in waaaay over my head!!!!! HELP!!!!!!

Answered Question

The company that I work for hired a vendor to upgrade our wireless environment. That company purchased the equipment but then charged a rediculous amount of money to set it up. So of course I was given the task. Though this went way over my head I took it on.


I was given a Cisco 1121 ACS server, 2 Cisco 5500 WAC controllers, and 10  1042 LWAPs  and was told to do the best I can. I was able put the ACS server and WAC boxes on the network. At that point I figured that there was something else that needed to be done. But as a test I connected a LWAP which i set an SSID and I couldnt connect to it no matter what level of authentication I used, even unsecured. My question is do I need to setup a RADIUS server on the ACS box to authenticate???



I've been reading up on the ACS for a couple days and I know it can be used for device and user management. But I assumed that we were only using it to manage our wireless environment, so it wasn't really 'necessary'. Idealy, we simply want to broadcast our company SSID and have devices connect to it using their network credentials.                


i'm not really sure what I need to do next. I have yet to contact Cisco though we do have a support. I just want to make sure all things are in place before I contact them


any help would be GREATLY appreciated



Thank you

Correct Answer by Felix Arrieta about 5 years 2 months ago

good morning Matthew,


The  telnet issue is hard to explain but I'd suggest the following:


go to the ACS  authentication logs to check if any there are any  errors from the ACS itself.


Try to log in from a local switch or router plug to the same switch where the acs is located and check the ACS logs again.


Create a new user on the ACS and restart the services, may be the ACS authentication processes is somehow not working.

In regards the timezone command not working it could be related to an internal process as well, try restarting the services, also consider using an NTP server if you have one on your network.


good luck!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Felix Arrieta Fri, 06/15/2012 - 10:53
User Badges:
  • Cisco Employee,

hey Matthew, I'm sorry to hear you're getting slammed like that,I would try to get the following questions answer when contacting support at Cisco.


*we simply want to broadcast our company SSID and have devices connect to it using their network credentials.*


based on your comment above  we need to take care of how the ACS will be configure to  authenticate users, if you want users to login with their network credentials you really need to configure ACS to work with your company user database (note:there's a whole support team at Cisco  for ACS and database  set up)


You may wish to investigate Cisco Secure Access Control Server for Windows Configuring LDAP:


http://www.cisco.com/en/US/products/...80092566.shtml


Cisco's ACS Introduction:


http://www.cisco.com/en/US/products/...086/index.html





at this point the following reading should be very helpful as well :


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml#c4





second:

there's a big need to clarify what type of supplicants(end-users), will be found on your wireless network phone,windows,mac..etc) in order to have an idea what type of  security  design will work the best when things start getting clearer.


note: I understand your company still has the Access points on the box? if that is the case a wireless site survey will be needed to install them properly ( I understand the money concern but many companies go without a survey and  it is more cost to have someone to fix the mess later on) a site survey is componed of  deep analysis of blueprints of the building, all about site survey's  itself (hardware and software tools  (spectrum analyzer..etc) and  of course the knowledge to deploy the AP properly on their right RF, Channels.. etc  (http://en.wikipedia.org/wiki/Wireless_site_survey)


there are good design books around as well.


wish you good luck!!

Felix, thanks for your responce, I figured authentication was my issue. I will surely give Cisco a call for some assisatnce.


We already have a WLAN in place where users connect with a shared WEP. So I'm not really sure if a site survey is necessary. We just want to change APs and have users connect  using their network credentials which will eliminate us going to every device to add the WEP key.


This is specifically for network users using company issued wireless laptops, thin client, ipads and iphones.


Thanks again

Felix Arrieta Fri, 06/15/2012 - 16:07
User Badges:
  • Cisco Employee,

your welcome Matthew!, I hope the links I sent  help you, in addition if you have any specific questions later on just post it!


cheers!

I actually do have one question you may be able to answer while I'm waiting for some logistical things to get sorted out with our Cisco support contract. I'm trying to get the time sync with the ACS server and our PDC. I set the time in the CLI but the command to change the time zone isn't working, i'm using the following string to change the clock time zone from UTC to EST

'clock timeszone EST' but it keeps failing


Also exrta putty and telnet stopped working on that server, which is causing me a lot of walking from one building to another, would you have any idea why???


Thanks again!!!!

Correct Answer
Felix Arrieta Mon, 06/18/2012 - 09:19
User Badges:
  • Cisco Employee,

good morning Matthew,


The  telnet issue is hard to explain but I'd suggest the following:


go to the ACS  authentication logs to check if any there are any  errors from the ACS itself.


Try to log in from a local switch or router plug to the same switch where the acs is located and check the ACS logs again.


Create a new user on the ACS and restart the services, may be the ACS authentication processes is somehow not working.

In regards the timezone command not working it could be related to an internal process as well, try restarting the services, also consider using an NTP server if you have one on your network.


good luck!

Actions

This Discussion