WLAN with 802.1x

Similar Messages

• Nokia N9 can not connect with 802.1x WLAN security

  Hi,
  Can anybody please help me how to connect with 802.1x WLAN security network. All of other symbian devices N8, E7 can connect with it. I have the N9 latest phone from Nokia and it dont even support 802.1x in WLAN security options. I have searched through a lot of forums and this topic isn't even anywhere. Please help

  1st of all 802.1X is not even listed in Security method for of WLAN settings in Nokia N9 PR1.1. However same is listed in Symbian^3 for Nokia N8 and E7. 2ndly same settings works on N8 and E7 but not on N9. N9 showing me "something's wrong with network connection". In the syslog, i am getting these error msges.
  Feb 7 12:46:29 (2012) icd2 0.201.2+0m6[1271]: WLAN: Asked data for ssid "mobily" but got 5 results but no req ssid, ignoring all results (up=0x1249c)
  Feb 7 12:46:30 (2012) EAP[2691]: EAP 2.1.50+0m6 quitting.
  Feb 7 12:46:30 (2012) kernel: [ 465.324401] wl1271: down
  Feb 7 12:46:31 (2012) icd2 0.201.2+0m6[1271]: Removing active IAP 0x367b8/(nil)/(nil)/(nil)
  Feb 7 12:46:38 (2012) wlancond[1037]: Scan command failed: -100
  I am adding snapshots of Nokia E7 & N9 for comarison of settings
  Attachments:
  E7 1.jpg ‏40 KB
  E7 2.jpg ‏31 KB
  E7 3.jpg ‏50 KB

• Wireless Guest Access with 802.1X (PEAP/MSCHAPv2) and ISE?

  Hi,
  I have a setup based on WLC 5508, Catalyst 3750-X and AP3600i.
  The WLCs are running 7.3 and ISE is 1.1.1
  I'm trying to setup wireless guest access, where the guests connect to a SSID with 802.1X using PEAP/MSCHAPv2.
  They should receive their username/password either from a sponsor directly (corporate AD user which prints the credentials) or through a SMS.
  The credentials will be created by the sponsor, using the sponsor portal on the ISE.
  Now to the questions:
  Is it correct that the foreign WLC (i.e. the WLC within the internal corporate network), should be set to no L2 and L3 security on the guest WLAN, to avoid having the foreign WLC contact the ISE and all traffic be forwarded directly to the anchor WLC?
  Is it correct that the anchor WLC (i.e. the WLC in the DMZ), should be configured with 802.1X/WPA2 L2 security and the ISE servers as the RADIUS servers on the guest WLAN, to ensure that the client is correctly authenticated/authorized by the ISE?
  When a guest logs on, how can I ensure that only one device (MAC address) is allowed per user?
  As it is now, a guest is able to log on with (I assume) an unlimited number of devices, using the credentials they have received.
  Thankyou very much :-)
  Best Regards,
  Niels J. Larsen

  Hi,
  I have a setup based on WLC 5508, Catalyst 3750-X and AP3600i.
  The WLCs are running 7.3 and ISE is 1.1.1
  I'm trying to setup wireless guest access, where the guests connect to a SSID with 802.1X using PEAP/MSCHAPv2.
  They should receive their username/password either from a sponsor directly (corporate AD user which prints the credentials) or through a SMS.
  The credentials will be created by the sponsor, using the sponsor portal on the ISE.
  Now to the questions:
  Is it correct that the foreign WLC (i.e. the WLC within the internal corporate network), should be set to no L2 and L3 security on the guest WLAN, to avoid having the foreign WLC contact the ISE and all traffic be forwarded directly to the anchor WLC?
  Is it correct that the anchor WLC (i.e. the WLC in the DMZ), should be configured with 802.1X/WPA2 L2 security and the ISE servers as the RADIUS servers on the guest WLAN, to ensure that the client is correctly authenticated/authorized by the ISE?
  When a guest logs on, how can I ensure that only one device (MAC address) is allowed per user?
  As it is now, a guest is able to log on with (I assume) an unlimited number of devices, using the credentials they have received.
  Thankyou very much :-)
  Best Regards,
  Niels J. Larsen

