WLC 5760 local webauth problem in iphone

I am try to use the local webauth by Cisco 5760
In the NB,MAC,Android it can authentication , but when i use iphone to test the webauth
When I enter the username and password and submit , iphone just only white screen , it does not show authentication success
What is my problem
Thanks
My webauth config
aaa authentication login local_webauth local
aaa authorization network default local 
parameter-map type webauth global
 type authbypass
 virtual-ip ipv4 1.1.1.1
parameter-map type webauth test
 type authbypass
wlan Web 1 Web
 client vlan VLAN0100
 no security wpa
 no security wpa akm dot1x
 no security wpa wpa2
 no security wpa wpa2 ciphers aes
 security web-auth
 security web-auth authentication-list local_webauth
 security web-auth parameter-map test
 session-timeout 1800
 no shutdown

Web-auth redirect failed with IPad/IPhone 8.0/8.1 for pop-up window
CSCus05550
Description
Symptom:
The Customer got the blank page after typing the username and password with safari pop-up window.
Conditions:
IPad/Iphone 8.* with pop-up window.
Workaround:
Using safari without pop-up window or third party browser which can work fine
Further Problem Description:
My testing topology:
Internet---------------Firewall-------------------SW---------------AP-----------------------IPad
10.140.246.32 192.168.100.1 192.168.100.2 192.168.100.9

Similar Messages

  • Local Webauth WLC using radius database

    Hi all,
    I was implement local Webauth WLC not using local auth . I use radius database.
    at least I try to add on my  WLAN:
    layer 3 web auth  authentication
    layer 2 security is WPA/WPA2 PSK
    adding aaa radius server
    aaa radius "network user" check list  enabled
    web auth priority order
    radius
    LDAP
    after I Test WLAN ,I cant login using radius database.
    but, if I implement security method wpa/wpa2 dot1x  I can login using radius database.
    is there any miss in my config for implement webauth  method?
    Thanks
    ridho

    Are you trying to use LDAP or Radius to authenticate the webauth users? Since you have 802.1x working, I don't see why you would use LDAP. What radius server are you using also? Typically if your using Microsoft IAS or NPS, you have to
    Change the device type to Login to get webauth with radius to work. Here is an example of 3 ways to authenticate webauth users. You should be able to find others out there also.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml
    Sent from Cisco Technical Support iPhone App

  • 5760 WLC - Cant get webauth to work (redirect)

    Hi All
    Im trying to configure a 5760 for webauth.
    But I cant get the client to be redirected to the internal webauth page of the WLC.
    I have setup the globel parameter map like this:
    parameter-map type webauth global
    type webauth
    virtual-ip ipv4 1.1.1.1 virtual-host guest-wlc.mycorp.net
    And the dns server that the client can reach is configured with to resolve the host to ip 1.1.1.1 - just like "standard" WLC setup.
    But when i open a browser on the client and type google.com nothing happens.
    If i type in guest-wlc.mycorp.net i get the login prompt, but it will not redirect google.com to guest-wlc.mycorp.net
    Right now i have just configured the WLAN with : security web-auth  and no parameter-map.
    I have also tried to configure the WLAN with parameter-map global.
    And I have also tried to configure a additional parameter-map type webauth and set that on the WLAN.
    There was no change in behavior.
    Any suggestions ?
    The configuration guide seems very unclear.

    Welll ... I think that we might be : "talking past each other".
    1: Yes the client can easily do DNS resolution. I have testet with NSLookup.
    The client resolves both extermal URLs (like cisco.com) and even the Virtual URL.
    2: The client IS getting DNS. And as explained before, when I type in the virtual URL or the virtual IP I get the login page.
    3: if it was a certificate problem teh browser would report back an certificate error and that I could actually live with.
    The problem is still that when I type in fx. www.cisco.com i do not get redirected to the loginpage as I would on any normal AireOS WLC.
    Here below i have coppied some running configuration.
    Somebody please fell free to point out what could be wrong.
    As mentioned the client associates fine, gets IP address fine, and can do nslookup. Everything looks fine except I do not get redirected to the login prompt page when i enter fx. www.cisco.com
    parameter-map type webauth global
    virtual-ip ipv4 1.1.1.1 virtual-host guest-wlc.corp.com
    wlan GuestWLAN 6 internet
    band-select
    client vlan Guest_WLAN_5760
    no security wpa
    no security wpa akm dot1x
    no security wpa wpa2
    no security wpa wpa2 ciphers aes
    security web-auth
    security web-auth parameter-map global <- This might not be necessary - I have tried with and without.
    session-timeout 1800
    no shutdown

  • Custom WebAuth WLC 5760

    I want to setup a custom webauth for my WLC 5760. I already downloaded the webauth bundle and put it in WLC via Command Download in WLC GUI. According to Guide, after the download completed, the custom page will appear in custom page dropdown for web parameter map.
    But in my case it shows nothing. So where did I miss ?
    Thank You

    Hi
    Pls refer this document 
    http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117728-configure-wlc-00.html
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • I cant not control wlc 5760 (every thing CLI & GUI)

