WLC RADIUS aid Questions

We would like to set up RAY of relief to ensure RADIUS authentications always go their primary ACS so that it is available, but the documentation is not very clear regarding the configuration of the user name.

There is no mention of a password, but if you enable backup - even with the username default "cisco-probe", the failures of this account appear on the ACS server log, so I guess it doesn't.

Can someone shed some light on how exactly this "cisco-probe" should work?

Thank you!

Fold in three ways:

discount - no help

passive - WLC sends the credentials to the server 'death' when a user tries to authenticate

-You set up a user name and an interval.  WLC sends the credentials to the server 'death' at configured intervals.

The password did not really, just that the WLC retrieves a package.  So getting back a rejection of the server would bring it "alive" in the list to the AAA.

make sense?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please don't forget to rate helpful messages and mark the questions answers

Tags: Cisco Wireless

Similar Questions

  • RADIUS authentication question

    Hello world

    I'm learning the Radius Authentication. Here are my updated laboratory in place:

    R1 (107.107.107.10)-(107.107.107.4) - WIN2008 (RADIUS SERVER)

    Here is the config of RADIUS on the R1:

    AAA authentication login default local radius group

    RADIUS-server host 107.107.107.4 auth-port 1645 acct-port 1646
    key cisco RADIUS server

    I have a few questions:

    (1) above, I do not specify encryption on R1, R1 will use this as the default encryption?

    In the attached file, we see the password is encrypted, but there is no config on R1 to use particular encryption

    (2) we also see "authenticator", which is I think is R1 host name i.e encrypted with the shared secret. I'm wrong?

    Much appreciated and have a great weekend!

    Hello

    The Protocol Radius encrypts the password for the default user. I think that Radius uses MD5.

    The authenticator is a random string generated by the client and is used in the encryption of the password process.

    Thank you

    John

  • ISE 1.2 rejects 5508 WLC RADIUS messages

    The setup of ref is:

    WLC 5508 HA pair running 7.6 talk with ISE 1.2 patch 7 (a 6).

    Wireless users are authenticated very well, so the 5508 is a valid n in ISE, but...

    When I install active RAY of relief, so that the WLC can query the ISE Server I get the message:

    "The query a device no RADIUS wireless was interrupted because the installed license is for wireless devices only.

    Why the ISE spend a RADIUS of a WLC message which is a wireless device?  It is certainly a mistake?

    Hi Nicolas,.

    This is a known fault.

    CSCug34679    ISE drop keep alive from WLC.

    Symptom:
    ISE drops keep living authentications from the WLC, with message 11054 request from a device no wireless because of the license installed wireless.
    Conditions:
    When only licensed wireless is installed on the ISE and use current keep alive on the WLC.
    Workaround solution:
    Passive use keep alive on the WLC and non-active.

    Kind regards

    Jatin kone

    * Make the rate of useful messages *.

  • # WLC RADIUS TO LDAP MONITORING SERVER SERVER. #

    Dear all,

    Our wireless configuration is as below

    Authentication: Radius

    Customers will be sending the authentication for ACS 5.3 request server and ACS 5.3 will forward the authentication to the LDAP server

    Here we have the challenge of monitoring the connectivity between WLC 5.3 ACS and ACS 5.3 to LDAP (authentication should be monitored)

    ICMP monitoring is already done. But it will not provide the logic of authentication with LDAP.

    Ask you to solve this problem as soon as POSSIBLE

    Thank you best regards &,.

    Sakthivel M

    Hi Santana,

    For the connectivity WLC and RADIUS and ensure that he retreat to the next available server. You can configure.

    Active mode

    In Active mode, when a server does not meet the WLC authentication request, the WLC mark the server as death, and then moves the server to the inactive pool and starts to send probe messages regularly until the server responds. If the server responds, then the WLC moves the server died in the active pool and constantly send probe messages. In this mode, when an authentication request comes, the WLC always draws the index server (highest priority) lowest pool active RADIUS servers.

    The WLC sends a probe packet after the timeout period (default 300 seconds) to determine the status of the server where the server does not respond earlier.

