WLC 5760 local webauth problem in iphone
I am try to use the local webauth by Cisco 5760
In the NB,MAC,Android it can authentication , but when i use iphone to test the webauth
When I enter the username and password and submit , iphone just only white screen , it does not show authentication success
What is my problem
Thanks
My webauth config
aaa authentication login local_webauth local
aaa authorization network default local
parameter-map type webauth global
type authbypass
virtual-ip ipv4 1.1.1.1
parameter-map type webauth test
type authbypass
wlan Web 1 Web
client vlan VLAN0100
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security web-auth
security web-auth authentication-list local_webauth
security web-auth parameter-map test
session-timeout 1800
no shutdown
Web-auth redirect failed with IPad/IPhone 8.0/8.1 for pop-up window
CSCus05550
Description
Symptom:
The Customer got the blank page after typing the username and password with safari pop-up window.
Conditions:
IPad/Iphone 8.* with pop-up window.
Workaround:
Using safari without pop-up window or third party browser which can work fine
Further Problem Description:
My testing topology:
Internet---------------Firewall-------------------SW---------------AP-----------------------IPad
10.140.246.32 192.168.100.1 192.168.100.2 192.168.100.9
Similar Messages
-
Local Webauth WLC using radius database
Hi all,
I was implement local Webauth WLC not using local auth . I use radius database.
at least I try to add on my WLAN:
layer 3 web auth authentication
layer 2 security is WPA/WPA2 PSK
adding aaa radius server
aaa radius "network user" check list enabled
web auth priority order
radius
LDAP
after I Test WLAN ,I cant login using radius database.
but, if I implement security method wpa/wpa2 dot1x I can login using radius database.
is there any miss in my config for implement webauth method?
Thanks
ridhoAre you trying to use LDAP or Radius to authenticate the webauth users? Since you have 802.1x working, I don't see why you would use LDAP. What radius server are you using also? Typically if your using Microsoft IAS or NPS, you have to
Change the device type to Login to get webauth with radius to work. Here is an example of 3 ways to authenticate webauth users. You should be able to find others out there also.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml
Sent from Cisco Technical Support iPhone App -
5760 WLC - Cant get webauth to work (redirect)
Hi All
Im trying to configure a 5760 for webauth.
But I cant get the client to be redirected to the internal webauth page of the WLC.
I have setup the globel parameter map like this:
parameter-map type webauth global
type webauth
virtual-ip ipv4 1.1.1.1 virtual-host guest-wlc.mycorp.net
And the dns server that the client can reach is configured with to resolve the host to ip 1.1.1.1 - just like "standard" WLC setup.
But when i open a browser on the client and type google.com nothing happens.
If i type in guest-wlc.mycorp.net i get the login prompt, but it will not redirect google.com to guest-wlc.mycorp.net
Right now i have just configured the WLAN with : security web-auth and no parameter-map.
I have also tried to configure the WLAN with parameter-map global.
And I have also tried to configure a additional parameter-map type webauth and set that on the WLAN.
There was no change in behavior.
Any suggestions ?
The configuration guide seems very unclear.Welll ... I think that we might be : "talking past each other".
1: Yes the client can easily do DNS resolution. I have testet with NSLookup.
The client resolves both extermal URLs (like cisco.com) and even the Virtual URL.
2: The client IS getting DNS. And as explained before, when I type in the virtual URL or the virtual IP I get the login page.
3: if it was a certificate problem teh browser would report back an certificate error and that I could actually live with.
The problem is still that when I type in fx. www.cisco.com i do not get redirected to the loginpage as I would on any normal AireOS WLC.
Here below i have coppied some running configuration.
Somebody please fell free to point out what could be wrong.
As mentioned the client associates fine, gets IP address fine, and can do nslookup. Everything looks fine except I do not get redirected to the login prompt page when i enter fx. www.cisco.com
parameter-map type webauth global
virtual-ip ipv4 1.1.1.1 virtual-host guest-wlc.corp.com
wlan GuestWLAN 6 internet
band-select
client vlan Guest_WLAN_5760
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security web-auth
security web-auth parameter-map global <- This might not be necessary - I have tried with and without.
session-timeout 1800
no shutdown -
I want to setup a custom webauth for my WLC 5760. I already downloaded the webauth bundle and put it in WLC via Command Download in WLC GUI. According to Guide, after the download completed, the custom page will appear in custom page dropdown for web parameter map.