    After wlc 5760 reload (because of some problems.)
    I don't know this message. and I can not control wlc 5760 in CLI console.
    Please help me.
    %Error opening tftp://255.255.255.255/network-confg (Timed out)
    %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
    %Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)
    .... again & again
    I try to booting. but I can't.
    I want to know : method 5760 Factory default or normal booting mode.
    + log
    FIPS: Flash Key Check : Begin
    FIPS: Flash Key Check : End, Not Found,FIPS Mode Not Enabled
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-CT5760 (i686) processor with 10485760K bytes of physical memory.
    Processor board ID FOC1746V2AK
    2048K bytes of non-volatile configuration memory.
    10485760K bytes of physical memory.
    255000K bytes of Crash Files at crashinfo:.
    3612840K bytes of Flash at flash:.
    0K bytes of Dummy USB Flash at usbflash0:.
    0K bytes of  at webui:.
    Base Ethernet MAC Address          : 1c:1d:86:24:10:80
    Motherboard Assembly Number        : 73-14448-04
    Motherboard Serial Number          : FOC174577NZ
    Model Revision Number              : A0
    Model Number                       : AIR-CT5760
    System Serial Number               : FOC1746V2AK
    %Error opening tftp://255.255.255.255/network-confg (Timed out)
    %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
    %Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)
    %Error opening tftp://255.255.255.255/network-confg (Timed out)
    %Error opening tftp://255.255.255.255/nx-5760-.cfg (Timed out)
    %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
    %Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)
    %Error opening tftp://255.255.255.255/nx-5760-.cfg (Timed out)
    %Error opening tftp://255.255.255.255/network-confg (Timed out)
    %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
    %Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)
    %Error opening tftp://255.255.255.255/nx-5760-.cfg (Timed out)
    %Error opening tftp://255.255.255.255/network-confg (Timed out)
    %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
    %Error opening tftp://255.255.255.255/nx-5760-wlc01-confg (Timed out)

    I have same problem when i upgraded Cisco 3850 Switch to latest IOS. I have lost access to the console.
    can someone please help.
    Thanks

