Wireless AAA
IN UWN solution, i have 5508 controllers and one ACS appliance which is integrated with Active directory for user authentication.if the ACS goes down how user authenticate or what work around we can do.
They wont. If you have your WLAN pointing at a ACS and should that ACS go down with no back up ACS, you are out of luck my friend...
Similar Messages
-
AAA configuration and Linksys Wireless Access Point
Hi,
Can we authenticate Linksys Wireless Access Point thru ACS TACACS+ or RADIUS ? If yes , please tell me the config steps.
Thnaks .
Anil K.Hi,
Can we authenticate Linksys Wireless Access Point thru ACS TACACS+ or RADIUS ? If yes , please tell me the config steps.
Thnaks .
Anil K.
Check out the below link for Linksys with Radius server authentication:-
http://forevergeeks.com/setup-linksys-router-with-radius-server-authentication-2
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
HP Wireless Printers cannot connect to WPA2-secured WiFi networks with Cisco/Meraki WAPs
In the last two months, I've had the displeasure of working with two very different HP printers and attempting to make them work on a WPA2-secured wireless network. All attempts to authenticate fail with "invalid phassphrase".
I'm not the first person to encounter this, it's a problem with many different HP wireless printers (I just happen to have physical access to the OfficeJet Pro 8610 & Deskjet 3511).
My equipment is a Cisco ASA 5505 Firewall running ASA 9.1x & Cisco Aironet 1142 running IOS 15.3.x.
What does work on the WPA2/AES SSID: Apple MacBook Air running OSX 10.10.2, Three Windows-Based laptops running Windows 8.1 Update 1, an iPhone 5s, Three Windows Phone 8.1 devices, Roku 2, PlayStation 4, PlayStation 3, Sharp Aquos TV, Amazon Streaming Stick, and an Android Tablet (Jellybean). Basically, everything.
What does not work on the WPA2 network: OfficeJet Pro 8610 & Deskjet 3511.
To test the theory there is a problem with HP's implementation of WPA2 with regard to Cisco Aironet IOS, I built out a second SSID that only works in WPA/TKIP mode. This solution works. Both HP printers will join the WPA/TKIP network.
So, I'm able to demonstrate there is a certain connectivity issue. When i look at AAA Debug on the WAP's console, I can observe the HPs attempt to authenticate "Bind I/F" on the WPA2 SSID, however they do not achieve authentication and do not pass the AAA phase. However, on the WPA SSID, they bind and authenticate successfully.
To help illustrate this, here is my WAP running config. It's about as simple as it can get. There is no relevant MAC filtering or ACLs bound to any interface. Noting that I have an ACL on remote access to the WAP (i.e. Locked down to SSH, disabling telnet). The main point being that the ASA firewall is not a factor in this problem as the issue is at the WAP before WPA2 authentication can complete, therefore the printers never reach the network / when the printers connect to the WPA network, the operate fully & correctly.
If anyone at HP can indicate why this particular config is somehow improper or broken, that would be fantastic. There should be no reason why Cisco / Meraki WAP owners have to lower wireless encryption standards just for a printer, be forced into wired, create separate SSIDs with lower encryption specifically for a device.
Building configuration...
Current configuration : 6064 bytes
! Last configuration change at 12:46:47 UTC Fri Aug 20 1993 by admin
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname 10-10-50-1
logging buffered 1024768
logging rate-limit console 9
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
no ip source-route
no ip cef
ip domain name freedom.local
dot11 syslog
dot11 vlan-name inside vlan 50
dot11 vlan-name inside-wpa-only vlan 70
dot11 ssid inside
vlan 50
band-select
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 xxxxxx
information-element ssidl
dot11 ssid inside-wpa-only
vlan 70
band-select
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 xxxxxx
information-element ssidl
dot11 band-select parameters
cycle-count 3
cycle-threshold 200
expire-supression 20
expire-dual-band 60
client-rssi 75
dot11 wpa handshake timeout 500
dot11 network-map
username ADMIN privilege 15 secret 5 xxxxxx
ip ssh version 2
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 50 mode ciphers aes-ccm
encryption vlan 70 mode ciphers aes-ccm tkip
ssid inside
ssid inside-wpa-only
antenna gain 0
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2412
station-role root
l2-filter bridge-group-acl
interface Dot11Radio0.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
bridge-group 70 subscriber-loop-control
bridge-group 70 input-address-list 700
bridge-group 70 output-address-list 700
bridge-group 70 spanning-disabled
bridge-group 70 block-unknown-source
no bridge-group 70 source-learning
no bridge-group 70 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
bridge-group 70 spanning-disabled
no bridge-group 70 source-learning
interface BVI1
mac-address xxxx.xxxx.xxxx
ip address 10.10.50.1 255.255.255.0
no ip route-cache
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 10.10.50.2
logging history size 100
access-list 111 permit tcp any any neq telnet
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
length 0
transport input ssh
line vty 5 15
access-class 111 in
transport input ssh
endI get the same behavior with a laserjet m451nw. I need to enable tkip to get the printer working, it doesn't support pure aes-ccm (every other device here supports pure aes-ccm, even cheap ones), although it's advertised as working.