But in my case it shows nothing. So where did I miss ?
Thank YouHi
Pls refer this document
http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117728-configure-wlc-00.html
HTH
Rasika
**** Pls rate all useful responses **** -
I cant not control wlc 5760 (every thing CLI & GUI)
After wlc 5760 reload (because of some problems.)
I don't know this message. and I can not control wlc 5760 in CLI console.
Please help me.
%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)
.... again & again
I try to booting. but I can't.
I want to know : method 5760 Factory default or normal booting mode.
+ log
FIPS: Flash Key Check : Begin
FIPS: Flash Key Check : End, Not Found,FIPS Mode Not Enabled
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CT5760 (i686) processor with 10485760K bytes of physical memory.
Processor board ID FOC1746V2AK
2048K bytes of non-volatile configuration memory.
10485760K bytes of physical memory.
255000K bytes of Crash Files at crashinfo:.
3612840K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of at webui:.
Base Ethernet MAC Address : 1c:1d:86:24:10:80
Motherboard Assembly Number : 73-14448-04
Motherboard Serial Number : FOC174577NZ
Model Revision Number : A0
Model Number : AIR-CT5760
System Serial Number : FOC1746V2AK
%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)
%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/nx-5760-.cfg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)
%Error opening tftp://255.255.255.255/nx-5760-.cfg (Timed out)
%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)
%Error opening tftp://255.255.255.255/nx-5760-.cfg (Timed out)
%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)I have same problem when i upgraded Cisco 3850 Switch to latest IOS. I have lost access to the console.
can someone please help.
Thanks -
WLC 5760 - MAC Filtering wireless clients
Hi,
Does anyone ever deployed mac-filtering authentication to wireless clients in the WLC 5760?
I've configured a WLAN for Mac-filtering authentication only (named it as "macauth"):
wlan RNVDOS 4 RNVDOS
aaa-override
no broadcast-ssid
client vlan RNVDOS
mac-filtering macauth
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
session-timeout 1800
no shutdown
Then, below Configuration->Security->MAC Filtering I've added several MAC addresses i.e. :
MAC Address: 88532e9ef70a Attribute List: macauth
Which turned out to be display in the CLI as:
username 88532e9ef70a mac aaa attribute list macauth
The problem is that whenever I try to associate the wireless client 88532e9ef70a, the client passes to the exclusion list.:
Sep 16 10:54:55.603: 8853.2E9E.F70A Adding mobile on LWAPP AP 0C68.03EA.4070 (1) 1 wcm: E9E.F70A (.t^GwtSessionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A Creating WL station entry for client - rc 0 1 wcm:
Sep 16 10:54:55.603: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: (.t^GwtSessionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: ssionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw00dd) was added to ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.603: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:55.603: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:55.603: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:55.603: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Idle to AAA Pending
Sep 16 10:54:55.603: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:55.604: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:55.604: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Idle to AAA Pending
Sep 16 10:54:55.604: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:55.604: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:55.813: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n.t^Gwseconds
Sep 16 10:54:55.813: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:55.813: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw 0C68.03EA.4070 f^G$h\225v^K
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.813: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:55.813: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:55.813: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:55.813: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:55.813: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:55.814: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:55.814: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:55.814: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:55.814: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:56.520: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n.t^Gwseconds
Sep 16 10:54:56.520: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:56.520: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw 0C68.03EA.4070 f^G$h\225v^K
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.520: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:56.520: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:56.520: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:56.520: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.520: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.521: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.521: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.521: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:56.521: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:56.729: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n 10 seconds
