WLC and Radius issue
We keep get the following error. And everytime we got this, the clients have been force to re-authentication.
Any idea?
Thanks,
RADIUS server 10.108.32.33:1812 activated on WLAN 1
RADIUS server 10.140.4.9:1812 deactivated on WLAN 1
Go to clients. Look up the client by mac address and look at the PEM state. It will tell you why the client is failing ..
DHCP_REQ is meaning there is a DHCP issue
8021x_REQ means it failed auth
You could also turn off exclude as a test, perhaps these clients are a little slow to auth.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
Similar Messages
-
Wlc and radius authenticationn
We have deployed Cisco Airspace AP with Wireless LAN Controllers (4400).
Currently we have the WLC authenticating using radius to ACS version 4.01 servers.
Unfortunately when the primary ACS get rebooted all the athentication requests go to the secondary server which in affect is fine but when the primary comes back up the authenticatons continue to go to the secondary server.
Is there no round-robin feature to enable on the WLC so that it detects that the primary is back up and continue to authenticate to that server ?I have not seen a way yet except by using a CSS to front-end the ACS servers (mainly done for lad-balancing purposes actually). I am also curious if there is an option as I have been through most web pages many times. Maybe it's buried in the command line.
-Eric
Please remember to rate all helpful posts. -
WLC and Radius that only speaks PAP.
Hi, I have a costumer with a WLC 2500 controller and a guest-solution with a radius server that only supports PAP authentication to the radius client (WLC). How can I make the WLC talk PAP to the Radius server? It looks like the controller uses MS-CHAP2 as default.
Regards
Tom C.I have not seen a way yet except by using a CSS to front-end the ACS servers (mainly done for lad-balancing purposes actually). I am also curious if there is an option as I have been through most web pages many times. Maybe it's buried in the command line.
-Eric
Please remember to rate all helpful posts. -
Hi,
I have been having a lot of issues with clients at a site that have a WLC and use EAP-TLS to an ACS server across the WAN. Most of the issues are roaming related in that the re-authentication time is very long. I have implemented QOS for the RADIUS traffic but they are still reporting problems.
Looking at the logs on the WLC (5.1.151.0) I see messages simliar to this one for all 5 ACS servers.
RADIUS server 10.x.x.x:1645 deactivated in global list
RADIUS server 10.x.x.x:1645 failed to respond to request (ID 65) for client 00:0b:6b:87:54:d2 /user 'unknown'
What concerns me is the word "deactivated". Does this mean that if an unknown client attempts to connect to this wlan and ACS is unable to authenticate it then the ACS server is "disabled" by the WLC?
Is this the case?
ThanksThanks JG,
Just one other question. The message says that the RADIUS server is disabled. Does this mean that it moves on to the next RADIUS server in the list?
(In the logs I can see the WLC cyclng through all the RADIUS servers in quick succession, diabling them as it fails to get a response for the unknown user)
COuld this almost be a denial of serivce style issue.
Thanks -
Cisco wlc and steel belted radius
we have cisco wlc controller that have two ssid one for user and one for guest
we need the user in ssid 1 take user name and password from user group in active directory through steel belted radiu
please send to me any integrated guide between cisco wlc and steel belted radius
regardsHi Mohammad,
I am unaware of a specific Steel Belted RADIUS intrgration guide for the WLCs, however the configuration process on the controller will be the same:
Cisco WLC Configuration Guide 7.0 - Configuring RADIUS:
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1388328
You may wish to contact your RADIUS vendor for additional configuration steps on the server.
Best,
Drew -
Radius L10W-B keyboard and mouse issues
Hello, I have just purchased a Toshiba Satelite Radius L10W-B notebook less then a day ago, and am exeriancing SERIOUS keyboard and mouse issues, Juts after purchasinng this notebook, after converting it to tablet mode and back to notebok mode, the keyboard and mouse was NON existant for over 4 hours, DID NOT WORK AT ALL. I took it back to the reseller and ofcourse as soon as I tried to show the issue, all worked fine. Now, I have massive latency issues with both keyboard and mouse. The keyboard misses key strokes in almost every 8 keys. I get 1 missed keystroke in every 8 keys pressed when typing, and these are not typos, just absolutely nothing, thyre absolute misses all togeather. This make for alot of retyping and backspacing etc etc. also, the mouse is disabled for about 3 seconds after tying, then snaps back into action. This means when typing and switching to the mouse reasonably fast, the mouse is non responsive for about 1 second which is fairly irretating. This email took over 20 minutes to write, for this exact reason. Im sure this is not normal. I really love this notebook in every other aspect, however these issues just make it plain ususuable. Any ideas? Thanks!
