Comprar o Renovar
Comprar o Renovar
cancelar
Activar sugerencias
La sugerencia automática le ayuda a obtener, de forma rápida, resultados precisos de su búsqueda al sugerirle posibles coincidencias mientras escribe.
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
Iniciar una conversación
337
Visitas
1
ÚTIL
6
Respuestas

Cisco 9800 WLC and LDAP communication failure

Nirqa suport
Level 1
Level 1

el ‎11-29-2024 08:05 AM

Good afternoon or evening everyone, I have a problem to integrate a cisco 9800 wlc with LDAP.
In the cisco WLC I have configured the LDAP profile and it has been associated with an SSID.

During the authentication tests with a user it was detected that when the cisco wlc makes a bind request to the LDAP it does not accept it because it considers it an unsecured connection.

ip of the WLC : 10.159.72.2 ip of the ldap : 10.190.128.4
The tests were performed using port 389 on the wlc side.

A simulation has also been performed with a laptop by installing a program so that it can make a bind request to the ldap, but in this simulation the LDAP does allow the laptop to complete this bind request.

 

Nirqasuport_3-1732896129274.png

test from the laptop to the ldap

 

 

 

Nirqasuport_0-1732895939428.pngNirqasuport_1-1732895966508.png

Attached two images of the packet capture made from wlc.

for the configuration we have used this link

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/216744-configuring-catalyst-9800-wlc-with-ldap.html#toc-hId--1085503207

 

 

Etiquetas:
6 RESPUESTAS 6

Flavio Miranda
VIP
VIP

el ‎11-29-2024 08:13 AM

@Nirqa suport 

 Are you using secure mode?

 

 

0 Útil

Nirqa suport
Level 1
Level 1
En respuesta a Flavio Miranda

el ‎11-29-2024 08:30 AM

Hi Flavio

We have tried testing with port 636 and installing a trusted certificate for the ldap, but the TCP session is not established.
A reset of the tcp session is received from the LDAP.
The client indicates that part of the firewall the path is clear to the LDAP.
In addition, the client tells us that they are always using port 389 for LDAP communications.

0 Útil

Flavio Miranda
VIP
VIP
En respuesta a Nirqa suport

el ‎11-29-2024 08:43 AM

I asked because on the wireshark log you shared, we can see the information about TLS. 

0 Útil

MHM Cisco World
VIP
VIP

el ‎11-29-2024 11:44 AM

from same link you share 
did you enable secure mode 

Screenshot (204).png

0 Útil

Nirqa suport
Level 1
Level 1
En respuesta a MHM Cisco World

‎12-03-2024 02:10 PM - editado ‎12-03-2024 02:11 PM

Hello @MHM Cisco World 

When using port 389 we do not activate the secure mode as it is a default port.
When we use port 636 we activate the secure mode and place the trustpoint associated to the certificate that we uploaded to the wlc 9800 cisco.
In the traces we can see that the tcp session that is established from the wlc 9800 is closed or reset by the LDAP.
Attached an image.

Nirqasuport_0-1733263603405.png

 

0 Útil

Daniel Ordóñez Flores
VIP
VIP

el ‎11-29-2024 12:08 PM

Hello @Nirqa suport 

AFAIK windows server does not allow anonymus authentication.

What versión of windows server are you running?

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**
0 Útil

Navegue y encuentre contenido personalizado de la comunidad

Discusiones Wireless Discusiones Mobile Más de Wireless & Mobile
Customers Also Viewed These Support Documents