Sep 16 10:54:56.729: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:56.729: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.729: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: from AAA Pending to Authenticated
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:56.729: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:56.729: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:56.729: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.729: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.730: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.730: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.730: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:56.730: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:56.937: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n.t^Gwseconds
Sep 16 10:54:56.937: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:56.937: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw 0C68.03EA.4070 f^G$h\225v^K
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.937: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:56.937: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:56.937: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:56.937: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.937: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.937: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.937: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.937: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:56.937: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:57.143: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n.t^Gwseconds
Sep 16 10:54:57.143: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:57.143: 8853.2E9E.F70A apChanged 1 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw 0C68.03EA.4070 f^G$h\225v^K
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:57.143: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:57.143: 8853.2E9E.F70A STA - rates (8): 1 wcm: 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
Sep 16 10:54:57.143: 8853.2E9E.F70A STA - rates (12): 1 wcm: 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
Sep 16 10:54:57.144: 8853.2E9E.F70A 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [ 0C68.03EA.4070 ] 1 wcm: site 'renova', interface 'RNVDOS'
Sep 16 10:54:57.144: 8853.2E9E.F70A Updated location for station old AP 0C68.03EA.4070 -1, new AP 0C68.03EA.4070 -0 1 wcm: va', interface 'RNVDOS'
Sep 16 10:54:57.144: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: P 0C68.03EA.4070 -0
Sep 16 10:54:57.144: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:57.144: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:57.144: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:57.145: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 0 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:57.145: 8853.2E9E.F70A apfBlacklistMobileStationEntry2 (apf_ms.c: 1 wcm: 6129) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Exclusion-list (1)
Sep 16 10:54:57.145: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 44) in 10 seconds
Sep 16 10:54:57.145: 8853.2E9E.F70A client is added to the exclusion list, reason 1 1 wcm: d: 44) in 10 seconds
Sep 16 10:54:57.145: *apfReceiveTask: 1 wcm: %APF-4-ADD_TO_BLACKLIST_REASON: Client 8853.2E9E.F70A (AuditSessionID: 0afe01fb5236e37f000000de) was added to exclusion list. Reason: 802.11 association failure
Sep 16 10:54:57.836: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion 1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
Sep 16 10:54:58.533: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion 1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
Sep 16 10:54:59.231: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion 1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
Sep 16 10:54:59.922: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion 1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
Sep 16 10:55:06.972: 8853.2E9E.F70A apfMsExpireCallback (apf_ms.c: 1 wcm: 664) Expiring Mobile!
Sep 16 10:55:06.972: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 46) in 60 seconds
Sep 16 10:55:06.972: 8853.2E9E.F70A apfMsExpireMobileStation (apf_ms.c: 1 wcm: 7067) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Exclusion-list (1) to Exclusion-list (2)
Sep 16 10:55:06.972: 8853.2E9E.F70A 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [ 0C68.03EA.4070 ] 1 wcm: 3.2E9E.F70A on AP 0C68.03EA.4070 from Exclusion-list (1) to Exclusion-list (2)
Sep 16 10:55:06.972: 8853.2E9E.F70A 0.0.0.0 START (0) FastSSID for the client [ 0C68.03EA.4070 ] NOTENABLED 1 wcm: E9E.F70A on AP 0C68.03EA.4070 from Exclusion-list (1) to Exclusion-list (2)
Sep 16 10:55:06.972: 8853.2E9E.F70A Incrementing the Reassociation Count 1 for client (of interface RNVDOS) 1 wcm: D
Sep 16 10:55:06.972: 8853.2E9E.F70A Clearing Dhcp state for station --- 1 wcm: for client (of interface RNVDOS)
WLC1#
WLC1#
Kind Regards,
VascoHi Patrick,
Thank you for sharing your solution. It didn't solved entirely the problem but you pointed to the right direction!
They are caused, because the system searches for an aaa authorization list, which is not configured.
To resolve this configure the following
aaa authorization network mac-filter local
where mac-filter is the name you defined in the SSID.