• CCKM with 802.1x authentication

  Hi,
  Can we use CCKM authentication with 802.1x layer 2 authentication method. I read it one cisco article that we can't use CCKM with 802.1x authentication.  Please find the url below, its says that is you choose layer 2 authentication method is 802.1x, then we can't use cckm. Kindly suggest
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82135-wlc-authenticate.html
  Regards,
  Jubair.S

  Yes, You can. 
  Refer this document which clearly state it
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01001110.html#ID963
  802.1X+CCKM—During normal operation, 802.1X-enabled clients mutually authenticate with a new access point by performing a complete 802.1X authentication, including communication with the main RADIUS server. However, when you configure your WLAN for 802.1X and CCKM fast secure roaming, CCKM-enabled clients securely roam from one access point to another without the need to reauthenticate to the RADIUS server. 802.1X+CCKM is considered optional CCKM because both CCKM and non-CCKM clients are supported when this option is selected.
  HTH
  Rasika
  **** Pls rate all useful responses ***

• Web-Auth with 802.1x

  Environment is WLC 2106 with 4 LWAPP access points. Currently running 2 WLANs: 1 using 802.1x authentication with a Windows IAS (RADIUS) server for Active Directory authentication; 1 using basic WEP for guest access that drops the user in it's own secure VLAN.
  I am trying create a 3rd WLAN that uses Web-Authentication using 802.1x RADIUS that passes the username/password to the Windows IAS server. I can see the request being passed to the IAS server, but it is being logged on the IAS server as:
  An Access-Request message was received from RADIUS client WLAN Controller without a message authenticator attribute when a messages authenticator attribute is required. Verify the configuration of the RADIUS client in the Internet Authentication Service snap-in (the "Client must always send the message authenticator attribute in the request" checkbox) and the configuration of the network access server.
  I already have the one WLAN using 802.1x where the RADIUS client on the IAS server has the "Request must contain the Message Authenticator attribute" checkbox checked and it works jsut fine. It is just the Web-Auth using 802.1x where it seem the authentication isn't being passed properly to the RADIUS server. I cannot figure out what I am doing wrong or missing.

  Hi,
  I don't know if you have resolved the problem or not, But I will propose my solution anyway,
  There are two ways to solve this problem, either to make the controller send the radius request with md5 or make the windows reply to the radius requests that does not contain a md5 hash
  Microsoft Solution:
  When you add the Radius Client using the wizard there are certain options that don't show; for instance the md5 attribute that is causing the IAS to drop the web auth requests. So what you need to do is after you use the wizard, you right click on the client that you added (in our case the WLC) and uncheck the box that says "Access-Request message must contain the Message-Authenticator attribute" (attached is a screenshot).
  That should make the IAS respond to the web auth requests.
  WLC Solution:
  I haven't tested this solution, but I think it will work. if you did test it, please let me know how it turned out.
  By default, the Web Radius Authentication is set to "PAP" (can be found in the Controller Tab @ the WLC GUI), you need to set it to MD5-CHAP. (attached is another screenshot).
  Hope that solves your problem, and please let me know how the problem was solved.

• Anyone familiar with 802.11r?

  Hi,
    We have a cisco WLC that provides a WLAN supports 802.11r. So I compiled wpa_supplicant 2.2 with 802.11r enabled (3.12.18 kernel) with FT-EAP as keymgmt.
    It connected, worked. But when I roamed the client, I saw that it reconnected (or reassociated? I did not have log at hand) which was not supposed. Then I checked WLC debug information, I saw the client was not recognized as 802.11r capable.
    What should I check?

  An easier way?
  Sir, anything beyond iWeb requires effort.
  Find a form creator, such as wufoo, and display the form in a html snippet with an <iframe>. In the end it's the same, whether you create the form from scratch yourself or use a service :
  http://wufoo.com/
  My webhoster provides a formcreator :
  http://one-docs.com/tools/formmailgen/
  The code is very basic, so one has to dress it up a bit. See if your provider offers a similar service.

