Binding of the SSID authentication
Hi friends,
It is a query of wireless LAN design.
Components used
1 WLC Version 5.0
2. 1142 cisco access points
3 cisco ACS 1120
4 authentication: 802.1 x WPA.
I'm radio 2 SSID named (VLAN 10) HR & ADMIN (VLAN 20) in all points of access. Wireless clients Gets the IP address using the DHCP server.
The issue I'm facing when person ADMIN Select HR ssid, it uses its useraname / password and connect to the network and human resources able to access the resource
So, how to prevent the HR person uses his user name password to connect to the ssid ADMIN. The ultimate goal is, same HR employee selects ADMIN ssid, it should not get network access.
Please help me by sharing your valuable ideas
Kind regards
Sairam
Hi Sairam,
In the Radius access request, the WLC is including the following attributes (among others):
Called-Station-Id: this should come in the form of "(nom dele de mac: BSSID:SSID WLC)"
Airespace-WLAN-Id: this is the index of the WLAN through which the user connects
So you could build an authentication (or authorization) rule in ACS that verifies if the Radius Airespace-WLAN-Id attribute has the same index as the SSID ADMIN (or Called-Station-Id contains the string "ADMIN") and, if so, and if the user belongs to the HR group (defined in ACS or AD, for example), only not authentication (or approval).
Hope this helps,
Fede
--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
Tags: Cisco Wireless
Similar Questions
-
New Cisco Aironet 1602i is not broadcasting the SSID I place
New Cisco Aironet 1602i is not broadcasting the SSID I place
SSID I set up is not broadcasting, so I don't see the wireless network to choose and connect. On my laptop if I choose specify the name of the SSID then I am able to connect to the wireless network. I have only 1 Configuration SSID on the access point. Anyone know how to update the configuration for the SSID is broadcast?
The green light on the AP flashes and turns off about 3 seconds; is this normal or should it stays on all the time?
Current configuration: 1842 bytes
!
version 15.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
host ap name
!
!
Pulse 9 logging console
enable secret 5 $1$ rrlE$ msWqu8CGY/tpDkgRAAAIe /.
!
No aaa new-model
no ip Routing
no ip cef
!
!
!
dot11 syslog
!
dot11 ssid Mi Casa
open authentication
authentication-key wpa version2 management
WPA - psk ascii 7 142017070F0C787B7579
!
!
Crypto pki token removal timeout default 0
!
!
username Cisco privilege 15 password 7 112A1016141D
!
!
Bridge IRB
!
!
!
interface Dot11Radio0
no ip address
no ip route cache
!
encryption algorithms aes - ccm tkip encryption mode
!
SSID Mi Casa
!
gain of antenna 0
STBC
beamform ofdm
root of station-role
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 covering-disabled people
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
!
interface Dot11Radio1
no ip address
no ip route cache
!
encryption algorithms aes - ccm tkip encryption mode
!
SSID Mi Casa
!
gain of antenna 0
DFS block 3 Strip
STBC
beamform ofdm
channel SFR
root of station-role
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 covering-disabled people
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
!
interface GigabitEthernet0
no ip address
no ip route cache
automatic duplex
automatic speed
Bridge-Group 1
Bridge-Group 1 covering-disabled people
No source of bridge-Group 1-learning
!
interface BVI1
IP 192.168.10.200 255.255.255.0
no ip route cache
!
by default-gateway IP 192.168.10.1
IP forward-Protocol ND
IP http server
no ip http secure server
IP http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
1 channel ip bridge
!
!
!
Line con 0
line vty 0 4
local connection
transport of entry all
!
end
Hi you must guest mode config on the ssid... Read this bud
https://supportforums.Cisco.com/docs/doc-5442
Sent by Cisco Support technique iPhone App
-
The AAA authentication not working method and 'by default' list
Guys,
I hope someone can help me here to the problem of the AAA. I copied the configuration and debugging below. The router keeps using username/password local name even if the ACS servers are accessible and functional. To debug, it seems he keeps using the method list 'default' ignoring GANYMEDE config. Any help will be appreciated
Config
**********************************
AAA new-model
!
username admin privilege 15 secret 5 xxxxxxxxxx.
