WLC 5500 support for Diameter protocol?
We have been having issues with wireless user authentication (sessions start/die). Multiple authentications are sometimes needed for end users to connect. We use 802.1x to Microsoft Radius in server 2008 R2, and it's flaky. I've read up on the Diameter protocol, and it looks like it would be very good to use. However, our WLC 5508's only support the normal (and very old UDP version) of Radius.
Does Cisco plan on enhancing the software to be able to support Diameter in the future?
That is something you would need to ask your Cisco SE about. I haven't heard anything regarding future support for that, but that doesn't mean it will not happen.
Mad far as your current deployment, I have many customers who are using Microsoft IAS and NPS for radius with no issues like what you are having. It's something you need to understand why they are not connecting right away. Many times it can be how the WLAN is configured or driver related issues.
-Scott
Similar Messages
-
Support for https// protocol in websphere
Hi
iam using websphere 5.1.2 i redirect my jsp to https//localhost:9080/sam.jsp but its not display .
Can u help me how to configure websphere for support of Https
protocol
ThanxHi
Try https://localhost:9443/sam.jsp if you use a default configuration of websphere testenvironment. (Not sure if a full Websphere installation is configured the same way...)
If this does not work use Websphere Admin Console to configure an additional secure port. -
closed Support for FIX protocol in OSB for Financials
Hi,
I am trying to find out the FIX protocol support in OSB and found out the fix adapter guide in the following location:
http://download.oracle.com/docs/cd/E13185_01/fmd/docs10gr3/pdf/FIX.pdf
From this document i am unable to get how this can be used in OSB for financials. If anybody has more documentation/tutorial for FIX support, please give me your insights.
Thanks
Siva
Edited by: user13061887 on 03-May-2010 01:33I don't understand the issue at hand. Did you download the OSB financial edition. It comes with a design time which will allow you to create catridges for fix. Once the cartridge is configured, you have to export the cartridge for java class. these java classes are imported into OSB and invoked via java callout.
Let me know if you need more information.
Manoj -
Oracle SOA support for these protocols
Not sure if anyone knows but what component in the Oracle SOA stack or how would the SOA stack support:
1) OFTP
2) MFT
3) Connect:Direct
Can't find anything in the documentation about this.
ThanksAs mentioned before, the BPEL language itself is a programming language. Via BPEL partner links it is able to connect to other systems. In Oracle SOA Suite, we support by default adapaters (and this protocols):
JMS/FTP/FTPS/Database/AQ/MQ-Series/WebServcis.
Third party companies such as Iway, delivers other adapters to connect to other systems and/or protocols. -
Hi,
Is there any way of B2B supporting the AS3 proptocol since the AS3 uses a secure FTP for communication.
The requirement is to be able to commincate to Trading Partner AS3 servers.
Thank you,
Shantanu GhoshRaise an Enhancement Request with support and you should get an ETA on this. You may also mail across the customer details and requirements, to Ramesh ([email protected])
Thanks,
Anuj -
My Desired flow is:
Guest SSID - Open Access.
If WebAuths as a Guest User, apply ACL-GUEST-ACCESS and stop
If webauth's as a user that is a member of AD group X, go to client provisioning portal.
I've tried using CWA, and I get "We are unable to determine access privileges in order to access the network. Please contact your administrator."
Since the 4400 and 2100 WLCs are supported for ISE using LWA only (no CWA support), I think this is why.
The below log appears in the authentications screen: (not very helpful is it)
So I think I need to do a AuthZ rule resulting in a profile using webauth against the provisioning portal, not CWA? If so, I can't seem to wrap my head around a workable rule to match this. Any hints on making this work? All the TrustSec 2.0 and 2.1 docs center around CWA only.When you use LWA (Local Web Authentication) the NAD device (Switch, wireless lan controller, etc) is providing the Web Authentication Services. For example, on the WLC clients get redirected to the built-in WebAuth Guest page. As a result, the clients will never reach ISE for them to utilize the web services (web auth, device registration, provisioning etc). You will need to run version 7.2 and above on your WLC and use CWA. I hope this makes sense.
