GANYMEDE on Cisco WLC question
I just installed a Cisco 5508 WLC on our network. I have the IP address of management in the VLAN management and the controller I set up "no label". WLC has two ports connected to a Cisco 4507 switch in the config of the channel port.
I ping the controller of the network very well, I ping the server RADIUS of the controller. I have the setup of the priority as "GANYMEDE + LOCAL." However when I try to connect in the WLC and look at the debug, it shows I'm authentication and that's all, for some reason any traffic authorization is failed. Using wireshark I confirmed that the request comes from the IP Management Interface.
I followed the instructions in this link:
http://www.Cisco.com/en/us/customer/docs/wireless/controller/5.0/Configuration/Guide/c5sol.html
Any ideas?
Hello
It seems that you have not configured the ACS correctly.
The AEC must return the required attributes.
Please follow the http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml#topic3document.
HTH,
Tiago
--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
Tags: Cisco Security
Similar Questions
-
authenticate the cisco WLC 5508 with cisco ACS 1120 (version 5.0) using GANYMEDE +.
My installation has cisco WLC 5508 and ACS 1120 ver 5.0. How to authenticate users who access to the WLC via the ACS 1120 users GANYMEDE +. I am able to authenticate users for routers and cisco switches, but when I try the same for the CMT, it fails.
Can someone explain please the config/basic steps that must be configured on both services ACS & WLC.
You use plain vanilla 5.0 or have installed patches?
the ACS 5.1 has new GANYMEDE related functionaity, including support for custom services and attributes. If they are necessary for the WLC yo need support it would improve.
He could also relevant corrective patch from calendar 5.0 but I can't find any relevant specific at this stage CDETS
-
Hi all
Could someone help me, I have Cisco WLC 5508 with details of license as the photo below as a status "in use". My question can I used another license with inactive status?
5508 as the 2504 can only use licenses that have been purchased and installed or if eval has not expired. If you exceed the number of licenses of AP, then you need to activate the eval, if not expired. You will not be able to do both. The newer controllers who have the right of use license, you would be able to do.
-Scott
Please evaluate the useful messages *.
-
Cisco WLC 2504 internal DHCP does not work properly
Hi all
I m trials with a Cisco WLC 2504 and some APs of 1832. I set up a DHCP scope on the interface of the controller with 2
a large number of different configurations, but the DHCP protocol does not work and Don t Access Point to obtain an IP address. My first question: is it possible to do DHCP for Access Points or only for wireless clients?
These are my interfaces:
Interface of the PA-Manager:
My DHCP scope:
Advanced DHCP:
I forgot something? Is there anyone using DHCP for its access points?
Thank you!
Hello
On Cisco WLC internal DHCP, you can add the option 43 to say where APs must register. In this case, they will try to resolve the DNS CISCO-CAPWAP-CONTROLLER or CISCO-LWAPP entry.
Let me explain briefly how AP-Manager works on WLC:
- Boots of Access Point and sends a discovery request to the management interface of the controller using the intellectual property you configured as DHCP Option 43 (as described above, it can be resolved by the DNS entry)
- Controller, sends it a response discovered that contains the name of the system, addresses AP-Manager, the number of access points already connected to each interface AP-Manager and the overall capacity of the controller.
- Joints access point controller using the less loaded interface AP Manager.
With this, every AP Manager must have a good configured interface and be connected to a different port, no LAG.
I drop a post here sometimes there is which might help:
https://supportforums.Cisco.com/document/118311/configuring-multiple-AP-...
Thank you
PS: Please do not forget to rate and score as correct answer if this answered your question
-
Hello
I followed the guide on http://www.cisco.com/en/US/docs/wireless/technology/bonjour/7.5/Bonjour_Gateway_Phase-2_WLC_software_release_7.5.html on activation of Cisco WLC 7.5 with Apple TV good morning however I have a weird problem. I have some clients unable to see the apple TV connected to a different wireless access point while some may see the Apple connected TVs. I have attached my setup for reference. I would like to inquire about the use of LSS and so perhaps someone has encountered similar problems? The apple TV is discovered by the wlc on mdns-domain names.
According to the document, multicast has been activated not however the discovery of the apple tv is intermittent of apple customers. Customer can discover apple tv 1 and 3 but not apple tv 2 and sometimes it can discover all 3 apple TV while client B is able to perceive all apple TV devices 3. All 3 apple TV devices are discovered by WLC and only apple TV service has been activated on WLC. I was wondering if anyone has seen a similar question? Not too sure what can be the cause of it?