    Feature of backup RADIUS server on the sample Configuration of controllers (WLC) wireless LAN

    http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a008098987e.shtml#active

    5.3 GBA, while the implementation of LDAP servers, you have an option for the secondary server. There is no detection mechanism but if it gets no response from the LDAP server first within a specified period. It will begin to communicate with the secondary server. There is therefore no typical mechanism for probing the LDAP within the ACS server.

    ~ BR
    Jatin kone

    * Does the rate of useful messages *.

  • Recovery running of first aid questions

    I have an iMac with disc Fusion. I ran the first aid on the part of the disc SSD and he said "first aid found corruption that needs to be repaired. To repair the boot volume, run first aid recovery. »

    So I restarted the iMac and kept pressed Cmd - R to enter recovery mode. Once there, I opened disk utility, select the SSD and ran first aid. Even though I am in recovery mode, I always get the message saying "first aid found corruption that needs to be repaired. To repair the boot volume, run first aid recovery. Click OK to continue. "When I click on done, nothing happens, same as when I was booted up normally.

    Is there another method, that I can try? And Yes, I am definitely in recovery mode...

    Thanks for the help!

    FWIW, if you see the SSD and HDD in disk utility means that your merger drive is merged is no longer. You can try the race as first aid on the upper level of the drive in Recovery Mode but make sure that everything is backed up first.

  • REAP H & 802.1 x question

    Hi all

    This question is based on the WLAN configuration where we have one SSID and a WLAN and WIFI network is configured for local switching for H-REAP.

    Authentication would be based in 802. 1 x.

    According to my understanding, tunnel of CAPWAP REAP H "central authentication with local switch mode" is used only for wlc management data and to facilitate authentication. All local traffic is bridged Remote LAN o and all traffic to the central site is routed like any other traffic.

    My questions are

    1 traffic to local resources in distance runs through the tunnel of 802. 1 x?

    2 - is the draft of traffic from the gateway of the device of L3 through 802.1 x tunnel?

    All thoughts, much appreciated.

    see you soon,

    Andrée

    Hi Jean Miche,.

    I see a slight misunderstanding here. There is no such thing as ' 802.1 x tunnel. Once authentication is completed, it's over.

    So let's recap:

    (1) client tries to authenticate to HREAP AP

    (2) HREAP AP transmits information to the WLC capwap tunnel.

    (3) WLC authenticates accordingly (the radius server, either)

    (4) once gets HREAP AP the "accept" (wlc/RADIUS) authentication, it passes to "switching from local traffic" and the traffic never goes through the new tunnel of capwap (talk about customer traffic, ap always retains a link with wlc management).

    If you answer your questions:

    1. traffic is handled as it would be an IOS AP. Meaning if a PC on the central site is trying to contact the client ap hreap, it will communicate with the gateway of the central site, across the WAN and the remote site gateway sends to hreap ap that will send to the customer. No tunnel involved.

    2 same here. Traffic initiated by the bridge that takes the shortest path to the AP, traffic never gets capwap encapsulated or whatever.

    I hope this helps.

    Nicolas

    ===

    Please note the answers that will help you

  • EAP - TLS with WLC 4404 (choose which layer option 2)

    Hi all

    I want to install a WLAN that uses EAP - TLS.

    WiFi PC <----->LWAP <------>WLC <---->Radius Server

    Should the layer tab 2 for security on the WLC which option I use for the following: -.

    Security Layer 2 (I'm assuming that WPA + WPA2 than what laptops will use)

    Key auth Mgmt?

    I'm a little confused by the 802. 1 x in two of these fields, a security layer two and one for Auth key Mgmt?

    Thx a lot indeed guys,.

    Ken

    You would choose layer 2 security: WPA + WPA2

    Then in the settings WPA + WPA2 choose political WPA2 with WPA2 encryption. Under authentication key Mgmt select 802.1 x.

    Now if you need the use of WPA policy, then also choose TKIP for this.

    Choose your radius servers so for your AAA server tab.

    That's all.

  • Need help with the installation of 4400 WLC

    I have a client that is running 2 separate networks. One is configured with 10 LWAPs connected to a 4400 WLC by using MAC authentication. The other is 2 autonomous 1200 Series APs configured with RADIUS of a Server IAS Ms.