Thank you for rating! -
Can we create Mobility group between WISM2 and WLC 5500
Dears,
I need your feedback urgent please,
Can we create Mobility Group between WISM2 and WLC 5500
Firmware for WISM2 > 7.4.121.0
Firmware for WLC5500 > 6.0.196.0
I created Mobility Group with (IP address , MAC Address and Mobility group name) for Foreign Controller. if any configuration required from my side.
Wait your feedback urgent please
Regards,Hi,
Controllers do not have to be of the same model to be a member of a mobility group. Mobility groups can be comprised of any combination of controller platforms.
Thats enough :)
Regards
Dont forget to rate helpful posts -
My customer needs documentation detailing Siebel's support for encryption protocols across all layers
i.e
1) User Interface,
2) Web Session / Transport
3) Database Layer
4) Logs. Cookies
Is there any documentation that someone has prepared from field experience? or does product management maintain any such document?
Any pointer would indeed help! Look fwd. to your inputs.
Regards,
RakeshRakesh,
I would start with the Bookshelf section on Encryption in the Security Guide. Beyond that I am not aware of any single document that addresses all types of encryption. Basic observations follow:
1. User Interface -- Since this is a web application, not sure how this differs from "Web Session". The communications between the end user's browser and the Siebel Web Server can be secured with standard SSL. Higher key lengths require that the Siebel Strong Encryption Pack be installed on both the Siebel Web Server(s) and the Siebel Application Server(s).
2. Web Session / Transport -- The SISNAPI communications between the various Siebel servers can by encrypted using RSA, MSCrypto, or SSL.
3. Database Layer -- This is dependent on the database being used and would be set at the client level for transport. As long as it is transparent to the Siebel application object manager, it should be fine. In terms of actual data storage, Siebel can do field level encryption for specific fields. Alternatively, database encryption utilities such as Oracle's Transparent Data Encryption (TDE) can be used as long as it is transparent to the Siebel application. Encryption of local databases are more restrictive and involve either encrypting the whole local database or not encrypting the local database.
4. Logs and Cookies -- Logs are not encrypted. Cookies can be encrypted in transit when using SSL. Also the session identifier can be encrypted.
Hope this information is at least somewhat helpful.
Stevan -
IWeb protocol support for anything OTHER than http and https
I am extremely disappointed in iWeb. It doesn't even seem to be able to do very simple things.
All I want to do is to create HTML links to external pages with protocols other than "http" and "https" and it always prepends "http" to the beginning of the URL. This is really really really annoying.
Apple I hope you are paying attention. iWeb is poorly designed. You are trying to anticipate what end users want...this is a development practice right from the Microsoft Windows Developer book. I sure how the next update to iWeb works properly. I'm so upset about all this...I can't publish podcasts to the web because of all the foolishness with how you handle that, and the confusing directory name issues.
My podcast URL looks like this:
http://itpc://www.mysite.com/podcast/News/rss.xml
I tried (unsuccesfully) to manually create the podcast since the automated version created this:
itpc://www.bradyconsult.com/podcast/podcast/News/rss.xml
I'm sure I could fiddle with iWEb and get this to work, but why should I? I've already fiddled with it and simple changes to my site structure totally screw this up. Not to mention, that when it did work, it didn' t even post all my podcasts!!! It skipped the first one and the last one.
And, for those wondering, i'm not technically clueless. I have a podcast working just fine on two other sites. The appeal to iLife with iWeb and the new podcast feature of GarageBand was to bring all this together in one easy to use, nice package. But it's not nice. Garageband's update is awesome! But iWeb and it's attempts to work with the other iApps is gruesome.
I expect this garbage from Microsoft...not Apple.
Can anyone recommend a workaround (and yes, I understand I can manually edit HTML...but I was hoping for a workaround within iWeb) to create html links with support for protocols (aside from http and https) ??
It's bad enough I have to publish to a folder and then FTP to my site since apple makes that exceedingly difficult to do (I'm sure to increase .mac sales) but all this other foolishness is just bunk. I feel ripped off on my iLife '06 purchase.
Grrrrrrr......
G5 Dual 2.3 GHz Mac OS X (10.4.5)I don't know if this helps you any, but in my humble
opinion Drake is absolutely correct. iWeb really
wasn't designed for the pro site builder; it's just
an entry level site builder. Moreover, it isn't
really geared for the professional world of internet
marketing; I think it is really more for the home
and family group who have at least one thing in
common: Macs.