I've used your sugestion to create an aaa local authorization list but instead of naming it with the SSID, I've used the name of the attribute list ( macauth ) and it solved the problem:
aaa authorization network macauth local
username 88532e9ef70a mac aaa attribute list macauth
wlan RNVDOS 4 RNVDOS
client vlan RNVDOS
mac-filtering macauth
WLC1#sh wireless client summ
Number of Local Clients : 1
MAC Address AP Name WLAN State Protocol
8853.2e9e.f70a APf872.ead7.31da 4 UP 11n(5)
Cheers,
Vasco -
WPA2+PSK with local webauth?
Hi all, I'm trying to configure a guest wlan with WPA2+PSK and local webauth. This will authenticate against ISE and once authentication is complete dropped into a authz profile.
This is supposed to be possible per cisco's docs, however when I try to set this up on the WLAN I get the message:
Only PSK can be enabled for WPA with web-auth and Radius Nac.
Well, I've got only WPA with PSK configured. Is there any 'trick' to this config that I'm missing? I've got L2 security set to WPA+WPA2, WPA2 Policy and AES with only PSK configured. Under advanced I've got AAA override and NAC state sent to radius NAC. What else, that should be it right? I've tried it on multiple controllers with the same results every time.That error is a little confusing and I don't think is a proper description of what the WLC is trying to tell you; there are actually a couple errors you may see depending on the combination of RADIUS NAC with L3 security. Essentially, you shouldn't be able to enable RADIUS NAC if you're configured for a PSK. What exactly are you trying to accomplish? It sounds like you want ISE to perform CWA for your wireless guests, but you mention local webauth. In order to do the CWA, you will use the mac-filtering option for L2 security and set security type to None. This will allow you to specify the RADIUS NAC option correctly.
When you say that "ISE will authenticate the users", how are you planning on doing this with a PSK WLAN, or are you intending that the local webauth will use RADIUS for authentication to ISE? What is the end-user flow or experience you are expecting? ie. user connects to guest, redirects, logs in, gets appropriate access.
Please also post what version of ISE and WLC you are running so we can determine what features will and will not work. -
After i installed ios 7 in my iPhone 4s and I got problem to login into my icloud account.
There is a message appear and said "the operation couldn't be completed (com.apple.appleaccount error 403)"
can you help me ? how can i fix this problem ?
iPhone 4, iOS 7
iPhone 4S, iOS 7, (com.apple.appleaccount error 403)"Error: com.apple.appleaccount error 403
Recreate Error: On a Iphone/Ipad device that has "already" created the maximum of 3 per device Apple limit of ICloud account creation attempt to create or login to ICloud service tab in Settings. You will be presented with "com.apple.appleaccount error 403" which does not tell the laymen anything useful.
Cause: IOS 7 reports a "best guess" error instead of detailed error explanation.
How To Resolve Error: Find a device that has not been used to create an ICloud account the maximum 3 times and use it to create the ICloud account by logging into the Settings/ICloud tab with the Apple ID you want a ICloud account created for.
Keep in mind this will use up one of the three lifetime allowed ICloud account creations allowed by Apple on that device.
Also per support: If an existing account is logged into the ICloud service. A. Backup phone using iTunes on a mac/pc. B. At bottome of Settings/ICloud Delete the account "AND" all the user date from the phone. It will offer the Delete all data option. The reason for Deletion(and is why we backed up on a pc vs. the cloud) is when you create the new ICloud account it will backup all of the Device owners information to the wrong persons account.
Once you have created the new ICloud account log into that account on device that was presenting error: "com.apple.appleaccount error 403" it should allow the ICloud login.
Once you have verified the "device with error" is ICloud functional delete the ICloud account from the device used to seed the ICloud account and delete again all user data from cloud. Restore the recently created mac/pc Itunes locally created backup to the phone and then go to Settings/ICloud and login with the device owners Apple ID and password and verify your backup to the ICloud settings and Eureka! your done.
It took less time to do that for me to type this lol. -
Hi, I have WLC 5760 on mode Centralized because I don't have Switch 3850. I need to implement dot1x authentication using external AAA Server which is in my case is Active Directory on Windows 2012 Server. You can see my configuration in pictures i attached bellow. My problem is authentication is always failed.
