WLC vs Non Cisco AP Clients

Similar Messages

• WLC in a non-Cisco network

  I'm planning to use a Cisco WLC 5508 in a non-Cisco core network (switch and routers) and I'm wondering about the problems I can have.
  For the moment, I can only think that I can't have CDP (Cisco Discovery Protocol) in the new core network (access switchs are cisco).
  So, do you need CDP to run a Cisco Controller Based WLAN?
  Maybe for Rogue Switchport tracing? Anything else?
  Can I use a WLC connected to a non-Cisco core network?
  More trouble?
  Thanks

  Cisco wlc's do not use LACP, LAG is non-negotiated, just on. 5508 also require 1g ports, it will not connect to anything less than this.
  http://www.cisco.com/en/US/partner/docs/wireless/controller/7.0MR1/configuration/guide/cg_ports_interfaces.html#wp1182892
  As for LWAPP/CAPWAP, you will need to make sure that if yo uare going through a firewall that UDP ports 12222/12223 for LWAPP and UDP port 5246/5247 are not blocked. You can use option43 on your DHCP server for the APs to find the controller.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml
  OR
  DNS discovery—The access point can discover  controllers through your domain name server (DNS). For the access point  to do so, you must configure your DNS to return controller IP addresses  in response to CISCO-LWAPP-CONTROLLER.localdomain or CISCO-CAPWAP-CONTROLLER.localdomain, where localdomain
  is the access point domain name. When an access point receives an IP  address and DNS information from a DHCP server, it contacts the DNS to  resolve CISCO-LWAPP-CONTROLLER.localdomain or CISCO-CAPWAP-CONTROLLER.localdomain

• Local RADIUS in AP1242 with non-cisco WinXP wireless clients

  I'd like to configure local RADIUS in AP1242 and connect non-cisco WinXP wireless clients (for example notebook with integrated radio) with it. I did configuration (config1.txt) like in instruction: http://cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
  But I can't connect non-cisco WinXP wireless client with AP1242 anyway. At once Cisco wireless client with Aironet Desktop Utility connects with it without any problem. I've done some other configuration (config2.txt), but with the same result. Second configuration is rather then first.
  How can I connect non-cisco WinXP wireless clients with AP1242 with local RADIUS?

  Hi Stephen,
  Thanks for the quick reply. Below is the switchport config. I am able to ping the AP from the switch and connect to its web page from any workstations.
  interface GigabitEthernet0/5
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 151
  switchport mode trunk
  end

• Connection issues of Historical Reports Client over a non-Cisco VPN/third party VPN

  When trying to run the Cisco Unified CCX Historical Reports Client over a non-Cisco VPN, the user receives an error.
  The major failure is the connection problem between Historical Reports Client and Cisco Unified CCX Server.
  Error :
  An error occurred while communicating with web server.
  All available connections to database server are in use by other client machines. Please try again later and check the log file for error 5054.
  This works fine when connected to through Cisco VPN .
  Is the third party VPN/ customer's web based VPN blocking the connection between UCCX  server and HRC machine ??
  Thanks !!!
  Shridhar Reddy

  Hi Sridhar,
  Also please try accessing the database port 1504 from your client box.
  Reference:
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/configuration/guide/uccx851pug.pdf
  Hope it helps.
  Anand
  Pls rate helpful posts !!

• Is "client power management" understood by non-Cisco cards?

  I would like to tailor the "power client" IOS command to instruct WiFi adapters to limit their max transmiting power.
  Will this be understood by non-cisco cards? In other words: is this a standard 802.11 power management command?
  I am a little bit confused, because the documentation says that in order to use this command, "Aironet extensions" must be enabled....

