Unfortunately the screenshot was scrubbed? Is there a better method of distributing information than this as it is somewhat cumbersome
Pete On 17 February 2011 11:02, <[email protected]>wrote: > Send CCIE_Wireless mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Wireless digest..." > > > Today's Topics: > > 1. Re: LAB 4.6 Observation (Silverline,Tim) > 2. WLC Starup Wizard - Quick Question (Phil Priest) > 3. Re: LAB 4.6 Observation (Jason Boyers) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 17 Feb 2011 01:33:24 -0600 > From: "Silverline,Tim" <[email protected]> > To: Stalder Dominic <[email protected]>, > "[email protected]" > <[email protected]> > Subject: Re: [CCIE Wireless] LAB 4.6 Observation > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Thanks Dominic. I sent a follow up email shortly after this pointing out > my oversight as I read the final solution. > > I was very quick to react (in poor judgment apparently) since this specific > issue has bothered and puzzled me for quite some time. In fact I brought it > up in a CCIE wireless bootcamp I recently attended (I won't name the vendor > because the class was a large disappointment) and many other locations > including several Cisco wireless sessions and was never once provided this > guidance. > > I am very grateful to have learned this new detail and happy that Jason > included it in this workbook. > > Tim > > From: Stalder Dominic [mailto:[email protected]] > Sent: Wednesday, February 16, 2011 11:14 PM > To: Silverline,Tim; [email protected] > Subject: Re: [CCIE Wireless] LAB 4.6 Observation > > Hi Tim > > Your are absolutly right concerning the fact, that WLC uses RADIUS if a > server is configured globally, even it is not specified under security in > the WLAN profile. But the solution for IPX1 ist correct in the DSG, because > of this statement: > > "To ensure that users on IPX1 are not authenticated via RADIUS, make sure > thate the "Network" (User) box is unchecked for the RADIUS server" > > You don't need to completely disable the RADIUS server, you just can > disable the user authentication, so you are still able to authenticate > management users, as an example. See attached screenshot. > > Regards > Dominic > > ________________________________ > Von: "Silverline,Tim" <[email protected]> > Datum: Wed, 16 Feb 2011 23:49:12 -0600 > An: "[email protected]" <[email protected] > > > Betreff: [CCIE Wireless] LAB 4.6 Observation > > Part of the IPX1 configuration states: "Ensure that users won't be able to > use RADIUS for authentication" > > The DSG shows this is accomplished by simply not selecting RADIUS servers > under the AAA policy within the IPX1 WLAN. > > Just wanted to point out that this is not actually a valid method of > ensuring RADIUS is not used on Cisco's controllers. > > Something that has been frustrating to me about WLCs for quite some time - > even if no RADIUS servers are selected within a particular WLAN - the > controller will still attempt to authenticate to a RADIUS server from the > authentication servers listed under the security tab. > > The only way to actually prevent this is by removing every single RADIUS > server from the controller thereby disabling RADIUS authentication entirely. > > I do not believe this has been fixed even in the latest versions of code > (though I have not tested on 7.x and later). > > > ________________________________ > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com<http://www.ipexpert.com> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_wireless/attachments/20110217/50240d20/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Thu, 17 Feb 2011 09:57:58 -0000 > From: "Phil Priest" <[email protected]> > To: <[email protected]> > Subject: [CCIE Wireless] WLC Starup Wizard - Quick Question > Message-ID: > < > 4faff455f5392643be7ac37400dbfeb802bac...