Can you give me a hint ?
AAA Server
Authentication
LDAP
WLAN Security L2
WLAN Security L3
ERROR Log
ThanksComplete these steps in order to add the WLC as an AAA client in the ACS.
From the ACS GUI, choose the Network Configuration tab.
Under AAA Clients, click Add Entry.
In the Add AAA Client window, enter the WLC host name, the IP address of the WLC, and a shared secret key. See the example diagram under step 5.
From the Authenticate Using drop-down menu, choose RADIUS .
Click Submit + Restart in order to save the configuration. -
WLC 5760 - show client ccx roam-history
Hi,
We're running an WLC 5760 with the latests version (3.3.1). We have several wlans, with diferent authentication methods, and they are all working fine.
However we noticed that the roaming is working correctly but no information is displayed if the "show ccx roam-history".
WLC1#sh wireless client mac-address 8853.2e9e.f70a det | i CCX
Client CCX version : 4
WLC1#debug dot11 ccx-roam all
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Mobile 8853.2e9e.f70a associated
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile 8853.2e9e.f70a
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile 8853.2e9e.f70a
Dec 12 17:11:40.963: 00000000: 1 wcm: 01 1a 33 81 88 53 2e 9e f7 0a c0 25 5c 68 50 50 ..3..S.....%\hPP
Dec 12 17:11:40.963: 00000010: 1 wcm: 28 11 c0 25 5c 68 50 50 01 00 02 01 06 ab 0d 0d (..%\hPP........
Dec 12 17:11:40.963: 00000020: 1 wcm: 03 b8 05 28 11 c0 25 5c ec 05 a0 0b 00 07 01 06 ...(..%\........
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11 0c 68 03 ea 52 10 06 00 ......(..h..R...
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 03 d6 e4 .........(..h...
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 00 0b 00 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 ............(..h
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 03 4d d0 60 01 00 07 01 06 ab 0d 0d 03 b8 05 28 .M.`...........(
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 ea 40 70 01 00 07 01 06 ab 0d 0d 03 ..h..@p.........
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000080: b8 05 28 11 0c 68 03 ea 4b 10 01 00 07 01 06 ab ..(..h..K.......
Dec 12 17:11:40.963: 00000090: 1 wcm: 0d 0d 03 b8 05 28 11 c0 25 5c 68 50 5f 3c 01 04 .....(..%\hP_<..
Dec 12 17:11:40.964: 000000a0: 1 wcm: 01 06 ab 12 12 03 b8 05 28 11 c0 25 5c ec 05 af ........(..%\...
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 24 01 07 01 06 ab 12 12 03 b8 05 28 11 0c 68 03 $..........(..h.
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06 ab 12 12 03 b8 05 28 11 .R.$..........(.
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 ea 4b 1f 38 01 07 01 06 ab 12 12 03 b8 .h..K.8.........
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000e0: 05 28 11 0c 68 03 d6 e4 0f 38 01 07 01 06 ab 12 .(..h....8......
Dec 12 17:11:40.964: 000000f0: 1 wcm: 12 03 b8 05 28 11 c0 25 5c a3 f4 8f 30 01 07 01 ....(..%\...0...
WLC1#
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 28 11 0c 68 03 ea 40 7f 30 .......([email protected]
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 00000110: 01 07 01 06 ab 12 12 03 b8 05 ..........
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Received Neighbor List Request from Mobile 8853.2e9e.f70a
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile 8853.2e9e.f70a
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile 8853.2e9e.f70a
Dec 12 17:12:51.006: 00000000: 1 wcm: 01 1a 33 81 88 53 2e 9e f7 0a c0 25 5c 68 50 50 ..3..S.....%\hPP
Dec 12 17:12:51.006: 00000010: 1 wcm: 28 11 c0 25 5c 68 50 50 01 00 02 01 06 ab 0d 0d (..%\hPP........
Dec 12 17:12:51.006: 00000020: 1 wcm: 03 b8 05 28 11 c0 25 5c ec 05 a0 0b 00 07 01 06 ...(..%\........