  What you are describing is often referred to as DTPC (Dynamic power control or Dynamic transmit power control). The following link shows the syntax for it. It only works with clients that support DTPC. This is a capability of clients that support CCX (v4 I believe). Most modern client adapters support CCX, as long as you are using their client software (such as ProSet for Intel). If you tell us what cards you have I can try to find if they support CCX and DTPC.
  http://cio.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080606d4a.html#wp1034946
  - Eric

• Non-Cisco WGB and H-REAP

  Anyone had success rolling out non-Cisco WGBs with H-REAP?
  My customer is using WLC 5508 with code 7.0.116.0. As per WLC config guide ( http://goo.gl/6kX0d ), Cisco has tested multiple third-party devices for compatibility. Is it possible to get that device list somewhere? My customer is using TP-Link model TL-WA901N v2. The 5508 WLC does not recognize this device as a WGB. Rather, it displays the wired client behind the non-Cisco WGB.
  Is H-REAP supported for non-Cisco WGBs? The WLC config guide says H-REAP is not supported with Cisco WGBs, but does not make a distinction for  non-Cisco WGBs.
  Regards,
  -steve w.

  Hello Stephen,
  Thanks for clarifying. Can Cisco disclose the third-party devices it has tested (non-Cisco WGB)?
  TIA,
  -steve w.

• Cisco Jabber client with other telephony devices

  Hi,
  I am completely new to Jabber and just started to understand Cisco jabber client for windows.
  I understood that the jabber client supports xmpp for IM and CTI integration with Cisco Call manager for call control.
  Is there a provision to integrate the jabber client to non-Cisco devices like Avaya or nortel or an ITS Netrix turret?
  Integrate direct or indirect - as in with a plugin
  Please do direct to any available documentation that would help
  Thanks

  Hi,
  Welcome to Jabber! Yes, the client supports XMPP and CTI.
  And yes you can use your existing Avaya / Nortel phones using a Cisco UC feature called Extend and Connect. No plugin required! It allows Jabber to CTI control any phone with a dialable number, including public phones. You can read more about the Extend and Connect feature here: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/9_1_1/ccmfeat/CUCM_BK_C3E0EFA0_00_cucm-features-services-guide-91_chapter_0110010.pdf
  To configure it for Jabber for Windows you can follow these instructions:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_010.html#JABW_CN_EB63387E_00
  Regards,
  Matt

• Cisco Jabber Client for Linux

  Are there any plans to have a Cisco Jabber client on linux?

  Mike,
  The larger body of use case and development for Jabber has centered on Windows and mobile iOS and Android devices. That's not to say that there isn't a contingency of customers that want a Linux client but, as of today, there is no "Jabber" client for that platform. However, I've heard this question asked in a few different forums and the answer thus far has typically been one or both of the following:
  1) There is a Jabber SDK, which could potentially be used to custom develop an application.
  2) Use 3rd-party XMPP client (e.g. Pidgin)
  As for an official answer on "will there be in the future" with a yes/no/maybe and/or a possible timeframe, you would need to reach out to Cisco or your trusted partner as roadmap items cannot be discussed without having a non-disclosure agreement in place. That's what Jamie is getting at in his response.
  D. Hailey
  NetCraftsmen, LLC.

• Connecting Cisco VPN client v5 to asa 5505

  I am having problem configuring remote vpn between ASA5505 and Cisco VPN client v5. I can successfully establish connection between ASA and Vpn client and receive IP address from ASA. VPN client statistics windows shows that packets are send and encrypted but none of the packets is Received/Decrypted.
  Can not ping asa 5505
  Any ideas on what I have missed?

  Your NAT configuration is incomplete, enter the following commands to your configuration:
  access-list nonat extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
  nat (inside) 0 access-list nonat
  This tells the ASA that the traffic destined for the VPN Client should not be NATted and should be sent directly to the client via the VPN Tunnel!
  Please rate if the post helps!
  Regards,
  Michael

