Wireless Clients failing to authenticate via the RADIUS

Similar Messages

• Failed to authenticate with the device at ip.ip.ip.ip using TELNET

  Hi!
  I can no longer use CCA :-)
  I tried everything, but when I enter user and password after waiting a few tens of seconds I get the following error window: "Failed to authenticate with the device at ip.ip.ip.ip using TELNET. TELNET access is required for access to voice configuration. Cannot continue. Exiting CCA."
  Given that I do not understand the need to use the 'telnet', I verified that UC500 was reachable from the PC via telnet. But CCA 2.2.5 don't work and I find no reason, even logging on to see go console error messages or anything else that turn me to the solution. Before removing CCA and back to 2.2.4, I see if I could solve the problem somehow.
  I tried to see what was going on the network with wireshark:
  Time          Source          Destination     Protocol     Info
  722.508214     pc.pc.pc.128     uc.uc.uc.1     TELNET     Telnet Data ... (the password in clear text!!!!)
  722.713551     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=37 Win=4092 Len=0
  722.713606     pc.pc.pc.128     uc.uc.uc.1     TELNET     Telnet Data ... (a '/r/n' after send user pwd on previus pkt)
  722.911528     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=39 Win=4090 Len=0
  724.608892     pc.pc.pc.128     uc.uc.uc.1     TCP     xs-openstorage > telnet [FIN, ACK] Seq=39 Ack=80 Win=65456 Len=0
  724.611192     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=40 Win=4090 Len=0
  724.721538     uc.uc.uc.1     pc.pc.pc.128     TELNET     Telnet Data ... (a '/r/n')
  724.721589     pc.pc.pc.128     uc.uc.uc.1     TCP     xs-openstorage > telnet [RST, ACK] Seq=40 Ack=82 Win=0 Len=0
  ...but do not understand why the PC ends the connection!
  NB: Obviously the username and password are correct and the UC does not report login errors.
  Can anyone give me a hint? 1k thanks
  73,
  Arturo

  Most files are 0 bytes long, only Application_Log report some output:
  ++: DEBUG:  : User Preference Settings App Version=2.2 (5)
  ++: DEBUG:  : Current App Version=2.2 (5)
  ++: DEBUG:  : *** Site name: DIM - Lab
  ++: DEBUG:  : *** Remove site from history list: DIM - Lab
  ++: DEBUG:  : Last used connection string: http://DIM+-+Lab:80/
  ++: DEBUG:  : Filtered connection string: DIM+-+Lab
  ++: DEBUG:  : SiteName : DIM+-+Lab DecodedName: DIM - Lab
  ++: DEBUG:  : DIM - Lab is customer site name: true
  ++: DEBUG:  : Set connection string to: ---.---.---.---
  ++: DEBUG:  : Filtered connection string: DIM+-+Lab
  ++: DEBUG:  : Duration for [upd Mirror<--Device() @ com.cisco.cpnm.features.defn.connect.ConnectDialogTask] = [1265] msec.
  ++: DEBUG:  : *** Site name: DIM - Lab
  ++: DEBUG:  : *** Remove site from history list: DIM - Lab
  ++: DEBUG:  : Last used connection string: http://DIM+-+Lab:80/
  ++: DEBUG:  : Filtered connection string: DIM+-+Lab
  ++: DEBUG:  : SiteName : DIM+-+Lab DecodedName: DIM - Lab
  ++: DEBUG:  : DIM - Lab is customer site name: true
  ++: DEBUG:  : Set connection string to: ---.---.---.---
  ++: DEBUG:  : Filtered connection string: DIM+-+Lab
  ++: DEBUG:  : Filtered connection string: DIM+-+Lab
  ++: DEBUG:  : Filtered connection string: DIM+-+Lab
  ++: DEBUG:  : WDTask::setHierarchy .TroubleshootingLogsTask
  ++: DEBUG:  : Duration for [create() @ com.cisco.cpnm.features.defn.logs.TroubleshootingLogsTask] = [78] msec.
  NB: I understand that the program tries to connect using something invented name of the site?
  I create another site with a valid DNS name and I try to connect... Last log lines are:
  ++: DEBUG:  : conn string: HTTP://valid.name.tld:80/
  ++: DEBUG:  : ConnectionMediator:connect() : http://valid.name.tld:80/
  ++: DEBUG:  : URL After Decoding :http://valid.name.tld:80/
  ++: DEBUG:  : ConnectionMediator:isFederation() : http://valid.name.tld:80/
  ++: DEBUG:  : initAppMode():http://valid.name.tld:80/
  ++: DEBUG:  : ConnectionMediator:isFederation() : http://valid.name.tld:80/
  ++: DEBUG:  : initAppWithConnection():http://valid.name.tld:80/
  ++: DEBUG:  : Found Module For device type : UC540W-BRI-K9
  ++: DEBUG:  : *** RouterInfo.ShVer.Fields=[UC540W-BRI-K9, cme, 1 day  23 hours  49 minutes, flash:uc500-advipservicesk9-mz.150-1.XA2, , 15.0(1)XA2, N, N, , UC500-ADVIPSERVICESK9-M, , 1 ]
  ++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null
  ++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null
  ++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null
  73

