Wireless Guest CA Certificate problems

Similar Messages

• Wired + Private Wireless + Guest Networks

  I'm attempting to setup a configuration that I don't seem able to get correct. I have a small wired network at my church with a file server and a couple of dozen users, some of which have laptops and would like to be able to roam wirelessly through the building. In addition, I would like to have an unsecured wireless guest network for visitors which provides access to the internet and does not have access to the file server.
  The specifics are a wired 192.168.1.xxx network with a NAT'd DSL modem/router. I have 4 Airport Extreme dual radio N devices. I've tried setting the first Airport Extreme unit to shared IP, the only setting that allows me to also use a guest network, with a private SSID handing out 172.0.xxx.xxx addresses and a guest network handing out 10.0.xxx.xxx addresses. It seems logical to me that I would want to used bridged mode to allow my private wireless uses to see the server, but the Airport Extreme tells me I can not use a guest network with that setting.
  With this setup, I can not get to my server by name, but I can get to by IP address. I guess that's not a huge problem since I have such a small number of users, I can add the server IP address to a hosts file on each client. What bothers me most is that I can get to the server IP from the guest network as well as the private network. Am I missing something?
  My second point of confusion is when I try to configure the other 3 Airport Extremes to extend the network. The configuration tools asks me which wireless network I want to extend, and allows me to choose only the private network OR the guest network. I thought it should be able to extend both networks simultaneously. Am I mistaken on this as well?
  I'm certain I've left out plenty of information you may need to assist so please ask, I will gather what ever I can. Thanks in advance.

  Hello muellgre. Welcome to the Apple Discussions!
  Unfortunately, Apple does not provide you with very many options when it comes to their Guest network feature. It is basically designed to work with a single AirPort/Time Capsule router in your network configuration.
  As you have found out, it will only be available if you have the AirPort configured as a NAT router and not as a bridge. Also you cannot extend a Guest network. I'm actually surprised that you were given this option.
  Since you have a DSL gateway upstream of your AirPorts that is performing as your primary Internet router, you would want all of your AirPorts to be configured as bridges. Regardless if you were connecting them all back to the DSL gateway by Ethernet or creating a WDS extended network.
  If you go the route of configuring a single Extreme as a router, you will have a Double NAT configuration, which is not bad in itself, but does add some complexity when attempting to share between network segments.
  One option would be to reconfigure the DSL gateway as a bridge, and then, configure one of the Extremes as a router to allow it to handle NAT & DHCP services for the network. This will also give you your guest network. You can also extend this Extreme with the others, but not its guest network ... so, overall, this might not satisfy all of your networking requirements.

• E4200 Wireless Guest Access issue

  Hello, I'm hoping someone can point me in the right direction. I have the wireless guest access set up in my E4200 flash to the latest firmware. 
  When I connect to the wireless guest network it comes up under the 192.168.33.xx IP address. I can connect fine but it never pops up the browser so that you can type in the guest password. I'm running Windows 7 but I've also noticed the exact same problem under XP.
  The only thing I can guess is the problem is that I have this acting like an access point and all DHCP requests go to my router. I've basically turned off DHCP on this and plugged the network connection into the switch on the back. 
  Any suggestions?
  Thanks
  Josh

  If I go to 192.168.33.1 it does pop up the browser but when I enter the password It just hangs. Not sure if it was connected or not. Is there no way to pop up the browser automatically?

• Unified wireless guest access

  Hi I need help in configuring unified wireless guest access. i have followed the guide
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html#wp999843.
  But the problem is it still does not work. what i dont get is that the interface for the Guest SSID for the foreign controller is management, does this mean that i have to get an IP address first from the management segment before i can get an IP from the anchor WLC?
  my setup is that i have an anchor controller which is on a different LAN from where my foreign WLC is. the anchor WLC has the DHCP scope and the local net user database. I have already join the two WLC to each other's mobility group. also i have configured the mobility anchor on the WLAN(SSID) of the foreign controller.
  Another thing is that the AP im trying to use is on a different site from where my controller is. Im not sure if this is the one causing problem.
  Can someone help point out my mistake.