• Is there really a Cisco VPN client for Linux? _Really?_

  Hello folks,           
          I've finally after almost experiencing a brain aneurysm by trying to think too hard got my Cisco 881-SEC-K9 router properly configured for a multipoint IPSec VPN tunnel to my Amazon Virtual Private Cloud, so that hurdle is finally passed and I actually feel it was a very important milestone in my life somehow. I never thought I'd see the day I actually got my hands on a legitimate Cisco non-stink... erm.. I mean, non-linksys router. Now I just can't seem to find a 'client' VPN program for Linux. I'm currently running a Xen Hypervisor environment on openSUSE Linux because it's the only Linux distribution that completes all of my strenous requirements in a Linux server environment. It's also the most mature, and secure Linux on this planet, making it the most appreciable Linux distribution for my research needs.  Using NetworkManager is not really an option for a basic Linux server environment, and OpenVPN is just too confusing to comprehend for my tiny little head.  I've heard mention of some mysterious "Easy VPN" but after hours of digging online can't find any information about it, even the Cisco download link leads to a Page Not Found error.  I do see a Linux VPN API for the AnyConnect program, but is that an actual VPN client, or just an API?  It seems to want my money to download it but I don't have any money nor do I really know what it is because it's all secretive-like, closed source, and I can't even find a simple README file on it explaining what it is exactly.  I'm just an out-of-work software developer trying to connect to my home router for personal use and I can't really afford to fork over a million and a half dollars for a single program that I'm only going to need to download once in my lifetime that should have been included with the router in the first place. I more than likely won't even be able to figure out how to use the program anyways because I don't know anything about VPN connections which is why I bought this router so I can try to figure it all out as part of the not-for-profit open source, volunteer research I'm presently trying to conduct.  Is there some kind of evaluation or trial period for personal use? That would be really nice so I could at least figure out if I'm going to be able to figure it out or not.  I hate throwing money away when it's in such short supply these days. There's really no alternative to a Cisco router.  It's an absolute necessity for the things I'm trying to accomplish, so trying to settle for something else and going on with my life is not really an option. No, this is something I just need to face head on and get it over with.
  <Rant>
         Maybe I have a little too much crazy in me for my own good, but I don't see why it should take so much money just to learn how to do something for personal reference, it's not really a skill I would ever use otherwise.  Wouldn't it be great if Cisco made their VPN client open source and free to the public to use and modify, to improve on, to learn and to grow and bring the whole world closer together as a community? Even the source code to the old discontinued Cisco VPN client could be used as a valuable learning tool for some poor starving college student or Open Source Software developer somewhere trying to get by on Ramen Noodles and Ramen Noodle Sauce on Toast (don't tell me you never thought about it).  Through the ripple effect, It would drastically improve sales over the course of time, because it would open the door to a whole new market where those who previously could not afford to participate now could. That's the true power of Open Source. It creates a more skilled work force for the future by openly contributing and sharing knowledge together. What if the next big internet technology and the solution to world tyranny - the solution to end all wars forever - were locked in the mind of an unemployed software developer who couldn't afford to upgrade their cisco router software or access the software they needed because it was closed source and required committing to an expensive service contract to download?  That would be just terrible, wouldn't it?  I guess there's no way to ever know for sure. I suppose I'd be just as happy if some kind soul out there could point me to an easy to use alternative to an always on VPN connection that runs in the background which doesn't require NetworkManager or having to spend days upon days digging through and trying to comprehend either some really poor or extremely complex documentation?  I apologize for all the run on sentences posed as questions, but I've just got some serious mental burnout from all of this, being unemployed is some hard work folks. I could really use a vacation.  Perhaps a camping trip to the coast is in order after I get this working, that sounds nice, doesn't it? Nothing like a good summer thunder storm on the ocean beach - far away from technology - to refresh the mind.
  </Rant>

  I do tend to talk too much and I don't mince any words either.  What I am however, is really appreciative for the help. I know you hear that all the time, but you have no idea how much time and headache you just saved me.  I think vpnc might be just what I've been looking for, unless someone can think of a client for Linux that I might be able to throw a little further.  I'm very security minded now, after the backlash of Blackhat 2013, there's no telling which direction the internet might head next. Oh, you didn't hear? Well wether they realize it or not, DARPA basically declared war with other government agencies by releasing their own version of a spy program for civilians to use against the whoever -- possibly even the governmnet itself. They even went so far as to suggest it's private usage to blanket entire cities in information gathering. Civilians are a powerful foe, as they are not bound by the oath of office, any evidence they obtain is admissible in court, wether they know that or not. There's a very important reason for that. It's to prevent another civil war from ever happening, we shed enough blood the first time around less people forgot.  It's something that can and will be avoided because our civilization has advanced beyond the need for bloodshed. The courts have to obey the majority rule, no matter what. For the first time in history, cyberwarfare can reach into the physical world to cause serious damage to physical structures like the nuclear facility incident in Iran.  There's scarry bills trying to sneak through congress that are changing the landscape of technology forever for the entire world. We're at a pivotal point now where things can happen. It will be interesting to see how it all plays out over the next decade or so. No matter which way you look at it, just be preparerd to sell a whole lot of routers.