• Some Wireless clients won't authenticate to 887VA-W

  Hi folks
  I've swapped over a few months ago from an 877w router to an 887VAw which has a separate AP in-built, and there are a few wireless clients that had no problem authenticating to the 877w but just refuse to communicate to the 887VA-W.
  The clients in question are set top box type devices : (1)Now TV and (2) Sky Wireless Adapter.
  They have no problem seeing the SSID's being broadcast, and for troubleshooting I've setup an open test SSID without any encryption, but the clients still won't authenticate and grab an ip address, or more accurately they just don't get a dhcp ip address so I don't think authentication is really the issue. I don't know why these clients aren't happy with dhcp on the guest vlan (vlan2) where other clients get an ip address and work fine. Perhaps the fact I'm using vlan1 (being used for the Eap-Fast home wlan) as the native untagged vlan might have something to do with it? If I use a static ip address on the guest vlan (vlan 2 / ip 10.1.1.n ) then the Sky Wireless Adapter can send and receive packets across the wlan.
  Can anybody please suggest some debugs or config changes to try and nail the problem? The relevant configs from the AP is pasted below, and the router below that.
  Brgds, Tim
  aaa new-model
  aaa group server radius rad_eap
   server name rs-local
  aaa authentication login default local
  aaa authentication login eap_methods group rad_eap
  aaa authentication ppp default local
  aaa authorization exec default local
  dot11 ssid home
     vlan 1
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa version 2
  dot11 ssid guest
     vlan 2
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 abcdef123
  dot11 ssid test
     vlan 3
     authentication open
     mbssid guest-mode
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption vlan 1 mode ciphers aes-ccm
   encryption vlan 2 mode ciphers aes-ccm
   broadcast-key vlan 1 change 30
   broadcast-key vlan 2 change 43200
   ssid home
   ssid guest
   ssid test
   antenna gain 0
   mbssid
   speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
   packet retries 64 drop-packet
   no preamble-short
   station-role root
  interface Dot11Radio0.1
   encapsulation dot1Q 1 native
   no ip route-cache
   no cdp enable
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface Dot11Radio0.2
   encapsulation dot1Q 2
   no ip route-cache
   no cdp enable
   bridge-group 2
   bridge-group 2 subscriber-loop-control
   bridge-group 2 spanning-disabled
   bridge-group 2 block-unknown-source
   no bridge-group 2 source-learning
   no bridge-group 2 unicast-flooding
  interface Dot11Radio0.3
   encapsulation dot1Q 3
   no ip route-cache
   no cdp enable
   bridge-group 3
   bridge-group 3 subscriber-loop-control
   bridge-group 3 spanning-disabled
   bridge-group 3 block-unknown-source
   no bridge-group 3 source-learning
   no bridge-group 3 unicast-flooding
  interface GigabitEthernet0
   description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
   no ip address
   no ip route-cache
  interface GigabitEthernet0.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 spanning-disabled
   no bridge-group 1 source-learning
  interface GigabitEthernet0.2
   encapsulation dot1Q 2
   no ip route-cache
   bridge-group 2
   bridge-group 2 spanning-disabled
   no bridge-group 2 source-learning
  interface GigabitEthernet0.3
   encapsulation dot1Q 3
   no ip route-cache
   bridge-group 3
   bridge-group 3 spanning-disabled
   no bridge-group 3 source-learning
  interface BVI1
   ip address 172.27.44.2 255.255.255.0
   no ip route-cache
  ip default-gateway 172.27.44.1
  ****Router Config****
  interface Wlan-GigabitEthernet0
   description Internal switch interface connecting to the embedded AP
   switchport mode trunk
   no ip address
  interface wlan-ap0
   description Service module interface to manage the embedded AP
   ip unnumbered BVI1