Peter,
thanks for the reply. However im convinced this is hardware related! While I really hope not, Ive tried all solutions posted by others.
It simply seems the keyboard is poor quality and the rest of the laptop is awesome!
I really hope im wrong! But its my gut feeling
Ill try give them a call but not holding my breath. -
802.1X authentication and roaming issues
Hi there,
I have installed about 2 days ago one Cisco WCS 2504 and 11 APs. Everything is doing well regarding to WEP authentication. But I have a Radius Server that is alson running with some issues on wireless:
- Unless I open network settings and click connect on that config I cannot obtain a valid IP Address;
- Roaming is not working also;
FYI the certificate (on radius) has expired
TYNot all these are radius issues
- WPA2 Wlan still ok (144Mbit), but dont know when roaming works (how can I know/change these settings?);
Look at the client adapter as there is usually a roaming aggressiveness option on these devices. Play around with that.
- Radius autenticated with 802.11 Data Encryption on 40 bits Key size connects always at 54Mbps (g) and auto authenticate but dont know when roaming works (how can I know/change these settings?);
802.11n only supports open authentication or WPA2/AES. WEP is not supported so that why you get up to 54mbps.
- Radius with 802.11 Data Encryption with none key size, doesnt authenticate connects 144Mbit but doesnt acquire IP Address
You have a configuration issue either in the WLC or the switch.
Sent from Cisco Technical Support iPhone App -
Hi everyone,
What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
The wireless network is configured with 2 SSID (Staff and Guest)
Active Directory, DNS, DHCP, and NTP configured & synced.
ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
Please provide your thoughts and assistance.
RegardsYou have to implement dot1x and radius between your NAD and ISE device.
Using the switch 3850, that are the steps:
username RADIUS-HEALTH password radiusKey1 privilege 15
aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
!this password will be used to communicate with ISE and to verify reachability
!between ISE and Switch
aaa server radius dynamic-author
client 172.16.1.18 server-key 7 radiuskey
client 172.16.1.20 server-key 7 radiuskey
ip domain-name lab.local
ip name-server 172.16.1.1
dot1x system-auth-control
interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 50
switchport access vlan 10
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
ip access-list extended ACL-ALLOW
permit ip any any
!the comm between radius and ise will occur on these Port
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
snmp-server community ciscoro RO
snmp-server community public RO
snmp-server trap-source Vlan100
snmp-server source-interface informs Vlan100
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
!defining ISE servers
radius server ISE-RADIUS-1
address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
automate-tester username RADIUS-HEALTH idle-time 15
key radiusKey
Please be sure that NTP servers and time are synchronized.
enable dot1X on windows machine, or using cisco NAM.
you can enable debugging on aaa authentication to see the events.
you have to create this user on ISE (RADIUS-HEALTH).
3850#test aaa group radius username password new-code
and observe the result. You are supposed to have user authenticated successfully.
You Must also have define these device in ISE on the radius interface.
ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE.
administration-->network resources -->Network Devices-->Add
input the name
input the Ip address for radius communication
select the authentication settings and field the corresponding shared secret radius key
select snmp settings and select version 2c.
snmp community : ciscoro
you can customize the polling interval if you want and that all.
you are supposed to received message communication between your NAD and ISE.
After you can do the procedure for WLC device.