!
AAA authentication login default group Ganymede + local
the AAA authentication enable default group Ganymede + activate
authorization AAA console
AAA authorization exec default group Ganymede + local
AAA authorization commands 15 default group Ganymede + local
AAA authorization default reverse-access group Ganymede + local
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
!
AAA - the id of the joint session
!
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server application made
RADIUS-server key 7 0006140E54xxxxxxxxxx
!
Ganymede IP interface-source Vlan200
***************************
Debugs
002344: 5 Dec 01:36:03.087 ICT: AAA/BIND (00000022): link i / f
002345: Dec 5 01:36:03.087 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".
002346: Dec 5 01:36:11.080 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".
core01 #.
002347: Dec 5 01:36:59.404 ICT: AAA: analyze name = tty0 BID type =-1 ATS = - 1
002348: Dec 5 01:36:59.404 ICT: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot
002349: Dec 5 01:36:59.404 ICT: AAA/MEMORY: create_user (0 x 6526934) user = "admin" ruser = "core01" ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = NONE priv = 15 initial_task_id = '0', vrf = (id = 0)
002350: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): Port = "tty0" list = "service = CMD
002351: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/CMD: tty0 (2162495688) user = "admin".
002352: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send service AV = shell
002353: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd = AV set up
002354: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send AV terminal = cmd - arg
002355: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd - arg = AV
002356: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): found the 'default' list
002357: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = Ganymede + (Ganymede +)
002358: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): user = admin
002359: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send service AV = shell
002360: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd = AV set up
002361: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send AV terminal = cmd - arg
002362: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd - arg = AV
Enter configuration commands, one per line. End with CNTL/Z.
core01 (config) #.
002363: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): permission post = ERROR
002364: Dec 5 01:37:04.261 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = LOCAL
002365: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): position of authorization = PASS_ADD
002366: Dec 5 01:37:04.261 ICT: AAA/MEMORY: free_user (0 x 6526934) user = "admin" ruser = "core01" port = "tty0" rem_addr = "async" authen_type = ASCII service = NONE priv = 15
core01 (config) #.
Ganymede + accessible servers use source vlan 200. Also in the Ganymede server + can you check if the IP address for this device is configured correctly and also please check the pwd on the server and the game of this device.
As rick suggested sh Ganymede would be good as well. That would show the failures and the successes
HTH
Kishore
-
Aironet 1142 not broadcasting the SSID
I configured the device manually, not even using quick or Express security configuration then... it's possible that I missed something.
Anyway, here's the problem. Although the SSID is configured as 'AP1', this SSID is not among the networks available on the client computer.
The connection configured in the group policy for the customer, should happen actually automatically, based on the SSID, but because the SSID is not broadcast, connection fails as well.
The Aironet is among the available networks 'Other network' and if I click on "connect" I am asked to enter the SSID-> AP1
Although fashionable, the error message displays (unable to connect to the network, or something to that effect), the laptop * fact * connect once I have close this window. Access to the network is complete and functional - I can ping other hosts, etc...
I would post screenshots, but not knowing what parameter is missing or incorrect, I must print dozens. So here's the sh run out of the AP obtained via telnet (just below). Can someone tell me what is missing? It's a test network so all information is 'real' (nothing has changed for privacy):
Note: I even changed the hostname to "AP1" (it's still LAB1 below) but that has not solved the problem (do not think it would be).
#######################################################################################################
Lab1 #sh run
Building configuration...Current configuration: 2321 bytes
!
version 12.4
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
hostname LAB1
!
Pulse 9 logging console
enable secret 5 $1$ $9EWD kxrbg8KxikRFypOieKiZh.