  Hi Sebastian
  Please see ip dhcp debug from 887VA-W showing the Sky client requesting an ip address but failing to get one. Also a debug from an 877-W showing successful dhcp assignment. Also the dhcp config as requested.The successful trace shows 2 mac addresses from the Sky wireless adapter/ Sky box each getting a dhcp address. I don't know whether the failure is a bug in the 887 dhcp code or some config in the embedded AP that needs tweaking.
  Bregs, Tim
  The Sky wired adapter (I think it's the mac of the sky box lan port) mac is 00:19:FB:A4:B2:1A
  The Sky wireless mac is 18:28:61:99:7B:A8
  887VA-W Debug - Failure:
  887#term mon
  887#sh deb
  DHCP server packet debugging is on.
  887#
  887#
  000141: Dec 16 07:03:02.082 London: DHCPD: ARP entry exists (10.1.1.10, e0c9.7ad6.24ee).
  000142: Dec 16 07:03:02.082 London: DHCPD: unicasting BOOTREPLY to client e0c9.7ad6.24ee (10.1.1.10).
  Denham_887#
  000143: Dec 16 07:05:25.536 London: DHCPD: client's VPN is .
  000144: Dec 16 07:05:25.536 London: DHCPD: No option 125
  000145: Dec 16 07:05:25.536 London: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI1.
  000146: Dec 16 07:05:25.536 London: DHCPD: Allocate an address without class information (10.1.1.0)
  000147: Dec 16 07:05:25.536 London: DHCPD: Saving workspace (ID=0x4000009)
  Denham_887#
  000148: Dec 16 07:05:27.536 London: DHCPD: Reprocessing saved workspace (ID=0x4000009)
  000149: Dec 16 07:05:27.536 London: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI1.
  000150: Dec 16 07:05:27.536 London: DHCPD: Sending DHCPOFFER to client 0019.fba4.b21a (10.1.1.12).DHCPD: Setting only requested parameters
  000151: Dec 16 07:05:27.536 London: DHCPD: no option 125
  000152: Dec 16 07:05:27.536 London: DHCPD: broadcasting BOOTREPLY to client 0019.fba4.b21a.
  Denham_887#
  000153: Dec 16 07:05:32.468 London: DHCPD: New packet workspace 0x123EC554 (ID=0xC700000A)
  000154: Dec 16 07:05:32.468 London: DHCPD: client's VPN is .
  000155: Dec 16 07:05:32.468 London: DHCPD: No option 125
  000156: Dec 16 07:05:32.468 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
  000157: Dec 16 07:05:32.468 London: DHCPD: Allocate an address without class information (10.1.1.0)
  000158: Dec 16 07:05:32.472 London: DHCPD: Saving workspace (ID=0xC700000A)
  Denham_887#
  000159: Dec 16 07:05:34.080 London: DHCPD: New packet workspace 0x1240A47C (ID=0x5500000B)
  000160: Dec 16 07:05:34.080 London: DHCPD: client's VPN is .
  000161: Dec 16 07:05:34.080 London: DHCPD: No option 125
  000162: Dec 16 07:05:34.080 London: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI1.
  000163: Dec 16 07:05:34.080 London: DHCPD: Sending DHCPOFFER to client 0019.fba4.b21a (10.1.1.12).DHCPD: Setting only requested parameters
  000164: Dec 16 07:05:34.080 London: DHCPD: no option 125
  000165: Dec 16 07:05:34.080 London: DHCPD: broadcasting BOOTREPLY to client 0019.fba4.b21a.
  Denham_887#
  000166: Dec 16 07:05:34.468 London: DHCPD: Reprocessing saved workspace (ID=0xC700000A)
  000167: Dec 16 07:05:34.468 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
  000168: Dec 16 07:05:34.468 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
  000169: Dec 16 07:05:34.468 London: DHCPD: no option 125
  000170: Dec 16 07:05:34.468 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
  Denham_887#
  000171: Dec 16 07:05:35.476 London: DHCPD: client's VPN is .
  000172: Dec 16 07:05:35.476 London: DHCPD: No option 125
  000173: Dec 16 07:05:35.476 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
  000174: Dec 16 07:05:35.476 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
  000175: Dec 16 07:05:35.476 London: DHCPD: no option 125
  000176: Dec 16 07:05:35.476 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
  Denham_887#
  000177: Dec 16 07:05:37.520 London: DHCPD: client's VPN is .
  000178: Dec 16 07:05:37.520 London: DHCPD: No option 125
  000179: Dec 16 07:05:37.520 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
  000180: Dec 16 07:05:37.520 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
  000181: Dec 16 07:05:37.524 London: DHCPD: no option 125
  000182: Dec 16 07:05:37.524 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
  Denham_887#
  000183: Dec 16 07:05:40.532 London: DHCPD: client's VPN is .
  000184: Dec 16 07:05:40.532 London: DHCPD: No option 125
  000185: Dec 16 07:05:40.532 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
  000186: Dec 16 07:05:40.532 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
  000187: Dec 16 07:05:40.532 London: DHCPD: no option 125
  000188: Dec 16 07:05:40.532 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
  Denham_887#
  000189: Dec 16 07:05:43.540 London: DHCPD: client's VPN is .
  000190: Dec 16 07:05:43.540 London: DHCPD: No option 125
  000191: Dec 16 07:05:43.540 London: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI1.
  000192: Dec 16 07:05:43.540 London: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.13).DHCPD: Setting only requested parameters
  000193: Dec 16 07:05:43.540 London: DHCPD: no option 125
  000194: Dec 16 07:05:43.540 London: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
  Denham_887#
  000195: Dec 16 07:05:48.884 London: DHCPD: client's VPN is .
  000196: Dec 16 07:05:48.884 London: DHCPD: No option 125
  000197: Dec 16 07:05:48.884 London: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI1.
  000198: Dec 16 07:05:48.884 London: DHCPD: Sending DHCPOFFER to client 0019.fba4.b21a (10.1.1.12).DHCPD: Setting only requested parameters
  000199: Dec 16 07:05:48.884 London: DHCPD: no option 125
  000200: Dec 16 07:05:48.884 London: DHCPD: broadcasting BOOTREPLY to client 0019.fba4.b21a.
  887VA-W dhcp config:
  887#sh run | section dhcp
  no ip dhcp use vrf connected
  ip dhcp binding cleanup interval 10
  no ip dhcp conflict logging
  ip dhcp pool home
   network 172.27.44.0 255.255.255.0
