WLC issue with RADIUS
Hello,
I have the following strange behavior:
my WLCs connects to RADIUS server using the IP address of a dynamic interface instead of using the management interface's IP address.
Tha dynamic interface is on the same subnet/vlan of the RADIUS server.
which is the best interface to use for RADIUS authentications?
And how can I decide which interface shuold be the IP radius-source interface for connecting with my radius servers?
Thanks everybody
Johnny
If you have the Radius server on a subnet in which you have any interface on the wlc on, you will see the wlc using that interface ip address. The AAA client ip address you should use is the dynamic interface ip address. The only time you will see the wlc use its management interface is when your wired and wireless (dynamic interfaces) are on different subnets.
Similar Messages
-
Auto-Signon issue with RADIUS authentication
Hi all, i post again a question Posted by ronin2307 on Nov 27, 2007, 9:40am PST
I HAVE THE SAME ISSUE WITH 8.0.3 release!
Hi,
we have a fairly simple configuration running on our ASA and try to make use of the webvpn on occasion. The feature used to work great with 7.2, but after we upgraded to 8.0 we started having problems.
Basically an user (network admin) can log in through the webvpn interface (authenticated by a RADIUS server) and see the links to network shares we provide, click on them and at that point the user is promptedfor credentials again. upon entering them then message comes up that the access to the resources has been blocked due to security reasons.
Now to me that makes no sense whatsoever. I have already run the following command:
auto-signon allow ip 192.168.1.0 255.255.255.0 auth-type ntlm
to try to prevent the second credentials prompt but to doesn't do anything.
I also tried to capture the webvpn traffic, according to the user manual, but now i have a zip file that contains bunch of files, I cannot read (except notepad, but that doesn't help a lot). Ethereal will not open the files. I couldn't get to display the capture in the browser as described in the manual.
can anybody give me an idea on what to do to troubleshoot this problem? Thank you very much.For single sign on using NTLM on a webVPN set up, you need to ensure you configure it through the command line. Did you use the ASDM for this single sign on? To configure auto-signon for all WebVPN users to servers with IP addresses ranging from
10.1.1.0 to 10.1.1.255 using NTLM authentication, for example, enter the following
commands:
hostname(config)# webvpn
hostname(config-webvpn)# auto-signon allow ip 10.1.1.1 255.255.255.0 auth-type ntlm
http://www.cisco.com/en/US/docs/security/asa/asa71/asdm51/selected_procedures/asdmsso.html -
Freaky Issue With Radius In Cisco 7206
yesterday I faced a weird issue in 7200 router. It was configured as LNS using its loopback for radius authnetication. But when I checked the logs on radius it is getting the physical interface ip. After that I configured my source as physical interface authentication process completed.
Can anyone tell me why it is not getting source as loopback. On other routers it is working fine.
regards
shivlu jainShivlu,
Glad it is now working. I think it could be related to CSCsq32625, which is a duplicate of CSCse02550, which was indeed fixed in 12.2(31)S13.
CSCsq32625
ip radius source-int not working inside aaa group server config
Symptom: Only Global setting for the AAA Radius server source interface is functioning. Setting the source-interface in the AAA Group configuration has no effect. Conditions: This condition is visible when a router must use more than one source-interface designation for communicating with the RADIUS servers serving it. For example, if there are two groups of servers, and one group uses a Loopback for the source interface, and second group uses the management FastEthernet interface as the source interface. Workaround: All radius servers need to be able to respond to a single source interface, as multiple sources distinguished by AAA Groups are not functioning. Further Problem Description: None
Regards -
Deployment of WLC-5508 with 2702i-D have performance issue.
Hi Team,
We have centrally deployed WLC-5508 with 50 AP licence along with HA scenario. we have 3 locations.
1- HQ. have 26 AP with POWINJ5.
2- Branch location A- 8 AP with POWINJ5.
3. Branch location B have 8 AP with POWINJ4.
my exception is to achieve that single SSID with dynamic VLAN from group police (NPS). MY HO have 26 AP and those are working in local mode.
and branches are connected through flexconnect mode. and all are working with different-2 NPS.
Now i am facing a problem with this deployment are following.
1- branch A have performance issue.
2- HQ have performance issue.
3- i don't want to go with dedicated NPS for every location.
In order to achieve this deployment i want only single SSID with primary and secondary NPS at my HQ with dynamic VLAN for respective departmental users vlans..
above is my problem and concern. otherwise i am successfully achieving this solution with dedicated NPS with single group policy. but when i am going forward to achieve my expectation that time i am facing authentication issue at my HQ and sometimes am not able to get proper VLAN IPs. at my HQ.
kindly help me in that to understand where I am doing wrong things to achieve my expectation.
Thanks.
NalinI am facing 2 different problems.
1st issue- in existing setup we have throughput issue. (while downloading or uploading any data from the internet or Intranet, that time wireless clients are facing slowness of the Speed. and same time when i am trying from LAN i am not facing any issue)
2nd Issue- I want to achieve only single SSID with primary and secondary NPS (AD group is bind with vlan Attributes) with dynamic VLAN for respective departmental users.
for Issue no 2 i have created SSID to achieve the single ssid parameter for every location. in order to achieve i have change all access points mode local to Flexconnect mode after that i have created AP groups location wise and then create flexconnect Groups where i have mapped all the vlan through AAA VLAN-ACL mapping. created interface group and mapped all the vlans in that group.
for more understanding please go through the below mentioned CLI view.