!
AAA new-model
!
!
AAA rad_eap radius server group
Server 10.0.0.12 ACCT-port auth-port 1812 1813
!
AAA rad_mac radius server group
!
AAA rad_acct radius server group
!
AAA rad_admin radius server group
!
AAA server Ganymede group + tac_admin
!
AAA rad_pmip radius server group
!
RADIUS server AAA dummy group
!
AAA authentication login eap_methods group rad_eap
AAA authentication login mac_methods local
AAA authorization exec default local
AAA accounting network acct_methods power group rad_acct
!
AAA - the id of the joint session
!
!
dot11 syslog
!
dot11 ssid AP1
authentication open eap eap_methods
authentication-key wpa version2 management
!
!
!
062506324F41 Cisco 7 password username
!
!
Bridge IRB
!
!
interface Dot11Radio0
no ip address
no ip route cache
!
encryption ciphers aes - ccm mode
!
SSID AP1
!
gain of antenna 0
local power 2
power customer 2
root of station-role
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
Bridge-Group 1 covering-disabled people
!
interface Dot11Radio1
no ip address
no ip route cache
Shutdown
gain of antenna 0
DFS block 3 Strip
channel SFR
root of station-role
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
Bridge-Group 1 covering-disabled people
!
interface GigabitEthernet0
no ip address
no ip route cache
automatic duplex
automatic speed
No keepalive
Bridge-Group 1
No source of bridge-Group 1-learning
Bridge-Group 1 covering-disabled people
!
interface BVI1
IP 10.0.0.51 255.0.0.0
no ip route cache
!
default IP gateway - 10.0.0.12
IP http server
no ip http secure server
IP http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
radius of the IP source-interface BVI1
format of server RADIUS attribute 32 include-in-access-req hour
RADIUS-server host 10.0.0.12 auth-port 1812 acct-port 1813 borders 7 15135A0E07782F2
12E60
RADIUS vsa server send accounting
1 channel ip bridge
!
!
!
Line con 0
line vty 0 4
!
endLAB1. #
You must add the command "guest mode" under the terms of the section. (without the quotes of course)
Sent by Cisco Support technique Android app
-
WiFi does not connect if the SSID is not broadcast.
I've updated to Sierra this afternoon. Everything seemed fine after the update. After dinner, my MacBook Pro (retina, 15 inches, beginning 2013) would not connect to Wifi. I reduced to a few things.
It wouldn't connect the 5 GHz n If the SSID has been hidden. If I admitted the SSID to shown, it would connect without problems. It would connect to the 2 GHz band, even with the hidden SSID.
I did the typical SMC reset and reset the NVRAM. I deleted the files related wifi and restarted the router and the MBP. I'm obviously on now and the speed seems normal with no dropouts. I can't hide the SSID now and will continue to work until he's asleep; No dice after that without reactivation SSID broadcast.
Any thoughts?
See you soon,.
Fred
With your same Apple ID, you can register for a free developer account and start a conversation with Apple engineers. They will answer your question: Bug Reporter https://bugreport.apple.com/
-
I have put my school proxy settings and use them very often. On some Web sites, ads continue to use these proxy settings (probably to show me ads based on my preferences or I don't know), and I get the message "Authentication required" time and time again before the end of the loading page. It's annoying because if I have several tabs open and am currently on another page while loading the website with the ads, I'm brought back to this page to authenticate. Can I get asked 3 times to authenticate while this page loads, and it takes forever to load because of this. I don't want to disable my proxy settings because I use it very often. I tried to uncheck the "Accept cookies from Web sites" and nothing happens, it's always the same. I want these ads to stop going through my proxy settings. How do I do that?
Hello
You can try the add-on Adblock Plus . In addition to subscriptions, you can manually add URL patterns or click on an ad to add a filter.
-
How can I change the SSID to a Photosmart C4580?