Any suggestion is appreciated.
Some of the docs didn't do it, but it is required as all my installation requiring Hello, set multicast implementation.
Thank you
Scott
Help others using the system of rating and marking answers questions like "answered."
-
Cisco WLC license evaluation of Access Point
Hello
I would like to know what is happening to access connected to a Cisco WLC points if the evaluation license reached its expiration date and other licenses have not yet been installed all connected access points would cease immediately operation?
Kind regards
Mark
Yes, they would stop working.
Note: when you add licenses a reboot is required. Even if the number of supported the HA increases on reset controller is always necessary for these devices to register on the controller under the permanent license. I once added licenses and when I saw the number of the AP increase - I experimented with the restart - and when evaluating lic. expiration of my AP dropped the controller.
-
Cisco WLC 2504 - Access Points do not reach the controller
Hello world
We bougth a Cisco WLC 2504 with two AIR-AP2702I-UXK9 Access Points. The problem is that the AP do not join the WLC.
The output from 'show join ap stats' shows the following:(Cisco Controller) > view join ap stats summary all the
Database Mac EthernetMac AP AP name IP address Status
00:35: 1a: B1:A9:60 00:f2:8 b: f4:1 has: 9 c AP00f2.8bf4.1a9c 192.168.10.23 joined not
00:35: 1a: C9:99:B0 00:f2:8 b: 77:b7:fc AP00f2.8b77.b7fc not joined 192.168.10.24(Cisco Controller) > show join ap 00:35:1 detailed stats to: b1:a9:60
Synchronization phase statistics
-For the synchronization request has received... Does not apply
-For the synchronization completed... Does not applyDiscovery phase statistics
-Applications received discovered... 114
-Answers success of discovery... 114
-Discovery failure processing... 0
-Purpose of the last unsuccessful attempt of discovery... Does not apply
-Attempt to finally successful discovery time... 20:15:40.106 16 June
-Discovery attempt ultimately unsuccessful time... Does not applyJoin the live statistics
-Join applications received... 57
-Join sent successful responses... 57
-Processing of the join request without success... 0
-Purpose of the last unsuccessful attempt to join... Does not apply
-Attempt to join finally managed time... 20:15:50.414 16 June
-Join finally failed time... Does not applyConfiguration phase statistics
-Configuration requests... 114
-Answers configuration successful... 0
-Processing configuration failed... 57
-Purpose of the last unsuccessful attempt to Setup... Invalid license in the application configuration
-Attempt to finally successful configuration time... Does not apply
-Time finally failed configuration attempt... 20:15:50.810 16 JuneLast the decryption of the AP details failure messages
-Last message decryption failure reason... Does not applyDetails of recent disconnection AP
-Last AP connection failure reason... Does not apply
-Last reason for disconnection AP... Unknown failure reasonLatest summary join error
-Type of error that occurred in the last... Application of configuration rejected LWAPP
-Reason for the error that took place the last... Invalid license in the application configuration
-Time which occurred the last error to join... 20:15:50.810 16 JuneDetails of sign-out AP
-Last AP connection failure reason... Does not apply
Ethernet Mac: c 00:f2:8 b: f4:1 has: 9 Ip address: 192.168.10.23Would be grateful for the help.
Best regards
MarcHi Marc,
Make sure first that your controller has software code 8.0.x or above, if first better it. Here's the code recommended by TAC
Then, try the UX above deployment guide to begin. Under Advanced tab WLAN, you need to enable "of the first universal ap' in order to use this app provisioning & connect to the AP.
If you have more than 1 AP, then you must start 1AP using this application. Other access points that you can feed them upward, while AP original is also powered, so they'll use protocal called NDP & start them automatically
Let us know how it goes
HTH
Rasika
Pls note all useful responses *.
-
Migration of Cisco WLC 5508 to 5520
Hi all
I need to migrate cisco 5508 to 5520 wlc. This Cisco 5508 WLC is in production, it is possible, I can import this 5508 configuration file and export again 5520.
Please provide the steps to follow while making the migration.
(1) how cisco WLC-2 AP WLC-1 transfer since both have the same versions of IOS. Any URL available Cisco?