• Airport Express (Model with 802.11G +54MBPS Mac/PC and Set Up Issues

  Hi,
  We have a 4 Mac and 1 PC Household. Cable Internet Service by Roadrunner.Cable model (owned) connected to a D-Link 802.11G wi fi router (by ethernet from cable modem)in the family room , then out to a Imac (the half moon base and LCD screen with a airport card also in the family room and the closet computer to the D-Link
  router, (we did add a D-Link antenna to the router ? about 10 months ago (a D-Link ANT24-0700 (Version 1.2)and a HP 4 in 1 printer attached via USB to the Imac
  ,a eMac 1.25 ghz 1Gb ram with airpot card also connected wirelessly (no printer attached on the same floor but in a ajoinging room about 20 feet from the Router, and another eMac 1.0 Ghz 1Gb ram with airport card in the upstairs part of our house (a bedroom) and no issue with Internet connection (it has a Epson 3in 1 printer attached via USB, and a MacBook Pro with 802.11N wireless card in side , bought for a Christmas/Birthday Present and also for college.It to has no issues with the Internet where ever it may be in the house. Our sole PC a HP tower with a added D-Link WDA -2320 Range Booster Desktop Adapter (802.11G) and we added a D-Link Antenna same model as the other a ANT24-0700 to help with Internet access which it did as well as adding some ram to increase page loading time etc. It does not have a printer attached. I will get to the Topic Area now
  The Airport Express. I was not involved in the set-up as I was laid up due to a bad back and post major knee surgery , But I always (especially recently) wondered why the light was amber and blinking. I read through the manual and also
  Apple.com support and MacFixit.com (which is under construction and moved to part of Cnet.com)and then went to the Airport Express Discussion area (sorry for being so wordy) I need a Twitter account to post!) We have a network name for the D-Link and the computers all were added and it also supports a Xbox 360, a Sony PlayStation 3 and a Nintendo Wi (in online use without issue) but..
  A network was also as it appears to myself) for the Airport Express and under the half moon bars showing connection strenght (there is our D-Link network "phoenix" with security protection WPA2 I believe) as I have set up the router, We had a Apple Base station prior that was ? 802.11B (a half moon white unit) still have it in the box ) So for normal daily use, checking e-mail and internet use all of the computers use the "phoenix" or D-Link supported Router 802.11G
  and The other network calld Apple Network with numbers and letters after it (and hopefully security) password is unknown , The Airport Express is set up connected via USB to a HP B&W laser printer which has saved quite a bit of money on ink, To utilize that printer you must switch from "phoenix" The D-Link router network to the Apple Network (followed by letters and numbers) The Imac and the eMac in the family room and a ajoing room (after switching to the Apple Network
  can than print to the lasr printer. The eMac upstairs and the HP Windows XP Professional software can not print to the laser printer (yet the HP PC shows it as a individual network and a strong signal, equal to the Internet connection from the D-Link, and the eMac (after switching under the half moon (not the proper name I am sure) to get to the Apple Network to print , it will not print, yet it shows a 5 bar signal, same as the D-Link connection. I do believe we have two seperate networks (but do not understand why the two Mac's in the family room can print to the laser printer by simply switching networks and then file and print. ** One other 9probaly major item is that it states to set up the Airport Express with a Mac With OSX 10.4 or later (at the time of set up, we had the Imac and two eMac's all running Panther OSX 10.3.9 9which they continue to have installed) We obtained the HP Tower and Monitor and HP 4in 1 printer ust before Christmas in 2008 and the MacBook Pro in Mid December 2009 (current model and running Snow Leopard 10.6. The HP Tower runs Windows Xp Professional (Service Pack 3) so the MacBook Pro which is much more mobile , could be used to do the set-up, or the HP Tower coulf be moved temprarily, I do recall if Router changes (at least with The D-Link You need to be connected by Ethernet to the Mac