I will fill it after you have passed the first steps (3850 authentication). -
I configured my Aironet 1262N autonomous AP to authenticate and account my users against a FreeRADIUS server. In the RADIUS server database, I saw some records like:
select username, acctauthentic, acctterminatecause, acctstarttime, acctstoptime from radacct where username='xxxxxx';| xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 09:15:32 | 2014-02-22 11:15:58 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 09:15:58 | 2014-02-22 12:16:36 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:16:37 | 2014-02-22 09:22:13 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:22:14 | 2014-02-22 09:27:34 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:27:35 | 2014-02-22 09:33:12 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:33:14 | 2014-02-22 09:38:34 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:38:35 | 2014-02-22 09:43:55 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:43:57 | 2014-02-22 09:49:17 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:49:18 | 2014-02-22 09:54:52 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:54:54 | 2014-02-22 10:00:14 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:00:14 | 2014-02-22 10:00:26 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 10:00:26 | 2014-02-22 10:06:17 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:06:19 | 2014-02-22 10:11:39 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:11:41 | 2014-02-22 10:17:52 || xxxxxx | Local | Lost-Carrier | 2014-02-22 14:50:41 | 2014-02-22 14:50:42 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 14:50:42 | 2014-02-22 15:01:25 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:01:26 | 2014-02-22 15:06:46 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:06:48 | 2014-02-22 15:12:08 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:12:09 | 2014-02-22 15:20:24 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:20:25 | 2014-02-22 15:28:33 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:28:35 | 2014-02-22 15:33:54 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:33:55 | 2014-02-22 15:39:15 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:39:17 | 2014-02-22 15:44:37 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:44:38 | 2014-02-22 15:49:59 || xxxxxx | Local | | 2014-02-22 15:49:59 | NULL |
As you can see, the Acct-Authentic fields contains two possible values: Local and RADIUS. I didn't create any user with name 'xxxxxx' on AP, and I configure the authentication is against the RADIUS server. Why there are so many Acct-Authentic = 'Local'?
Also, this user always lost his connection and then reconnected quickly. This user login his account in multiple devices, including smart phone and computers. All of them are experiencing the same issue. Is there anyway to debug it? Any protential reasons?
Regards,
Lingfeng XiongHi,
I have exactly the same problem with my freeradius and switchs when swiths are in IOS 15.x .
You can see the log accounting :
| 5971 | 0000007E | bde8f71b768f2785 | | | | 10.254.1.253 | 50001 | Ethernet | 2014-04-03 23:23:04 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5972 | 0000007F | 27c15b7db52213d9 | | | | 10.254.1.253 | 50001 | Ethernet | 2014-04-03 23:23:04 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5973 | 00000080 | 8fb0d5fe41e82d65 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:23:18 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5974 | 00000081 | fa753225306a1a30 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:23:35 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5975 | 00000082 | 39b6dfcf6aa90e30 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:25:57 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5976 | 00000083 | d7766e99f09aee2f | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-03 23:26:33 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5977 | 00000084 | 7094f61110fe4eef | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:29:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5978 | 00000085 | 66ded1d410f07c51 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:30:00 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5979 | 00000086 | 326144c4321e0286 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:30:32 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5980 | 00000087 | 01d1379a4f9c3365 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:32:57 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5981 | 00000088 | 91164743f562dfdb | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:34:59 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5982 | 00000089 | abf1519e403f8305 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:36:21 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5984 | 0000008B | 2e199e473e646ba4 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:21:01 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5986 | 0000008C | cb4c2e11189d484c | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:10 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5987 | 0000008D | 1e928dc7eabc1e6d | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:11 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5988 | 0000008E | f1e3754a954e6863 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:15 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5989 | 0000008F | e46d377efc8a47f8 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:00:02 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5990 | 00000090 | e098f1dc19bdeee2 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:01:02 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5991 | 00000091 | 6ae3acb7d57c9c5a | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:56:25 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5992 | 00000092 | abc974156cf20e23 | | | | 10.254.1.253 | 50021 | Ethernet | 2014-04-04 03:10:56 | NULL | 1943 | Local | | | 0 | 204825 | | | | Framed-User | | | 0 | 0 | |