    The customer wants to combine the WLANs separated in 1; Indeed, integrating all the APs the WLC, RADIUS configuration for all and maintain the 2 separate SSID.

    Is this possible with the 4400 series? If so, could you please direct me to the guides for this configuration.

    1 convert 1200 Series APs in LWAPs

    2 configure the RADIUS about WLC 4400

    3. set up 2 separate SSID on 1 WLC times by using the same authentication method

    4 change the if necessary air on MS Windows 2003 IAS RADIUS

    1 convert 1200 Series APs in LWAPs

    http://www.Cisco.com/en/us/docs/wireless/access_point/conversion/LWAPP/upgrade/guide/lwapnote.html

    2 configure the RADIUS about WLC 4400

    http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a00808e5d6b.shtml

    3. set up 2 separate SSID on 1 WLC times by using the same authentication method

    > This should be fairly simple...

    4 change the if necessary air on MS Windows 2003 IAS RADIUS

    There are several examples of IAS here configuration:

    http://www.Cisco.com/en/us/products/ps6366/prod_configuration_examples_list.html

  • False claims RADIUS of customer VPN Cisco ASA 5510

    Hello world

    I use the Cisco VPN client 5.0.7 and Cisco ASA 5510 (7.4 and 8.4.2) VPN RAS solution. Clients are authenticated using certificates and RADIUS AAA (ACS 3.3) and AD.

    Each time, when the client connects, ASA 2 RADIUS requests questions, correct first - which is successfully authenticated by FAC and immediately - second that always fails. I couldn't find information related to this strange behaivor. Function "Double Authentication" (more sympathetic to his name) is only accessible to Anyconnect customers who we do not. When I'm authenicated by using password group, there is only one query RADIUS.

    What is the source of such behavior?

    The negative impact is that my logs are filled with the failed authentication attempts fallacious and users are incrementig attempts failed in the AD meter.

    Debugging of ASA:

    -First application-

    RDS 2011-10-24 16:16:01 0232 14884 request code 172.16.8.1:1645 host = 1 id = 22, length = 145 on port 1025

    RDS 2011-10-24 16:16:01 I 2519 14884 [001] value of username: User1

    RDS 2011-10-24 16:16:01 I 2519 14884 [002] value username-password: 2D A9 B2 D0 15 5F 1E B8 BB DB 3A 38 F5 24 72 B5

    RDS 2011-10-24 16:16:01 I 2538 14884 [005] NAS-Port value:-1072693248

    RDS 2011-10-24 16:16:01 I 2538 14884 [006] Type of Service value: 2

    RDS 2011-10-24 16:16:01 I 2538 14884 [007] value Framed-Protocol: 1

    RDS 2011-10-24 16:16:01 I 2519 14884 [030] value Called-Station-Id: 172.16.8.1

    RDS 2011-10-24 16:16:01 I 2519 14884 [031] value of Calling-Station-Id: 10.4.14.14

    RDS 2011-10-24 16:16:01 I 2538 14884 [061] NAS-Port-Type value: 5

    RDS 2011-10-24 16:16:01 I 2533 14884 [066] Tunnel-Client-Endpoint value: [T1] 10.4.14.14

    RDS 2011-10-24 16:16:01 I 14884 2556 [004] value of NAS-IP-Address: 172.16.8.1

    RDS 2011-10-24 16:16:01 I 2561 14884 [026] Vendor-Specific vsa id: 9

    RDS 2011-10-24 16:16:01 I 2596 14884 [001] cisco-av-pair value: ip:source - ip = 10.4.14.14

    RDS 2011-10-24 16:16:01 I 0282 14884 ExtensionPoint: run the configured scan extension points...

    RDS 2011-10-24 16:16:01 I 0314 14884 ExtensionPoint: advertising [AuthenticationExtension] provider [Cisco EAP generic]

    RDS 2011-10-24 16:16:01 I 0763 14884 ExtensionPoint: Message-[generic EAP] lack of EAP, ignorant...