  that would be doing the set up/configuration of the router (and it runs OSX 10.3.9 and is a older Mac (with 80Gb Hard drive that is partioned for OS9 and OSX as well , it is under a Ghz processor wise and less than 1 Gb of ram as the last ram slot required a seal to be broken and 256mb of ram (?) could be added
  it has 768 mb of ram but knock on wood running well. We use Lacie external drives
  on the Imac and both eMac's and need to get external drives for the HP PC as well as the Mac Book Pro (15" screen)
  I apoogize if I repeated myself, and rambled but I wanted to (in one post) to explain our set up and network configuration
  Questions
  1) if indeed it is that the two networks is true and a set yp that is not correct
  can the Airport Express be configured without opening up the router (when ever that happens it seems one computer is unable to get online and each time its a differnt one a Mac or veen the PC
  The PC under My Computer and Networks clearly shows the wto distinct and seperate netwoks with strong signals and the distance is not far (it is through a floor as the other emac and the PC are upstairs and cabling by ethernet is not a option
  2) If I need to open the router would I add the Airport Express as a client as if it was one of the computers or gaming systems on the network? (adding the Mac adress or IP address (not sure how you find the Mac address) and its been while since the router was opened up for any additions or work on it.
  3) would it be on the same channel as the router or not ?
  4) Hopefully with proper configuration the light will stay on (and green) on the A/E and the eMac and HP PC will be able to print to the laser printer. Currentlt
  when anything needs printed from the PC its put on a Flasg Drive and plugged in tothe Imac and the the Apple Network is selected and data printed, The eMac upstairs has the option of using the attached Epson 3 in one or doing the Flash stick work around.
  I would be verya appreciative if some one took a look at the set up above and advised me of what is right, what is not right* and what to do to fix things up
  I would imagine after proper set up, delete the Apple Network from the PC and eMac upstairs and ? all of the computers as we should have one base station (the D-link and the spoke (the A/E connected by UBS to the A/E (it may be ethernet but the cable connection from the A/E to the HP laser printer is correct (the rest of the A/E set up ... Please , tell me where it is and where it should be
  and ? any idea why we can print to the laser printer down stairs and not up stairs ? it did mention printer set up with Panther as possible, page 43 of themanual we have un chaper 5 Tips and Troubleshooting (under whn your printer isn't responding) (we do not have the interfereance listed in the manual,
  our phones are land line, one 900 mghz and the others 5.8 ghz
  It is possible to move the A/E and laser printer if that would help the two computers (desktops) upstairs) bt the distance is way less than 150 but their is a floor and ? duct work (metal ) but I think here is a place to stop typing and let some of the experts on the discussion forums take a look.
  one lst note (as the lap top will be going off to college in the fall (runnning Snow Leopard, and the other 3 Mac's run Panther OSX 10.3.9 should the HP PC windows Xp Professional be the computer to set up the air port express and the Airport Utility proram installed & would this conflict with the current Router (set up by a Macc running OSX 10.3.9 (Panther) i.e (should both set ups be on the same computer?) but actually aThe D-Link is OSX10.3.9 compatible (and 802.11G) and set up requires ethernet connection to a Mac (You type in the numbers and . etc and password as administror and you are in, or should the admin be on the same cpmpuer for the router and A/E ?
  (and considering a Airport Extreme Base Station as well as dual frequency simulataneus and 802.11N (for the laptop now) and future, or wait. The 802.11
  in theory would broadcast farther..?? even if computers had 802.11b(our Mac Desk tops and the PC 802.11B card
  Thanks Again!!!
  Many, Many Thanks
  amnienttales