I don't think it was even designed for them. I mean, you can't create an ftp: link, you can't manage multiple site files, there's no way to add "aim:" or "yahoo:" links, etc. It's not mac's they're supporting. It's .mac in particular, maybe, if that.
The art is kinda nice, but really, the grief in trying to do simple things like a basic href is just absurd. I can do these things easily in Pages. iWeb should certainly be no more difficult.
Btw, I'm here because I have the same problem - overly restrictive URL's on hyperlinks. I'll probably solve my with a trivial sed script. But even that's tough because they mangle the url. It's not easy to find an encoding suitable for automatic post processing.
Automator anyone? -
EWS Protocol Support for Agent Email Integration on upcoming UCCX Versions
Hi Everyone,
One of my customer wants to know, In the upcoming versions of UCCX, whether the EWS(Exchange Web Service) protocol is supported for Agent Email Integration or not?
I have done some inital findings for the current versions & it supports only IMAPv4 (for message retrieval) and SMTP protocols (for message sending).
Thanks,
Kumar.VHi,
the way I would do it: Remedy would ask UCCX to place the agent into a specific Not Ready state (this prevents incoming calls) and then transfer a task to an agent. When the task is solved, Remedy would check for the number of calls waiting in UCCX and would leave the agent in Not Ready (and ultimately assign another task), or would change the agent state to Available.
If you want interruptible Remedy tasks (the agent is Available all along and when a call is transferred to him, the Remedy task automatically pauses) - I am afraid this is not possible.
About programmatic access to UCCX: if you have never heard about it, it's not easy - you might want to talk to a consultant.
G. -
Disable weak ciphers and support for all SSL protocols prior to v3.
I am very new to Weblogic and I need a little help with the SSL configurations. I received a security audit back and discovered that Weblogic's SSL is running weak ciphers and also supporting unacceptable versions of SSL (we require a minimum of SSLv3 and need to deny connections with anything less). That said, can anyone point me in the right direction for disabling weak ciphers as well as forcing support for SSLv3 and up only for client connections. I am running Weblogic 10.3.
Edited by: David Pulliam on Jan 26, 2011 8:31 AMHi David,
-Dweblogic.security.SSL.protocolVersion=SSL3 —> Using this JAVA_OPTION will allow Only SSL V3.0 messages are sent and accepted. So add the mentioned JAVA_OPTION in the server start script along with the below OPTION:
-Dweblogic.security.disableNullCipher=true
Also you can do the following in your "config.xml" to make sure that the Weblogic will not accept weak and medium weak passwords:
<ssl>
<enabled>true</enabled>
<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>
<hostname-verification-ignored>true</hostname-verification-ignored>
<listen-port>7002</listen-port>
<server-private-key-alias>aliasHere</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>encryptedpassphraseHere</server-private-key-pass-phrase-encrypted>
</ssl>Thanks
Jay SenSharma
http://middlewaremagic.com/weblogic (Middleware magic Is Here) -
Weblogic support for Parlay/OSA protocol
I am looking for the information related to support Parlay/OSA specifications (www.parlay.org)
by Weblogic.
Please respond if you have heard/known something on that.
Thanks.
GennadyS-23167: The support for Parlay X comes from Wysdom's MAP-OS 5.3 based on the BEA
WebLogic Platform 8.1 and not from BEA itself:
(http://www.wysdom.biz/news_archive3.html)
"Gennady Dosovitsky" <[email protected]> wrote:
>
I am looking for the information related to support Parlay/OSA specifications
(www.parlay.org)
by Weblogic.
Please respond if you have heard/known something on that.
Thanks.
Gennady -
Wlc 5500 authentication timeout
I have a WLC 5500 controller. I have two WLANS (OBSD-Internal and OBSD-BYOD). I have authentication setup to the WLC for the BYOD WLAN using LDAP (users connect with an AD user account). They are required to re authenticate every few minutes. This only happens on the BYOD WLAN (not Internal)
Scott-
Here are the results of the sho WLAN cmd:
(Cisco Controller) >show wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... OBSD BYOD
Network Name (SSID).............................. OBSD-BYOD
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 25
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ g9c-guest
Multicast Interface.............................. Not Configured
--More-- or (q)uit
WLAN ACL......................................... Guest WiFi Internet Only
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
--More-- or (q)uit
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Web Auth
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID IP Address Status -
WLC 5500 802.1x problems
So here is the problem that i have.