    RDS 2011-10-24 16:16:01 I 0319 14884 ExtensionPoint: [GenericEAP.dll-> AuthenticationExtension] returned [1 - ignored]

    RDS 2011-10-24 16:16:01 I 0314 14884 ExtensionPoint: asking provider [Download Cisco ACL] [AuthenticationExtension]

    RDS 2011-10-24 16:16:01 I 0763 14884 ExtensionPoint: [DnldACLs] asking not a download of ACL, ignorant...

    RDS 2011-10-24 16:16:01 I 0319 14884 ExtensionPoint: [DnldACLs.dll-> AuthenticationExtension] returned [1 - ignored]

    RDS 2011-10-24 16:16:02 I 14884 0475 AuthorExtensionPoint: run the configured scan extension points...

    RDS 2011-10-24 16:16:02 I 14884 0507 AuthorExtensionPoint: requesting provider [Download Cisco ACL] [AuthorisationExtension]

    RDS 2011-10-24 16:16:02 I 0763 14884 ExtensionPoint: looking for ACL from [DnldACLs] to [user1]

    RDS 2011-10-24 16:16:02 I 0512 14884 AuthorExtensionPoint: [DnldACLs.dll-> AuthorisationExtension] returned [1 - ignored]

    RDS 2011-10-24 16:16:02 3360 14884 sent response code 2, id 22 to 172.16.8.1 on port 1025

    RDS 2011-10-24 16:16:02 I 2561 14884 [026] Vendor-Specific vsa id: 9

    RDS 2011-10-24 16:16:02 I 2596 14884 [001] cisco-av-pair value: ip:addr - pool = vpnpool

    RDS 2011-10-24 16:16:02 I 2561 14884 [026] Vendor-Specific vsa id: 9

    RDS 2011-10-24 16:16:02 I 2596 14884 [001] cisco-av-pair value: ip:wins - servers = 10.2.9.12 10.3.9.10 10.4.2.202

    RDS 2011-10-24 16:16:02 I 2561 14884 [026] Vendor-Specific vsa id: 9

    RDS 2011-10-24 16:16:02 I 2596 14884 [001] cisco-av-pair value: IP: DNS-servers = 10.2.9.12 10.3.9.10 10.4.2.202

    RDS 2011-10-24 16:16:02 I 2538 14884 [006] Type of Service value: 2

    RDS 2011-10-24 16:16:02 I 2538 14884 [007] value Framed-Protocol: 1

    RDS 2011-10-24 16:16:02 I 2538 14884 [013] box-Compression value: 1

    RDS 2011-10-24 16:16:02 I 14884 2556 [008] value box-IP-Address: 255.255.255.254

    RDS 2011-10-24 16:16:02 I 2519 14884 [025] value class: CISCOACS:002cb2a9/ac100801/3222274048

    -The second request-

    RDS 2011-10-24 16:16:02 0232 14884 request code 172.16.8.1:1645 host = 1 id = 23, length = 145 on port 1025

    RDS 2011-10-24 16:16:02 I 2519 14884 [001] value of username: User1

    RDS 2011-10-24 16:16:02 I 2519 14884 [002] value username-password: 06 EA 08 AB C7 8F 75 D0 A5 E5 AE B7 A8 1 48 96 b

    RDS 2011-10-24 16:16:02 I 2538 14884 [005] NAS-Port value:-1072693248

    RDS 2011-10-24 16:16:02 I 2538 14884 [006] Type of Service value: 2

    RDS 2011-10-24 16:16:02 I 2538 14884 [007] value Framed-Protocol: 1

    RDS 2011-10-24 16:16:02 I 2519 14884 [030] value Called-Station-Id: 172.16.8.1

    RDS 2011-10-24 16:16:02 I 2519 14884 [031] value of Calling-Station-Id: 10.4.14.14

    RDS 2011-10-24 16:16:02 I 2538 14884 [061] NAS-Port-Type value: 5

    RDS 2011-10-24 16:16:02 I 2533 14884 [066] Tunnel-Client-Endpoint value: [T1] 10.4.14.14

    RDS 2011-10-24 16:16:02 I 14884 2556 [004] value of NAS-IP-Address: 172.16.8.1

    RDS 2011-10-24 16:16:02 I 2561 14884 [026] Vendor-Specific vsa id: 9

    RDS 2011-10-24 16:16:02 I 2596 14884 [001] cisco-av-pair value: ip:source - ip = 10.4.14.14

    RDS 2011-10-24 16:16:02 I 0282 14884 ExtensionPoint: run the configured scan extension points...

