I'm running an WLAN with a pair of ACS3.3(2) servers and 1200 series APs. I use AES encryption and Peap MS-chap authentication.
Everything was running fine until I renewed the SSL cert for the two servers. After the new cert was installed a large number of clients could not connect. A workaround was to check the option "Allow intermediate certificates" on the client. Some clients don't even have this option and I didn't want to have to reconfigure all the clients (in the 1000s) unless absolutely necessary as most don't have SMS yet. I ended up installing a certificate without an intermediate CA from RapidSSL and it works as before.
I had a TAC case open but this only came to the conclusion that the new certificate was the problem.
Has anyone else got this working or is this unsupported?
The problem is that Verisign gave you a chained cert. They will stop issuing root unchained certs in the end of September. So your best bet is to go with RapidSSL or if you really want a Verisign cert, is to call them and request one. They will tell you that they will no longer support it in the future.
The WLC doesn't support any chained certs only root CA unchained certs.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...