   dns-server 208.67.222.222 208.67.220.220  
   default-router 172.27.44.1
  ip dhcp pool test
   import all
   network 11.1.1.0 255.255.255.0
   default-router 11.1.1.1
   dns-server 208.67.222.222 208.67.220.220
  ip dhcp pool guest
   import all
   network 10.1.1.0 255.255.255.0
   default-router 10.1.1.1
   dns-server 208.67.222.222 208.67.220.220
  877-W Debug - Success:
  877#deb ip dhcp se
  877#deb ip dhcp server pa
  DHCP server packet debugging is on.
  877#deb ip dhcp server ev
  DHCP server event debugging is on.
  877#
  000258: *Jun 23 22:20:07.087 BST: DHCPD: checking for expired leases.
  000259: *Jun 23 22:20:14.684 BST: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   1828.6199.7ba9 Associated SSID[guest] AUTH_TYPE[OPEN] KEY_MGMT[WPAv2 PSK]
  000260: *Jun 23 22:20:16.289 BST: DHCPD: Sending notification of DISCOVER:
  000261: *Jun 23 22:20:16.289 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
  000262: *Jun 23 22:20:16.289 BST:   DHCPD: remote id 020a00000a010101f2000000
  000263: *Jun 23 22:20:16.289 BST:   DHCPD: circuit id 00000000
  000264: *Jun 23 22:20:16.289 BST: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI2.
  000265: *Jun 23 22:20:16.289 BST: DHCPD: Seeing if there is an internally specified pool class:
  000266
   *Jun 23 22:20:16.289 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
  000267: *Jun 23 22:20:16.289 BST:   DHCPD: remote id 020a00000a010101f2000000
  000268: *Jun 23 22:20:16.289 BST:   DHCPD: circuit id 00000000
  000269: *Jun 23 22:20:16.289 BST: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.9).
  000270: *Jun 23 22:20:16.289 BST: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
  000271: *Jun 23 22:20:16.493 BST: DHCPD: DHCPREQUEST received from client 0118.2861.997b.a8.
  000272: *Jun 23 22:20:16.493 BST: DHCPD: Sending notification of ASSIGNMENT:
  000273: *Jun 23 22:20:16.493 BST:  DHCPD: address 10.1.1.9 mask 255.255.255.0
  000274: *Jun 23 22:20:16.493 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
  000275: *Jun 23 22:20:16.493 BST:   DHCPD: lease time remaining (secs) = 86400
  000276: *Jun 23 22:20:16.493 BST: DHCPD: Appending system default domain
  000278: *Jun 23 22:20:16.493 BST: DHCPD: Sending DHCPACK to client 0118.2861.997b.a8 (10.1.1.9).
  000279: *Jun 23 22:20:16.493 BST: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
  000280: *Jun 23 22:20:17.089 BST: DHCPD: checking for expired leases.
  000281: *Jun 23 22:20:18.097 BST: %SYS-5-CONFIG_I: Configured from console by vty0
  Denham#
  000282: *Jun 23 22:20:21.314 BST: DHCPD: Sending notification of DISCOVER:
  000283: *Jun 23 22:20:21.314 BST:   DHCPD: htype 1 chaddr 0019.fba4.b21a
  000284: *Jun 23 22:20:21.314 BST:   DHCPD: remote id 020a00000a010101f2000000
  000285: *Jun 23 22:20:21.314 BST:   DHCPD: circuit id 00000000
  000286: *Jun 23 22:20:21.314 BST: DHCPD: DHCPDISCOVER received from client 0019.fba4.b21a on interface BVI2.
  000287: *Jun 23 22:20:21.314 BST: DHCPD: Seeing if there is an internally specified pool class:
  000288: *
  Jun 23 22:20:21.314 BST:   DHCPD: htype 1 chaddr 0019.fba4.b21a
  000289: *Jun 23 22:20:21.314 BST:   DHCPD: remote id 020a00000a010101f2000000
  000290: *Jun 23 22:20:21.314 BST:   DHCPD: circuit id 00000000
  000291: *Jun 23 22:20:21.314 BST: DHCPD: Sending DHCPOFFER to client 0019.fba4.b21a (10.1.1.8).
  000292: *Jun 23 22:20:21.314 BST: DHCPD: broadcasting BOOTREPLY to client 0019.fba4.b21a.
  000293: *Jun 23 22:20:21.406 BST: DHCPD: DHCPREQUEST received from client 0019.fba4.b21a.
  000294: *Jun 23 22:20:21
  406 BST: DHCPD: Sending notification of ASSIGNMENT:
  000295: *Jun 23 22:20:21.406 BST:  DHCPD: address 10.1.1.8 mask 255.255.255.0
  000296: *Jun 23 22:20:21.406 BST:   DHCPD: htype 1 chaddr 0019.fba4.b21a
  000297: *Jun 23 22:20:21.406 BST:   DHCPD: lease time remaining (secs) = 86400
  000298: *Jun 23 22:20:21.406 BST: DHCPD: Can't find any hostname to update
  000299: *Jun 23 22:20:21.406 BST: DHCPD: Sending DHCPACK to client 0019.fba4.b21a (10.1.1.8).
  000300: *Jun 23 22:20:21.406 BST: DHCPD: broadcasting
  BOOTREPLY to client 0019.fba4.b21a.
  000302: *Jun 23 22:20:33.049 BST: DHCPD: Sending notification of DISCOVER:
  000303: *Jun 23 22:20:33.049 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
  000304: *Jun 23 22:20:33.049 BST:   DHCPD: remote id 020a00000a010101f2000000
  000305: *Jun 23 22:20:33.049 BST:   DHCPD: circuit id 00000000
  000306: *Jun 23 22:20:33.049 BST: DHCPD: DHCPDISCOVER received from client 0118.2861.997b.a8 on interface BVI2.
  000307: *Jun 23 22:20:33.049 BST: DHCPD: Seeing if there is an internally specified pool class:
  000308
  Denham#: *Jun 23 22:20:33.049 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
  000309: *Jun 23 22:20:33.049 BST:   DHCPD: remote id 020a00000a010101f2000000
  000310: *Jun 23 22:20:33.049 BST:   DHCPD: circuit id 00000000
  000311: *Jun 23 22:20:33.049 BST: DHCPD: Sending DHCPOFFER to client 0118.2861.997b.a8 (10.1.1.9).
  000312: *Jun 23 22:20:33.053 BST: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.
  000313: *Jun 23 22:20:33.081 BST: DHCPD: DHCPREQUEST received from client 0118.2861.997b.a8.
  000314: *Jun 23
  Denham# 22:20:33.081 BST: DHCPD: Sending notification of ASSIGNMENT:
  000315: *Jun 23 22:20:33.081 BST:  DHCPD: address 10.1.1.9 mask 255.255.255.0
  000316: *Jun 23 22:20:33.081 BST:   DHCPD: htype 1 chaddr 1828.6199.7ba8
  000317: *Jun 23 22:20:33.081 BST:   DHCPD: lease time remaining (secs) = 86400
  000318: *Jun 23 22:20:33.081 BST: DHCPD: Appending system default domain
  000319: *Jun 23 22:20:33.085 BST: DHCPD: Using hostname 'skywirelessconnector.indahouse.dyndns.org.' for dynamic update (from hostname opti
  indahouse#uon)
  000320: *Jun 23 22:20:33.085 BST: DHCPD: Sending DHCPACK to client 0118.2861.997b.a8 (10.1.1.9).
  000321: *Jun 23 22:20:33.085 BST: DHCPD: broadcasting BOOTREPLY to client 1828.6199.7ba8.