    RDS 2011-10-24 16:16:02 I 0314 14884 ExtensionPoint: advertising [AuthenticationExtension] provider [Cisco EAP generic]

    RDS 2011-10-24 16:16:02 I 0763 14884 ExtensionPoint: Message-[generic EAP] lack of EAP, ignorant...

    RDS 2011-10-24 16:16:02 I 0319 14884 ExtensionPoint: [GenericEAP.dll-> AuthenticationExtension] returned [1 - ignored]

    RDS 2011-10-24 16:16:02 I 0314 14884 ExtensionPoint: asking provider [Download Cisco ACL] [AuthenticationExtension]

    RDS 2011-10-24 16:16:02 I 0763 14884 ExtensionPoint: [DnldACLs] asking not a download of ACL, ignorant...

    RDS 2011-10-24 16:16:02 I 0319 14884 ExtensionPoint: [DnldACLs.dll-> AuthenticationExtension] returned [1 - ignored]

    RDS 2011-10-24 16:16:02 P 2237 14884 user: User1 - Windows user unknown or invalid password

    RDS 2011-10-24 16:16:02 3360 14884 sent response code 3, id 23 to 172.16.8.1 on port 1025

    RDS 2011-10-24 16:16:02 I 2519 14884 [018] value Reply-Message: rejected...

    RDS 2011-10-24 16:16:03 0232 14884 request code 10.2.47.200:1812 host = 1 id = 254, length = 227 on port 32769

    RDS 2011-10-24 16:16:03 2788 14884 (VSA unknown Vendor ID 14179)

    GBA debug:

    -First application-

    AUTH 24/10/2011 16:16:01 I 0365 13060 external DB [NTAuthenDLL.dll]: from [user01] user authentication
    AUTH 24/10/2011 16:16:01 I 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication attempt for the user1 user

    AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: authentication Windows successfully (by DCCORPMSK04)
    AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: information get RAS to the user user1 DCCORPMSK04

    -The second request-
    AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: from [user1] user authentication
    AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication attempt for the user1 user
    AUTH 24/10/2011 16:16:02 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication FAILED (Error 1326 L)
    AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: retry authentication to the CORP domain
    AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication attempt for the user1 user
    AUTH 24/10/2011 16:16:02 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication FAILED (Error 1326 L)

    The ASA config:

    Crypto ikev1 allow outside
    Crypto ikev1 allow inside
    IKEv1 crypto ipsec-over-tcp port 10000
    life 86400
    IKEv1 crypto policy 65535
    authentication rsa - sig
    3des encryption
    md5 hash
    Group 2
    life 86400

    !

    internal Cert_auth group strategy
    attributes of Group Policy Cert_auth
    client ssl-VPN-tunnel-Protocol ikev1 l2tp ipsec
    Split-tunnel-policy tunnelspecified
    value of Split-tunnel-network-list aclVPN2
    the address value vpnpool pools
    rule of access-client-none

    !

    attributes global-tunnel-group DefaultRAGroup
    address (inside) vpnpool pool
    address vpnpool pool
    authentication-server-group RADIUS01
    authorization-server-group RADIUS01
    authorization-server-group (inside) RADIUS01
    Group Policy - by default-Cert_auth

    !

    RADIUS protocol AAA-server RADIUS01
    AAA-server host 10.2.9.224 RADIUS01 (inside)
    key *.
    RADIUS-common-pw *.
    AAA-server host 10.4.2.223 RADIUS01 (inside)
    key *.

    Hello

    It is a 'classic' error and has nothing to do with dual authentication, but rather with the fact that you do both radius and authorization of RADIUS authentication.