WLC-2, enter the command "config primary ap
. (2) applicant tried to transfer 2 points of access for LAP 1130 2 WLC WLC - 1 2 days back but still not reflective in WLC - 1. Measures to solve the problems there?
Distance or console in the AP. Post the output of the command 'sh' full record when trying to move the access of a controller to another point is entered.
-
The SSID on Cisco WLC support no.
Hi all
Can you please help me to provide details on the following Cisco wireless controller?
1. no support SSID on Cisco WLC
2. is it possible to limit the SSID on the access point (for example, I have 10 SSID configured on the controller, I want 10 first access points using SSID (SSID 1-5) and rest of the AP SSID 6-10)
Thank you
Jamal
Hi Jamal,.
Just to add to the great info of Robert (+ 5 points Robert)
The feature you're looking for is called WLAN substitute in versions 4.x WLC.
Allowing substitution WLAN
By default, all defined WLAN transmission on the controller access points. However, you can use WLAN editable to select WLAN is transmitted and who are not on a per access point basis. For example, you can use WLAN to control override goes where in the guest WLAN network or you can use it to disable a specific WLAN in a certain area of the network.
This doc.
http://www.Cisco.com/en/us/docs/wireless/controller/4.0/Configuration/Guide/c40wlan.html#wp1114777
Once you create a new WLAN, WLAN > page edition for the new WLAN. In this page, you can set various parameters specific to this general policy, RADIUS servers, political security WLAN key, and 802.1 x settings.
* Check Admin status under general strategies to activate the WLAN. If you want AP broadcast the SSID in beacon frames, check the SSID broadcast.
Note: You can configure up to 16 WLAN on the controller. The Cisco WLAN Solution can control up to sixteen WLAN for Lightweight APs. Each WLAN has an ID separated from WLAN (1 to 16), a WLAN SSID (name of the WLAN) separate and can be assigned to single security policies. Lightweight APs broadcast all Cisco WIFI WLAN SSID Solution assets and apply the policies that you set for each WLAN.
The good doc.
In versions 5.x, you will use AP groups, because in versions 5.x WLC, WLAN substitute has been replaced by the "Groups of AP" feature;
Creation of groups access Point
After all the access points have joined the controller, you can create up to 150 groups of access point and assign up to 16 local wireless networks in each group. Each access point announces that the WLAN enabled that belong to his group of access point. The access point no announcement not disabled WLAN in its access point group or WLAN that belong to another group.
http://www.Cisco.com/en/us/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1128591
To learn more about George video AP discover excellent groups
http://www.my80211.com/Cisco-Labs/2009/3/22/Cisco-AP-group-nugget.html
I hope this helps!
Rob
-
Cisco WLC 5508 & HP printer
Hello
I have some problems with cisco and hp airprint wlan systems.
I use two cisco wlc 5508, a master and an anchor.
the APs ar connectet to master wlc, DHCP and the point of diversion to the internet are on anchor wlc.
so far, with my android phone, I can connect and hepatitis has access to the internet.
now, I use an HP Multifunction (MFP M276nw) printer with Airprint. I connect to the WLAN even the hp printer on the same IP range.
I can ping the printer from my android tablet, but I can never find the printer with a hp soft.
If I connect the printer even with the same compressed to a point of user access to home normal is all ok thing.
I think I have to configure something on my wlcs.
any ideas?
Thank you
It seems that v7.5 supports Hello on anchor. You might want to look at this thread
https://supportforums.Cisco.com/thread/2200019
Sent by Cisco Support technique iPhone App
-
WLAN how can I use with Cisco WLC 2504
I have two companies co-implantant and to decrease costs would like to implement a single Cisco WLC and separate traffic with the VLAN. I see that the controllers of the series Cisco WLC 2500 min supported number of WLAN: 5 and max: 75. That means actually? When I create more than 3 WLAN on a controller, the best practices page advises me against the use of more than 3 WLAN. Is it good to have more than 3 Wireless LANs, and what are the penalties to do?
5 and 75 are the number of points WLC can support access light weight.
By default, 2504 can manage up to 5 access points. You can increase this number up to 75 by adding the new license.
Also, it can support up to 16 different WLANs (SSID)
FC
-
Internet Auth users simultaneous connections by Cisco WLC 5508?
Hello
We have 2 WLC5508 (7.2.111.3) with multiple SSID.