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11 0c 68 03 ea 52 10 06 00 ......(..h..R...
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 03 d6 e4 .........(..h...
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 00 0b 00 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 ............(..h
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 03 4d d0 60 01 00 07 01 06 ab 0d 0d 03 b8 05 28 .M.`...........(
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 ea 40 70 01 00 07 01 06 ab 0d 0d 03 ..h..@p.........
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000080: b8 05 28 11 0c 68 03 ea 4b 10 01 00 07 01 06 ab ..(..h..K.......
Dec 12 17:12:51.006: 00000090: 1 wcm: 0d 0d 03 b8 05 28 11 c0 25 5c 68 50 5f 3c 01 04 .....(..%\hP_<..
Dec 12 17:12:51.006: 000000a0: 1 wcm: 01 06 ab 12 12 03 b8 05 28 11 c0 25 5c ec 05 af ........(..%\...
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 24 01 07 01 06 ab 12 12 03 b8 05 28 11 0c 68 03 $..........(..h.
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06 ab 12 12 03 b8 05 28 11 .R.$..........(.
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 ea 4b 1f 38 01 07 01 06 ab 12 12 03 b8 .h..K.8.........
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000e0: 05 28 11 0c 68 03 d6 e4 0f 38 01 07 01 06 ab 12 .(..h....8......
Dec 12 17:12:51.006: 000000f0: 1 wcm: 12 03 b8 05 28 11 c0 25 5c a3 f4 8f 30 01 07 01 ....(..%\...0...
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 28 11 0c 68 03 ea 40 7f 30 .......([email protected]
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000110: 01 07 01 06 ab 12 12 03 b8 05 ..........
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Received Neighbor List Request from Mobile 8853.2e9e.f70a
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile 8853.2e9e.f70a
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile 8853.2e9e.f70a
Dec 12 17:15:48.712: 00000000: 1 wcm: 01 07 33 81 88 53 2e 9e f7 0a c0 25 5c 68 81 20 ..3..S.....%\h..
Dec 12 17:15:48.712: 00000010: 1 wcm: 28 11 c0 25 5c 68 81 20 01 00 02 01 06 ab 0d 0d (..%\h..........
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 00000020: 03 b8 05 28 11 0c 68 03 ea 52 10 06 00 07 01 06 ...(..h..R......
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11 0c 68 03 ea 4a f0 0b 00 ......(..h..J...
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 03 d6 eb .........(..h...
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 20 01 00 07 01 06 ab 0d 0d 03 b8 05 28 11 c0 25 ............(..
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 5c ec 05 a0 0b 00 07 01 06 ab 0d 0d 03 b8 05 28 \..............(
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 d6 e4 00 0b 00 07 01 06 ab 0d 0d 03 ..h.............
Dec 12 17:15:48.713: 00000080: 1 wcm: b8 05 28 11 c0 25 5c 68 50 50 01 00 07 01 06 ab ..(..%\hPP......
Dec 12 17:15:48.713: 00000090: 1 wcm: 0d 0d 03 b8 05 28 11 c0 25 5c 68 81 2f 38 01 04 .....(..%\h./8..
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000a0: 01 06 ab 12 12 03 b8 05 28 11 0c 68 03 ea 4a ff ........(..h..J.
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 2c 01 07 01 06 ab 12 12 03 b8 05 28 11 0c 68 03 ,..........(..h.
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06 ab 12 12 03 b8 05 28 11 .R.$..........(.
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 d6 e4 0f 38 01 07 01 06 ab 12 12 03 b8 .h....8.........
Dec 12 17:15:48.713: 000000e0: 1 wcm: 05 28 11 c0 25 5c ec 05 af 24 01 07 01 06 ab 12 .(..%\...$......
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000f0: 12 03 b8 05 28 11 0c 68 03 d6 eb 2f 3c 01 07 01 ....(..h.../<...
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 .......
WLC1#show wireless client mac-address 8853.2e9e.f70a ccx roam-history
Shouldn't the output be the same as the AireOS command "show client roam-history client-mac"?