    If you remove this line:

    authorization-server-group RADIUS01

    you will see that it starts to work properly

    In short: when ASA no authorization of RADIUS, it sends a request to access radius with the username as a password, that's why you see the second application fails all the time.

    This is because the RADIUS authorization is intended to be used when authentication happens using certificates (only) so there is no password.

    Also note that within the RADIUS protocol, authentication and authorization are not separate things, both occur in a single step. So if the ASA makes the radius authentication, he already gets the user attributes in the authentication step and it makes no sense to also make a separate authorization stage (except in a few very rare scenario where you have 2 radius servers, one for authentication and another for permission).

    HTH

    Herbert

  • PowerCLI - an element with the same key has already been added ERROR

    Hello

    I opened a case with VMware on a problem using PowerCLI. And pretty well, they said that they do not support scripts... But the error is not related to any script. It is related to the first command I run against one of our Vcenter and we have 6 of them.

    Everything worked well until we went from 4.1 to 5.1

    I can connect to our VCenter fine, but the first command always give an error and fail to the powercli but the task still occur in vCenter.

    When it gets ugly, is we have several powershell script to maintain and automate our environment but now these script fail.

    Example, we have a script to deploy the VM model and then configure the appropriate hardware configuration and add Notes and custom attributes. But the script fails after that deployment so the rest will not run. It will be possible that deploy us to the first virtual machine.

    So for 'Band-aid' question, I added a line to my script to start a virtual dummy machine, to make sure that what is in the script will work fine.

    Error:

    PowerCLI C:\Program Files\VMware\Infrastructure\vSphere PowerCLI > start-vm vm - Server-m46

    Start-VM: 2013/06/26 11:57:05 Start-VM an element with the same key has already been added.

    Online: 1 character: 9 + start-vm < < < <-vm server-m46 + CategoryInfo: NotSpecified: (:)) [start-VM], ViError + FullyQualifiedErrorId: Client20_VMServiceImpl_StartVM_ViError, VMware.VimAutomation.ViCore.Cmdlets.Commands.StartVM)

    As far as I know, done to the PowerCLI VMware supports.

    I don't think they support the client script debugging, but the product PowerCLI itself is supported.

    I created a few calls myself in the past.

    What you see is a known problem, there are a few discussions in this community who has something similar.

  • WLC with RADIUS question

    Hello

    I have the following strange behavior:

    My WLCs connects to the RADIUS server by using the IP address of a dynamic interface instead of using the IP address of the management interface.

    Dynamic interface Tha is on the same subnet / vlan from the RADIUS server.

    What is the best interface to use for RADIUS authentication?

    And how do I decide which interface shuold be RADIUS-source IP interface to connect with my radius servers?

    Thank you all

    Johnny

    If you have the Radius Server on a subnet in which you have any interface on the wlc on, you will see the wlc by using this ip address. The ip address of the client AAA you should use is the dynamic ip address. The only time where you will see the wlc use its management interface is your wired and wireless (dynamic interfaces) are on different subnets.

  • WLC with ACS 5.1 (RADIUS) for management * AND * Network users

    Hello

    I have authentication RADIUS of installation for the users of the network AND management on my NM - WLC (5.2 ongoing execution) against ACS 5.1

    My Question is:-

    For users to log in to Admin, I need to come back "Service-Type = Administrative - User" in order to make it work.

    Because the ACS sees all applications from the same device (WLC) for Admin and network users,

    the way I am currently treats it is by creating a filter based on the user name

    Thus, users that contain 'admin' in their ID, use a set of

    Network access policy authorization, who has an authorization associated with the attributes RADIUS profile.

    Normal users have a ' network access policy authorization different rule ", with a different profile.

    While this DOES WORK fine, still me I was wondering if there is a better way to do it, rather than create a rule

    based on the user name.

    I could use GANYMEDE + for the management, but I don't think that ACS allows the same client AAA (WLC) to use both protocols.

