I have Location A, which includes, among other thngs, a pair of 5508 WLCs running 7.2. On these WLC, I have a number of APs and a hidden SSID xyzzy, which is controlled via Active Directory group policy. If your device is a member of the domain, you see this network with a label which is in AD. I'll call the label FRED. If your device is not inthe domain, yuou see neither the SSID xyzzy, as it is not advertised, nor the label FRED, as the group policy is not applied to your machine.
This is all great and wonderful and works as planned. So now I have location B, which includes a 2505 WLC, and a handful of access points. Users at location B have the option of running wired or wireless. If they are wired, they get full domain access, just likethey are in Location A. However, if they attempt to access via wireless, instead of FRED, they see FRED 2, which shows up as a Work network, but unauthorized. They get an IP (via DHCP), but cannot access anything.I'm pretty sure I have all of the ACLs and firewalls set correctly, but I can't find any messages one way or the other that the traffic is being blocked at the firewall.
Any obvious things I should look at? I'm notthat familiar with the WLC logging capabilities, but I suppose I should start there.
Hmmm. That could be the issue for SIte B. At present, the Wireless controller has two active ports. Port 1, is on VLAN 13, and it represents my management traffic. Port 2 is on VLAN 15, and it represents the traffic for the SSID in question.
However, both ports 1 & 2 are connected directly to an ASA 5505, ports 1 & 2 respectively. ASA port 1 is also on VLAN 13, and ASA port 2 is on VLAN 15. The APs are connected to the ASA port 4 via some C2960 access switches. The ASA port 4 is also on VLAN 15.
None of the VLANs are configured on the access switches. The ASA is the only routing device at Site B. Here's the diagram. I didn't design it. I've Added VLAN 15 to port 4 on the ASA.
I'm not sure. I know that it still doesn't work. I think it has something to do with the two controllers at SIte A are synched to NCS and the one controller at Site B was added on. I think I need to investigate the whole template thing in NCS and attempt to convince it thatthe three controllers (which are of different models and OS versions) are all on the same team.
If there is something in Windows that might threat the SSID as two distinct entities, I haven;t been able to figure that out. I know that if a user machine from Site B comes to Site A, the SSID works fine. Alternatively, if a user from Site A travels to Site B, the SSID shows up as FRED 2 unathenticated network. It's all the same domain, OUs, etc...
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...