  • WLC 5760 - MAC Filtering wireless clients

    Hi,
    Does anyone ever deployed mac-filtering authentication to wireless clients in the WLC 5760?
    I've configured a WLAN for Mac-filtering authentication only (named it as "macauth"):
    wlan RNVDOS 4 RNVDOS
    aaa-override
    no broadcast-ssid
    client vlan RNVDOS
    mac-filtering macauth
    no security wpa
    no security wpa akm dot1x
    no security wpa wpa2
    no security wpa wpa2 ciphers aes
    session-timeout 1800
    no shutdown
    Then, below Configuration->Security->MAC Filtering I've added several MAC addresses i.e. :
    MAC Address: 88532e9ef70a  Attribute List: macauth
    Which turned out to be display in the CLI as:
    username 88532e9ef70a mac aaa attribute list macauth
    The problem is that whenever I try to associate the wireless client 88532e9ef70a, the client passes to the exclusion list.:
    Sep 16 10:54:55.603: 8853.2E9E.F70A Adding mobile on LWAPP AP  0C68.03EA.4070 (1)  1 wcm: E9E.F70A (.t^GwtSessionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
    Sep 16 10:54:55.603: 8853.2E9E.F70A  Creating WL station entry for client -  rc 0 1 wcm:
    Sep 16 10:54:55.603: 8853.2E9E.F70A Association received from mobile on AP  0C68.03EA.4070  1 wcm: (.t^GwtSessionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
    Sep 16 10:54:55.603: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: ssionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
    Sep 16 10:54:55.603: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw00dd) was added to ^G$h\225v^K
    Sep 16 10:54:55.603: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm:  ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:55.603: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm:  0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:55.603: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:55.603: 8853.2E9E.F70A Applying site-specific IPv6 override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm:  ^G$h\225v^K
    Sep 16 10:54:55.603: 8853.2E9E.F70A Applying local bridging Interface Policy for station  8853.2E9E.F70A  - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
    Sep 16 10:54:55.603: 8853.2E9E.F70A Applying site-specific override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
    Sep 16 10:54:55.603: 8853.2E9E.F70A STA - rates (8): 1 wcm:  140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    Sep 16 10:54:55.603: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
    Sep 16 10:54:55.603: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from Idle to AAA Pending
    Sep 16 10:54:55.603: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:55.604: 8853.2E9E.F70A
    client incoming attribute size are 0 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:55.604: 8853.2E9E.F70A Sending Assoc Response to station on BSSID  0C68.03EA.4070  (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070  from Idle to AAA Pending
    Sep 16 10:54:55.604: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from AAA Pending to Authenticated
    Sep 16 10:54:55.604: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 18) in 10 seconds
    Sep 16 10:54:55.813: 8853.2E9E.F70A Association received from mobile on AP  0C68.03EA.4070  1 wcm: n.t^Gwseconds
    Sep 16 10:54:55.813: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
    Sep 16 10:54:55.813: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw  0C68.03EA.4070  f^G$h\225v^K
    Sep 16 10:54:55.813: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm:  ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:55.813: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm:  0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:55.813: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:55.813: 8853.2E9E.F70A Applying site-specific IPv6 override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
    Sep 16 10:54:55.813: 8853.2E9E.F70A Applying local bridging Interface Policy for station  8853.2E9E.F70A  - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
    Sep 16 10:54:55.813: 8853.2E9E.F70A Applying site-specific override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
    Sep 16 10:54:55.813: 8853.2E9E.F70A STA - rates (8): 1 wcm:  140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    Sep 16 10:54:55.813: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
    Sep 16 10:54:55.813: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:55.813: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:55.814: 8853.2E9E.F70A
    client incoming attribute size are 0 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:55.814: 8853.2E9E.F70A Sending Assoc Response to station on BSSID  0C68.03EA.4070  (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:55.814: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from AAA Pending to Authenticated
    Sep 16 10:54:55.814: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 18) in 10 seconds
    Sep 16 10:54:56.520: 8853.2E9E.F70A Association received from mobile on AP  0C68.03EA.4070  1 wcm: n.t^Gwseconds
    Sep 16 10:54:56.520: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
    Sep 16 10:54:56.520: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw  0C68.03EA.4070  f^G$h\225v^K
    Sep 16 10:54:56.520: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm:  ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.520: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm:  0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.520: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.520: 8853.2E9E.F70A Applying site-specific IPv6 override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
    Sep 16 10:54:56.520: 8853.2E9E.F70A Applying local bridging Interface Policy for station  8853.2E9E.F70A  - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
    Sep 16 10:54:56.520: 8853.2E9E.F70A Applying site-specific override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
    Sep 16 10:54:56.520: 8853.2E9E.F70A STA - rates (8): 1 wcm:  140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    Sep 16 10:54:56.520: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
    Sep 16 10:54:56.520: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:56.520: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:56.521: 8853.2E9E.F70A
    client incoming attribute size are 0 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:56.521: 8853.2E9E.F70A Sending Assoc Response to station on BSSID  0C68.03EA.4070  (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:56.521: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from AAA Pending to Authenticated
    Sep 16 10:54:56.521: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 18) in 10 seconds
    Sep 16 10:54:56.729: 8853.2E9E.F70A Association received from mobile on AP  0C68.03EA.4070  1 wcm: n 10 seconds
    Sep 16 10:54:56.729: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
    Sep 16 10:54:56.729: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: A  on AP  0C68.03EA.4070  from AAA Pending to Authenticated
    Sep 16 10:54:56.729: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm:  ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.729: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm:  0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.729: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.729: 8853.2E9E.F70A Applying site-specific IPv6 override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: from AAA Pending to Authenticated
    Sep 16 10:54:56.729: 8853.2E9E.F70A Applying local bridging Interface Policy for station  8853.2E9E.F70A  - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
    Sep 16 10:54:56.729: 8853.2E9E.F70A Applying site-specific override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
    Sep 16 10:54:56.729: 8853.2E9E.F70A STA - rates (8): 1 wcm:  140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    Sep 16 10:54:56.729: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
    Sep 16 10:54:56.729: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:56.729: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:56.730: 8853.2E9E.F70A
    client incoming attribute size are 0 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:56.730: 8853.2E9E.F70A Sending Assoc Response to station on BSSID  0C68.03EA.4070  (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:56.730: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from AAA Pending to Authenticated
    Sep 16 10:54:56.730: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 18) in 10 seconds
    Sep 16 10:54:56.937: 8853.2E9E.F70A Association received from mobile on AP  0C68.03EA.4070  1 wcm: n.t^Gwseconds
    Sep 16 10:54:56.937: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
    Sep 16 10:54:56.937: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw  0C68.03EA.4070  f^G$h\225v^K
    Sep 16 10:54:56.937: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm:  ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.937: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm:  0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.937: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:56.937: 8853.2E9E.F70A Applying site-specific IPv6 override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
    Sep 16 10:54:56.937: 8853.2E9E.F70A Applying local bridging Interface Policy for station  8853.2E9E.F70A  - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
    Sep 16 10:54:56.937: 8853.2E9E.F70A Applying site-specific override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
    Sep 16 10:54:56.937: 8853.2E9E.F70A STA - rates (8): 1 wcm:  140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    Sep 16 10:54:56.937: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
    Sep 16 10:54:56.937: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:56.937: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:56.937: 8853.2E9E.F70A
    client incoming attribute size are 0 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:56.937: 8853.2E9E.F70A Sending Assoc Response to station on BSSID  0C68.03EA.4070  (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:56.937: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from AAA Pending to Authenticated
    Sep 16 10:54:56.937: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 18) in 10 seconds
    Sep 16 10:54:57.143: 8853.2E9E.F70A Association received from mobile on AP  0C68.03EA.4070  1 wcm: n.t^Gwseconds
    Sep 16 10:54:57.143: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
    Sep 16 10:54:57.143: 8853.2E9E.F70A apChanged 1 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw  0C68.03EA.4070  f^G$h\225v^K
    Sep 16 10:54:57.143: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm:  ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:57.143: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm:  0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:57.143: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
    Sep 16 10:54:57.143: 8853.2E9E.F70A Applying site-specific IPv6 override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
    Sep 16 10:54:57.143: 8853.2E9E.F70A Applying local bridging Interface Policy for station  8853.2E9E.F70A  - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
    Sep 16 10:54:57.143: 8853.2E9E.F70A Applying site-specific override for station  8853.2E9E.F70A  - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
    Sep 16 10:54:57.143: 8853.2E9E.F70A STA - rates (8): 1 wcm:  130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
    Sep 16 10:54:57.143: 8853.2E9E.F70A STA - rates (12): 1 wcm:  130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
    Sep 16 10:54:57.144:  8853.2E9E.F70A  0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [ 0C68.03EA.4070 ] 1 wcm:  site 'renova', interface 'RNVDOS'
    Sep 16 10:54:57.144: 8853.2E9E.F70A Updated location for station old AP  0C68.03EA.4070 -1, new AP  0C68.03EA.4070 -0 1 wcm: va', interface 'RNVDOS'
    Sep 16 10:54:57.144: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: P  0C68.03EA.4070 -0
    Sep 16 10:54:57.144: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:57.144: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:57.144: 8853.2E9E.F70A
    client incoming attribute size are 0 1 wcm:   (callerId: 20) in 10 seconds
    Sep 16 10:54:57.145: 8853.2E9E.F70A Sending Assoc Response to station on BSSID  0C68.03EA.4070  (status 256) ApVapId 2 Slot 0 1 wcm: 68.03EA.4070  from Authenticated to AAA Pending
    Sep 16 10:54:57.145: 8853.2E9E.F70A apfBlacklistMobileStationEntry2 (apf_ms.c: 1 wcm: 6129) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from AAA Pending to Exclusion-list (1)
    Sep 16 10:54:57.145: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 44) in 10 seconds
    Sep 16 10:54:57.145: 8853.2E9E.F70A client is added to the exclusion list, reason 1 1 wcm: d: 44) in 10 seconds
    Sep 16 10:54:57.145: *apfReceiveTask: 1 wcm:  %APF-4-ADD_TO_BLACKLIST_REASON: Client 8853.2E9E.F70A (AuditSessionID: 0afe01fb5236e37f000000de) was added to exclusion list. Reason: 802.11 association failure 
    Sep 16 10:54:57.836: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion  1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
    Sep 16 10:54:58.533: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion  1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
    Sep 16 10:54:59.231: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion  1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
    Sep 16 10:54:59.922: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion  1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
    Sep 16 10:55:06.972: 8853.2E9E.F70A apfMsExpireCallback (apf_ms.c: 1 wcm: 664) Expiring Mobile!
    Sep 16 10:55:06.972: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm:   (callerId: 46) in 60 seconds
    Sep 16 10:55:06.972: 8853.2E9E.F70A apfMsExpireMobileStation (apf_ms.c: 1 wcm: 7067) Changing state for mobile  8853.2E9E.F70A  on AP  0C68.03EA.4070  from Exclusion-list (1) to Exclusion-list (2)
    Sep 16 10:55:06.972:  8853.2E9E.F70A  0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [ 0C68.03EA.4070 ] 1 wcm: 3.2E9E.F70A  on AP  0C68.03EA.4070  from Exclusion-list (1) to Exclusion-list (2)
    Sep 16 10:55:06.972:  8853.2E9E.F70A  0.0.0.0 START (0) FastSSID for the client [ 0C68.03EA.4070 ] NOTENABLED 1 wcm: E9E.F70A  on AP  0C68.03EA.4070  from Exclusion-list (1) to Exclusion-list (2)
    Sep 16 10:55:06.972: 8853.2E9E.F70A Incrementing the Reassociation Count 1 for client (of interface RNVDOS) 1 wcm: D
    Sep 16 10:55:06.972: 8853.2E9E.F70A Clearing Dhcp state for station  ---  1 wcm:  for client (of interface RNVDOS)
    WLC1#
    WLC1#
    Kind Regards,
    Vasco