Cisco Controller) >show wlan apgroups
Total Number of AP Groups........................ 4
Site Name........................................ GURGAON-AP-GROUP
Site Description................................. GURGAON-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Pol icy
3 gurgaon-interface Disabled None
--More-- or (q)uit
4 gurgaon-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GUR-AP-01 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:e4 default location 1 IN 1
GUR-AP-05 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b5:18 default location 1 IN 1
GUR-AP-03 2 AIR-CAP2702I-D-K9 bc:16:65:13:71:00 default location 1 IN 1
GUR-AP-07 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:f8 default location 1 IN 1
GUR-AP-06 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:e0 default location 1 IN 1
GUR-AP-08 2 AIR-CAP2702I-D-K9 f4:4e:05:45:78:98 default location 1 IN 1
GUR-AP-02 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:2c default location 1 IN 1
GUR-AP-04 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:64 default location 1 IN 1
GUR-AP-09 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b4:44 default location 1 IN 1
Site Name........................................ MUMBAI-AP-GROUP
Site Description................................. MUMBAI-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
--More-- or (q)uit
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-7-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:d8 7th Floor 1 IN 3
--More-- or (q)uit
FAL-7-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:18 7th Floor 1 IN 1
FAL-7-AP14 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ad:e8 7th Floor 1 IN 1
FAL-7-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:4c 7th Floor 1 IN 1
FAL-7-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:bc 7th Floor 1 IN 1
FAL-7-AP13 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:80 7th Floor 1 IN 1
FAL-7-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:94 7th Floor 1 IN 1
FAL-7-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:e8 7th Floor 1 IN 1
FAL-7-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:f0 7th Floor 1 IN 3
FAL-7-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:e4 7th Floor 1 IN 1
FAL-7-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:84 7th Floor 1 IN 3
FAL-7-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:14 7th Floor 1 IN 1
FAL-7-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:c8 7th Floor 1 IN 3
FAL-7-AP11 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:08 7th Floor 1 IN 1
Site Name........................................ MUMBAI-THIRD-FLOOR-AP
Site Description................................. MUMBAI-THIRD-FLOOR-AP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
--More-- or (q)uit
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-3-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:a4 3rd Floor 1 IN 3
FAL-3-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:94 3rd Floor 1 IN 3
FAL-3-AP11 2 AIR-CAP2702I-D-K9 f4:0f:1b:73:00:74 3rd Floor- Eurek 1 IN 3
FAL-3-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:d0 3rd Floor 1 IN 3
--More-- or (q)uit
FAL-3-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b5:88 3rd Floor 1 IN 3
FAL-3-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:9c 3rd Floor 1 IN 3
FAL-3-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:af:a0 3rd Floor 1 IN 1
FAL-3-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:fc 3rd Floor- Eurek 1 IN 3
FAL-3-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:28 3rd Floor 1 IN 3
FAL-3-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:f4 3rd Floor 1 IN 3
FAL-3-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:8c 3rd Floor 1 IN 2
FAL-3-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:f4 3rd Floor 1 IN 3
Site Name........................................ RAHEJA-AP-GROUP
Site Description................................. RAHEJA-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
--More-- or (q)uit
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
5 raheja-interface Disabled None
2 raheja-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-RAHEJA-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:1c Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:37:3c Confrennce Room 1 IN 3
FAL-RAHEJA-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:48 Near Confrence R 1 IN 3
FAL-RAHEJA-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:c0 Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:a0 Near Server Room 1 IN 3
FAL-RAHEJA-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:20 Reception Area 1 IN 3
FAL-RAHEJA-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:68 USER BAY ROAD si 1 IN 1
FAL-RAHEJA-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:d4 Training Room 1 IN 1
--More-- or (q)uit
Site Name........................................ default-group
Site Description................................. <none>
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
3 gurgaon-interface Disabled None
4 gurgaon-guest Disabled None
5 raheja-interface Disabled None
6 test Disabled None
Cisco Controller) >show flexconnect group summary
FlexConnect Group Summary: Count: 4
Group Name # Aps
Gurgaon-AP 9
HQ-3RD-FLR-AP-GROUP 12
HQ-7THFLR-AP-GROUP 14
Raheja-AP-Group 8
(Cisco Controller) >show flexconnect group detail Gurgaon-AP
Number of AP's in Group: 9
bc:16:65:13:71:00 GUR-AP-03 Joined Flexconnect
f4:4e:05:45:78:98 GUR-AP-08 Joined Flexconnect
f4:4e:05:78:ae:64 GUR-AP-04 Joined Flexconnect
f4:4e:05:78:ae:e4 GUR-AP-01 Joined Flexconnect
f4:4e:05:80:b3:2c GUR-AP-02 Joined Flexconnect
f4:4e:05:80:b3:e0 GUR-AP-06 Joined Flexconnect
f4:4e:05:80:b3:f8 GUR-AP-07 Joined Flexconnect
f4:4e:05:80:b4:44 GUR-AP-09 Joined Flexconnect
f4:4e:05:80:b5:18 GUR-AP-05 Joined Flexconnect
Efficient AP Image Upgrade ..... Disabled
Master-AP-Mac Master-AP-Name Model Manual
Group Radius Servers Settings:
Type Server Address Port
Primary Unconfigured Unconfigured
Secondary Unconfigured Unconfigured
--More-- or (q)uit
Group Radius AP Settings:
AP RADIUS server............ Disabled
EAP-FAST Auth............... Disabled
LEAP Auth................... Disabled
EAP-TLS Auth................ Disabled
EAP-TLS CERT Download....... Disabled
PEAP Auth................... Disabled
Server Key Auto Generated... No
Server Key.................. <hidden>
Authority ID................ 436973636f0000000000000000000000
Authority Info.............. Cisco A_ID
PAC Timeout................. 0
Multicast on Overridden interface config: Disabled
DHCP Broadcast Overridden interface config: Disabled
Number of User's in Group: 0
Vlan :........................................... 203
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 205
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 204
--More-- or (q)uit
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 206
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 207
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 208
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 209
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 210
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 211
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 212
Ingress ACL :................................... None
Egress ACL :.................................... None
--More-- or (q)uit
Vlan :........................................... 216
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 217
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 218
Ingress ACL :................................... None
Egress ACL :.................................... None
Group-Specific FlexConnect Wlan-Vlan Mapping:
WLAN ID Vlan ID
WLAN ID SSID Central-Dhcp Dns-Override Nat-Pat
(Cisco Controller) >
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 6
WLAN ID WLAN Profile Name / SSID Status Interface Name PMIPv6 Mobility
1 FRACTAL-EMP-MUMBAI / FRACTAL Enabled group for mumbai none
2 FRACTAL-GUEST / FRACTAL-GUEST Enabled guest wifi none
3 FRACTAL-EMP-GURGAON / FRACTAL-GURGAON Enabled gurgaon-interface none
4 GURGAON-GUEST / FRACTAL-GUEST-GURGAON Enabled gurgaon-guest none
5 RAHEJA-EMP-WIRELESS / FRACTAL-R Enabled raheja-interface none
6 TEST-SSID / TEST-SSID Enabled test none
hope this will give you proper understanding. -
WLC- dynamic Vlan assignment with Radius
Hello, we would like to use this feature in our company and because of that I am now testing it. But I found one problem.
I created one testing SSID and two Vlans on WLC. On ACS I use an IETF atributes (064,065,081) for my account and I am changing Vlan ID (081) during testing.
It works with LEAP but when I use PEAP-GTC (which we use commonly in our company) the ip address is not assigned properly (ip which was assigned before remains).
Could you please help me?There is good document which explains how to configure Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller. This will help you. You will find the document at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
-
WLC not integrating with Radius Server
Hello world,
I have the following situation:
One WLC 2000 Series (software version 7.0.230.0) with multiple SSID`s, one is with 802.1x integrated with a Radius Server.
Everything worked fine until fiew days ago, when users were unable to logon via they`re certificates on Windows XP.
The infrastracture didn`t suffer modifications.
What i have checked: Radius certification isn`t expired, client certification isn`t expired, the password between controller and Radius is correct.
There are no ACL`s between the WLC and the remote Server. I can ping the devices, other SSIDs on the same controller (wpa/psk) are working correct.
The AP`s are 1242.
I have tried deleting the SSID, configure it back. The OS on Windows Server is 2003 Standard. The AP`s are configured H-Reap.
I have increased the Server Timeout from Radius Authentication Servers from 2 to 30 sec.
The message logs recived on WLC Trap Logs:
RADIUS server X.X.X.X:1812 failed to respond to request (ID 161) for client xx.xx.xx.xx.xx.xx/ user 'unknown'
The message from the debug dot1x aaa enable:
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_CALLING_STATION_ID(31) index=1
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_CALLED_STATION_ID(30) index=2
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_PORT(5) index=3
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_INT_CISCO_AUDIT_SESSION_ID(7) index=4
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_IP_ADDRESS(4) index=5
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_IDENTIFIER(32) index=6
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_VAP_ID(1) index=7
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_SERVICE_TYPE(6) index=8
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_FRAMED_MTU(12) index=9
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_PORT_TYPE(61) index=10
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_EAP_MESSAGE(79) index=11
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_RAD_STATE(24) index=12
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_MESS_AUTH(80) index=13
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df AAA EAP Packet created request = 0x1cff348c.. !!!!
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Sending EAP Attribute (code=2, length=6, id=10) for mobile xx.xx.xx.xx.xx.xx.
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00000000: 02 0a 00 06 0d 00 ......