• Using 802.1X and non-Cisco IP Phones

  Hi there,
  Having some questions about an 802.1x/non-Cisco ip phone setup and was hoping to find some answers/user-experience with this setup.
  Main questions i'm facing:
  1) When using non-Cisco ip phones (eg Nortel or Siemens) and a previous authorized client connected behind this ip phone gets disconnected. What will this action do with the authorized state of 802.1X on the switch port? WIll it stay authorized until the reauth timer expires or does it reject communication from any other device?
  2) What about EAPOL-Logoff messages from the ip phone to the switch. Are these only used by Cisco phones when they experience a link-status change on data ports?
  Thanks for sharing your thoughts

  Overall, you need to try and deal with the fact that a machine can disappear from the network and the network may not know about it directly (i.e. Link doesn't go down).
  I have no idea what other phones do, but Cisco phones send an EAPOL-Logoff when something is unplugged. This lets the switch know directly, and 1X session start is torn down immediately, closing what would be a security hole.
  Fundamentally, re-auth is a workaround only, and this is not the reason to enable re-auth to begin with.
  If your phone doesn't send an EAPOL-Logoff in this case, the switch might be left thinking an attack is underway when someone else tries to plug in (with presumably a different MAC). You do NOT want this to occur.
  Hope this helps,

• Blocked IP addresses by the Cisco Anyconnnect Client

  Hello,
  i am using the Cisco Anyconnect Client to access the internet at the LRZ in Munich. If i try to play the game League of Legends on a game server of the ip range 31.186.224/24, I am not able to connect. This problem only occurs when I am using the VPN Client.
  Below is an answer of the support team of the producer of the game:
    We recently split our EU Region into an EU-West  and EU-Nordic/East Region in an attempt to alleviate server strain. To  do so, we had to purchase many new servers for our EU-NE Region, and  this has resulted in connection issues with various ISPs. One particular  range of server IPs we purchased (31/8) was previously on a Bogon list,  however they were all released in May 2010 (
  http://www.team-cymru.org/Services/Bogons/changelog.html
  ).  This should help configure your networks to allow traffic to and from  this range. If you feel uncomfortable unblocking the full 31/8 range you  can more specifically unblock our servers by allowing the 31.186.224/24  through your filters. This is the range purchased by Riot Games for our  new server
  Does the VPN Client block the access to the game servers?
  Thank you for your answers in advance.

  Neither VPN client nor Anyconnect, nor ASA nor IOS has any bogon list built in or used by default.
  If there is something blocking traffic it has to be external and non-default (if Cisco).

• Can cisco MSE(mobility service engine) configured to work with non-cisco access points?

  I understand that access points can be configured to forwards all the probe requests to cisco wifi controller. cisco MSE(mobility service engine) gets the probes from wifi controller to find the location of the mobile devices.
  My question, can cisco MSE(mobility service engine) be configured to work with non-cisco access points?

  No and the reason why is the NMSP communication from the MSE to the WLC. Other vendors don't support this so there is no communication happening.
  -Scott