    Hi Patrick,
    Thank you for sharing your solution. It didn't solved entirely the problem but you pointed to the right direction!
    They are caused, because the system searches for an aaa authorization list, which is not configured.
    To resolve this configure the following
    aaa authorization network mac-filter local
    where mac-filter is the name you defined in the SSID.
    I've used your sugestion to create an aaa local authorization list but instead of naming it with the SSID, I've used the name of the attribute list ( macauth ) and it solved the problem:
    aaa authorization network macauth local
    username 88532e9ef70a mac aaa attribute list macauth
    wlan RNVDOS 4 RNVDOS
    client vlan RNVDOS
    mac-filtering macauth
    WLC1#sh wireless client summ
    Number of Local Clients : 1
    MAC Address    AP Name                          WLAN State              Protocol
    8853.2e9e.f70a APf872.ead7.31da                 4    UP                 11n(5)  
    Cheers,
    Vasco

  • WPA2+PSK with local webauth?

    Hi all, I'm trying to configure a guest wlan with WPA2+PSK and local webauth. This will authenticate against ISE and once authentication is complete dropped into a authz profile.
    This is supposed to be possible per cisco's docs, however when I try to set this up on the WLAN I get the message:
    Only PSK can be enabled for WPA with web-auth and Radius Nac.
    Well, I've got only WPA with PSK configured. Is there any 'trick' to this config that I'm missing? I've got L2 security set to WPA+WPA2, WPA2 Policy and AES with only PSK configured. Under advanced I've got AAA override and NAC state sent to radius NAC. What else, that should be it right? I've tried it on multiple controllers with the same results every time.