  Its rare that I have a difference in opinion from both of you guys but let me share with you an issue I had.
  If you map the foreign controller to the management interface and the tunnel breaks for whatever reason the clients will get dumped on the management interface, even though the WLAN is anchored to the DMZ controller.
  I know this becuase I seen this for my self when I had anchor issues.
  I opened a tac case and it was suggested to use a "dummy interface" on the foreign controller. I forget who I spoke to, this is over a year now. But I then followed up witha Cisco SE on the Advance Wireless team and he commented this is what they do as well. And to add further, a large hospital system here in the Tex Med center had Cisco advance team install their controllers and they too had dummy interfaces for the foreign controllers for guest.
  Just my 2 cents ... Add a dummy interface call he dummy_guest_interface and tie it to 222.222.222.222 or something like ... no need to add anything on the wired.

• Wireless Guest Network, iPADS and MAC Filteing

  Hello, I have a question regarding our wireless guest network and using iPADs
  Our wireless network consist of (3) 5508 WLC’s running 6.0.188. 2 internal WLC and 1 external anchor WLC for guest.  Presently we are only using one of the internal controllers for users the second is only used for fail over.  The anchor controller is set up as the DHCP server for guest. We also have a Cisco NAC Guest Server in the DMZ for guest authentication.
  We have (10) iPads that need Internet access though our guest portal. We do not want these iPADs to have to enter any credentials just pass through to the internet. We do not want any other device to be able to connect to this SSID.  Here’s my question; Getting to the Internet is no problem however when I try to set up a MAC filter just for these devices, they never receive an IP address and never get connected.  I have tried setting the filter on both the internal controller and the anchor controller identically and in about every combination I can think of.  Does anyone know how to set up a MAC filter on a guest network configured as per Cisco’s recommendation?  I also plan to use WPA2 and 802.1x once I get the MAC filter to work.  Any help would be appreciated.
  Thank You
  John

  Not all layer 2 and layer 3 security mechanisms are compatible. Refer to this doc
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080987b7c.shtml#matrix
  What security settings have you configured. The settings also need to be identical on both the internal and anchor controller.

• Wireless guest users are getting limited connectivity.

  Could anyone help please, I have a wireless guest solution consist of :
  WLC located internal in the network – all the AP are associated with that WLC-.
  Anchor WLC located in the DMZ . the guest SSID are tunneled from the internal WLC to the Anchor WLC, the DHCP service for guest users is on the Anchor WLC.
  NAC guest server to authenticate the guest users.
  The solution was working properly but now we have a problem that if any one tried to connect to the guest SSID if he is authorized or not , the user will get IP address from the DHCP pool and now as you know most of people has smart phones and they try to get internet access. Now only 5 or 6 people authenticated with NAC gest server and the DHCP pool become full because too many people tried to connect even they do not authenticate.
  so if any user trys to cnnect he will not get IP address from the anchor controller and getting limited connectivity.
  if I add static IP address on my Laptop , I will be redirected to the authentication page and can access normally.
  I am working in big environment 7,000 users so I can’t go with increasing the DHCP pool because the problem will not be solved.
  I hope if anyone can help in this case.
  Thanks in advance.

  This is a pitfall and raising  the eyebrows.. currently we do not have anyother option other than using a WPA-PSK + WEB AUTH
  that is..
  PSK will block the users to just grab an IP and sit!! , if the user enters a valid PSK, he will get the IP address and followed by the Web auth process!! this may help u as of now.. or just a work around.. to overcome the IP exhaustion..
  Please rasie a PER with your accounts team to raise the severity on this issue if u have the contract n all with us!!
  Please dont forget to rate the usefull posts!!
  Regards
  Surendra

• Wireless guest-net IP before login

  We have a wireless guest net and we broadcast it thru-out our hospital.
  The problem is with all the IPAD's, IPHONE's, ADROIDS and such roaming
  around the hospital we are using all of our Class C IP addresses. Is there a way setup
  the WISM to keep the clients  from getting an IP before the client logins? 

  yea, i feel your pain ... We have 2000 guest daily here at our hospital and as you know people just walking by with wifi devices will get an IP.
  One way -- Don't broadcast your SSID. Clients would need to manually join your network and then get an IP.
  No other way around it in an open "hot spot" easy to access kinda way.
  Im sure thats not what you wanted to hear ...
  edit: Another way is to open a much larger scope. We have a /21 here and it works fine. We show as many as 3000 scopes out but normally only have 500 - 2000 users AT MAX ... We also shorten the DHCP scopes to 3 hours.