I browsed the forum and read some articles which none still worked. I use a Mac and spin the OS of Yosemite. In the sourse of trying to get the ro printer recognize the new router I have rest the factory default, so he now tells me that the SSID is hpsetup. How can I now change that to pick up the new router SSID?
Hey Andy,
You can try to enter the password in the section "WPA - PSK", instead of "WEP encryption" section, to see if it will work. It won't hurt to not test.
Here are a few screenshots from another thread with someone who has the same issue which may help:
Photosmart C4580 spend direct USB for iMac, wireless through Time Capsule
If try your password does not work, you can try an application called Keychain, which can be used to retrieve wireless password, just to make sure that you use the same one.
How to manage passwords with Keychain Access
I hope that helps you
-
WiFi does not work if the SSID is not broadcast by router
I have a new 55HX929 and tried to connect to my wifi with its built-in wireless adapter. I do not broadcast my network SSID the router for security and privacy. The searched TV network, does not, and then it asks to enter the SSID. Then, it saves the information and trying to connect but fails. If I enable SSID broadcast on the router and then the tv connects fine but I don't have to do. My tivo with its usb wireless adapter works fine with the SSID broadcasts do not when I configure the network settings. On the same stand as the TV with the power of the signal fine. I am currently using a wireless connected to the ethernet jack TV bridge to work around the problem, but it's a waste when the tv should work with a standard network configuration.
Reading sortiesdvd.com, people have the same problem with NX720 and Sony Google Internet tv. So it seems to be a common problem with Sony games.
I tried online support chat, and they were not able to help. Everything they told me to do was reset the router and tv which does not help. I don't think they understood that a SSID came from how they responded to my questions.
Can we get a fix for this?
Thank you for your messages. We have forwarded your comments to Sony engineering for future updates.
-
Screen missing on e4620 to enter the SSID of the wireless network
The SSID of my wireless network has changed and I can't go to the correct screen on my e4620 all-in-one to enter the new SSID. The network menu Wireless gives me the ability to use WPS that I can't use. How to input SSID on the printer screen?
I solved the problem of the printer connected to my computer via a USB cable, and then using the printer setup utility to turn off the PC to a wireless connection.
-
hp7520 disable wireless or hide the SSID
Hello.
I have a HP Photosmart 7520.
It works fine except my client does not want the ssid broadcast in the doctor's office.
It is already password protected, but he dislikes the ssid 'disorder' in the air.
I would like to disable Wi - Fi to the printer or at least hide the ssid broadcast.
Is this possible?
Thank you.
Go to the printer and turn off wireless Direct. Quite. This assuming the printer is connected to the router.
-
Internet Explore has stopped working - question of the biometric authentication service
My Elitebook 8540p has developed a problem where I get the error message - Internet Explorer has stopped working... Turn it back on. I am running Windows 7 32 bit. And using IE9.
After some internet reading, I started my services of neutralization. I finally got down to a service that is causing the problem.
Biometric Authentication Service Digital Persona Inc.
When I disable the service in the services of the MSconfig System Configuration and reboot, I use internet explore without any problem. (I've identified some Web pages which would agrivate the question.)
The deactivation of the Service of Authenticaton of Biomitric causes the scanner to not work. I tried to reload the driver for fingerprint reader, and the HP Protect tools Security Manager.
Any idea how I can activate the biometric authentication Service and not IE stopped working the issue?
j1bissig
I had the same problem on my HP Pavilion dv7 and had the chance of getting a solution.
I, too, put the finger on biometric authentication as the problem Service. By disabling the service, Internet Explorer worked well; except, now, I had no finger analysis feature. I installed the latest version and it worked for a few sessions and then the problem comes back.
Looking at my updates, I realized that the Flash is set to update at the same time, the problem started. I tested by activating the biometric authentication Service. Instead, I disabled the Flash add-on in Internet Explorer and it did not work again; except, now, I had no Flash.