  William Boyd Jr.
  Hello again,
  D-Link Router is model DGL-4300 (along with a D-Link ANT24-0700 Omnidirectional
  7dbi Antenna . Our Cable Internet ISP (Roadrunner) provides consumers with dynamic ISP address's . All Mac's have Airport Cards and The Hp Tower XW4550 has a D-Link Rangebooster G Desktop Adapter WDA-2320 (also with a D-Link ANT24-0700 Omnidirectional 7 dbi Antenna (the PC OS is Win XP Pro Service Pack 3) The 3 desktop Mac's run OSX Panther 10.3.9 , The 15" MacBook Pro OS is OSX 10.6 Snow
  Leopard (not sure what is after the .6 (right now) D-Link's website is
  http://www.dlink.com , I have configured this router multiple times in the past.
  also added as clients on the network (Utilizing the D-Link Router) are a X-Box 360, Sony Play Station PS3, and a Nintendo Wii all of which have on line ability
  and enables online video game play with any one online.
  As mentioned prior the Airport Port Express is Model A1084 Part No. M9447OLL/A
  which is USB conected to a HP LaseJet B&W , model 1020 and some how the two computers near it can switch to the Airport Express Network from the D-Link Router based Network and print wirelessly to the A/E connected LaserJetPrinter
  I realize I will need to reconfigure the D-Link Router and add the A/E as a client. I will try first to use the Airport Utility and see if I can do anything
  Utilizing it (adding it to the D-Link network, I think its unlikely but worth a try but* the password is unknown but I have a few guess's as to what it may be.
  I do have the necessary admin and network paswwords to cconfigure the D-Link Router,
  1) * If the the A/E Utility experiment fails and I need to re-configure the router * do I need to (as per the Airport Express Set Up Guide (Use a Mac with OSX 10.4 or later or a PC with Win Xp Home or Professional (have a desk top PC that has the specs) and The Mac Book Pro meets the Mac Spec's)
  If I can not get a password to work on the A/E I would reset it using the reset button
  And before plugging in the A/E , connect the appropraite cables in our case a USB cable to the LaserJet Printer then plug in the A/E
  2) I would then connect by Ethernet from Either the Mac Laptop or The PC to the D-Link router (if not the router will not set-up correctly)
  3) The one question that puzzles me is that we are not using the A/E as a base
  but a client
  in two sections(Using Airport Express , connecting a Printer via USB
  and use Airprt Utility to create a new network or join a new newWireless computers using Mac OSX 10.2.7 (Tiger) or later or a PC with Windows XP and it then goes in to the steps of ising the printer for both a Mac and a PC (using Bonjour on the CD that came with the A/E (this appears to contradict needing to use Mac OSx 10.4 or a PC with Win Xp set the A/E up for use as a printer
  (joiing a new network or existig one)
  And in Chapter 5 Tips and Roubleshooting= Your Airport Express Status Light Flashes amber & Your Printer is not responding (it is flashing amber and the printer does not respond to the two computers upsstairs (one Mac running OSX 10.3.9 & One PC running WinXp and its states to make sure the printer is selected
  in the Printer list o client computers, to do this on a Mac using OSX 10.3 or later , open Printer Set Up Utility and follow steps and if a PC with Windows XP , Open Printers and faxes and then follow steps
  in Closing ? can I configure the A/E Utility with a Mac using 10.3.9 as above or
  ? Per Chapter 1 Getting Started use a Mac with OSX 10.4 or later or a PC with Windows Xp Home or Professional
  Perhaps I am taking the tips and trouble shooting and Printer Set up out of context or does the getting Started Computer specs contradict them or are they
  for use if the A/E was going to be a Base Station and not a client..
  Will keep at it,
  ambienttales