• SA 540 and DMZ Issue for Wireless Guest Access

  I have hooked up a Wireless AP into the Optional Port setup as DMZ on the SA 540.  My goal is to provide internet access to wireless guest users without giving them access to the entire LAN.     The internet access for the wireless guest users is painfully slow.   It takes 5 minutes to access Google.   Has anybody else had issues with slowness.    I am able to successfully ping websites and retrieve their IP address, but it won't connect to any websites via web browsers.   Just to humor myself,  I configured firewall rules to allow DMZ full access to the LAN and WAN.   I am still having the same results.   Any thoughts and suggestions?

  Hi,
  I'm not the one with the AP problem, I just have the same issue with the DMZ port. I think you have to forget about the whole AP issue here since the problem is with the DMZ port on the SA500.
  I have my Web and Mail server set up on the DMZ port, I can ping and resolve Domain names to the outside world, but trying to reach anything with a browser takes foreeever. On, eg. www.apple.com I just get a few lines from their web page (so there is a connection) and then it halts to a stop (takes about 5 min).
  I also tried to move my laptop to the DMZ, just to make sure there is no problem with the server, and it has the same issue.
  To summarize, I have about 16 Mb connection on my LAN and on my DMZ i can't even load a full web page.
  Firmware 1.0.39
  BTW, when I upgraded the firmware it wiped my configuration, but it kept my firewall rules in place, even though they weren't shown in the Firewall table. e.g. I could still access my DMZ from my LAN. I had to hard reset the router from the hardware reset button on the router before that changed and the router was completely reset.

• Error message trying to install Adobe Download Assistant (Sorry an Error has occured... certificate problem)

  I am trying to download the free trial of Acrobat XI. I am using an iMac running Mac OSX 10.6.8. When I click on the Installer I have downloaded for Adobe Download Assistant, it gives me the following error message while trying to open/install the Download Assistant:s
  Sorry, an error has occured.
  The application cannot be installed due to a certificate problem. The certificate does not match the installed application certificate, does not support application upgrades, or is invalid. Please contact the application author.
  Can anybody help?

  Lmslugo please move your current installation to the trash can, empty the trash, and reinstall.  This should give you a new copy of the application with a current certificate.

• Adobe Air Certificate problem

  I get the following error message when I try to use any of my applications that use Adobe Air: 
  The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support the application upgrade, or is invalid. Please contact the application author.

  Have you tried creating new certificate for the app?

• Restrict Wireless Guest Internet Access

  I am implementing a wireless guest solution for Internet access. I would like to restrict these users to Internet access only. I undestand the concept of configuring a seperate vlan for them but how can I restrict them to Internet only. I also have remote campuses that I would like to setup as well. I have an ASA 5520 for my firewall and am using metro ethernet from the main campus to the remote campuses. Thanks for any help.

  Hello,
  I have found the simplest way of doing this is to apply an access list to the radio sub-interface for the vsitor vlan.
  Set the access-list to allow any dhcp requests, deny any to a private network and permit any.
  You could do it back at the ASA but there is a chance of the traffic getting onto the network first.
  HTH.
  Andy.

• Enterprise Wireless Guest IP Address Management

  Hi
  We have requirement to deploy wireless guest access for the Enterprise.
  Would appreciate feedback as to wether to use internal DHCP which is  centrally managed or using WLC DHCP.
  Some Considerations
  1.     IP Address reporting historical on number of addresses used, this could be provided by the guest access server on users logged or can WLC
           provide historical IP address reporting
  2.     Centralised address configuration versus distributed on each controller.
  3.    Correlating guest user to IP address allocated, we need to use this for forensic identification of the IP address to the user as guest access will be authenticated via the Radius server and from there access the Internet via a transparent proxy. No requirement for second authentication when accessing the Internet.
  Any feedback on real world experiences would be greatly appreciated.
  Regards
  Bill

  Hi,
  The below doc is the design and deployment Guide for Guest access.. This is just like a bible!!
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html
  Lemme know if this helps.. and please dont forget to rate the usefull posts!!
  Regards
  Surendra

• Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

• Cannot open install assistant.  I get this error message: The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Pleas

  How can I downloade a trial of Adobe Elements 12? 
  I followed the instructions to download assistant...but get this message: The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Please contact the application author.

  Hi alposer,
  Please remove the copy of the Adobe Download Assistant you currently have installed and then reinstall the Adobe Download Assistant.
  Regards,
  Rave

• Certificate Problem--can't install

  I am trying to install Creative Cloud trial version on my Mac. I get this message:  The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Please contact the application author.
  There is no error number

  Kulerkween can you please post a screenshot of the error message?  Also what operating system are you using?