The following snippet of config works, but I still think it should work without the tkip "hack".
dot11 ssid whatever
vlan 1
band-select
authentication open
authentication key-management wpa version 2
interface Dot11Radio0
encryption vlan 1 mode ciphers aes-ccm tkip -
Config air-lap1041n-e-k9 with cisco 5500 (5508) series wireless controller. how to?
Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number : 73-14034-04
PCA Assembly Number : 800-34273-05
PCA Revision Number : A0
PCB Serial Number : FOC16075VZ3
Top Assembly Part Number : 800-34284-03
Top Assembly Serial Number : FCZ1611W414
Top Revision Number : A0
Product/Model Number : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
ap-manager 2 untagged 209.165.200.231 Dynamic Yes No
management 1 untagged 209.165.200.230 Static Yes No
service-port N/A N/A 192.168.1.157 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, GraciasHi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 management Disabled
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast
IP Status
c4:64:13:8f:93:40 209.165.200.230 hosp 0.0.0.0
Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address Port State Tout
Authorization Servers
Idx Server Address Port State Tout
Accounting Servers
Idx Server Address Port State Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
Primary ..................................... Local DB
Timer:
Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f00000000000000000000
00
Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network Netmask Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name State Type Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
^
% Invalid input detected at '^' marker.
logging facility kern
^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established -
MBP keeps crashing, won't let me transfer data via wireless or hardwired to external or NAS,
Im somewhat of a novice so bear with me, MBP late 2008 core2duo, 4gb RAM, 128gb SSD is machine specs running 10.9.1. Whenever I try and copy and paste through finder files of any size over 100mb it locks up and spin dumps via wireless, finder stops responding cpu spikes erratically, memory pressure sits a constant 2.91gb for a length of time up to an hour before it restarts and gives me the gray screen of death, after 3 more hard boots it will eitehr start up or I dump the PRAM, I have verified permissions via utility, all good, exit disk utility and computer fires back up opening applications as it was pre-crash, files that were being transferred are inaccessible and have to be deleted off the media I am transferring to, which is a 2tb WD My Cloud NAS, when I perform same operation with console open to try and monitor logs for what exactly is happening I get spindump and console stops responding, computer locks up and process restarts. I have tried plugging directly into my router and the only noticeable difference is that I dont get a spindump, everything locks up and I get same results.
Under console in the Report Panic i get this :
1/17/14 11:52:44.517 PM ReportPanic[227]: com.apple.message.domain: com.apple.ReportPanic.matchedpanic
com.apple.message.action: not matched and frequent
com.apple.message.panic_id: not matched
Sender_Mach_UUID: 9A39CD52-406C-33F5-A1C6-E8D8FCD836D5
not sure what that means... Under system log queries i get about 1800 of these :
1/18/14 12:18:39.345 PM com.apple.WebKit.Networking[220]: unlink of file /Users/<<NAME REMOVED>>/Library/Caches/com.apple.Safari/fsCachedData/F70130BF-75FF-4F51-BA6D-631F35400D FF failed. Errno=2
and than two of these at the end :
1/18/14 2:59:25.095 PM com.apple.WebKit.Networking[223]: NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
1/18/14 2:59:25.238 PM com.apple.WebKit.Networking[223]: NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
And under the kernel log I am getting this :
1/18/14 2:51:49.000 PM kernel[0]: Longterm timer threshold: 1000 ms
1/18/14 2:51:49.000 PM kernel[0]: Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64
1/18/14 2:51:49.000 PM kernel[0]: vm_page_bootstrap: 832050 free pages and 142798 wired pages
1/18/14 2:51:49.000 PM kernel[0]: kext submap [0xffffff7f807a5000 - 0xffffff8000000000], kernel text [0xffffff8000200000 - 0xffffff80007a5000]
1/18/14 2:51:49.000 PM kernel[0]: zone leak detection enabled
1/18/14 2:51:49.000 PM kernel[0]: "vm_compressor_mode" is 4
1/18/14 2:51:49.000 PM kernel[0]: standard timeslicing quantum is 10000 us
1/18/14 2:51:49.000 PM kernel[0]: standard background quantum is 2500 us
1/18/14 2:51:49.000 PM kernel[0]: mig_table_max_displ = 74
1/18/14 2:51:49.000 PM kernel[0]: AppleACPICPU: ProcessorId=0 LocalApicId=0 Enabled
1/18/14 2:51:49.000 PM kernel[0]: AppleACPICPU: ProcessorId=1 LocalApicId=1 Enabled
1/18/14 2:51:49.000 PM kernel[0]: calling mpo_policy_init for TMSafetyNet
1/18/14 2:51:49.000 PM kernel[0]: Security policy loaded: Safety net for Time Machine (TMSafetyNet)
1/18/14 2:51:49.000 PM kernel[0]: calling mpo_policy_init for Sandbox
1/18/14 2:51:49.000 PM kernel[0]: Security policy loaded: Seatbelt sandbox policy (Sandbox)
1/18/14 2:51:49.000 PM kernel[0]: calling mpo_policy_init for Quarantine
1/18/14 2:51:49.000 PM kernel[0]: Security policy loaded: Quarantine policy (Quarantine)
1/18/14 2:51:49.000 PM kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
1/18/14 2:51:49.000 PM kernel[0]: The Regents of the University of California. All rights reserved.
