBAUTH_PEND state. DHCP is working fine, clients get an IP and the right default gateway and DNS servers when connect, for example, to GUEST1.
anchorwlc5760-primary#show wireless client summary
Number of Local Clients : 3
MAC Address AP Name WLAN State Protocol
04f7.e482.b21c N/A 2 IPLEARN Mobile
bc3e.6d32.17f6 N/A 2 IPLEARN Mobile
a826.d5b3.5ae8 N/A 2 WEBAUTH_PEND Mobile
However, they are not able to ping the default gateway – SVI VLAN 11: 10.9.65.1, so I can not see any traffic leaving the Anchor WLC to continue with the Web Authentication Process (cwa) using ISE. I can see that the authorization policy (“unkown” and the URL to ISE) has been pushed to the clients but I am not redirected to ISE Web Authentication Portal when I open my web browser. I have done some captures on the FW interfaces but I cannot see any traffic coming from the clients.
I know that usually there is a Trunk (that allows client VLANs) between a WLC and L3 Switch when you configure multiples SSIDs and then configure the SVIs on the L3 Switch. However, I think this design with a L3 Link should work too because 5760 is a WLC+L3Switch.
My question is: Why clients are not able to ping their default gateway?
I hope it makes sense.
I appreciate any thoughts and help. Thanks in advance.
Joana.Hi,
I couldn't get it working (I doubt if it is really possible). I had to add a switch between the 5760 Anchor Controller and the ASA Firewall:
(INSIDE) ---- ASA FW (guest in interface) -------------------------- (Te1/0/1) 5760 ANCHOR (Te1/0/2) -------------------- SWITCH-------------------- (guest out interface) ASA FW ---- (OUTSIDE)
The link between the 5760 and the Switch is configured as a Trunk and it allows the 3 Guest SSIDs (VLANs). The link between the Switch and the ASA FW is configured as a Layer 3 link. I also set up the default gateways for the 3 GUEST VLANs in the Switch (3 vlan interfaces) and the 5760 as DHCP Server.
I hope it helps.
Joana. -
WLC4402 with Guest SSID WebPolicy Issues
Hi I have a WLC4402 with WLAN SSID Guest open authentication set to Webpolicy
Attached is the config, I have a lobbyadmin username that create users, my guest users are able to get IP but when they fireup their IE or Mozilla browsers, the cant get any ssl certs or redirected to the login splash page.
However when I reboot the wLC4402, the users are able to get the cert and redirected to splash page... The situation happens after 1 day and I need to reboot again...anyone can help me out? rebooting is not an option for me
regardsI imagine you have done, but be sure to provide DNS in your DHCP scope for the guest vlan.
regardsm -
AIR-AP1142N-A-K9 configuration issue for guest ssid
I'm trying to get the guest ssid working. I was frustrated so saved my old config and wiped out everything on this AP. Now my bvi1 does not come online.
ap#sh ip int bri
Interface IP-Address OK? Method Status Protocol
BVI1 192.168.2.249 YES NVRAM down down
Dot11Radio0 unassigned YES NVRAM up up
Dot11Radio0.50 unassigned YES unset up up
Dot11Radio0.51 unassigned YES unset up up
Dot11Radio1 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES NVRAM up up
GigabitEthernet0.50 unassigned YES unset up up
GigabitEthernet0.51 unassigned YES unset up up
ap#
ap#sh int bvi
*May 6 15:05:24.611: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]1
BVI1 is down, line protocol is down
Hardware is BVI, address is 003a.99eb.8d00 (bia b862.1fe9.9af0)
Internet address is 192.168.2.249/24
MTU 1500 bytes, BW 54000 Kbit, DLY 5000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
3 packets output, 180 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
ap#
I have a private vlan 50 and the public vlan 51. The private ssid seems to work and allow connectivity to the internet but I don't understand with the same configuration the Public ssid doesn't seem to work.
I get this output when trying to connect with my cell phone.
*May 6 15:00:37.288: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
*May 6 15:00:38.432: %DOT11-6-ASSOC: Interface Dot11Radio0, Station TYLOR-NB 9c4e.3617.483c Reassociated KEY_MGMT[WPAv2 PSK]
*May 6 15:00:42.935: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
*May 6 15:00:54.320: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 2c44.01c3.70a6 Associated KEY_MGMT[WPAv2 PSK]
*May 6 15:01:13.913: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
*May 6 15:01:17.281: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
*May 6 15:01:48.181: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
*May 6 15:01:51.583: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
*May 6 15:02:22.500: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
*May 6 15:03:41.852: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
SSID [PUBLIC] :
MAC Address IP address Device Name Parent State
847a.8835.4f22 0.0.0.0 ccx-client - self Assoc
ap#
ap#show run
Building configuration...