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df [BE-req] Sending auth request to 'RADIUS' (proto 0x140001)
*radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df [BE-resp] AAA response 'Interim Response'
*radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df [BE-resp] Returning AAA response
*radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df AAA Message 'Interim Response' received for mobile xx.xx.xx.xx.xx.xx.
*Dot1x_NW_MsgTask_7: Mar 06 09:37:07.329: 00:15:e9:33:75:df Skipping AVP (0/27) for mobile xx.xx.xx.xx.xx.xx.
The messages on Windows 2003 Standard:
User Y was denied access.
Fully-Qualified-User-Name = xx.domain.com/Users_T/user
NAS-IP-Address = X.X>X.X
NAS-Identifier = Cisco_
Called-Station-Identifier = ---------------------
Calling-Station-Identifier = ---------------------
Client-Friendly-Name = ---------------------
Client-IP-Address = ---------------------
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless Policy
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 262
Reason = The supplied message is incomplete. The signature was not verified.User Y was denied access.
Fully-Qualified-User-Name = xx.domain.com/Users_T/user
NAS-IP-Address = X.X>X.X
NAS-Identifier = Cisco_
Called-Station-Identifier = ---------------------
Calling-Station-Identifier = ---------------------
Client-Friendly-Name = ---------------------
Client-IP-Address = ---------------------
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless Policy
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 262
Reason = The supplied message is incomplete. The signature was not verified.
Can anyone help why i cannot log the users via 802.1x ?Okay that is good..... this is what I would do next. I would create a test ssid that uses PEAP MSchapv2 and create a new policy in IAS that is basic. Allow 802.1x wireless and user group only and see if you can reconfigure one of the XP machines for PEAP. Can you also post a screen shot of your polices (connection and network) so we can review it.
-
WLC integration with LDAP to authenticate domain users without Radius
Dear All,
I have a WLC 4404 with LWAPs, the customer has a microsoft LDAP and all users are joined to the domain and he wants the users to be authenticated against their domain accounts and this should be done automatically so that when users login to windows they are also authenticated and joined the WLAN.
so how we can do that with the simplest way, without Radius server using only the LDAP and wwithout envolving any certificates.
also i need to know when i add LDAP server to the WLC, how can i know that this LDAP is properly inegrated with the WLC ?
thanks and BRHi,
I have followed the following document to make users authenticate against their AD domain accounts:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml
the device and the root of PKI certificates for the WLC were generated and installed successfully on the WLC, and now we are in the client (end user) part starting from the section "Generating a device certificate for the client" page 17, which as per the document to be done from the client PC using the client domain account, which consequently means this process is to be repeated for each end user separately, so my question is there any way to generate some sort of general certificate for all clients to be pushed through group policy to all client instead of making it PC by PC ? -
WLC 5508 series issues with APs
Hi All,
we recently upgrade our WLC to a new hardware 5508 running 7.6.120.0 and we seem to notice
now and then users ring up and complain that they can not connect to the APs most are AIR-CAP3502I-N-K9 or AIR-LAP1242AG-N-K9
We can see the APs in the controller and can not see anything wrong.
We reboot the APs and it fix the problems.
Just wondering if anybody experience the same issues with this IOS & hardware ???
Any feedback is much appreciated
Thanks
qleCisco has issued a "deferred notice" for 7.6.120.X. Cisco openly recommends everyone to use the newer code, 7.6.130.X.
If you "read between the lines", Cisco is saying everyone needs to AVOID 7.6.120.X. -
NAC guest server with RADIUS authentication for guests issue.
Hi all,
We have just finally successfully installed our Cisco NAC guest server. We have version 2 of the server and basically the topology consists of a wism at the core of the network and a 4402 controller at the dmz, then out the firewall, no issues with that. We do however have a few problems, how can we provide access through a proxy without using pak files obviously, and is there a way to specify different proxies for different guest traffic, based on IP or a radius attribute etc.
The second problem is more serious; refer to the documentation below from the configuration guide for guest nac server v2. It states that hotspots can be used and the Authentication option would allow radius authentication for guests, I’ve been told otherwise by Cisco and they say it can’t be done, has anyone got radius authentication working for guests.
https://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html
-----START QUOTE-----
Step 7 From the Operation mode dropdown menu, you can select one of the following methods of operation:
•Payment Provider—This option allows your page to integrate with a payment providing billing system. You need to select a predefined Payment Provider from the dropdown. (Refer to Configuring Payment Providers for details.) Select the relevant payment provider and proceed to Step 8.
•Self Service—This option allows guest self service. After selection proceed to Step 8.
•Authentication—This option allows RADIUS authentication for guests. Proceed to Step 9.
----- END QUOTE-----
Your help is much appreciated on this, I’ve been looking forward to this project for a long time and it’s a bit of an anti climax that I can’t authenticate guests with radius (We use ACS and I was hoping to hook radius into an ODBC database we have setup called open galaxy)
Regards
Kevin WoodhouseWell I will try to answer your 2nd questions.... will it work... yes. It is like any other radius server (high end:)) But why would you do this for guest.... there is no reason to open up a port on your FW and to add guest accounts to and worse... add them in AD. Your guest anchor can supply a web-auth, is able to have a lobby admin account to create guest acounts and if you look at it, it leaves everything in the DMZ.
Now if you are looking at the self service.... what does that really give you.... you won't be able to controll who gets on, people will use bogus info and last but not least.... I have never gotten that to work right. Had the BU send me codes that never worked, but again... that was like a year ago and maybe they fixed that. That is my opinion. -
somebody knows tthe steps to configure the WLC 2100 with a microsoft radius server for authentication?
Tech-Republic has a white paper for setting up 802.1x with IAS.
the following would be a good start point. The actual setup of Radius is fairly straight forward.
Add the AAA server.
Specify 802.1x in the WLAN and point to the Radius server.
http://whitepapers.techrepublic.com.com/webcast.aspx?&docid=128588&promo=100511 -
I have deployed two wlans with two LDAP servers and different OU configurantion in each LDAP.
WLC5508 software 7.2.110
wlan id 1 is set to LDAP server1
wlan id 4 is set to LDAP server2
tests
user server1 connect to wlan1
user server1 connect to wlan4 - this should not happen
user server2 connect to wlan4
user server2 connect to wlan1 - this should not happen
This scenario already work fine on WLC 4400 with software 7.0.116
Anyone already has a similar problem?
thanks,
Murilo CavalliniBoth DataBase is created on the same AD, but this Server has 2 network interface.
wlan1 is set to LDAP Server2: IP address 10.19.198.254
show ldap 2
Server Index..................................... 2
Address.......................................... 10.19.198.254
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=GloboMobile,DC=wlan,DC=tvglobo,DC=com,DC=br
Server Index..................................... 2
Address.......................................... 10.19.198.254
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
wlan2 is set to LDAP Server1: IP address 10.19.198.176
show ldap 1
Server Index..................................... 1
Address.......................................... 10.19.198.176
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... AnonymousServer Index..................................... 1
Address.......................................... 10.19.198.176
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
This is the problem that I can see:
Auth. Request is sent:
*LDAP DB Task 2: Oct 25 09:13:08.710: ldapAuthRequest [2] called lcapi_query base="OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR" type="Person" attr="sAMAccountName" user="didatagm" (rc = 32 - No such object)
Binding with the user with database:
*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=br
WLC is requesting for LDAP SERVER2 and is binding for LDAP SERVER1. This issue is occuring only sometimes.
thanks a lot. -
Issue with Wireless AP.