| 5993 | 00000093 | be822673509843a6 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 03:51:41 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5994 | 00000094 | 0a4366a6cd9eb0c5 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 07:53:42 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5996 | 00000095 | 5d289b8db37d0c8d | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 08:58:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5997 | 00000096 | c4ea1e813085a6d7 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 08:58:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6002 | 0000009A | a82ac41b1ff5f16b | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:03:12 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6004 | 0000009B | 0719718c780250c2 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:53:30 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6005 | 0000009C | c58f9c5e30b60fb7 | | | | 10.254.1.253 | 50016 | Ethernet | 2014-04-04 09:56:54 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6007 | 0000009D | f78cc71528fd7898 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:56:54 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6008 | 0000009E | 200a1608264cc03c | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:01:14 | 2014-04-04 10:30:24 | 1750 | Local | | | 114654 | 93145 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6009 | 0000009F | c5ec021f0ef399c1 | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:01:44 | 2014-04-04 10:30:24 | 1720 | Local | | | 109122 | 86295 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6013 | 000000A4 | 042773e07781caba | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:30:26 | 2014-04-04 10:39:51 | 565 | Local | | | 36891 | 39077 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6015 | 000000A5 | f6b305e3f0d6aa5a | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:30:56 | 2014-04-04 10:39:51 | 535 | Local | | | 31698 | 32171 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6017 | 000000A6 | ef6cad3df24ccd61 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 10:42:20 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
Someone has an idea ?
Thanks,
Best regards, -
WLC 4402 RADIUS Authentication with IAS
Hello
I configured a WLAN with PEAP (CHAP v2)and Radius authentication to a Win 2003 IAS Radius Server.
On the controller 4402 the layer 2 security is set to WPA1+WPA2 with 802.1x authentication.
The IAS server don't use the configured policy when a authentication reguest arrive.
I there an issue with special RADIUS attributes or configuration items on the IAS Server?
The following event appear in the windows logs:
User STANS\kaesmr was denied access.
Fully-Qualified-User-Name = STANS\kaesmr
NAS-IP-Address = 172.17.25.6
NAS-Identifier = keynet-01
Called-Station-Identifier = 00-18-74-FB-CA-20:keynet
Calling-Station-Identifier = 00-16-CE-52-C8-EB
Client-Friendly-Name = Wireless-Controller
Client-IP-Address = 172.17.25.6
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Windows-Authentifizierung f?r alle Benutzer verwenden
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = Extension
EAP-Type = <undetermined>
Reason-Code = 21
Reason = The request was rejected by a third-party extension DLL file.What I understand from your post is that the authentication is not handled by your IAS server. IF I am correct, the problem might be with the "Allow AA override" option disabled in your WLAN. If it is enabled, then the AAA server or your IAS server will override the security parameters set locally on the controller.
So, first ensure whether "Allow AAA override" is enabled under Controller--->WLAN field.
Also, chek out the logs of the IAS server for obtaining more info on this. -
Cisco 8510 WLC and RTU licence
Hi Guys,
I have a simular issue where is shows the status as active, not-in-use.
What does this mean and how do I get this to be in use.
This is a Controller with HA-SKU license.
The licenses has been inherited from the Primary Controller.
Any license on HA-SKU controller is disregarded.
Feature name: ap_count (adder)
License type: Permanent
License state: Active, Not-In-Use
License Nodelocked: No
RTU License Count: 50
Hope to hear from you soon.
Regards,
Clifton.Hi,
since this is a HA-SKU WLC, and the license is inherited from the active then no need to have a permenant license on it.
is the HA working fine?
please review the following link for the HA licensing requirements
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#licensing -
Hi to all,
i want to use local-eap+LDAP (microsoft AD) and i'm experiencing some issue.
First of all i'm not able to bind WLC and LDAP...if a perform a debug aaa ldap enable i get this output:
Any idea about how to solve this issue?
Regards
AleIt sounds like .... invalid credentials ? :-)
Please post your LDAP config on WLC.
Is your admin username with which you're binding within the search context that you defined ? this is very important -
I have a 2106 WLC with 4 AP's (AIR-LAP1252AG-A-K9)
One of the AP's (port 4) is only connecting at 10Mbps, not 100Mbps and I don't know why?
All the ;ports are set on the controller to AUTO, When I try to force that port to 100Mbps, the link drops.