Kind regards,
Vasco CostaObtaining CCX Client Roaming Information (CLI)
Step 1
View the current RF parameters configured for client roaming for the 802.11a or 802.11b/g network by entering this command:show {802.11a | 802.11b} l2roam rf-param
Step 2
View the CCX Layer 2 client roaming statistics for a particular access point by entering this command:show {802.11a | 802.11b} l2roam statistics ap_mac
This command provides the following information:
The number of roam reason reports received
The number of neighbor list requests received
The number of neighbor list reports sent
The number of broadcast neighbor updates sent
Step 3
View the roaming history for a particular client by entering this command:show client roam-history client_mac
This command provides the following information:
The time when the report was received
The MAC address of the access point to which the client is currently associated
The MAC address of the access point to which the client was previously associated
The channel of the access point to which the client was previously associated
The SSID of the access point to which the client was previously associated
The time when the client disassociated from the previous access point
The reason for the client roam
Debugging CCX Client Roaming Issues (CLI)
If you experience any problems with CCX Layer 2 client roaming, enter this command:
debug l2roam [detail | error | packet | all] {enable | disable} -
I am using the WLC 5760
My SSID use WPA2 PSK and i don't use ISE or Radius or AAA to authentication
Some client can connect to the AP,but can not ping the gateway
When i show logging from WLC,it will see the log like
%AUTHMGR-5-FAIL: Authorization failed or unapplied for client
How do i resolve this problem
Thank'sHi,
Have you made sure that the appropriate vlans are permitted on the trunk between the WLC and the switch?
Normally the gateway is an SVI on a core switch, so if the vlan is not permitted, you wouldn't be able to ping the gateway.
HTH
Mike -
I have a new deployement with WLC 5760.
total number of aps are 150 with 4 WLANs.
each WLAN is mapped to a sperate VLAN. I have a couple of design questions:
- the switchport configuration of the AP will be trunk or access ?
if access, then port should be memeber of which VLAN ?
- mobility configuration for single WLC design ?
- I would like to make two groups in which group 1 will advertise WLAN 1,2 and 3 while the group 2 will advertise only WLAN 4.
is it possible ?
really apprecite your response.
RegardsHi,
Here is my responses
- the switchport configuration of the AP will be trunk or access ? if access, then port should be memeber of which VLAN ?
5760 only support Local mode APs. So all your AP connected switchports (in access layer) should be configured as access ports. You can put that in a different AP management vlan.
- mobility configuration for single WLC design ?
You can configure a mobility group name even though no any other controllers.
- I would like to make two groups in which group 1 will advertise WLAN 1,2 and 3 while the group 2 will advertise only WLAN 4. is it possible ?
Yes, you can create two AP groups & map these WLANs. Then add APs into these two AP groups according to your requirement.
These posts should give you some reference
http://mrncciew.com/2013/12/16/5760-in-ca-cuwn/
http://mrncciew.com/2013/12/12/getting-started-with-5760/
http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
HTH
Rasika
**** Pls rate all useful responses ***** -
WLC 5760 - AP2600i failed to join ap-group after reboot
Hi,
We're deploying a couple of 2600i with an WLC 5760.
We've configured an AP group, named it "factory", and then issued the command ap name AP<ip mac address> ap-groupname factory for both APs. After the restart, both AP were on the AP-Group factory.
The problem is that is we reboot or power off the APs, one will join automatically the AP-Group factory and the other goes to default-group and requires the ap name APAPf872.ead7.31da ap-groupname factory to join the AP group factory again.
Any suggestion? Is it possible to forced the ap-group configuration directly on the cli of the AP?