• HP Officejet Pro 8500A Plus Support WEP with 802.1X

  My boss currently bought a HP Officejet Pro 8500A Plus that have wireless function. Unfortunately our corporate wireless is protected with WEP with 802.1X that requires certificate import into laptop to connect to the wireless. I run thru the whole HP Officejet Pro 8500A Plus do not have any instruction on import the cert. I depply appreciate if any experts can assist me on the wireless setup?

  Hello-
  Make sure printer firmware is up to date.
  http://www.youtube.com/watch?v=qZBhl0eMBPs
  Also, plug printer directly into wall outlet.
  Also, remember a click on the Kudos star to the left is a quick "Thanks" for a helpful post.
  Please select the "Accept as Solution" button on the post that best answers your question.
  I appreciate your input !
  Thank You,
  Donald

• Time Capsule (SIM) expand network with 802.11b/g Airport Extreme

  Hi, I try to expand a Airport-Network which is set up with a Time Capsule (SIM (latest model). I like to use an Airport-Extreme-Basestation to expand the network. The two devices will be connected wireless. In the helpfile there is a explantation how to do this with 802.11n-devices but when it comes to the 802.11b/g-devices it just says I should have a look on the apple support-pages. I do not find anything there.
  I tried everything, but it did not work. I've had a Time Capsule (first model) which died some days ago (the well known powersupply problem). With this Time Capsule I did not had any problems to set up a WDS.
  What to do?
  Message was edited by: Kadege

  Kadege wrote:
  Ok Jolly, thank you, but I started this thread to get in contact to somebody who knows the solution, i.e. has done this before.
  Jolly Giant wrote:
  try automatic
  Of course I've already tried this and the other automatics, but it did not work. That is the reason I am asking for help. So I guess I need special settings.
  NOT good !
  No protection is not good, ok. But I want it to set up and running and after this I can switch on protection to eleminate some mistake-reasons.
  WDS-Mode: "remote WDS-Basestation"
  when the UFO joins the TC's network this will no longer apply
  But this menu exists and the UFO does not join the network, so I have to select any of this settings!
  try these steps provided by Tesserax:
  Setting Up Time Capsule as a Second Wireless Router
  802.11g AirPort Extreme Base Station -> 802.11n Time Capsule
  With "mixed" AirPorts, you will need to configure both routers into a Wireless Distribution System (WDS). Your neighbor's AirPort Extreme Base Station (AEBS) will be the main and your Time Capsule (TC) will be the remote base station in this WDS.
  To simplify setup, you should connect your TC directly to the AirPort's LAN port by Ethernet. Once the WDS is configured, you can disconnect the TC and place it at the desired location.
  The following are the basic configuration steps to create a WDS:
  (Note: To facilitate the WDS set up, jot down the AirPort IDs (MAC addresses) for each of the base stations to be used in the WDS. The AirPort ID and is printed on the label on the bottom/side of the base station.)
  Main Base Station Setup - AEBS
  o Click the AirPort status menu in the menu bar and choose the wireless network created by the base station you want to set up as the main base station.
  o Open AirPort Utility (located in the Utilities folder in the Applications folder on a Macintosh computer, or in Start > All Programs > AirPort on a computer using Windows).
  o Select the main base station, and choose Manual Setup from the Base
  Station menu, or double-click the base station to open the configuration in a separate window.
  o Enter the base station password if necessary. If the base station is using the
  default password of public, you will not be prompted for a password.
  o Click Wireless in the toolbar, and then choose “Participate in a WDS network” from the Wireless Mode pop-up menu.
  o Click WDS and then choose “WDS main” from the WDS Mode pop-up menu.
  o Select the “Allow wireless clients” checkbox if you want client computer to connect to this base station.
  o Click the Add "+" button and enter the AirPort ID of the base station you want to connect to this base station.
  o Click Update to send the new settings to the base stations in the WDS.
  Remote Base Station Setup - TC
  o Click the AirPort status menu in the menu bar and choose the wireless network created by the base station you want to set up as a remote base station.
  o Open AirPort Utility (in the Utilities folder in the Applications folder on a Macintosh computer, or in Start > All Programs > AirPort on a computer using Windows).
  o Select the remote base station, and choose Manual Setup from the Base Station menu.
  o Enter the base station password, if necessary. If the base station is using the default password of public, you will not be prompted for a password.
  o Enter the same network password as the main base station, if necessary.
  o Click AirPort in the toolbar and click Wireless. Choose “Participate in a WDS network” from the Wireless Mode pop-up menu, and choose the same channel as the main base station from the Channel pop-up menu.
  o Click WDS and choose “WDS remote” from the pop-up menu.
  o Enter the AirPort ID of the main base station in the WDS Main field.
  o Click Update to transfer the settings to the base station.
  (ref: Pages 42-46 of "Designing AirPort Networks.)
  802.11n AirPort Extreme Base Station -> 802.11n Time Capsule
  o Open AirPort Utility and select the base station that will connect to the Internet.
  o Choose Manual Setup from the Base Station menu, or double-click the base station to open the configuration in a separate window. Enter the base station password if necessary.
  o Click AirPort in the toolbar, and then click Wireless.
  o Choose “Create a wireless network” from the Wireless Mode pop-up menu, and then select the “Allow this network to be extended” checkbox.
  o Next, select the base station that will extend this network, and choose Manual Setup from the Base Station menu, or double-click the base station to open its configuration in a separate window. Enter the base station password if necessary.
  o Choose “Extend a wireless network” from the Wireless Mode pop-up menu, and then choose the network you want to extend from the Network Name pop-up menu.
  o Enter the base station network and base station password is necessary.
  o Click Update to update the base station with new network settings.
  does this fix it for you ?
  edited by the Jolly Green Giant (where Green stands for environmentally friendly)