• Problems w/ VPN Server & Cisco VPN Client on same machine

  I really wish that I read about how the developer of the program iVPN no longer supports his work BEFORE I paid for it. It's a great, simple, GUI frontend to the existing Leopard VPN server built in to regular (non-server) OSX...
  Anyway, on my Mac that stays @ home:
  (1) - I have the iVPN server set up & running to allow me to connect (from my iphone or another computer on the road) to my Mac @ home using L2TP.
  (2) - When I'm @ home and need to connect to my company's network, I need to use the Cisco VPN Client (which uses IPSec etc).
  So, I found out that when I need to use my Mac to connect to work, I first have to open up the iVPN server to click "Stop Server" (which has me enter my password twice sometimes). Now I close iVPN until I'm done, then open up Activity Monitor for the purpose of finding the still-running process "racoon". I realized this not because it's published info, but because if I don't do this, and try to connect to work using the Cisco VPN Client, it simply will not connect. So, I quit the process "racoon" (which also has me enter my password because it's running as root yada yada). NOW, I can load Cisco VPN Client and successfully connect to my company's network. When I'm finished here, I disconnect the C.V.C., then reopen iVPN Server and restart my server (enter password again).
  Is there any way I can make the process "racoon" quit automatically when I turn off the iVPN server? I'd email the developer but I guess that's a lost cause now. It's a shame because he did a fabulous job making iVPN & gave the less computer-networking-literate-user the ability to create their own VPN server without using Terminal.
  I thought about the possibility of using iVPN to create a PPTP connection instead of L2TP - thinking that would allow me to keep my iVPN PPTP server running at all times, even when I wanted to use the CVC to connect OUT to work - but:
  (1) - I would like the increased security of L2TP.
  (2) - When I tried running a PPTP server, and connecting to it from iPhone or other computer, I was NOT able to access the other devices on my network, or the internet. I couldn't even open up a webpage to check whatismyip.com (while sending all traffic over VPN). And yes, the IP Address Range that I have iVPN handing out is within my normal home network's range.
  My end goal for all of this when using my Mac is to be able to leave my iVPN server running at all times, while still being able to run the Cisco VPN CLIENT to connect to my company's network.
  Or, at least not having to open up Activity Monitor to quit the process racoon... let alone having to enter my password 3 times after opening up iVPN, again to stop the server, again to quit the process racoon. Then a forth when I'm all done and need to start the iVPN server again.
  Am I going about this the wrong way? Is there an easier way to accomplish these secure connections? There is a slight possibility of me upgrading and running a dedicated Mac Mini server of some sort perhaps with the real OSX Server. But not right now. I think I'm over complicating this. I mean, my needs are pretty simple:
  (1) - Need to connect TO my Mac from IPhone / someone else's Mac or PC for: VNC over SSH, SSH/SFTP file level access, in the future shared network volumes (time capsule). I'd use Back To My Mac for all of this but I don't always connect FROM a Mac.
  (2) - Need to connect FROM my Mac to work VPN for: VNC to my work PC to access our company's Windows-only program (dual booting into boot camp or using a virtual machine is out of the question), using Mocha for AS400 access, thinking about using file sharing on work PC but not needed so far.
  So it's really just VNC and sometimes SFTP. The "S" being important to me. That's why I don't like the idea of doing away with my iVPN server and just forwarding the outside ports. I use the Vine VNC Server which when checked, only allows access over SSH. The only other remote-logins are used from my iphone using an app called BriefCase (SSH to browse files on remote machine), or using an SFTP client on a computer.
  Thank you for reading all of this, and in advance for any insight you can offer.

  If the two servers need the same ports, then hosting two different VPN packages on the same box usually won't work.
  A firewall-based VPN service can be an option; that external box can deal with NAT and routing and other such and can field incoming or LAN-to-LAN VPNs, and your internal Mac boxes located "behind" that box can be free to initiate outbound VPNs.

• Cisco VPN Client Driver for Atom Processor Tablet

  I recently bought a Dell Venue 8 Pro and installed Cisco VPN Client (5.0.05.0290). I get the Error message "Reason 440: Driver Failure"
  This is perhaps this is because the client driver is not compatible with the Atom processor of the Venue 8 Pro. I have serched Dell for a driver but found none.
  Any ideas?
  Thanks,
  H

  Hi,
  According to your description, I think it is compatibility problem.
  I suggest you use the vpn in the windows 7 compatibility mode.
  Making older programs compatible with this version of Windows:
  http://windows.microsoft.com/en-GB/windows-8/older-programs-compatible-version-windows
  If it doesn't work, I suggest you use the method as the following thread mentioned:
  http://social.technet.microsoft.com/Forums/windows/en-US/ad556ff3-8d33-453e-8b16-71e36e23e2c6/cisco-vpn-client-and-windows-81-preview-determinist-network-enhancer-dilema?forum=w8itpronetworking
  Hope this helps.
  Regards,
  Kelvin hsu
  TechNet Community Support