We have 350 APs running 12.02T1 software and 350 series Aironet clients. I am trying to set up PEAP authentication with SecurID and enable Dynamic WEP with MIC and TKIP.
I am using multiple SSID's and VLANs to set up three network types:
SSID 1 = PEAP with OTP, TKIP, MIC and Broadcast key rotation - VLAN 1
SSID 2 = Static WEP, TKIP, MIC - VLAN 2
SSID 3 = Non Secure - VLAN 3
I have the following issues, which I would appreciate help with:
1/ Although the documentation states that you can set TKIP, MIC and Broadcast key rotation on each individual VLAN. When I enable MIC on VLAN 1, the clients on VLAN 3 lose all IP connectivity including DHCP access.
2/ I have set up broadcast key rotation interval on the AP. I have users authenticating against ACS 3.1 with the 'Cisco-Aironet-Session-Timeout' attribute set at 1800 secs and the IETF Session timeout set at 900 for dial-access timeout. However, the WEP keys for my WLAN clients are rotating at 900 secs. How do I force the ACS to pass the figure in the aironet session timeout box to the AP instead?
3/ How do I verify the operation of unicast/broadcast WEP key renewal without having to use a Sniffer.
4/ When user authentication fails with the OTP server, there is no message passed back to the clients to record the authentication failure. Can this be enabled?
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...