Current configuration : 2746 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$4jEJ$ajpjBvSx3DUhxyvLADj.91
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 syslog
dot11 ssid PRIVATE
vlan 50
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 01150F035E050E0A2D
dot11 ssid PUBLIC
vlan 51
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 045D02010A2F444B05
username Admin privilege 15 password 7 0526071D3545175840
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 50 mode ciphers aes-ccm
encryption vlan 51 mode ciphers aes-ccm
encryption mode ciphers aes-ccm tkip
ssid PRIVATE
ssid PUBLIC
antenna gain 0
mbssid
station-role root
interface Dot11Radio0.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
interface Dot11Radio0.51
encapsulation dot1Q 51
no ip route-cache
bridge-group 51
bridge-group 51 subscriber-loop-control
bridge-group 51 block-unknown-source
no bridge-group 51 source-learning
no bridge-group 51 unicast-flooding
bridge-group 51 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 50
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled
interface GigabitEthernet0.51
encapsulation dot1Q 51
no ip route-cache
bridge-group 51
no bridge-group 51 source-learning
bridge-group 51 spanning-disabled
interface BVI1
ip address 192.168.2.249 255.255.255.0
no ip route-cache
ip default-gateway 192.168.2.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
end
switch config:
interface FastEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk native vlan 50
switchport trunk allowed vlan 50,51
switchport mode trunkHi
I know the bridge-group have to be identical to the sub interface number and vlan number
This is true for all other vlans except for native vlan. For native vlan sub-interfaces bridge group number always should be 1. In your case, if vlan 50 is the native vlan (192.168.2.x/24 belong vlan) then configure bridge-group 1 under those .50 sub-interfaces. Then everything should work :)
It is ideal if you could put AP management (BVI IP) into separate vlan & two user groups put vlan 50 & 51. Here is a sample configuration where vlan 110 is Mgmt & vlan 12,13 for user vlans.
http://mrncciew.com/2012/10/24/multiple-ssid-config-on-autonomous-ap/
HTH
Rasika
**** Pls rate all useful responses **** -
Reader X crashes when user profile redirected to 2nd local disk
This issue is related to, and possibly a duplicate of, the Reader X Folder Redirection issue. This is with Reader version 10.1.0 on Windows 7. Reader version 9 works fine, and if we run Reader X in XP compatibility mode it also works fine, but then we lose protected mode operation.
In our Windows 7 deployments, there are two local disks (C: and U:). For most users the profile is relocated from C: to U: and replaced by a junction point, for example "C:\Users\fred" is really a junction point to "U:\Users\fred". This is part of our user data backup/restore mechanism and a key part of how we manage Windows images for users. This works well for most applications but we have found that it causes Reader X to crash with a MSVC++ runtime error similar to what others have reported in different circumstances. Here is what we have observed so far.
1. Reader X will crash immediately when a user attempts to start it from the desktop or start menu. Procmon suggests that this crash is related to errors encountered when the application attempts to access the user's temp folder (C:\Users\fred\AppData\Local\Temp) which is really on the U: drive.
2. Resetting the TEMP and TMP environment variables to "C:\temp" allows the application to launch, but...
3. Once Reader X is launched, some features will cause it to crash in the same way. For example displaying preferences causes it to crash immediately (Edit/Preferences in the menu or using the Ctrl-K shortcut). Procmon suggests this is related to the application trying to access the "C:\Users\fred\AppData\Roaming" folder which is really on the U: drive.
4. Reader X never crashes and works just fine if the user's profile has not been relocated from the C: drive to the U: drive. But this only applies to a small fraction of users that we manage.
Any advice would be greatly appreciated. I can provide Procmon traces if that might be helpful.We were experiencing the same issue.
We solved this by creating a GPO:
First open your GP mangement console, edit the GPO to which this applies. (This is a user GPO, so make sure you are on the user Ou!)
Edit:
User Configuration\Preferences\Drive Maps
Add a new drive mapping, mapped to \\server\share\%username% (in our case we mapped to P:\)
On the Common tab, make sure the "Run in user context" is ticked.
Next create a shortcut (or multiple shortcuts)
Edit:
User Configuration\Preferences\Shortcuts
Add a shortcut to
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (this is for Adobe Reader XI on Win x64; lookup your local path on the destination machines)
Change the start in to P:\ (the driveletter used in the drive mapping)
On the common tab also make sure this policy runs in the Logged-on user's security context.
This solved all issues at our end and we have this running with Adobe Reader X and XI
If you need to apply this to both Win x32 and x64 machines, you can apply item level targeting and choose the Operating system of choice. (If you add 2 OS'es, like Win 7 and Win 8, make sure that the option is OR and not AND).
good luck -
How to kick guest user when user quota has exhausted
Hi,
I have wlc and acs v4.0. Currently, I am using layer 3 security with web authentication and has been succesfully integrated with ACS for authentication. User quota has been set so that when user has reached its quota, may not be able to log in again. But problem occurs when the user has not logged out, it still can connect to network although its account at ACS shows disabled because of its quota limitation. So, is it a way to kick the user out, when the user has reached its quota ?
Radius accounting has been properly set. and AAA override has been set on appropriate wlan ssid.
Regards,
Suwandythanks for your reply.
do you mean "allow AAA override" ? If so, I have tried it and it works for changing user session by radius server. But the problem is, radius server do not send the user-session parameter dynamically. How can the radius send/calculate the remaining session time to wlc ?
Maybe you are looking for
-
Nokia 5130 loss of contact detail
I bought a nokia 5130. Under settings -> security, I set the security level to 'phone'. I then added my contacts. I also added each contact's birthday as additional contact detail. After switching off the phone and switching it on again, I still had
-
Dear Struts users, What is the "pure struts way" to make a button in a jsp page and generate an action when the button is hitted? Regards, PY
-
Camera Calibration Profile for Leica D-Lux Typ 109
I have Lightroom 5.7 with Camera Raw 8.7, both supposedly the latest versions, and yet I do not see any choices other than Adobe Standard under the Camera Calibration Profile menu. I have the newly supported Leica D-Lux Typ 109, and was expecting to
-
Features request for Aperture. "Render" & "Convert"
1.- I'd really like to have a "Render" feature. This would turn a version into a real picture, something of a second master... 2.- "Convert". This would convert a real picture (master or rendered) into another formats. I think It would be nice to be
-
Can you change "Open With" List TITLES?
When I right-click on a photo or something, then go down to "Open With" to choose which app to open it with, CS4 has made an obscenely long title somehow taking up the whole desktop. It looks like nonsense after it says CS4. All I need it to say at t