Hi All,
Greetings.
we have an issue with user who says that he is unable to connect to AP and he need to re-boot it everytime to re-connect to it.
But when i check from WLC all the AP uptime is more than 150 days and the AP associate time of respective AP's is also more than 150 days.we are using cisco AIR-CT2504-K9 wlc and all the AP's are connected to Cisco 3750X and cisco4510R+E.please suggest.
pasting logs from wlc below.
Tue Feb 26 17:06:05 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 207) for client 88:53:95:7b:8f:56 / user 'unknown'
1 Tue Feb 26 17:06:05 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
2 Tue Feb 26 17:06:05 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
3 Tue Feb 26 17:06:05 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 206) for client 60:c5:47:44:4d:d7 / user 'unknown'
4 Tue Feb 26 17:06:05 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 191) for client 88:53:95:7b:8f:56 / user 'unknown'
5 Tue Feb 26 17:06:05 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
6 Tue Feb 26 17:06:05 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
7 Tue Feb 26 17:06:05 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 190) for client 60:c5:47:44:4d:d7 / user 'unknown'
8 Tue Feb 26 16:51:24 2013 User guest logged Out. Client MAC:8c:a9:82:ae:a2:4a, Client IP:10.40.101.33, AP MAC:0c:85:25:c7:dc:e0, AP Name:NTW100-AP07
9 Tue Feb 26 16:45:16 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
10 Tue Feb 26 16:45:16 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
11 Tue Feb 26 16:45:16 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 44) for client 10:40:f3:5e:3b:26 / user 'unknown'
12 Tue Feb 26 16:45:16 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
13 Tue Feb 26 16:45:16 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
14 Tue Feb 26 16:45:16 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 204) for client 10:40:f3:5e:3b:26 / user 'unknown'
15 Tue Feb 26 16:05:29 2013 RADIUS server 10.12.2.34:1813 activated in global list
16 Tue Feb 26 16:05:29 2013 RADIUS server 10.12.2.33:1813 deactivated in global list
17 Tue Feb 26 16:05:29 2013 RADIUS server 10.12.2.33:1813 deactivated in global list
18 Tue Feb 26 16:05:29 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 113) for client b8:c7:5d:e0:48:be / user 'unknown'
19 Tue Feb 26 16:05:29 2013 RADIUS server 10.12.2.33:1813 activated in global list
20 Tue Feb 26 16:05:29 2013 RADIUS server 10.19.3.104:1813 deactivated in global list
21 Tue Feb 26 16:05:29 2013 RADIUS server 10.19.3.104:1813 deactivated in global list
22 Tue Feb 26 16:05:29 2013 RADIUS server 10.19.3.104:1813 failed to respond to request (ID 132) for client b8:c7:5d:e0:48:be / user 'unknown'
23 Tue Feb 26 16:05:17 2013 User guest logged Out. Client MAC:00:22:fa:95:d2:58, Client IP:10.40.101.69, AP MAC:0c:85:25:c7:dc:e0, AP Name:NTW100-AP07
24 Tue Feb 26 15:42:36 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
25 Tue Feb 26 15:42:36 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
26 Tue Feb 26 15:42:36 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 111) for client 7c:c5:37:18:ca:2b / user 'unknown'
27 Tue Feb 26 15:35:53 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 247) for client 68:a8:6d:e9:7d:36 / user 'unknown'
28 Tue Feb 26 15:35:53 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
29 Tue Feb 26 15:35:53 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
30 Tue Feb 26 15:35:53 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 246) for client 68:a8:6d:e9:7d:36 / user 'unknown'
31 Tue Feb 26 15:35:53 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 137) for client 68:a8:6d:e9:7d:36 / user 'unknown'
32 Tue Feb 26 15:35:53 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
33 Tue Feb 26 15:35:53 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
34 Tue Feb 26 15:35:53 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 136) for client 68:a8:6d:e9:7d:36 / user 'unknown'
35 Tue Feb 26 15:06:17 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
36 Tue Feb 26 15:06:17 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
37 Tue Feb 26 15:06:17 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 67) for client 24:ab:81:af:2f:da / user 'unknown'
38 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
39 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
40 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 245) for client b8:17:c2:49:d5:37 / user 'unknown'
41 Tue Feb 26 14:49:54 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 229) for client c0:9f:42:65:37:af / user 'unknown'
42 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
43 Tue Feb 26 14:49:54 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
44 Tue Feb 26 14:49:54 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 230) for client 60:fa:cd:b6:f6:d6 / user 'unknown'
45 Tue Feb 26 14:49:54 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
46 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
47 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 228) for client b8:17:c2:49:d5:37 / user 'unknown'
48 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 243) for client c0:9f:42:65:37:af / user 'unknown'
49 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
50 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
51 Tue Feb 26 14:49:54 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 242) for client 60:fa:cd:b6:f6:d6 / user 'unknown'
52 Tue Feb 26 14:14:41 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 227) for client 0c:77:1a:a7:97:6e / user 'unknown'
53 Tue Feb 26 14:14:41 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
54 Tue Feb 26 14:14:41 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
55 Tue Feb 26 14:14:41 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 226) for client 0c:77:1a:a7:97:6e / user 'unknown'
56 Tue Feb 26 14:14:41 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 226) for client 0c:77:1a:a7:97:6e / user 'unknown'
57 Tue Feb 26 14:14:41 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
58 Tue Feb 26 14:14:41 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
59 Tue Feb 26 14:14:41 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 225) for client 0c:77:1a:a7:97:6e / user 'unknown'
60 Tue Feb 26 14:13:57 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
61 Tue Feb 26 14:13:57 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
62 Tue Feb 26 14:13:57 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 34) for client ec:85:2f:a2:4d:ba / user 'unknown'
63 Tue Feb 26 14:13:57 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
64 Tue Feb 26 14:13:57 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
65 Tue Feb 26 14:13:57 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 225) for client ec:85:2f:a2:4d:ba / user 'unknown'
66 Tue Feb 26 13:22:55 2013 Radar signals have been cleared on channel 52 by 802.11a radio with MAC: 00:1f:ca:cc:f0:00 and slot 1