I have a WLC 5500 in site A ( let´s say city A too ) with its own set of wlans ( wlan 1 , wlan 2 ... ) that are used to differentiate different types of users ( teachers, students, etc ) using a RADIUS server and a AD for this client and using 802.1x. Everything on site A is working fine.
Now i´m trying so set an access point in site B ( in city B ) with its own set of wlans ( wlan X, wlan Y ... ) that is also used to differentiate clients, site B as its own DHCP, its own RADIUS and its own AD. I´ve managed to connect the access point to the WLC and set wlans for site B. My problem now is that when a user tries to connect to wlan X and he is suppose to be in wlan Y, he is not forwarded to wlan Y and is left in wlan X. I´ve also configured HREAP.
Does anyone as any idea why the clients aren't being assigned to the correct wlan??
I´ve checked in the Radius server and its sending the correct wlan to the user.
I now that the text is probably a little bit confusing, but i hope that someone can help me.
Thanks in advanced.You are right, it is not supported:
Note: If the APs are in H-REAP mode and locally switched at the remote site, the dynamic assignment of users to a specific VLAN based on the RADIUS server configuration is not supported.
Since you can't do dynamic vlan, why not have two policies, one for teachers and the other for students. You will need to have then in seperate groups in AD also. Then filter on the ssid and the AD group, so if students try to access the teachers ssid using their credentials, they get rejected and vice versa.
I don't know what you mean by connecting two site without h-reap. The only other way is switching the AP to local mode, which you better have some good bandwidth.
Scott -
Why no SyncML-support for Harmattan??
I've used SyncML on my N95 with memotoo.com for years. Worked very well. I took it for granted that SyncML would be supported on the N9. But alas, it isn't. I find that really incomprehensible. Worse yet, CalDAV syncing with memotoo doesn't work - I don't know who's to blame for this, but on the desktop it works flawelessly so I do have a suspicion. Even worse: there is no way to sync contacts using CardDAV.
MeeGo (the true MeeGo) has SyncML-support out-of-the-box. And the N9/N950 does have SyncML-support for bluetooth.
Yes, contacts syncing is supported for Ovi. And Google. And Facebook. But I do NOT want to use those services, because of grave privacy risks and because they use yet again some proprietary protocols.
I wonder, what where they thinking at Nokia for NOT supporting some well-known open standards??
(While I'm ranting: why is there ^%@$ Facebook and GTalk-support over XMPP, but no self-defined XMPP account?? Yes, you can add such accounts from the terminal, using mc-tool, but really that's just a kick in the teeth. And where's UPnP/DLNA-support?)Hey Guys, Did you figure out any way to do PIM sync via SyncML on N9?
I am struggling to get things moving as I come from N8.
N9 just doesnt have any way to sync calendar, tasks with Ovi. Same with Notes.
Best Regards,
Suyog
Maybe you are looking for
-
Fresh installation fails after upgrade in vm
I just installed arch as a virtualbox guest on my ubuntu host system, and the install runs flawlessly. However, I ran pacman -Syu, upgraded the system, and now it won't boot. The last text I see is loading udev, then the virtual machine aborts. Any i
-
Window RUEKOPF is not defined for form ZWESCHEINV3
Hi Guru, I have encountered an issue whose possible resolution i am not able to meet. The issue is like this : While performing MIGO for the Return Delivery user is successfully getting the maerial document number . But when user trying to perfor /n
-
No Songs displayed but Ipod still full!?!?!?!
Hi I've a 5G 30gb ipod. It was incorrectly disconnected as itunes crashed. On reconnecting, the ipod displays none of the music that has been added yet still indicates that there is only 6gb of space left on the ipod. This suggests that the music has
-
Applescript, the new Photos app and Instagram
I'm using applescript to add images to the new (Yosemite) Photos app. I'm using the following code: tell application "Photos" set ImageFile to POSIX file "~/photos/test.jpg" set DestinationAlbumName to "Instagram" if not (exists contai
-
I have to use the Keypad a lot when making calls. Make the call, the Robot then asks to enter a number for a service, pull the phone down from the ear, the screen may light up for a second, but then the screen saver cuts in, blanking the screen out.