• How do I fix Failed to authenticate to the server error?

  I am trying to set up OS X server and didn't get much past the accept terms screen.
  Message was edited by: thatchling

  So, to confirm, you are running on your iMac OS X 10.8.2? If you go choose menu
   | About This Mac
  what version number is displayed?
  If run System Preferences | System | Users & Groups and select your account (if you are logged on it will show you as 'Current User') does it say 'Admin' under your name?
  Yes Apple advertises OS X server as 'easy to use' however I would describe it as a Lamborghini with training wheels — take away the training wheels and you can quickly have an out of control vehicle. It has many open source applications (some very hard to grasp) with a 'cute wrapper' around them.
  It will require a committment of time and effort to have it working properly. I would highly recommend that you get your hands on some documentation on installing OS X server (forget the Apple stuff) and study up on it before installing OS X Server.
  I recommend this book to everyone (again I don't work for Amazon or the publisher) to read up on before installing OS X Server.
  Here is link to the book:
  Apple Pro Training Series: OS X Server Essentials: Using and Supporting OS X Server on Mountain Lion
  Here is a posting I did recently about starting with OS X Server:
  https://discussions.apple.com/message/20736528#20736528

• Can I use the Export express as a wireless client?

  I live in the proximity of a free open wireless network and I would like to have my Airport Express act as a wireless client (i.e., pick up the wireless signal) and then pass it via Ethernet to a computer that does NOT have a wireless card.
  I configured the Airport Express to connect to the wireless network successfully (I chose the option "Join a wireless network" and the light is now green).
  However, the Ethernet port doesn't seem to output anything.
  I noticed that under "Connection Sharing" in the Airport Express the option selected is "Off (Bridge Mode)" and it's grayed out.
  Any ideas?

  I live in the proximity of a free open wireless network and I would like to have my Airport Express act as a wireless client (i.e., pick up the wireless signal) and then pass it via Ethernet to a computer that does NOT have a wireless card.
  Most likely not, as for the AirPort Express Base Station (AX) Ethernet port to be enabled, the AX must be configured as either a remote or relay base station in a Wireless Distribution System (WDS). Unfortunately, most non-AirPort wireless routers are not WDS-compatible with the AirPorts.
  I configured the Airport Express to connect to the wireless network successfully (I chose the option "Join a wireless network" and the light is now green).
  However, the Ethernet port doesn't seem to output anything.
  In this configuration, the AX is acting like a wireless client. No different than any other device (printer, computer, etc.) that will connect to a wireless network. When the AX is configured as a "wireless client," its Ethernet port is not enabled.

• 4404 wireless lan controller managment via wireless clients

  I am having an issue managing a 4404 wireless lan controller via wireless clients.
  I have checked the box "enable controller management to be accessible from wireless clients" under management. For some reason that does not seem to fix the problem (page cannot be displayed). I cannot ping the controller by IP but other devices on the same subnet respond. Everything else works fine.
  I CAN manage the controller when plugged in a wired connection.
  When I do a route print it is identical wireless or wired. The route simple points to my interface. If I modify the route on my computer to actually point to our gateway instead of the interface then everything works. But why should I have to do this only for my wireless connection and not my wired to manage this box?

  Thanks for the info. I narrowed the problem down to an ARP issue.
  In order for me to connect to the controller, I run a batch file that creates a static ARP entry on my laptop. I don't have to do this for any other device except the controller. Not sure what the underlying cause is, but that works as a workaround right now.

• WRT600N Doesn't show any entries in the Wireless Client List

  Hi, my WRT600N is on firmware 1.01.35 build 3. When I check the wireless client list from the Wireless MAC Filter page, it is empty, even though I know I have 3 clients connected. They are all using 802.11g, as I don't have any N devices yet. When I go to the Status page and check the DHCP Client Table, both of my wired clients are there, but only 1 wireless client appears. The DHCP Client Log file is useless, as it only appears to log the ip address it receives from my isp. There are no entries of the ip addresses it has given out. Is my WRT600N defective, or is there firmware in the works to correct this?

  Another thing I've notice, is that the DHCP client table is showing the 2.4 wireless devices as LAN interfaces. Shouldn't it show the frequency, like it does my one 5GHz device? Things have changed, because the Wii is now showing in both the Wireless Client List, as well as the DHCP Client table. It shows as a LAN interface though, which is wrong, it should be 2.4GHz. My one pc that is a 5GHz N device, is also showing in both the Wireless Client List, & the DHCP Client table. Neither the wireless 2.4 gaming adapter, or the HR20 connected to it show up in either list. Neither does a laptop which is 2.4GHz. This is really a concern, because I've caught 2 neighbors stealing my bandwidth in the past, and I can't stop them if I can't see them.

• 1131AG: Wireless clients randomly unreachable

  Hi,
  I have a weird issue with my 1131AG-E-K9. I set up a lab at home to get back into the topic after a few years break. My 1131AG is connected to one of the PoE ports of an ASA5505. Clients are 2 Soundbridge internet radios, my Android phone and my laptop. The wireless clients get their IP via DHCP from a central server in the wired LAN.
  Now the problem:
  The wireless clients become randomly unreachable. The DHCP leases are valid 1 hour and once a day, usually in the afternoon, the radios don't get a new IP anymore. When I monitor the LAN, I see the DHCPREQUEST, DHCPDISCOVER and DHCPOFFER packets but they don't seem to arrive in the WLAN. When I manually deassociate one arbitrary client or a completely different client, say, my laptop joins the network and gets an IP via DHCP, suddenly all clients receive the DHCPOFFER and go back active.
  So it looks like the access point would somehow start throwing away packets from the server to the radios after some time.
  I'm pretty much clueless and have googled for hours to find a solution...
  The server and the radios are talking constantly to each other, however, mostly through broadcasts (Bonjour and DLNA).
  I do not have the problem when I use a cheap crap consumer AP instead of the 1131AG, so I would at first glance exclude the ASA as source of the problems. The network is also flat, i.e. the WLAN is the same subnet as the LAN and there's no routing, no fw rules and no different VLANs involved.
  Ideas, anyone?
  -S