    That error is a little confusing and I don't think is a proper description of what the WLC is trying to tell you; there are actually a couple errors you may see depending on the combination of RADIUS NAC with L3 security.  Essentially, you shouldn't be able to enable RADIUS NAC if you're configured for a PSK.  What exactly are you trying to accomplish?  It sounds like you want ISE to perform CWA for your wireless guests, but you mention local webauth.  In order to do the CWA, you will use the mac-filtering option for L2 security and set security type to None.  This will allow you to specify the RADIUS NAC option correctly. 
    When you say that "ISE will authenticate the users", how are you planning on doing this with a PSK WLAN, or are you intending that the local webauth will use RADIUS for authentication to ISE?  What is the end-user flow or experience you are expecting?  ie. user connects to guest, redirects, logs in, gets appropriate access. 
    Please also post what version of ISE and WLC you are running so we can determine what features will and will not work.

  • After i installed ios 7 in my iPhone 4s and I got problem to login into my icloud account. There is a message appear and said  "the operation couldn't be completed (com.apple.appleaccount error 403)" can you help me ? how can i fix this problem ? iPhone 4

    After i installed ios 7 in my iPhone 4s and I got problem to login into my icloud account.
    There is a message appear and said  "the operation couldn't be completed (com.apple.appleaccount error 403)"
    can you help me ? how can i fix this problem ?
    iPhone 4, iOS 7
    iPhone 4S, iOS 7, (com.apple.appleaccount error 403)"

    Error: com.apple.appleaccount error 403
    Recreate Error: On a Iphone/Ipad device that has "already" created the maximum of 3 per device Apple limit of ICloud account creation attempt to create or login to ICloud service tab in Settings. You will be presented with "com.apple.appleaccount error 403" which does not tell the laymen anything useful.
    Cause: IOS 7 reports a "best guess" error instead of detailed error explanation.
    How To Resolve Error: Find a device that has not been used to create an ICloud account the maximum 3 times and use it to create the ICloud account by logging into the Settings/ICloud tab with the Apple ID you want a ICloud account created for.
    Keep in mind this will use up one of the three lifetime allowed ICloud account creations allowed by Apple on that device.
    Also per support: If an existing account is logged into the ICloud service. A. Backup phone using iTunes on a mac/pc. B. At bottome of Settings/ICloud Delete the account "AND" all the user date from the phone. It will offer the Delete all data option. The reason for Deletion(and is why we backed up on a pc vs. the cloud) is when you create the new ICloud account it will backup all of the Device owners information to the wrong persons account.
    Once you have created the new ICloud account log into that account on device that was presenting error: "com.apple.appleaccount error 403" it should allow the ICloud login.
    Once you have verified the "device with error" is ICloud functional delete the ICloud account from the device used to seed the ICloud account and delete again all user data from cloud. Restore the recently created mac/pc Itunes locally created backup to the phone and then go to Settings/ICloud and login with the device owners Apple ID and password and verify your backup to the ICloud settings and Eureka! your done.
    It took less time to do that for me to type this lol.

  • External AAA for WLC 5760

    Hi, I have WLC 5760 on mode Centralized because I don't have Switch 3850. I need to implement dot1x authentication using external AAA Server which is in my case is Active Directory on Windows 2012 Server. You can see my configuration in pictures i attached bellow. My problem is authentication is always failed. 
    Can you give me a hint ?
    AAA Server
    Authentication
    LDAP
    WLAN Security L2
    WLAN Security L3
    ERROR Log
    Thanks

    Complete these steps in order to add the WLC as an AAA client in the ACS.
    From the ACS GUI, choose the Network Configuration tab.
    Under AAA Clients, click Add Entry.
    In the Add AAA Client window, enter the WLC host name, the IP address of the WLC, and a shared secret key. See the example diagram under step 5.
    From the Authenticate Using drop-down menu, choose RADIUS .
    Click Submit + Restart in order to save the configuration.