67 Tue Feb 26 13:20:02 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 214) for client e8:8d:28:7f:0e:5a / user 'unknown'
68 Tue Feb 26 13:20:02 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
69 Tue Feb 26 13:20:02 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
70 Tue Feb 26 13:20:02 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 213) for client e8:8d:28:7f:0e:5a / user 'unknown'
71 Tue Feb 26 13:20:02 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 33) for client e8:8d:28:7f:0e:5a / user 'unknown'
72 Tue Feb 26 13:20:02 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
73 Tue Feb 26 13:20:02 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
74 Tue Feb 26 13:20:02 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 32) for client e8:8d:28:7f:0e:5a / user 'unknown'
75 Tue Feb 26 12:52:55 2013 AP's Interface:1(802.11a) Operation State Up: Base Radio MAC:00:1f:ca:cc:f0:00 Cause=Radio channel set. Status:NA
76 Tue Feb 26 12:52:54 2013 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1f:ca:cc:f0:00 Cause=Radio channel set. Status:NA
77 Tue Feb 26 12:52:54 2013 Radar signals have been detected on channel 52 by 802.11a radio with MAC: 00:1f:ca:cc:f0:00 and slot 1
78 Tue Feb 26 12:48:34 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 164) for client 7c:c5:37:18:ca:2b / user 'unknown'
79 Tue Feb 26 12:48:34 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
80 Tue Feb 26 12:48:34 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
81 Tue Feb 26 12:48:34 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 163) for client 7c:c5:37:18:ca:2b / user 'unknown'
82 Tue Feb 26 12:48:34 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 212) for client 7c:c5:37:18:ca:2b / user 'unknown'
83 Tue Feb 26 12:48:34 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
84 Tue Feb 26 12:48:34 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
85 Tue Feb 26 12:48:34 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 211) for client 7c:c5:37:18:ca:2b / user 'unknown'
86 Tue Feb 26 12:45:09 2013 AP NTW100-AP07[1] (0c:85:25:c7:dc:e0) Device ID: 0x2019, Type: WiFi Invalid Channel[31], Severity: 2, Channels: 161, Cluster ID: 1c:75:a0:02:41:22, Previous Cluster ID: 1c:75:a0:02:41:22, Event: Clear
87 Tue Feb 26 12:42:07 2013 AP NTW100-AP07[1] (0c:85:25:c7:dc:e0) Device ID: 0x2019, Type: WiFi Invalid Channel[31], Severity: 3, Channels: 161, Cluster ID: 1c:75:a0:02:41:22, Previous Cluster ID: 1c:75:a0:02:41:22, Event: Set
88 Tue Feb 26 12:41:25 2013 AP NTW100-AP07[1] (0c:85:25:c7:dc:e0) Device ID: 0x2018, Type: WiFi Invalid Channel[31], Severity: 2, Channels: 161, Cluster ID: 1c:75:a0:02:41:22, Previous Cluster ID: 1c:75:a0:02:41:22, Event: Clear
89 Tue Feb 26 12:37:38 2013 AP NTW100-AP07[1] (0c:85:25:c7:dc:e0) Device ID: 0x2018, Type: WiFi Invalid Channel[31], Severity: 2, Channels: 161, Cluster ID: 1c:75:a0:02:41:22, Previous Cluster ID: 1c:75:a0:02:41:22, Event: Set
90 Tue Feb 26 12:35:47 2013 AP NTW100-AP07[1] (0c:85:25:c7:dc:e0) Device ID: 0x2017, Type: WiFi Invalid Channel[31], Severity: 2, Channels: 161, Cluster ID: 1c:75:a0:02:41:01, Previous Cluster ID: 1c:75:a0:02:41:01, Event: Clear
91 Tue Feb 26 12:20:01 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 115) for client e8:8d:28:7f:0e:5a / user 'unknown'
92 Tue Feb 26 12:20:01 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
93 Tue Feb 26 12:20:01 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
94 Tue Feb 26 12:20:01 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 114) for client e8:8d:28:7f:0e:5a / user 'unknown'
95 Tue Feb 26 12:20:01 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 162) for client e8:8d:28:7f:0e:5a / user 'unknown'
96 Tue Feb 26 12:20:01 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
97 Tue Feb 26 12:20:01 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
98 Tue Feb 26 12:20:01 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 161) for client e8:8d:28:7f:0e:5a / user 'unknown'
99 Tue Feb 26 12:18:26 2013 User inventiv-guest logged in. Client MAC:8c:a9:82:ae:a2:4a, Client IP:10.40.101.33, AP MAC:0c:85:25:c7:dc:e0, AP Name:NTW100-AP07
100 Tue Feb 26 12:11:01 2013 RADIUS server 10.12.50.52:1813 failed to respond to request (ID 106) for client a4:67:06:dd:ed:6a / user 'unknown'
101 Tue Feb 26 12:11:01 2013 RADIUS server 10.19.3.104:1813 activated in global list
102 Tue Feb 26 12:11:01 2013 RADIUS server 10.12.50.52:1813 deactivated in global list
103 Tue Feb 26 12:11:01 2013 RADIUS server 10.12.50.52:1813 deactivated in global list
104 Tue Feb 26 12:11:01 2013 RADIUS server 10.12.50.52:1813 failed to respond to request (ID 105) for client a4:67:06:dd:ed:6a / user 'unknown'
105 Tue Feb 26 12:11:01 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 108) for client a4:67:06:dd:ed:6a / user 'unknown'
106 Tue Feb 26 12:11:01 2013 RADIUS server 10.12.50.52:1813 activated in global list
107 Tue Feb 26 12:11:01 2013 RADIUS server 10.19.3.108:1813 deactivated in global list
108 Tue Feb 26 12:11:01 2013 RADIUS server 10.19.3.108:1813 deactivated in global list
109 Tue Feb 26 12:11:01 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 107) for client a4:67:06:dd:ed:6a / user 'unknown'
110 Tue Feb 26 12:10:12 2013 AP NTW100-AP07[1] (0c:85:25:c7:dc:e0) Device ID: 0x2017, Type: WiFi Invalid Channel[31], Severity: 0, Channels: 161, Cluster ID: 1c:75:a0:02:41:01, Previous Cluster ID: 1c:75:a0:02:41:01, Event: Set
111 Tue Feb 26 11:45:29 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 68) for client 28:e0:2c:38:64:b3 / user 'unknown'
112 Tue Feb 26 11:45:29 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
113 Tue Feb 26 11:45:29 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
114 Tue Feb 26 11:45:29 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 67) for client 28:e0:2c:38:64:b3 / user 'unknown'
115 Tue Feb 26 11:45:29 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 113) for client 28:e0:2c:38:64:b3 / user 'unknown'
116 Tue Feb 26 11:45:29 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
117 Tue Feb 26 11:45:29 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
118 Tue Feb 26 11:45:29 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 112) for client 28:e0:2c:38:64:b3 / user 'unknown'
119 Tue Feb 26 11:42:27 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
120 Tue Feb 26 11:42:27 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
121 Tue Feb 26 11:42:27 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 183) for client 7c:c5:37:18:ca:2b / user 'unknown'
122 Tue Feb 26 11:14:06 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
123 Tue Feb 26 11:14:06 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
124 Tue Feb 26 11:14:06 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 65) for client 7c:c5:37:18:ca:2b / user 'unknown'
125 Tue Feb 26 11:06:56 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 93) for client ec:85:2f:a2:4d:ba / user 'unknown'