  Hi Sebastian, thank you for your reply! The access point is an autonomous access point AIR-AP1131-AG-E-K9, so there is no WLC involved.
  This is the config:
  ! Last configuration change at 15:16:16 UTC Mon Nov 24 2014 by sgofferj
  ! NVRAM config last updated at 15:16:21 UTC Mon Nov 24 2014 by sgofferj
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname echo
  no logging buffered
  no logging rate-limit
  no logging console
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
   server [RFC1918] auth-port 1812 acct-port 1813
  aaa group server radius rad_admin
   server [RFC1918] auth-port 1812 acct-port 1813
   cache expiry 1
   cache authorization profile admin_cache
   cache authentication profile admin_cache
  aaa group server tacacs+ tac_admin
   cache expiry 1
   cache authorization profile admin_cache
   cache authentication profile admin_cache
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting exec default start-stop group rad_acct
  aaa accounting network acct_methods start-stop group rad_acct
  aaa cache profile admin_cache
   all
  aaa session-id common
  no ip igmp snooping
  dot11 syslog
  dot11 vlan-name LAN vlan 1
  dot11 ssid Stefan_Gofferje
     vlan 1
     authentication open
     authentication key-management wpa version 2
     guest-mode
     mbssid guest-mode
     wpa-psk ascii 7 [CODE]
     no ids mfp client
  power inline negotiation injector 001d.450b.fb08
  crypto pki trustpoint TP-self-signed-2716624410
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2716624410
   revocation-check none
   rsakeypair TP-self-signed-2716624410
  crypto pki certificate chain TP-self-signed-2716624410
   certificate self-signed 01
    30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32373136 36323434 3130301E 170D3134 30373136 31393132
    35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37313636
    32343431 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100C3E0 BCF4B199 68C92993 E4DA9F8E BFD62231 C974A8DA A39F47A7 1268E490
    F59A3BCD 123D0F8C 98B4DAC1 0E65FB70 BE42A8A5 A8CF8A75 A5287804 7B3244AC
    3AAF5F88 A0533A76 B192A6F8 88AFBADF 2D101637 E6061BC3 FE2F197B BA7E3172
    BA5FAA01 85F59AA6 3A99E2C5 4F1F1624 71657D4E 9392E228 B0FA6D3C F97EAFB5
    0F770203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
    551D1104 15301382 11656368 6F2E676F 66666572 6A652E6E 6574301F 0603551D
    23041830 1680141C 09AC7570 978D1975 1CA7A73C 5927A051 6DB28630 1D060355
    1D0E0416 04141C09 AC757097 8D19751C A7A73C59 27A0516D B286300D 06092A86
    4886F70D 01010405 00038181 000EB3FE 7EA03ABE D215F9DB 0421AC99 CACC9501
    9710D99B 3B2F155B FB7C24E1 45DA20E8 FCF7FC2D 4B794CAA 7FDF7B0E 3253A0DE
    510B067D 5832636C BE03EA47 F673A389 7488788A 329F014A 755D5D1A 92502A41
    11FAD8E8 CE1458DF 45246365 42B42549 C3370C03 7C8FEA47 5F0D4E01 1FF20773
    741A6839 A6BBB581 7CDA3262 32
    quit
  username sgofferj privilege 15 password 7 [CODE]
  bridge irb
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption mode ciphers aes-ccm
   encryption vlan 1 mode ciphers aes-ccm
   broadcast-key change 10
   ssid Stefan_Gofferje
   no short-slot-time
   speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
   channel 2437
   station-role root
   no dot11 extension aironet
  interface Dot11Radio0.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
   bridge-group 1 spanning-disabled
  interface Dot11Radio1
   no ip address
   no ip route-cache
   encryption mode ciphers aes-ccm
   encryption vlan 1 mode ciphers aes-ccm
   broadcast-key change 10
   ssid Stefan_Gofferje
   no dfs band block
   speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
   channel dfs
   station-role root
   no dot11 extension aironet
  interface Dot11Radio1.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
   bridge-group 1 spanning-disabled
  interface FastEthernet0
   no ip address
   no ip route-cache
   duplex auto
   speed auto
  interface FastEthernet0.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   no bridge-group 1 source-learning
   bridge-group 1 spanning-disabled
  interface BVI1
   ip address dhcp client-id FastEthernet0
   no ip route-cache
  no ip http server
  ip http authentication aaa
  ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  logging trap debugging
  logging [RFC1918]
  access-list 111 permit tcp any any neq telnet
  snmp-server view dot11view ieee802dot11 included
  snmp-server community public RO
  tacacs-server host [RFC1918] key 7 [CODE]
  radius-server attribute 32 include-in-access-req format %h
  radius-server host [RFC1918] auth-port 1812 acct-port 1813 key 7 [CODE]
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
   access-class 111 in
  line vty 0 4
   access-class 111 in
  sntp server [RFC1918]
  sntp broadcast client
  end

• How do you ADD a Wireless Client PC to your Airport wLan?

  If no security is enabled on the airport extreme 802.11n
  PCs and Macs can get online easily
  As soon as I enable WPA or WPA2
  my macs can get online using the password
  my PCs want a network Key of a specific length and hex format
  and my airport utility app offers a phenomenally long 'equivalent' network password which does not make any of my PCs happy...
  There is also an option of adding a wireless Client (a menu item in the airport utility app) but it closes the page as soon as I click on the menu item - I have NO ACCESS to this feature... something of a bug in airport utility version 5.2.2
  the option is supposed to be add a Client using a PIN or simply add the first client to connect... NEITHER of these features work - the airport util software simply refuses to load that config page!
  what gives?
  how can we solve this?