One of them is configured as Passthrough with an external boot server. Works very well.
Now, we want to use the "failure of MAC filtering on.
If the client MAC address is configured under filtering MAC on the WLC, authentication is done without WebAuth.
If the MAC address is not known, the client will be redirect to the external WebAuth server for authentication.
To preserve the functionality of relay for the user, we have hard coded a username & password in the start page.
Thus, each customer WebAuth uses the same user name & password for authentication against the WLC.
Strategies of user login is set to unlimited.
So far so good, it seems to work, but I've read that the controllers of Cisco 5500 supports only 150 concurrent connections to Auth users.
The two WLC have abount 100-170 clients connected.
Question:
-It's going to be a problem with 150 connections simultaneous, despited when the not usin only one user for all customers-Wifi?
-L' user WebAuth is possible with a Cisco ISE as Passthrough, no username & password must be entered by the user.
If so, some guide information wolud be great.
-When it is properly authenticated, a logout screen shows on the Windows client. Can he hide some how?
Thanks for the replies ;-)
Kind regards
Norbert
Its probably a limitation to the treatment of patients with the same credentials. I never ran into a questions, but how many comments will complain, if they hit the button to accept a few seconds after :)
Thank you
Scott
Help others using the system of rating and marking answers questions like "answered."
-
Cisco ISE 1.2 & Cisco WLC 5508 v7.6
Hi all
We intend to upgrade our WLC to 7.6 to fix a bug with FlexConnect customer ACL but I just saw on the ISE Cisco compatibility table which it recommended only up to the WLC 5508 v7.5...
Cisco told me to avoid 7.5 as it is in a State of defferred if anyone know or are running in a laboratory or production, ISE1.2 with a WLC v7.6 n 5508?
I wish I knew rather questions of people know before hand than to have to go through a software update, and then restore.
Thank you all
Mario Rosa
Definitely stay away from 7.5. I've done several deployments with the WLCs 7.6 running. The two main issues that I touched were:
CSCue68065 - in this bug FlexConnect ACL does not work unless you have a regular (non FlexConnect) ACL created with exactly the same name
CSCuo39416 - CWA does not not on FlexConnect APs. It would apply to you if you have older models APs
I hope this helps!
Thank you for evaluating useful messages!
-
SHIFT of Mode on Cisco WLC 5508
Hello
I have two WLC 5508 working in ACTIVE / standby. They are connected to my local network by linking to each WLC.
I would like to implement the LAG Mode to have two WLC link but when I activate LAG Mode (Mode CONTROLLER/general/LAG at the next reboot active), I have this newspaper:
"Error in the setting of the Mode of LAG. Please see the log file.
I see nothing in the log file.
The version of my WLC is 8.0.100.0
Thank you
First, you will need to disable HA if you want to enable the LAG.
A time LAG configured on both controllers, you can then enable HA between two WLCs
HTH
Rasika
Pls note all useful responses *.
-
Cannot configure the device AP on Cisco WLC
Adding new devices of AP to our Organization, and when I try to add them to our 5508 Wireless Controller I get the following error:
If you are in the United States, it is also possible that your new APs are in the regulatory domain of B - PSA, but you have not improved your WLC to support APs b again. More info here:
Maybe you are looking for
-
I need to download a digital certificate, version 35.0
To get a digital certification the emisor company asked for a version of Firefox 35.0.
-
How can I me favorites to open directly under the folder on the side bar to save space of width?
Just reset Firefox (latest version) as she was spinning slowly, now much better, but I had customized the bookmarks bar so that everything (folders, bookmarks) opened directly below the other rather than a step to the right. It saves space. This cust
-
I'm reading from a device that puts the body core temperature and heart rate. When I use hyperterminal data is displayed as it should, but when I try to read with lvterm.vi looks like jibberish. This is how it should look. I don't know what is happe
-
NET Framework 2.0 and 3.5 updates detected repeatedly, KB2633880, KB2572073 and KB2518864
It seems that I lived this same problem with Windows Update services month last in terms of detection repeatedly updates. This time they appear as essential. My computer on my wireless network is running Windows 7 64 bit Home Premium Edition, which
-
security question - I deleted my certificate of security by mistake
I deleted my certificate of security by mistake what I cannot do updates and it says invalid security certificate? I can't roll back something.