126 Tue Feb 26 11:06:56 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
127 Tue Feb 26 11:06:56 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
128 Tue Feb 26 11:06:56 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 92) for client ec:85:2f:a2:4d:ba / user 'unknown'
129 Tue Feb 26 11:06:56 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 200) for client ec:85:2f:a2:4d:ba / user 'unknown'
130 Tue Feb 26 11:06:56 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
131 Tue Feb 26 11:06:56 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
132 Tue Feb 26 11:06:56 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 199) for client ec:85:2f:a2:4d:ba / user 'unknown'
133 Tue Feb 26 10:54:54 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
134 Tue Feb 26 10:54:54 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
135 Tue Feb 26 10:54:54 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 16) for client 34:15:9e:f0:00:bf / user 'unknown'
136 Tue Feb 26 10:54:54 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
137 Tue Feb 26 10:54:54 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
138 Tue Feb 26 10:54:54 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 90) for client 34:15:9e:f0:00:bf / user 'unknown'
139 Tue Feb 26 10:46:56 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
140 Tue Feb 26 10:46:56 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
141 Tue Feb 26 10:46:56 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 38) for client ec:85:2f:eb:d0:0b / user 'unknown'
142 Tue Feb 26 10:46:56 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
143 Tue Feb 26 10:46:56 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
144 Tue Feb 26 10:46:56 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 15) for client ec:85:2f:a2:4d:ba / user 'unknown'
145 Tue Feb 26 10:46:56 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 31) for client 60:fa:cd:b6:f6:d6 / user 'unknown'
146 Tue Feb 26 10:46:56 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
147 Tue Feb 26 10:46:56 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
148 Tue Feb 26 10:46:56 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 32) for client ec:85:2f:eb:d0:0b / user 'unknown'
149 Tue Feb 26 10:46:56 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 35) for client ec:85:2f:a2:4d:ba / user 'unknown'
150 Tue Feb 26 10:46:56 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
151 Tue Feb 26 10:46:56 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
152 Tue Feb 26 10:46:56 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 34) for client 60:fa:cd:b6:f6:d6 / user 'unknown'
153 Tue Feb 26 10:41:10 2013 AP NTW100-AP17[0] (18:33:9d:b7:a0:70) Device ID: 0x319a, Type: WiFi Invalid Channel[31], Severity: 2, Channels: 6, Cluster ID: 1c:75:a0:02:40:c7, Previous Cluster ID: 1c:75:a0:02:40:c7, Event: Clear
154 Tue Feb 26 10:38:54 2013 AP NTW100-AP17[0] (18:33:9d:b7:a0:70) Device ID: 0x319a, Type: WiFi Invalid Channel[31], Severity: 2, Channels: 6, Cluster ID: 1c:75:a0:02:40:c7, Previous Cluster ID: 1c:75:a0:02:40:c7, Event: Set
155 Tue Feb 26 10:24:39 2013 AP NTW100-AP17[0] (18:33:9d:b7:a0:70) Device ID: 0x3197, Type: WiFi Invalid Channel[31], Severity: 2, Channels: 6, Cluster ID: 1c:75:a0:02:40:c1, Previous Cluster ID: 1c:75:a0:02:40:c1, Event: Clear
156 Tue Feb 26 10:22:46 2013 AP NTW100-AP17[0] (18:33:9d:b7:a0:70) Device ID: 0x3197, Type: WiFi Invalid Channel[31], Severity: 2, Channels: 6, Cluster ID: 1c:75:a0:02:40:c1, Previous Cluster ID: 1c:75:a0:02:40:c1, Event: Set
157 Tue Feb 26 10:15:02 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 13) for client b4:f0:ab:06:25:b6 / user 'unknown'
158 Tue Feb 26 10:15:02 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
159 Tue Feb 26 10:15:02 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
160 Tue Feb 26 10:15:02 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 12) for client b4:f0:ab:06:25:b6 / user 'unknown'
161 Tue Feb 26 10:15:02 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 30) for client b4:f0:ab:06:25:b6 / user 'unknown'
162 Tue Feb 26 10:15:02 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
163 Tue Feb 26 10:15:02 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
164 Tue Feb 26 10:15:02 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 29) for client b4:f0:ab:06:25:b6 / user 'unknown'
165 Tue Feb 26 09:59:58 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 38) for client ec:85:2f:eb:d0:0b / user 'unknown'
166 Tue Feb 26 09:59:58 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
167 Tue Feb 26 09:59:58 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
168 Tue Feb 26 09:59:58 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 37) for client ec:85:2f:eb:d0:0b / user 'unknown'
169 Tue Feb 26 09:59:58 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 11) for client ec:85:2f:eb:d0:0b / user 'unknown'
170 Tue Feb 26 09:59:58 2013 RADIUS server 10.19.3.108:1813 activated on WLAN 1
171 Tue Feb 26 09:59:58 2013 RADIUS server 10.12.2.33:1813 deactivated on WLAN 1
172 Tue Feb 26 09:59:58 2013 RADIUS server 10.12.2.33:1813 failed to respond to request (ID 10) for client ec:85:2f:eb:d0:0b / user 'unknown'
173 Tue Feb 26 09:49:25 2013 RADIUS server 10.12.2.33:1813 activated on WLAN 1
174 Tue Feb 26 09:49:25 2013 RADIUS server 10.12.2.34:1813 deactivated on WLAN 1
175 Tue Feb 26 09:49:25 2013 RADIUS server 10.12.2.34:1813 failed to respond to request (ID 156) for client 8c:58:77:8e:a3:f6 / user 'unknown'
176 Tue Feb 26 09:46:41 2013 RADIUS server 10.12.2.34:1813 activated on WLAN 1
177 Tue Feb 26 09:46:41 2013 RADIUS server 10.19.3.108:1813 deactivated on WLAN 1
178 Tue Feb 26 09:46:41 2013 RADIUS server 10.19.3.108:1813 failed to respond to request (ID 16) for client 24:ab:81:af:2f:da / user 'unknown'Can you post the output to the command "debug client "?
Can you try if the client has any issues if he was connected to an SSID with OPEN authentication?
Is the wireless NIC drivers updated? -
I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN .
HI All,
I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN . the WLC are providing the HQ and one of the Branches the Wireless services .
Am using all the available 9 SSIDs at the HQ , and am using only 4 of it at the Brnche.
The problem that i have are happening only at the Branch office as i cant room between the SSIDs within Diferent VLANs but i can do it with the one that pointing to the same VLAN. Once the client ( Laptop/Phone ) connected to one of the SSIDs. it imposiible to have him connected to the other ones with Different VLAN. meanwhile, It says its connected to the other SSID but its not getting IP from that pool.
here is the Show Run-Config from my WLC .. and the Problem happening between the SSID AMOBILE and ASTAFF. i have the Debug while am switching between the SSIDs if needed .