  Here's a wonderful piece of info that could help all of us...
  Many wLan cards on the PC side don't seem to like WPA2
  so you can resolve that issue by selecting WPA in the Airport utility
  If you are using WPA / WPA2 on the airport extreme
  then... go grab a PC
  yes, I said a PC... ARE YOU LISTENING APPLE?
  on the PC, you need to install the software that came with your Airport Extreme 802.11n... it looks the same as the SW on your trust Mac
  but the thing is, it actually works when you want to ADD a new Wireless Client to your network.
  now... when the PC has the software up and running and you can see your Airport extreme - ADD A WIRELESS CLIENT but don't use the PIN method - that method failed 5 out of 5 times I tried... Use the First Attempt method..
  You will likely get an error but ignore it and go to the wLan connection app in your windows taskbar (bottom right side) you will want to VIEW Wireless Networks available to you.
  If you see your airport, great, click the CONNECT button and the app will ask for your NETWORK KEY
  Just enter your Wireless Password (the same one you used to configure your Airport Wireless Security on the WIRELESS page of the Airport Utility)
  then click connect and voila... all 6 of my PCs were able to access via WPA
  I am stunned that I wasted so much time with this
  and concerned that Apple's software acts differently on the PC allowing me to ADD users whereas the Mac application simply would not load the page
  in case you are wondering I used the following versions for this time wasting exercise
  Mac: Airport Utility v5.2.2
  PC: Apple Airport Utility for Windows v5.0
  gosh what fun this has been
  on the Mac ADDING a wireless Client failed (see my post earlier)

• Bridge does not work for wireless clients - connecting to existing network.

  Hi - I really hope somebody can help out here, after hours of trial & error, I have finally given up
  I need to connect my Airport Extreme Base Station to my existing network. I have a linksys router (192.168.15.1) connected to my modem and this linksys router acts as DHCP server too.
  I suppose I have to use "bridge mode" for that to work. But should the linksys be connected to the AEBS using the AEBS's WAN or LAN port?
  If I use "bridge mode", then wired computers to the AEBS works fine - getting an IP from the linksys etc. BUT, the wireless clients will have a self-assigned IP and not get through to the internet. It's like the AEBS will not allow wireless clients to "get through" unless AEBS itself is handing out IP addresses.
  Page 36 of this manual ( http://manuals.info.apple.com/en/DesigningAirPort_Networks10.5-Windows.pdf ) shows the setup I want. But in the picture, it says "Ethernet WAN port" but the text says: "The Apple wireless device (in this example, a Time Capsule) uses your Ethernet network to communicate with the Internet through the Ethernet LAN port ( <--> )." I don't know which one to use, WAN or LAN - they show WAN but say LAN?
  When I set it up as "share an IP address", the AEBS status tells me "double nat" and to change from "shared IP" to "bridge mode". I do that, and everything seems fine - for the wired clients. Now the wireless clients cannot connect, Airport on the MacBook Pro just say "Connection failed" and the MacBook says "Invalid password" (translated from danish), even though I set the Airport Utlity to save the password in keyring, so it should be correct... If I disable wireless encryption, the wireless clients will connect but get a self-assigned IP, and therefor not work (cannot get online)...
  It seems the only way I can get wireless to work, is if I set AEBS up as DHCP, but then it won't be on the "same network" as the linksys (192.168.15.1), but rather on 10.0.x.x as I select. If I select 192.168.x.x within AEBS, I'm also getting some error messages, conflict/subnet thing.
  Anyway - I really hope somebody knows how to get wireless clients to get an IP address from existing ethernet when connected to the AEBS.
  Thanks!!

  I've given up and had to go back to running "Double NAT" which also reports as a "problem" within the AEBS, but I just "ignore" it so the light will always be green.
  It still ***** though, as "Double NAT" is also a reason for "Back to my Mac" not working properly, but how the ** am I supposed to avoid Double NAT when the wireless will not work in bridged mode?!

• How to modify Time Capsule wireless clients?

  I have a Time Capsule that I use as the router for the house. We've had a lot of computers connected to it over the years. What I am wanting to know if it is possible to remove wireless clients that are connected or previously connected. Under Finder there is an HP computer that is connected but to my knowledge there is no Windows based computer using the network. At one point there was an old HP laptop connected to it. But for the life of me I can not find anything or figure out how to remove this computer from showing up under the Finder. I am confident that the problem resides at the router because I can see that same device connected.
  http://i.imgur.com/PXdR9XJ.png

  Under Finder there is an HP computer that is connected but to my knowledge there is no Windows based computer using the network.
  Maybe you have an HP printer that is connected either by wireless or Ethernet?
  Does the HP device show up in the list of current wireless clients? If not, then the HP device is connected via Ethernet to your network.
  What I am wanting to know if it is possible to remove wireless clients that are connected or previously connected.
  If a wireless device is already connected to the network, the only way that you can remove it is to change the wireless network password, or set up Timed Access on that device..
  Chaging the password will disconnect all connected devices, then you will have to log on again from each device that you want to connect.

• WRT54GC will not give wireless clients IP addresses

  Hi, I'm here on a behalf of a friend. I'm working on a WRT54GC wireless router. The issue is that any wireless client wishing to connect to the router (after seeing the SSID) always fail at "Waiting for network" during the connection screen. However, wired clients are able to connect without any problems. I have updated the firmware to the latest one. No security features (WEP/WPA) are enabled. I have tried changing the channel and mode to no avail. MAC address filter is disabled. Wireless card drivers are up to date. I'd like to know what can be done to resolve this issue. Thanks in advance. -Keres

  In the non-working computer, temporarily turn off the software firewall, including Windows Firewall, and see it this helps.
  Also, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
  If you still have trouble, in the computer, go to the wireless adapter software, and go to "Preferred Networks"  (sometimes called "Profiles" ), and delete all the networks you find.  Reboot computer.  Then return to "Preferred Networks" and re-enter your unique network SSID, and set it to "automatic login".  Reboot computer.  You should connect automatically.
  If the above does not fix your problem, download and install the latest driver for your wireless card.