  • WLC 5760 - show client ccx roam-history

    Hi,
    We're running an WLC 5760 with the latests version (3.3.1). We have several wlans, with diferent authentication methods, and they are all working fine.
    However we noticed that the roaming is working correctly but no information is displayed if the "show ccx roam-history".
    WLC1#sh wireless client mac-address 8853.2e9e.f70a det | i CCX
    Client CCX version : 4
    WLC1#debug dot11 ccx-roam all
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Mobile  8853.2e9e.f70a  associated
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile  8853.2e9e.f70a 
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile  8853.2e9e.f70a
    Dec 12 17:11:40.963: 00000000: 1 wcm:  01 1a 33 81 88 53 2e 9e  f7 0a c0 25 5c 68 50 50  ..3..S.....%\hPP
    Dec 12 17:11:40.963: 00000010: 1 wcm:  28 11 c0 25 5c 68 50 50  01 00 02 01 06 ab 0d 0d  (..%\hPP........
    Dec 12 17:11:40.963: 00000020: 1 wcm:  03 b8 05 28 11 c0 25 5c  ec 05 a0 0b 00 07 01 06  ...(..%\........
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11  0c 68 03 ea 52 10 06 00  ......(..h..R...
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8  05 28 11 0c 68 03 d6 e4  .........(..h...
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 00 0b 00 07 01 06 ab 0d  0d 03 b8 05 28 11 0c 68  ............(..h
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 03 4d d0 60 01 00 07 01  06 ab 0d 0d 03 b8 05 28  .M.`...........(
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 ea 40 70 01  00 07 01 06 ab 0d 0d 03  ..h..@p.........
    Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000080: b8 05 28 11 0c 68 03 ea  4b 10 01 00 07 01 06 ab  ..(..h..K.......
    Dec 12 17:11:40.963: 00000090: 1 wcm:  0d 0d 03 b8 05 28 11 c0  25 5c 68 50 5f 3c 01 04  .....(..%\hP_<..
    Dec 12 17:11:40.964: 000000a0: 1 wcm:  01 06 ab 12 12 03 b8 05  28 11 c0 25 5c ec 05 af  ........(..%\...
    Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 24 01 07 01 06 ab 12 12  03 b8 05 28 11 0c 68 03  $..........(..h.
    Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06  ab 12 12 03 b8 05 28 11  .R.$..........(.
    Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 ea 4b 1f 38 01  07 01 06 ab 12 12 03 b8  .h..K.8.........
    Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000e0: 05 28 11 0c 68 03 d6 e4  0f 38 01 07 01 06 ab 12  .(..h....8......
    Dec 12 17:11:40.964: 000000f0: 1 wcm:  12 03 b8 05 28 11 c0 25  5c a3 f4 8f 30 01 07 01  ....(..%\...0...
    WLC1#
    Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 28  11 0c 68 03 ea 40 7f 30  .......([email protected]
    Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 00000110: 01 07 01 06 ab 12 12 03  b8 05                    ..........
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Received Neighbor List Request from Mobile  8853.2e9e.f70a
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile  8853.2e9e.f70a 
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile  8853.2e9e.f70a
    Dec 12 17:12:51.006: 00000000: 1 wcm:  01 1a 33 81 88 53 2e 9e  f7 0a c0 25 5c 68 50 50  ..3..S.....%\hPP
    Dec 12 17:12:51.006: 00000010: 1 wcm:  28 11 c0 25 5c 68 50 50  01 00 02 01 06 ab 0d 0d  (..%\hPP........
    Dec 12 17:12:51.006: 00000020: 1 wcm:  03 b8 05 28 11 c0 25 5c  ec 05 a0 0b 00 07 01 06  ...(..%\........
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11  0c 68 03 ea 52 10 06 00  ......(..h..R...
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8  05 28 11 0c 68 03 d6 e4  .........(..h...
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 00 0b 00 07 01 06 ab 0d  0d 03 b8 05 28 11 0c 68  ............(..h
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 03 4d d0 60 01 00 07 01  06 ab 0d 0d 03 b8 05 28  .M.`...........(
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 ea 40 70 01  00 07 01 06 ab 0d 0d 03  ..h..@p.........
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000080: b8 05 28 11 0c 68 03 ea  4b 10 01 00 07 01 06 ab  ..(..h..K.......
    Dec 12 17:12:51.006: 00000090: 1 wcm:  0d 0d 03 b8 05 28 11 c0  25 5c 68 50 5f 3c 01 04  .....(..%\hP_<..
    Dec 12 17:12:51.006: 000000a0: 1 wcm:  01 06 ab 12 12 03 b8 05  28 11 c0 25 5c ec 05 af  ........(..%\...
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 24 01 07 01 06 ab 12 12  03 b8 05 28 11 0c 68 03  $..........(..h.
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06  ab 12 12 03 b8 05 28 11  .R.$..........(.
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 ea 4b 1f 38 01  07 01 06 ab 12 12 03 b8  .h..K.8.........
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000e0: 05 28 11 0c 68 03 d6 e4  0f 38 01 07 01 06 ab 12  .(..h....8......
    Dec 12 17:12:51.006: 000000f0: 1 wcm:  12 03 b8 05 28 11 c0 25  5c a3 f4 8f 30 01 07 01  ....(..%\...0...
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 28  11 0c 68 03 ea 40 7f 30  .......([email protected]
    Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000110: 01 07 01 06 ab 12 12 03  b8 05                    ..........
    Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Received Neighbor List Request from Mobile  8853.2e9e.f70a
    Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile  8853.2e9e.f70a 
    Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile  8853.2e9e.f70a
    Dec 12 17:15:48.712: 00000000: 1 wcm:  01 07 33 81 88 53 2e 9e  f7 0a c0 25 5c 68 81 20  ..3..S.....%\h..
    Dec 12 17:15:48.712: 00000010: 1 wcm:  28 11 c0 25 5c 68 81 20  01 00 02 01 06 ab 0d 0d  (..%\h..........
    Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 00000020: 03 b8 05 28 11 0c 68 03  ea 52 10 06 00 07 01 06  ...(..h..R......
    Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11  0c 68 03 ea 4a f0 0b 00  ......(..h..J...
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8  05 28 11 0c 68 03 d6 eb  .........(..h...
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 20 01 00 07 01 06 ab 0d  0d 03 b8 05 28 11 c0 25  ............(..
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 5c ec 05 a0 0b 00 07 01  06 ab 0d 0d 03 b8 05 28  \..............(
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 d6 e4 00 0b  00 07 01 06 ab 0d 0d 03  ..h.............
    Dec 12 17:15:48.713: 00000080: 1 wcm:  b8 05 28 11 c0 25 5c 68  50 50 01 00 07 01 06 ab  ..(..%\hPP......
    Dec 12 17:15:48.713: 00000090: 1 wcm:  0d 0d 03 b8 05 28 11 c0  25 5c 68 81 2f 38 01 04  .....(..%\h./8..
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000a0: 01 06 ab 12 12 03 b8 05  28 11 0c 68 03 ea 4a ff  ........(..h..J.
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 2c 01 07 01 06 ab 12 12  03 b8 05 28 11 0c 68 03  ,..........(..h.
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06  ab 12 12 03 b8 05 28 11  .R.$..........(.
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 d6 e4 0f 38 01  07 01 06 ab 12 12 03 b8  .h....8.........
    Dec 12 17:15:48.713: 000000e0: 1 wcm:  05 28 11 c0 25 5c ec 05  af 24 01 07 01 06 ab 12  .(..%\...$......
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000f0: 12 03 b8 05 28 11 0c 68  03 d6 eb 2f 3c 01 07 01  ....(..h.../<...
    Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05                              .......
    WLC1#show wireless client mac-address 8853.2e9e.f70a ccx roam-history
    Shouldn't the output be the same as the AireOS command "show client roam-history client-mac"?
    Kind regards,
    Vasco Costa