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.11.04 10:20:47 =~=~=~=~=~=~=~=~=~=~=~=
show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco 5500 Series Wireless LAN Controller"
PID: AIR-CT5508-K9, VID: V01, SN: FCW1535L01G
Burned-in MAC Address............................ 30:E4:DB:1B:99:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 12
Press Enter to continue or <ctrl-z> to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... WLAN Controller 5508
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 10.125.18.15
Last Reset....................................... Software reset
System Up Time................................... 41 days 5 hrs 14 mins 42 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... US - United States
--More or (q)uit current module or <ctrl-z> to abort
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +20 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 10
Number of Active Clients......................... 61
Burned-in MAC Address............................ 30:E4:DB:1B:99:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 12
Press Enter to continue or <ctrl-z> to abort
AP Bundle Information
Primary AP Image Size
ap3g1 5804
ap801 5192
ap802 5232
c1100 3096
c1130 4972
c1140 4992
c1200 3364
c1240 4812
c1250 5512
c1310 3136
c1520 6412
c3201 4324
c602i 3716
Secondary AP Image Size
ap801 4964
c1100 3036
--More or (q)uit current module or <ctrl-z> to abort
c1130 4884
c1140 4492
c1200 3316
c1240 4712
c1250 5064
c1310 3084
c1520 5244
c3201 4264
Press Enter to continue or <ctrl-z> to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Press Enter to continue or <ctrl-z> to abort
Network Information
RF-Network Name............................. OGR
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
--More or (q)uit current module or <ctrl-z> to abort
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Enabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or <ctrl-z> to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or <ctrl-z> to abort
AP Summary
Number of APs.................................... 8
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KNOWLOGY_DC01 2 AIR-LAP1131AG-A-K9 00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1 US 1
KNOWLOGY_DC02 2 AIR-LAP1131AG-A-K9 00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1 US 1
KN1252_AP01 2 AIR-LAP1252AG-A-K9 00:21:d8:ef:06:50 Knowlogy Confere 1 US 1
KN1252_AP02 2 AIR-LAP1252AG-A-K9 00:22:55:8e:2e:d4 Server Room Side 1 US 1
Anham_AP03 2 AIR-LAP1142N-A-K9 70:81:05:88:15:b5 default location 1 US 1
ANHAM_AP01 2 AIR-LAP1142N-A-K9 70:81:05:b0:e4:62 Small Conference 1 US 1
ANHAM_AP04 2 AIR-LAP1131AG-A-K9 00:1d:45:86:e1:b8 Conference room 1 US 1
ANHAM_AP02 2 AIR-LAP1142N-A-K9 70:81:05:96:7a:49 Copy Room 1 US 1
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
KNOWLOGY_DC01 disabled -
KNOWLOGY_DC02 disabled -
--More or (q)uit current module or <ctrl-z> to abort
KN1252_AP01 disabled -
KN1252_AP02 disabled -
Anham_AP03 disabled -
ANHAM_AP01 disabled -
ANHAM_AP04 disabled -
ANHAM_AP02 disabled -
Press Enter to continue or <ctrl-z> to abort
AP Location
Total Number of AP Groups........................ 3
Site Name........................................ ANHAM8075
Site Description................................. ANHAM 8075 Location
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
9 knowlogy_ogr Disabled None
7 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Anham_AP03 2 AIR-LAP1142N-A-K9 70:81:05:88:15:b5 default location 1 US 1
ANHAM_AP01 2 AIR-LAP1142N-A-K9 70:81:05:b0:e4:62 Small Conference 1 US 1
ANHAM_AP04 2 AIR-LAP1131AG-A-K9 00:1d:45:86:e1:b8 Conference room 1 US 1
ANHAM_AP02 2 AIR-LAP1142N-A-K9 70:81:05:96:7a:49 Copy Room 1 US 1
Site Name........................................ Knowlogy_DC
--More or (q)uit current module or <ctrl-z> to abort
Site Description................................. DC Center Access points
WLAN ID Interface Network Admission Control Radio Policy
2 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
3 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KNOWLOGY_DC01 2 AIR-LAP1131AG-A-K9 00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1 US 1
KNOWLOGY_DC02 2 AIR-LAP1131AG-A-K9 00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1 US 1
Site Name........................................ OGR
Site Description................................. 1934 OGR Office
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
2 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
--More or (q)uit current module or <ctrl-z> to abort
7 knowlogy_ogr Disabled None
9 knowlogy_ogr Disabled None
8 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KN1252_AP01 2 AIR-LAP1252AG-A-K9 00:21:d8:ef:06:50 Knowlogy Confere 1 US 1
KN1252_AP02 2 AIR-LAP1252AG-A-K9 00:22:55:8e:2e:d4 Server Room Side 1 US 1
Site Name........................................ default-group
Site Description................................. <none>
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
2 knowlogy_ogr Disabled None
3 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
5 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
7 knowlogy_ogr Disabled None
8 knowlogy_ogr Disabled None
--More or (q)uit current module or <ctrl-z> to abort
9 knowlogy_ogr Disabled None
10 management Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Press Enter to continue or <ctrl-z> to abort
AP Config
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... KNOWLOGY_DC01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:1d:45:86:ed:4e
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.100
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................ wireless.knowlogy.com
Primary Cisco Switch IP Address.................. 10.125.18.15
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abortIP Address.................. 10.125.18.15
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
--More or (q)uit current module or <ctrl-z> to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX1134T0QG
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 48 days, 20 h 19 m 18 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:33 2013
Join Taken Time.................................. 0 days, 00 h 10 m 47 s
--More or (q)uit current module or <ctrl-z> to abort
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211b
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:1d:71:09:8f:90
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
--More or (q)uit current module or <ctrl-z> to abort
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
--More or (q)uit current module or <ctrl-z> to abort
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 11
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
--More or (q)uit current module or <ctrl-z> to abort
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... KNOWLOGY_DC01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:1d:45:86:ed:4e
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.100
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
--More or (q)uit current module or <ctrl-z> to abort
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................ wireless.knowlogy.com
Primary Cisco Switch Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
--More or (q)uit current module or <ctrl-z> to abort
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
AP Serial Number................................. FTX1134T0QG
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or <ctrl-z> to abort
AP Up Time....................................... 48 days, 20 h 19 m 18 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:33 2013
Join Taken Time.................................. 0 days, 00 h 10 m 47 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:1d:71:09:8f:90
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 20
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or <ctrl-z> to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 15 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 44
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
--More or (q)uit current module or <ctrl-z> to abort
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Press Enter to continue or <ctrl-z> to abort
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... KNOWLOGY_DC02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:36:c5:c4
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.101
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
--More or (q)uit current module or <ctrl-z> to abort
AP Serial Number................................. FTX1230T24F
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 48 days, 20 h 24 m 41 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:35 2013
Join Taken Time.................................. 0 days, 00 h 10 m 48 s
--More or (q)uit current module or <ctrl-z> to abort
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211b
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:a5:0c:30
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
--More or (q)uit current module or <ctrl-z> to abort
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
--More or (q)uit current module or <ctrl-z> to abort
Current Tx Power Level .................... 1
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
--More or (q)uit current module or <ctrl-z> to abort
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... KNOWLOGY_DC02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:36:c5:c4
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.101
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
--More or (q)uit current module or <ctrl-z> to abort
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
--More or (q)uit current module or <ctrl-z> to abort
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
AP Serial Number................................. FTX1230T24F
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or <ctrl-z> to abort
AP Up Time....................................... 48 days, 20 h 24 m 41 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:35 2013
Join Taken Time.................................. 0 days, 00 h 10 m 48 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:a5:0c:30
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 20
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or <ctrl-z> to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 15 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 36
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
--More or (q)uit current module or <ctrl-z> to abort
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Press Enter to continue or <ctrl-z> to abort
Cisco AP Identifier.............................. 5
Cisco AP Name.................................... KN1252_AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:ef:06:50
IP Address Configuration......................... DHCP
IP Address....................................... 10.125.18.101
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.125.18.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Disabled
Cisco AP Location................................ Knowlogy Conference Rooms Side
Cisco AP Group Name.............................. OGR
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.4.10.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. PoE/Medium Power (15.4 W)
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1252AG-A-K9
AP Image......................................... C1250-K9W8-M
IOS Version...................................... 12.4(23c)JA5
--More or (q)uit current module or <ctrl-z> to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX122990L5
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 118
WLAN 1 :........................................ 111
WLAN 2 :........................................ 111
WLAN 4 :........................................ 112
WLAN 6 :........................................ 112
WLAN 7 :........................................ 111
WLAN 9 :........................................ 112
WLAN 8 :........................................ 112
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 26 days, 00 h 24 m 39 s
--More or (q)uit current module or <ctrl-z> to abort
AP LWAPP Up Time................................. 26 days, 00 h 23 m 48 s
Join Date and Time............................... Wed Oct 9 10:59:07 2013
Join Taken Time.................................. 0 days, 00 h 00 m 50 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 7
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:df:a5:90
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
11000 Kilo Bits.......................... MANDATORY
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
--More or (q)uit current module or <ctrl-z> to abort
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 ..........Well you need to understand the behavior of h-reap or what it's called now, FlexConnect. In this mode, the clients are still remembers on the WLC until the session timer/idle timer expires. So switching between SSID's in h-reap will not be the same when switching when the AP's are in local mode.