• Wireless clients cannot get to internet

  Hi All,
  I'm fairly new to networking and have been trying to troubleshoot an issue with my home lab.
  I have a Cisco 2800 router with 2 interfaces, gig0/0 that is the "external" interface and gets an IP via DHCP, and gig0/1 that is the internal interface with IP 10.10.10.1 and a DHCP pool of 10.10.10.100 - 10.10.10.254. A nat pool containing the external interface IP (192.168.1.110) exists.
  Current configuration : 3229 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  no aaa new-model
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1 10.10.10.99
  ip dhcp pool dpool1
  import all
  network 10.10.10.0 255.255.255.0
  dns-server 8.8.8.8 8.8.4.4
  default-router 10.10.10.1
  ip domain name home.local
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  multilink bundle-name authenticated
  interface GigabitEthernet0/0
  ip address dhcp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  ip address 10.10.10.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  no mop enabled
  interface FastEthernet0/3/0
  shutdown
  interface FastEthernet0/3/1
  shutdown
  interface FastEthernet0/3/2
  shutdown
  interface FastEthernet0/3/3
  shutdown
  interface Vlan1
  no ip address
  shutdown
  ip http server
  ip http authentication local
  ip http secure-server
  ip nat pool ovrld 192.168.1.110 192.168.1.110 prefix-length 30
  ip nat inside source list 1 pool ovrld
  access-list 1 permit 10.10.10.0 0.0.0.255
  snmp-server community public RO
  control-plane
  scheduler allocate 20000 1000
  end
  Coming off the internal interface is a 3750, and attached to that 3750 is a 4400 Wireless Lan Controller.
  I'm able to create a wireless network that uses the router for DHCP and clients can connect to this wireless network and obtain an IP from that DHCP pool. The wireless clients can ping the default gateway (10.10.10.1) as well as every other device on that network, including hard-wired devices on the 3750. The arp table on the router also shows the wireless clients.
  However, only clients connected via ethernet can access the outside (internet), wireless clients, who appear to get the exact same network config, are unable to access the internet they can only access other devices on that 10.10.10.0 network.
  So I'm confused as to why with what appears to be the proper default gateway (10.10.10.1) and a valid IP from the router, what could be broken so hard-wired clients can NAT to the outside while wireless clients can't? I can't find any setting on the WLC 4400 that would be restricting wireless clients from leaving the local network.
  Any clarification on my issue/my understanding of the problem would be greatly appreciated. Cheers!

  Hello smorrissey,
  May I ask, how many end devices do you have connected to the switch? And if you tried to connect wireless clients simultaneously with wired devices?
  Because from your config it seems you're using only dynamic NAT:
  ip nat inside source list 1 pool ovrld    // this command will translate IP picked by ACL 1 to address in pool named ovrld. Because you have only 1 address in this pool, only 1 inside device will be able to communicate with outside world (Internet) at a time.
  I would suggest to add keyword "overload" at the end of this command (ip nat inside source list 1 pool ovrld overload) to enable PAT, which will allow multiple LAN devices to use 1 outside address at the same time thanks to port address translation.
  Hope this will help.
  Michal

• Initial configuration of ACS 5.1 for EAP authentication for Wireless clients

  Hi,
  I have set-up with below devices :
  Wireless LAN controller 5508
  LAP 3302i
  and ACS 5.1
  since i am new in ACS 5.1 configuration , I need so information to go ahead to configure ACS 5.1.
  which EAP method to use for wireless client authentication ? what is the best practice ?
  I have gone through some cisco documents and it shows that best practice is to configure PEAP but for the same , I need to install certificate in ACS server as well in client PC. is that so ?
  I have no clear picture for this certificate ?
  from where i can get this certificate or do i need to purchase this certificate separately from cisco. how to install it in ACS server ?
  I will be obliged to get atleast initial configuration for ACS 5.1 to enable the EAP method,
  I need GUI based initial configuration for ACS 5.1
  This mentioned ACS 5.1 is installed on ACS 1121 hardware appliance.

  Hi,
  which EAP method to use for wireless client authentication ? what is the best practice ?
  -> I would advise the most widely spread EAP method, which has the best ratio security/easy to deploy: PEAP with MSCHAPv2, which is available by default by all windows machines.
  I  have gone through some cisco documents and it shows that best practice  is to configure PEAP but for the same , I need to install certificate in  ACS server as well in client PC. is that so ?
  -> You will always need to install a server certificate, however, there is no need for client certificate because the authentication is based on the MSCHAP credentials exchange, not certificate based. The only requirement on the client regarding certificates is the following.
  If you want to validate the server certificate, you have to install the server certificate under the trusted CAs of the clients.
  If you do not require to trust the server certificate, you can simply disable the option of server certificate validation.
  I have no clear picture for this certificate ?
  from  where i can get this certificate or do i need to purchase this  certificate separately from cisco. how to install it in ACS server ?
  -> The server certificate can be a simple self signed certificate that you generate and install on the ACS GUI.
  Please feel free to follow this step-by-step guide on
  PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server:
  http://www.cisco.com/en/US/partner/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml or in pdf
  http://www.cisco.com/image/gif/paws/112175/acs51-peap-deployment-00.pdf.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• WRT120N: Wireless Client List - Refresh button useless

  WRT120N:
  Wireless --> Wireless MAC Filter --> Enabled --> Wireless client list...
  Opening Wireless Client List on WRT120N shows the list of wireless clients connected.
  Add button is working.
  Close button is working
  But Refresh button is useless. Even if clients on the lists are already not connected to the router, pressing the Refresh button does nothing. It may add new clients connected but can't determine whether the client disconnects or not. The only way to determine if the client is still connected or not is to Reboot the router (Administration --> Start Reboot).
  Refresh doesn't update/remove disconnected clients from the list.
  I'm hoping that on future firmware updates for WRT120N, this can be fixed.

  Did you try to upgrade/re-flash the firmware on your router?
  Connect the computer to the router with the Ethernet cable. Download the latest firmware from Linksys website and save it on your computer. Upgrade/re-flash the firmware on your router. After upgrading the firmware on your router, reset the router and reconfigure it.