• Aironet 1140N in mixed mode not working with 802.11b/g Clients

  I have a new Aironet 1140N Access point , the model is number AIR-AP1142N-A-K9, my main problem in that i have Nokia E71 smartphones on the network, but they cannot connect to the Network, the Access Point SSID is not showing on the List of Available Devices if i Scan using the Phone,
  All Laptops are runing Win 7 Pro and they connect quite ok, The phones (8 of them) at HotSpots connects without problems, the Spec says they are compatible with 802.11b/g and the Aironet Access point provides 802.11a/g/n.
  Since the phone has the 802.11g which is compatible with the Access Point, why cant it Pick it? the Access Point is Operating in Mixed Mode.
  Bonnie

  There are basically two "flavors" of WDS that the AirPorts support: static & dynamic.
  o A static WDS allows for a main, relay, and remote base stations in the configuration. This only operates in the 802.11g radio mode. Its advantage is it is well suited when you are trying to cover a considerable linear range ... like a rectangular house where the Internet connection comes in at one of the shorter sides and you want wireless at the other end. The biggest disadvantage of this type of WDS is that for every base station added, you lose half the overall bandwidth.
  o A dynamic WDS allows for only a single main and multiple remotes. Think of a wheel with the main at the center and the remotes as spokes of the wheel. The advantage of this type of WDS is it operates in the 802.11n radio mode and doesn't suffer a significant bandwidth loss like the static version.
  As a minimum, a dynamic WDS requires two 802.11n AirPorts (or Time Capsules). You can create a static WDS with either all 802.11g AirPorts or a mix of 802.11n & 802.11g AirPorts. Note; however, you cannot create a dynamic WDS with mixed mode base stations.

• Windows 7 client won't connect with 802.1x security

  Having issues connecting a windows 7 dell laptop with cisco unified wireless infrastructure.  Currently running 4 4402 WLCs and 1 wism.  The client in question is trying to connect to an AP that sits on one of the controllers on the wism.  WLC code running is 6.0.199.  If I configure the windows 7 client to an ssid with wpa2 with preshared key it works with no issue.  It's really problematic with 802.1x, wondering if there is addition settings on the adapter in win 7 that I'm missing or have overlooked.
  Thank you in advance for any suggestions to a solution to my problem
  Regards,
  izzy

  Windows is going to want to use the credentials that you login to the machine.  SO if you logged is as "administrator" but you need to authenticated as domain\John.Smith  you need to manipulate the credentials.
  If you are logging in to the machine with valid domain credentiasl though, it becomes a bit more difficult.
  So, is this the only type of machine having an issue?  What is the driver version and chipset type?
  you can run debug client < cliet ma address > and watch what is happening from the controllers persepctive. You can also see what username is being sent to the AAA server.
  Cheers,
  Steve
  If  this helps you and/or answers  your question please mark the question as "answered" and/or rate it, so  other users can easily find it.

• Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?

  Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?
  Im trying to follow the trustsec 2.1 guide on IP Phones into LowImpact mode.
  I can get a PC on its own to authenticate via dot1x/tls
  I can get a Cisco IP Phone on its own to authenticate via MAB.
  When the two are on the same switchport, the phone will authenticate but not the PC.  ISE logs EAP timeouts.
  The switchport has the LowImpact port ACL of
  ip access-group ACL-DEFAULT in
  The IP Phone gets a dACL that allows it ok.
  I assume MAB phone and dot1x PC is supported?  Any ideas?
  Thanks in advance.

  The ISE log detailed steps are as follows:
  Steps
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  Evaluating Service Selection Policy
  15048  Queried PIP
  15048  Queried PIP
  15004  Matched rule
  11507  Extracted EAP-Response/Identity
  12300  Prepared EAP-Request proposing PEAP with challenge
  12625  Valid EAP-Key-Name attribute received
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12501  Extracted EAP-Response/NAK requesting to use EAP-TLS instead
  12500  Prepared EAP-Request proposing EAP-TLS with challenge
  12625  Valid EAP-Key-Name attribute received
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12502  Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
  12800  Extracted first TLS record; TLS handshake started
  12805  Extracted TLS ClientHello message
  12806  Prepared TLS ServerHello message
  12807  Prepared TLS Certificate message
  12809  Prepared TLS CertificateRequest message
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12504  Extracted EAP-Response containing EAP-TLS challenge-response
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12504  Extracted EAP-Response containing EAP-TLS challenge-response
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  5411  No response received during 120 seconds on last EAP message sent to the client

• WPA with 802.1x authentication

  Hi experts,
  I need clarification in a fundamental concept.
  Is it possible to configure WPA with 802.1x authentication without external AAA / ACS server.
  If the username and password is configured in local device, is it possible to create 802.1x authentication without RADIUS server
  Thanks in advance
  regards,RB

  You can't do 802.1x without RADIUS. But you can use Local EAP on an Autonomous AP or on a LAP Controller. They can both act as RADIUS servers. Here's an example config for an autonomous AP:
  aaa group server radius rad_eap
  server 192.168.0.1 auth-port 1812 acct-port 1813
  aaa authentication login eap_methods group rad_eap
  dot11 ssid ccie
  authentication open eap eap_methods
  authentication network-eap eap_methods
  guest-mode
  radius-server local
  nas 192.168.0.1 key cisco
  user test password test
  radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco
  LAP Controller local EAP is configurable through GUI

• SG300 with 802.1x and wake on lan

  Hi,
  is there a way to support wake on lan on SG300 with 802.1x ports and dynamic vlan?
  thanks,
  maart2012

  Hi,
  Depends on the authentication. If you have mac or login authentication there is no traffic allowed neither direction before successful authentication. However you may use Guest VLAN concept for WOL packets.  With web portal authentication some traffic is allowed but as far I as know it is only arp, bootp so again maybe Guest vlan concept would be the solution.
  Regards,
  Aleksandra

• USB Printer with Time Capsule (with 802.11ac)

  Hello Guys,
  I have a Canon MP258 inkjet printer and it's not working with my airport time capsule (with 802.11ac) .
  I had tried a lot of method to solve it but it can't be done.
  Pls, help me to solved this puzzled.Thx 
  Best Regards,
  Johnremy

  If the name of your printer does not appear in the printer list when you click the + button, try contacting Canon Support to see if they have an updated printer driver that you could download and install.
  Download Free Driver Pinter Canon Pixma MP258
  http://filedir.com/drivers/printer/canon-pixma-mp258-mp250-printer-driver-downlo ad-516940.html
  If this does not work, then Canon has not provided the printer driver for their device to operate on a network USB connection.
  Do you understand that if you can get the print function working, that fax, scan, copy, maintenance, etc functions will not work when the MP258 is connected to the USB port on the Time Capsule?
  Only the print function is supported on the Time Capsule, so if you need the other functions, you should connect the MP258 to your computer.....not the Time Capsule.