Could it be a cabling issue... or could I have a bad port on the 2106? How to I troubleshoot this. It's odd, because
that particular AP is about 100ft from thte WLC and the closest to it.
Any ideas?
Joe
Primary Software Version 7.0.116.0
Predownload Retry Count
Boot Version 12.4.18.1
IOS Version 12.4(23c)JA2
Mini IOS Version 3.0.51.0
Primary Software Version 7.0.116.0
Predownload Retry Count
Boot Version 12.4.18.1
IOS Version 12.4(23c)JA2
Mini IOS Version 3.0.51.0Interesting... I unplugged the LAP (data and power) and removed it from the wall of our training room 75ft from our computer room, walked the AP into the computer room and with a 15' patch cord and power supply plugged it back into the WLC 2106. Waited a min for the AP to reboot and now my port speed is showing 100Mbps connection.
The issue must be with the cable run...? Thanks for pointing out the obvious. This now begs another questions regarding 2106 best practices and the idea of connecting our 4 AP's directly into network switches and not the WLC 2106 itself. That seems to be the recommendation. Any comments?
Joe -
Tacacs+ for exec and radius for ppp on the same ras
Hi, I'm going to implement tacacs+ for exec control and RADIUS for ppp control in a ras router, using the same ACS for tacacs+ and radius sessions.
Is there any problem with this kind of configuration ?
thank you in advance
RenatoRenato
I have recently done something very similar at a customer site. On a remote access server we configured it to use TACACS for exec control and to use Radius for ppp. In our case we are using different servers but I do not think that would be an issue. We also are generating aaa accounting records for the ppp sessions and sending the accounting records to the TACACS server. I have not had any particular problems with getting this to work.
HTH
Rick -
Hi there
we would like to redirect some WLANs on a WLC to a proxy server, but for this we would need WCCP. Because we have a Nexus 7000 in the core layer and I am not sure if Nexus supports WCCP in VRF, I wanted to ask if there is an easy way to redirect the traffic directly on the WLC (maybe with WCCP or something else)?
Thanks a lot in advance and best regards
DominicThe reality of the interfaces, is that they are not L3 interfaces. They are still a L2 interface. Dynamic interfaces require an IP address, so that the WLC knows when you do a L3 roam.
For example, Building A has Data on vlan 15 10.15.1.x, Building B Data is vlan 15 10.115.1.x. If you roam between the buildings, we need to know that you need to be L3 and anchor the traffic back to Building A's WLC, and not locally switch the traffic out of Building B's WLC. If we dont' know this, you would have issues, until the device tried to re-IP itself for the new subnet.
HTH,
Steve
Please remember to rate helpful posts or to mark the quesiton as answered so that it can be found later.
Maybe you are looking for
-
Closing stock by using opening sock
Hi All, I got opening stock by using this how can I calculate closing stock,pls help me. REPORT zhzl_material_analysis_gb LINE-SIZE 1000. tables:mara,mseg,s034. TYPE-POOLS: slis. DATA: budat TYPE budat. DATA: v_fieldcat TYPE slis_fieldcat_alv, v_t_
-
How do I make a header column in a pivot table a field from the table
I am trying to reference a field for a header column in a pivot table. for example: 2006 - Cat, 2006-Dog I am trying to get the following result: 2006-Cat January February March April May June July August September
-
Help - Templates are not displaying in English
For some reason, the templates in Pages (as well as in iWeb) are not displaying in English -- although that's my default language on my MacBook. I would think this is something easy to fix, but I must just be overlooking something. (MS Word displays
-
Including libraries in executable jar
Hi, jdeveloper 11.1.1.3 here. I have wrote a one-class application, which uses the jdbc oracle driver to connect to a database. I want to make an executable jar of this application. I have succesfully imported the driver in my jar file, but in the ma
-
How to transport Custom Characteristics in consolidation to other system?
Hello, For consolidation purposes i was creating new characteristic for table ECMCT with T.CODE CX0A1. I was genereting the changes i have made, but transport was not created. Can someone tell me how to transport custom characteristic? Best regards,