    Thank you

    I think it's something very common for things to do

    You may notice that ACS 5 comes preinstalled with a selection policy of service that differentiates them the Protocol-based queries and orders or service 'Access to the network by default' or "Default Device Admin" out of the box

    If you want only to RAY can either disable or delete the rule for applications of GANYMEDE + or not choose GANYMEDE + in the definitions of the unit

  • GANYMEDE on Cisco WLC question

    I just installed a Cisco 5508 WLC on our network.  I have the IP address of management in the VLAN management and the controller I set up "no label".  WLC has two ports connected to a Cisco 4507 switch in the config of the channel port.

    I ping the controller of the network very well, I ping the server RADIUS of the controller.  I have the setup of the priority as "GANYMEDE + LOCAL."  However when I try to connect in the WLC and look at the debug, it shows I'm authentication and that's all, for some reason any traffic authorization is failed.  Using wireshark I confirmed that the request comes from the IP Management Interface.

    I followed the instructions in this link:

    http://www.Cisco.com/en/us/customer/docs/wireless/controller/5.0/Configuration/Guide/c5sol.html

    Any ideas?

    Hello

    It seems that you have not configured the ACS correctly.

    The AEC must return the required attributes.

    Please follow the http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml#topic3document.

    HTH,

    Tiago

    --

    If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

  • Hello, I forgot my security questions, I want to change but the need for an aid station. And I do not add a post before rescue. How can I add now? Please help me. TNX.

    Hello, I forgot my security questions, I want to change but the need for an aid station. And I do not add a post before rescue. How can I add now? Please help me. TNX.

    You can not and need to ask Apple to reset your security questions. To do this, click here and choose a method; If this page does not list one for your country or if you are unable to call, complete and submit this form.

    (137646)

  • General questions about the iphone compatible hearing aids, please?

    I am a seller of oil field that moves and I need my first hearing aids.  I have loss of hearing with a classic old guy and it's average but I'm late for h / a. I'm missing an important part of my life and want to hear the birds sing again!  I currently use a 5 s with 9.2 and a bluetooth Plantronics traveler legend.  I have hands free for safe driving and especially for taking notes of value and wear it all day.  I don't listen to music or videos, no vehicle bluetooth and any other iOS device.  The goal is good h/a and the use of good phone.

    I am interested in the Halo of Starkey and research scared me a bit of the questions that I barely understand!  Googling found a lot of comments, but they seem to all written by agents of sale or competitors.

    Where is the microphone bluetooth on the Halos?

    Is the call phone stereo or mono?

    The function of the hearing aid remains so that on the phone?

    In light of my basic needs, all warnings other than the stupid of these things cost?

    I am also considering a 6s, this would be a better phone for the Halo team?

    Prone glitch or awkward iphone apps?

    I'm bored of conversation in the meeting rooms, restaurants are tough and shows are terrible for the hearing?

    Generally you are happy with new h/a and halos in particular.

    Everything is provided with a newbie would not recognize that you like?

    Let me know if you need more details.

    Where is the microphone bluetooth on the Halos?

    --> The microphone's upstairs behind the part of the ear. If you use the Halos as your ears "on the phone", you still talk in the phone's microphone.

    Is the call phone stereo or mono?

    --> Is not true stereo, but you will hear the call through two hearing aids.

    The function of the hearing aid remains so that on the phone?

    --> You can leave the active hearing aid microphones or cut them. It's your choice.

    In light of my basic needs, all warnings other than the stupid of these things cost?

    --> Feel free to test-drive a few models, unless the first really works well for you.,.

    I am also considering a 6s, this would be a better phone for the Halo team?

    -->, I can't comment on that, except to say that my experience with multiple iPhones over the years that I have great confidence that each new model is better than the previous. There are a few bumps on the road, but Apple is good enough, solve them. YMMV

    Prone glitch or awkward iphone apps?

    --> Not, in my opinion.

    I'm bored of conversation in the meeting rooms, restaurants are tough and shows are terrible for the hearing?

    --> Which has not changed for me. It is the nature of sound amplification without being able to directly select that sounds to amplify and to mute.

    Generally you are happy with new h/a and halos in particular.

    -->, I am very happy.

    Everything is provided with a newbie would not recognize that you like?

    --> I like the ability to define a 'from' sensitive geographically, where you can control the volume up down and the bass/treble back. It is a crude tool, but it works.

Maybe you are looking for