Take a look at the client when connected in FlexConnect in the WLC GUI monitor tab. Thus will show you what ssid and vlan the client is on. Now switch to a different ssid and compare this. It's probably the same because the client has not timed out. Now go back to the other ssid and look again. Now on the WLC, remove or delete the client and then switch to the other ssid at the same time. Or switch SSID's and then remove the client. The client will join the new ssid and in the monitor tab, you should see the info.
There is no need to have clients have multiple SSID's unless your testing. Devices should only have one ssid profile configured to eliminate any connectivity issues from the device wanting to switch SSID's.
Sent from Cisco Technical Support iPhone App -
WLC 5508 with LAP-1142n - Several Errors
Hello all,
I had installed a WLC 5508 with 7 LAP 1142n and 2 converted AP 1131abg.
I am seeing some errors relating 2 issues.
1st- One particular AP 1142 is disassociating and reseting the radios.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Thu Oct 28 11:50:49 2010
AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:1(802.11a) Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface reset. Status:NA
Thu Oct 28 11:50:46 2010
AP's Interface:1(802.11a) Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio reset due to Init. Status:NA
Thu Oct 28 11:50:46 2010
AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio reset due to Init. Status:NA
Thu Oct 28 11:50:46 2010
AP 'AP3', MAC: e8:04:62:23:ac:e0 disassociated previously due to AP Reset. Uptime: 1 days, 10 h 24 m 23 s . Last reset reason: operator changed 11g mode.
Thu Oct 28 11:50:35 2010
AP Disassociated. Base Radio MAC:e8:04:62:23:ac:e0
Thu Oct 28 11:50:35 2010
AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=New Discovery Status:NA
Thu Oct 28 11:50:35 2010
AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=New Discovery Status:NA
I had some search, and the new discovery cause, might be that the AP didnt know what WLC do associate, in a multi-controller environment. This is not the case. I only have one WLC in the same management vlan.
2st-The Radius server is beeing related in the logs as been deactivated. I raise the server time-out on Radius configuration option, but it still continues to do it.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Thu Oct 28 10:24:41 2010
RADIUS server 10.67.128.36:1812 deactivated in global list
Thu Oct 28 10:24:41 2010
RADIUS server 10.67.128.36:1812 failed to respond to request (ID 172) for client e8:06:88:51:c0:2b / user 'unknown'
Is this meaning the WLC stop sending request to the Radius Server ? We dont have BackUp Radius.
As far as i know, its always the same mac-address client that is associated to that error, maybe a iphone.
I had so many clients in that SSID and they are all working good.
The Radius server is a NPS from windows Server 2008
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
, and the client says that the medium response time is 0,02 sec, so im wondering why the controller is not getting response from Radius for a particular client?! My client also says, that didnt found any log related to that mac-address client ... what is weird...
WLC with last software available 7.0.164
Hope some one help me here.
Best Regards,
Bruno PetrónioThanks Scott,
I understand what you are mentioning, and i really didnt do it yet.
I realize that the primary controller was not configured on the
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Wireless –> All APs –> High Availability tab, and did it only to the AP that is taking this beahviour.
Is this mandatory for a 1 controller only ?
No mather what the manual say, after that the AP is rebooting 2 mins in 2 mins... with the same kind of messages.
The interface on the switch is getting a few input errors and the same numbers of crc... but are so few...
Next step ... i will change it to another one's place/pathing cable.
Regarding the Radius messages... any ideas ?
I'm already on 30 sec's of server timeout.
Best Regards,
Bruno Petrónio -
Cisco PI 1.3 - Internal Server Error with RADIUS-authentication
Hi,
I have a problem with a Cisco Prime Infrastructure 1.3 (Appliance, fully patched) that I'm trying to authenticate against a Radiator RADIUS-server.
From the RADIUS-server's point of view it looks fine, but I just get an HTTP Status 500 internal error (see attached image) when trying to log in.
I'm not the one managing the RADIUS-server but I got the following debug sent from them:
Wed Oct 30 08:52:06 2013: DEBUG: Packet dump:
*** Received from 10.36.0.132 port 17235 ....
Code: Access-Request
Identifier: 102
Authentic: REMOVED
Attributes:
User-Name = "test-user"
User-Password = REMOVED
NAS-IP-Address = 10.36.0.132
Message-Authenticator = REMOVED
Wed Oct 30 08:52:06 2013: DEBUG: Handling request with Handler 'Client-Identifier=/^prime[.]net[.]REMOVED[.]se$/', Identifier 'Network-Prime-AAA'
Wed Oct 30 08:52:06 2013: DEBUG: Deleting session for test-user, 10.36.0.132,
Wed Oct 30 08:52:06 2013: DEBUG: Handling with Radius::AuthUNIX:
Wed Oct 30 08:52:06 2013: DEBUG: Radius::AuthUNIX looks for match with test-user [test-user]
Wed Oct 30 08:52:06 2013: DEBUG: Radius::AuthUNIX ACCEPT: : test-user [test-user]
Wed Oct 30 08:52:06 2013: DEBUG: AuthBy UNIX result: ACCEPT,
Wed Oct 30 08:52:06 2013: DEBUG: Handling with Radius::AuthFILE:
Wed Oct 30 08:52:06 2013: DEBUG: Radius::AuthFILE looks for match with test-user [test-user]
Wed Oct 30 08:52:06 2013: DEBUG: Radius::AuthFILE ACCEPT: : test-user [test-user]
Wed Oct 30 08:52:06 2013: DEBUG: AuthBy FILE result: ACCEPT,
Wed Oct 30 08:52:06 2013: DEBUG: Access accepted for test-user
Wed Oct 30 08:52:06 2013: DEBUG: Packet dump:
*** Sending to 10.36.0.132 port 17235 ....
Code: Access-Accept
Identifier: 102
Authentic: REMOVED
Attributes:
cisco-avpair = "NCS:virtual-domain0=ROOT-DOMAIN"
cisco-avpair = "NCS:role0=Admin"
cisco-avpair = "NCS:task0=View Alerts and Events"
cisco-avpair = "NCS:task1=Device Reports"
..the rest of the AV-pairs removed
Does anyone have any idea on what the the problem is, or some tips on how to troubleshoot? (rebooting and ncs stop/start has no impact on the issue)
//CharlieI ran into a similar issue this morning in my lab. After I issued ncs status - the database service came back as not running. I stop/started the Prime services and it came up. Once all the services were running my WLC imported with no issues. I also deployed another server for another lab and it had issues with the clocking being out of sync.
Maybe you are looking for
-
Hi there, I am making a pdf that I'm putting online for download. It needs to contain embedded audio files, OR links to the audio files. I have tried using hyperlinks, but the problem here is that my personal file path gets imbedded. The hyperlinks o
-
Convert a xml structure in CDATA
Hello, I'm using xslt to convert a xml file to another and i want to copy part of de original xml as a CDATA type in the output xml file. My first attempt was something like this: <![CDATA[<xsl:copy-of select="."/>]]> of course it didn't work. Could
-
I would like to know of how to change the language in my Ipod touch ?? anyone can help me please
-
hi! i have a very urgent problem, we implemented fax server for sending purchase order printout to the vendor. we used userexit vn00001 for receiving the fax number of the agent. we need to get also the country code and change it to the country code
-
Hdiutil create srcdevice - image not mountable
Has anyone been able to mount or restore an image created from a hard disk using hdiutil create -srcdevice (as opposed to -srcfolder)? From googling I get the impression that the answer is no. I have now a backup image created from the main volume of