The company that I work for hired a vendor to upgrade our wireless environment. That company purchased the equipment but then charged a rediculous amount of money to set it up. So of course I was given the task. Though this went way over my head I took it on.
I was given a Cisco 1121 ACS server, 2 Cisco 5500 WAC controllers, and 10 1042 LWAPs and was told to do the best I can. I was able put the ACS server and WAC boxes on the network. At that point I figured that there was something else that needed to be done. But as a test I connected a LWAP which i set an SSID and I couldnt connect to it no matter what level of authentication I used, even unsecured. My question is do I need to setup a RADIUS server on the ACS box to authenticate???
I've been reading up on the ACS for a couple days and I know it can be used for device and user management. But I assumed that we were only using it to manage our wireless environment, so it wasn't really 'necessary'. Idealy, we simply want to broadcast our company SSID and have devices connect to it using their network credentials.
i'm not really sure what I need to do next. I have yet to contact Cisco though we do have a support. I just want to make sure all things are in place before I contact them
hey Matthew, I'm sorry to hear you're getting slammed like that,I would try to get the following questions answer when contacting support at Cisco.
*we simply want to broadcast our company SSID and have devices connect to it using their network credentials.*
based on your comment above we need to take care of how the ACS will be configure to authenticate users, if you want users to login with their network credentials you really need to configure ACS to work with your company user database (note:there's a whole support team at Cisco for ACS and database set up)
You may wish to investigate Cisco Secure Access Control Server for Windows Configuring LDAP:
there's a big need to clarify what type of supplicants(end-users), will be found on your wireless network phone,windows,mac..etc) in order to have an idea what type of security design will work the best when things start getting clearer.
note: I understand your company still has the Access points on the box? if that is the case a wireless site survey will be needed to install them properly ( I understand the money concern but many companies go without a survey and it is more cost to have someone to fix the mess later on) a site survey is componed of deep analysis of blueprints of the building, all about site survey's itself (hardware and software tools (spectrum analyzer..etc) and of course the knowledge to deploy the AP properly on their right RF, Channels.. etc (http://en.wikipedia.org/wiki/Wireless_site_survey)
Felix, thanks for your responce, I figured authentication was my issue. I will surely give Cisco a call for some assisatnce.
We already have a WLAN in place where users connect with a shared WEP. So I'm not really sure if a site survey is necessary. We just want to change APs and have users connect using their network credentials which will eliminate us going to every device to add the WEP key.
This is specifically for network users using company issued wireless laptops, thin client, ipads and iphones.
I actually do have one question you may be able to answer while I'm waiting for some logistical things to get sorted out with our Cisco support contract. I'm trying to get the time sync with the ACS server and our PDC. I set the time in the CLI but the command to change the time zone isn't working, i'm using the following string to change the clock time zone from UTC to EST
'clock timeszone EST' but it keeps failing
Also exrta putty and telnet stopped working on that server, which is causing me a lot of walking from one building to another, would you have any idea why???
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...