    Obtaining CCX Client Roaming Information (CLI)
    Step 1  
    View the current RF parameters configured for client roaming for the 802.11a or 802.11b/g network by entering this command:show {802.11a | 802.11b} l2roam rf-param
    Step 2  
    View the CCX Layer 2 client roaming statistics for a particular access point by entering this command:show {802.11a | 802.11b} l2roam statistics ap_mac
    This command provides the following information:
    The number of roam reason reports received
    The number of neighbor list requests received
    The number of neighbor list reports sent
    The number of broadcast neighbor updates sent
    Step 3  
    View the roaming history for a particular client by entering this command:show client roam-history client_mac
    This command provides the following information:
    The time when the report was received
    The MAC address of the access point to which the client is currently associated
    The MAC address of the access point to which the client was previously associated
    The channel of the access point to which the client was previously associated
    The SSID of the access point to which the client was previously associated
    The time when the client disassociated from the previous access point
    The reason for the client roam
    Debugging CCX Client Roaming Issues (CLI)
    If you experience any problems with CCX Layer 2 client roaming, enter this command:
    debug l2roam [detail | error | packet | all] {enable | disable}

  • WLC 5760 AUTHMGR-5-FAIL log

    I am using the WLC 5760
    My SSID use WPA2 PSK and i don't use ISE or Radius or AAA to authentication
    Some client can connect to the AP,but can not ping the gateway
    When i show logging from WLC,it will see the log like
    %AUTHMGR-5-FAIL: Authorization failed or unapplied for client
    How do i resolve this problem
    Thank's

    Hi,
    Have you made sure that the appropriate vlans are permitted on the trunk between the WLC and the switch?
    Normally the gateway is an SVI on a core switch, so if the vlan is not permitted, you wouldn't be able to ping the gateway.
    HTH
    Mike

  • Wlc 5760 design

    I have a new deployement with WLC 5760.
    total number of aps are 150 with 4 WLANs.
    each WLAN is mapped to a sperate VLAN. I have a couple of design questions:
         - the switchport configuration of the AP will be trunk or access ?
           if access, then port should be memeber of which VLAN ?
         - mobility configuration for single WLC design ?
         - I would like to make two groups in which group 1 will advertise WLAN 1,2 and 3 while the group 2 will advertise only WLAN 4.
           is it possible ?
    really apprecite your response.
    Regards

    Hi,
    Here is my responses
       - the switchport configuration of the AP will be trunk or access ?       if access, then port should be memeber of which VLAN ?
    5760 only support Local mode APs. So all your AP connected switchports (in access layer) should be configured as access ports. You can put that in a different AP management vlan.
         - mobility configuration for single WLC design ?
    You can configure a mobility group name even though no any other controllers.
         - I would like to make two groups in which group 1 will advertise WLAN 1,2 and 3 while the group 2 will advertise only WLAN 4.        is it possible ?
    Yes, you can create two AP groups & map these WLANs. Then add APs into these two AP groups according to your requirement.
    These posts should give you some reference
    http://mrncciew.com/2013/12/16/5760-in-ca-cuwn/
    http://mrncciew.com/2013/12/12/getting-started-with-5760/
    http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
    HTH
    Rasika
    **** Pls rate all useful responses *****