Searching online, I came across this post from Adobe:
Post on the Adobe Forum: IE9, Windows 7 64-bit Flash causes "Internet Explorer has stopped working".
I followed the instructions in this post, including the "clean install" and reverted to version 10.3 of Flash.
Post on the Adobe Forum: how to return to a previous version of Flash Player?
Now, all the features work correctly.
I hope this helps!
-
This morning the power on the wall where the router is plugged is out. I fixed it and was able to get back on the internet. Problem is that the wireless printer does not work. When I reinstall, my network SSID is not displayed in the available choices. And when I go in the type manually, it can't find it. I'm on the internet. My good names will be displayed. I even went my router page to check these settings. I uninstalled the printer and reinstalled. I get the same.
Connectivity report shows the network name (SSID Found)... IN CASE OF FAILURE
Yet, the networkname is listed in the current configuration of the report at the bottom section.
Report says also that wireless is enabled and works.
Why is it not appear?
In fact, I just changed the name of the SSID and he appeared.
-
Original title:
Octashape streaming system
Hello
A dialog box appears on my screen:
Octoshape streaming services: could not bind to the local host. Please check your firewall configurationWhat should I do?
And if this does not work between the firewall what is the solution?
Thank you!
[Moved from the community centre of Participation]
You seem to have installed a useless program, Octoshape.
http://www.bing.com/search?q=Octoshape
You should be able to remove it from programs and features (or the list of installed programs, depending on your version of Windows.)
Don
-
Trying to connect to the PS3 online, my router is microsoft but the SSID (or our wireless network name) is not displayed! Help, please!
JamieHello
1. What is the brand and model of Microsoft Router?
If you use Microsoft MN - 700 router see link below and follow the steps.
MN-700 Base Station Configuration Guide
Download the guide and open page 3 that contains instructions for recording in the router. Page 16 has also the steps to configure the router to broadcast the SSID
If in case you use a Microsoft MN - 700 router, I suggest you to provide exact model name to get more information about the issue.
I hope this helps.
-
How can I change the SSID on my wireless printer. He has my old router ID.
HP Photosmart Plus B 209
Windows Vista 64-bit
SSID was not found (I put it manually)
I select the printer and then he said: "(imprimante sélectionnée n'est pas présent, connectez l'imprimante & réessayer)"
Several times, I get the same message.
But my printer will work hooked up to the USB key.
My old router (Netgear) leaves so I bought a new. Everything worked fine before. Installed a new and my computer (HP laptop) worked well, went to use the printer... Finally uninstalled and installed, but would never go farthur than the above. I don't know what to try more except that I printed the wireless network Test report and he tells me that the printer cannot find the wireless router. I noticed that the SSID has the old name. Also print the Page of Network Configuration of HP and see that he concluded l network, which is the new. So, where can I change printer SSID? I can't find where I can change it.
Thank you
C70
Hello
Please follow the link below to solve the problems on the issue.
Maybe you are looking for
-
HP compaq 610: I want to upgrade my ram and cpu
Hello I have a laptop HP compaq 610 with a intel core 2 duo 2 GHz with 4 GB of ram and a 64-bit processor It is therefore not good for games now I ask you for the the hardware options available for the upgrade of my camera I wanted to add a 8 GB of D
-
Satellite A200 - hiss from speakers
I got my laptop for about a year or two, and I noticed when I turned it first very on quite a whistling noise came onboard speakers. He was always there, although sometimes he goes and returns for no apparent reason (apparently not be triggered by a
-
Question about C2F - is there an SD card?
I would like to know if and or when the SD card for a module controller of C2F is. The module is a PS4100.
-
Any help would be appreciated.
-
Cannot connect two computers windows 7 for the file and printer sharing
Original title: trying to share files and printers on two computers and seem to have a firewall problem! Windows 7 is on both computers. I went through the setup procedures, I think, but still actually will not connect.