@crewexch01.hq.comms-care.com> > > Content-Type: text/plain; charset="us-ascii" > > All, > > > > Is there any way of quitting out of the wizard so I can start typing > commands?? > > > > Thanks > > > > Phil > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_wireless/attachments/20110217/930f5e20/attachment-0001.html> > > ------------------------------ > > Message: 3 > Date: Thu, 17 Feb 2011 06:02:30 -0500 > From: Jason Boyers <[email protected]> > To: "Silverline,Tim" <[email protected]> > Cc: "[email protected]" > <[email protected]> > Subject: Re: [CCIE Wireless] LAB 4.6 Observation > Message-ID: <6679323844902687879@unknownmsgid> > Content-Type: text/plain; charset="windows-1252" > > Glad it was helpful to you :). That had bothered me as well, so you're not > alone. > > Jason Boyers - CCIE #26024 (Wireless) > Technical Instructor - IPexpert > [email protected] > Office: +1 (810) 326-1444 > > For *Free* CCIE Training, please visit: http://bit.ly/vLecture > For Technical Support, please E-Mail: [email protected] > For Live Assistance, please visit: www.ipexpert.com/chat > Community: http://www.ipexpert.com/communities > eFax: +1 (810) 454-0130 > > IPexpert is the Global leader in training for the Cisco CCIE lab exam, > having helped over 1,600 students earn their CCIE. We are the premier > provider of Classroom Training, Self-Study Workbooks, Video on Demand, > Audio > Tools, and Online Hardware Rental for CCIE Routing & Switching, Voice, > Security, Service Provider, and Wireless education with locations > throughout > the United States, Europe, and Australia. Please visit us at: > www.ipexpert.com/communities along with our sister companies: > www.proctorlabs.com www.platinumsolutionsgroup.com and > www.platinumplacementservices.com > > On Feb 17, 2011, at 3:30 AM, "Silverline,Tim" <[email protected]> > wrote: > > Thanks Dominic. I sent a follow up email shortly after this pointing out > my > oversight as I read the final solution. > > > > I was very quick to react (in poor judgment apparently) since this specific > issue has bothered and puzzled me for quite some time. In fact I brought > it > up in a CCIE wireless bootcamp I recently attended (I won?t name the vendor > because the class was a large disappointment) and many other locations > including several Cisco wireless sessions and was never once provided this > guidance. > > > > I am very grateful to have learned this new detail and happy that Jason > included it in this workbook. > > > > Tim > > > > *From:* Stalder Dominic [mailto:[email protected]] > *Sent:* Wednesday, February 16, 2011 11:14 PM > *To:* Silverline,Tim; [email protected] > *Subject:* Re: [CCIE Wireless] LAB 4.6 Observation > > > > Hi Tim > > Your are absolutly right concerning the fact, that WLC uses RADIUS if a > server is configured globally, even it is not specified under security in > the WLAN profile. But the solution for IPX1 ist correct in the DSG, because > of this statement: > > ?To ensure that users on IPX1 are not authenticated via RADIUS, *make sure > thate the ?Network? (User) box is unchecked for the RADIUS server*? > > You don?t need to completely disable the RADIUS server, you just can > disable > the user authentication, so you are still able to authenticate management > users, as an example. See attached screenshot. > > Regards > Dominic > > ------------------------------ > > *Von: *"Silverline,Tim" <[email protected]> > *Datum: *Wed, 16 Feb 2011 23:49:12 -0600 > *An: *"[email protected]" < > [email protected] > > > *Betreff: *[CCIE Wireless] LAB 4.6 Observation > > Part of the IPX1 configuration states: ?Ensure that users won?t be able to > use RADIUS for authentication? > > The DSG shows this is accomplished by simply not selecting RADIUS servers > under the AAA policy within the IPX1 WLAN. > > Just wanted to point out that this is not actually a valid method of > ensuring RADIUS is not used on Cisco?s controllers. > > Something that has been frustrating to me about WLCs for quite some time ? > even if no RADIUS servers are selected within a particular WLAN ? the > controller will still attempt to authenticate to a RADIUS server from the > authentication servers listed under the security tab. > > The only way to actually prevent this is by removing every single RADIUS > server from the controller thereby disabling RADIUS authentication > entirely. > > I do not believe this has been fixed even in the latest versions of code > (though I have not tested on 7.x and later). > > > ------------------------------ > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_wireless/attachments/20110217/06c133b2/attachment.html> > > ------------------------------ > > _______________________________________________ > CCIE_Wireless mailing list > [email protected] > http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > > > End of CCIE_Wireless Digest, Vol 23, Issue 19 > ********************************************* >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