WLC1#sh ap groups
Site Name: default-group
Site Description:
WLAN ID WLAN Name Interface
AP Name Slots AP Model Ethernet MAC Location Port Country Priority GroupName
Site Name: factory
Site Description:
WLAN ID WLAN Name Interface Radio
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
APf872.eaa6.fc69 2 2602I f872.eaa6.fc69 default location Te1/0/1 PT 1
APf872.ead7.31da 2 2602I f872.ead7.31da default location Te1/0/1 PT 1
debug ap group
(AP joining the apgoup factory)
Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 7 for apVapId 1 for ap APf872.eaa6.fc69 apgroup factory
Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 7 for apVapId 2 for ap APf872.eaa6.fc69 apgroup factory
Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 7 for apVapId 3 for ap APf872.eaa6.fc69 apgroup factory
Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 7 for apVapId 4 for ap APf872.eaa6.fc69 apgroup factory
Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 7 for apVapId 5 for ap APf872.eaa6.fc69 apgroup factory
Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 7 for apVapId 6 for ap APf872.eaa6.fc69 apgroup factory
Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 7 for apVapId 7 for ap APf872.eaa6.fc69 apgroup factory
(AP joining the default-group)
Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 0 for apVapId 1 for ap APf872.ead7.31da apgroup default-group
Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 0 for apVapId 2 for ap APf872.ead7.31da apgroup default-group
Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 0 for apVapId 3 for ap APf872.ead7.31da apgroup default-group
Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 7 for apVapId 4 for ap APf872.ead7.31da apgroup default-group
Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 0 for apVapId 5 for ap APf872.ead7.31da apgroup default-group
Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm: found radio Policy 0 for apVapId 6 for ap APf872.ead7.31da apgroup default-group
Kind regards,
Vasco CostaWe've used a another group of 2600i APs and it seems that this problem only occous with AP "APf872.ead7.31da" so this is not a WLC problem.
closing case -
Reception / Battery problems with iPhone 3GS after upgrading to iOS 4.2.1
There are major reception and battery problems with iPhone 3GS after upgrading to iOS 4.2.1.
I can not believe that Apple did not test this for major bugs like this one is.
I am a business user and can not effort to have bad reception. Apple wants to gain in the business clients... I never had this with my former BlackBerrys!
I need a reliable phone not a play thing like this is right now, it just needs it to work propely. And if a major bug like this comes along, fix it immediately. After the iPhone4 story, now this...incredible! Going back to my reliable BlackBerry! It just ain't reliable and takes forever to fix a problem.I have the same issue after iOS 4.2.1 update. I am using iPhone 3GS officially unlocked by Apple. I tried using different SIM cards and both carriers show same problem when using phone in 3G mode. Phone falls back to EDGE mode showing 'E' from '3G' at start. I have reset the phone and rebooted several times and moved to different cell areas in the city just to verify the problem.
I had no such issues earlier. I also have Nokia E71 which shows full signal and has no such issues.
I have posted the bug on apple iphone feedback page. I hope they Apple will fix the problem and test the release properly on all models before releasing to public. -
Anyone having problem with iphone getting a not delivered message after sending pic and it really is getting delivered to recipient.
Same problem here with and I've done everything shy of a total reset which I also find unacceptable. This problem exists on all iMessage platforms (iPhone, iPad, and Mac) so I don't see how restoring my iPhone would help the problem.
Maybe you are looking for
-
Photoshop CS3 quits when opening PDF files
Does anyone have this problem? Because it happens to me a lot. I'll try to open a PDF with Photoshop, choose my settings, then it rasterizes the PDF and unexpectedly quits. Then I'll try changing the color setting from RGB to CMYK and it will work. O
-
Converter my word resume to pdf
How can I converter my wordpad resume in to pdf
-
Imessage will not activate iOS8
okay so basically i've brought an iphone 6 on contract (vodafone) i wanted to keep my old number so i used their "keep my number" service online, ever since ive done that my imessage will not go through or any messages for that matter, imessage is st
-
Inserting an Image on mouse clicked HELP
Hi. I', trying to make a Tic tac toe game(if you do not understand please run this programme). The thing I want to happen is: the user clicks over a "sqare" and when mouse is released the image (X or O) appears on that position. I can't get my progra
-
Change an extract-structure in an existing datasource
Hello, I want to change an extract-structure in an existing datasource (0COORDER_TEXT), but I don't know how to do. (I first thought I can do it with trx RSA6.) Can anybody give me a hint how to change the extract-structure? Kind regards Udo