  • WLC 5760 - AP2600i failed to join ap-group after reboot

    Hi,
    We're deploying a couple of 2600i with an WLC 5760.
    We've configured an AP group, named it "factory", and then issued the command ap name AP<ip mac address> ap-groupname factory for both APs. After the restart, both AP were on the AP-Group factory.
    The problem is that is we reboot or power off the APs, one will join automatically the AP-Group factory and the other goes to default-group and requires the ap name APAPf872.ead7.31da ap-groupname factory to join the AP group factory again.
    Any suggestion? Is it possible to forced the ap-group configuration directly on the cli of the AP?
    WLC1#sh ap groups
    Site Name: default-group
    Site Description:
    WLAN ID   WLAN Name                        Interface
    AP Name                          Slots AP Model             Ethernet MAC      Location      Port                   Country Priority GroupName
    Site Name: factory
    Site Description:
    WLAN ID   WLAN Name                        Interface               Radio
    AP Name                          Slots AP Model             Ethernet MAC      Location      Port                   Country Priority
    APf872.eaa6.fc69                 2     2602I                f872.eaa6.fc69 default location Te1/0/1                PT      1      
    APf872.ead7.31da                 2     2602I                f872.ead7.31da default location Te1/0/1                PT      1      
    debug ap group
    (AP joining the apgoup factory)
    Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 7 for apVapId 1 for ap APf872.eaa6.fc69  apgroup factory
    Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 7 for apVapId 2 for ap APf872.eaa6.fc69  apgroup factory
    Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 7 for apVapId 3 for ap APf872.eaa6.fc69  apgroup factory
    Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 7 for apVapId 4 for ap APf872.eaa6.fc69  apgroup factory
    Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 7 for apVapId 5 for ap APf872.eaa6.fc69  apgroup factory
    Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 7 for apVapId 6 for ap APf872.eaa6.fc69  apgroup factory
    Sep 17 18:24:24.420: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 7 for apVapId 7 for ap APf872.eaa6.fc69  apgroup factory
    (AP joining the default-group)
    Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 0 for apVapId 1 for ap APf872.ead7.31da  apgroup default-group
    Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 0 for apVapId 2 for ap APf872.ead7.31da  apgroup default-group
    Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 0 for apVapId 3 for ap APf872.ead7.31da  apgroup default-group
    Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 7 for apVapId 4 for ap APf872.ead7.31da  apgroup default-group
    Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 0 for apVapId 5 for ap APf872.ead7.31da  apgroup default-group
    Sep 17 18:30:36.078: apfRadioPolicySiteTableEntryGet: 1 wcm:  found radio Policy 0 for apVapId 6 for ap APf872.ead7.31da  apgroup default-group
    Kind regards,
    Vasco Costa

    We've used a another group of 2600i APs and it seems that this problem only occous with AP "APf872.ead7.31da" so this is not a WLC problem.
    closing case

  • Reception / Battery problems with iPhone 3GS after upgrading to iOS 4.2.1

    There are major reception and battery problems with iPhone 3GS after upgrading to iOS 4.2.1.
    I can not believe that Apple did not test this for major bugs like this one is.
    I am a business user and can not effort to have bad reception. Apple wants to gain in the business clients... I never had this with my former BlackBerrys!
    I need a reliable phone not a play thing like this is right now, it just needs it to work propely. And if a major bug like this comes along, fix it immediately. After the iPhone4 story, now this...incredible! Going back to my reliable BlackBerry! It just ain't reliable and takes forever to fix a problem.

    I have the same issue after iOS 4.2.1 update. I am using iPhone 3GS officially unlocked by Apple. I tried using different SIM cards and both carriers show same problem when using phone in 3G mode. Phone falls back to EDGE mode showing 'E' from '3G' at start. I have reset the phone and rebooted several times and moved to different cell areas in the city just to verify the problem.
    I had no such issues earlier. I also have Nokia E71 which shows full signal and has no such issues.
    I have posted the bug on apple iphone feedback page. I hope they Apple will fix the problem and test the release properly on all models before releasing to public.

  • Anyone having problem with iphone getting not delivered message after sending picture and it really is getting delivered to recipient.

    Anyone having problem with iphone getting a not delivered message after sending pic and it really is getting delivered to recipient.

    Same problem here with and I've done everything shy of a total reset which I also find unacceptable. This problem exists on all iMessage platforms (iPhone, iPad, and Mac) so I don't see how restoring my iPhone would help the problem.

Maybe you are looking for

  • Photoshop CS3 quits when opening PDF files

    Does anyone have this problem? Because it happens to me a lot. I'll try to open a PDF with Photoshop, choose my settings, then it rasterizes the PDF and unexpectedly quits. Then I'll try changing the color setting from RGB to CMYK and it will work. O

  • Converter my word resume to pdf

    How can  I converter my wordpad resume in to pdf

  • Imessage will not activate iOS8

    okay so basically i've brought an iphone 6 on contract (vodafone) i wanted to keep my old number so i used their "keep my number" service online, ever since ive done that my imessage will not go through or any messages for that matter, imessage is st

  • Inserting an Image on mouse clicked HELP

    Hi. I', trying to make a Tic tac toe game(if you do not understand please run this programme). The thing I want to happen is: the user clicks over a "sqare" and when mouse is released the image (X or O) appears on that position. I can't get my progra

  • Change an extract-structure in an existing datasource

    Hello, I want to change an extract-structure in an existing datasource (0COORDER_TEXT), but I don't know how to do. (I first thought I can do it with trx RSA6.) Can anybody give me a hint how to change the extract-structure? Kind regards Udo