1/18/14 2:51:49.000 PM kernel[0]: MAC Framework successfully initialized
1/18/14 2:51:49.000 PM kernel[0]: using 16384 buffer headers and 10240 cluster IO buffer headers
1/18/14 2:51:49.000 PM kernel[0]: AppleKeyStore starting (BUILT: Sep 19 2013 22:20:34)
1/18/14 2:51:49.000 PM kernel[0]: IOAPIC: Version 0x11 Vectors 64:87
1/18/14 2:51:49.000 PM kernel[0]: ACPI: sleep states S3 S4 S5
1/18/14 2:51:49.000 PM kernel[0]: AppleIntelCPUPowerManagement: (built 22:16:38 Sep 19 2013) initialization complete
1/18/14 2:51:49.000 PM kernel[0]: pci (build 22:16:29 Sep 19 2013), flags 0x63008, pfm64 (36 cpu) 0xf80000000, 0x80000000
1/18/14 2:51:49.000 PM kernel[0]: [ PCI configuration begin ]
1/18/14 2:51:49.000 PM kernel[0]: console relocated to 0xf80010000
1/18/14 2:51:49.000 PM kernel[0]: [ PCI configuration end, bridges 7, devices 19 ]
1/18/14 2:51:49.000 PM kernel[0]: NVEthernet::start - Built Sep 19 2013 22:20:06
1/18/14 2:51:49.000 PM kernel[0]: FireWire (OHCI) Lucent ID 5901 built-in now active, GUID 002332fffeb41f56; max speed s800.
1/18/14 2:51:49.000 PM kernel[0]: USBF: 0.894 The IOUSBFamily is having trouble enumerating a USB device that has been plugged in. It will keep retrying. (Port 4 of Hub at 0x4000000)
1/18/14 2:51:49.000 PM kernel[0]: mcache: 2 CPU(s), 64 bytes CPU cache line size
1/18/14 2:51:49.000 PM kernel[0]: mbinit: done [64 MB total pool size, (42/21) split]
1/18/14 2:51:49.000 PM kernel[0]: Pthread support ABORTS when sync kernel primitives misused
1/18/14 2:51:49.000 PM kernel[0]: rooting via boot-uuid from /chosen: E5D93962-01E5-3C42-BD6D-2C20E6069DA4
1/18/14 2:51:49.000 PM kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
1/18/14 2:51:49.000 PM kernel[0]: com.apple.AppleFSCompressionTypeZlib kmod start
1/18/14 2:51:49.000 PM kernel[0]: com.apple.AppleFSCompressionTypeDataless kmod start
1/18/14 2:51:49.000 PM kernel[0]: com.apple.AppleFSCompressionTypeZlib load succeeded
1/18/14 2:51:49.000 PM kernel[0]: com.apple.AppleFSCompressionTypeDataless load succeeded
1/18/14 2:51:49.000 PM kernel[0]: AppleIntelCPUPowerManagementClient: ready
1/18/14 2:51:49.000 PM kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@B/AppleMCP79AHCI/PR T0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageD river/PLEXTOR PX-128M3 Media/IOGUIDPartitionScheme/SSD@2
1/18/14 2:51:49.000 PM kernel[0]: BSD root: disk0s2, major 1, minor 2
1/18/14 2:51:49.000 PM kernel[0]: jnl: b(1, 2): replay_journal: from: 3625984 to: 6841344 (joffset 0x3ba000)
1/18/14 2:51:49.000 PM kernel[0]: BTCOEXIST off
1/18/14 2:51:49.000 PM kernel[0]: BRCM tunables:
1/18/14 2:51:49.000 PM kernel[0]: pullmode[1] txringsize[ 256] txsendqsize[1024] reapmin[ 32] reapcount[ 128]
1/18/14 2:51:49.000 PM kernel[0]: jnl: b(1, 2): journal replay done.
1/18/14 2:51:49.000 PM kernel[0]: hfs: mounted SSD on device root_device
1/18/14 2:51:49.000 PM kernel[0]: hfs: Removed 20 orphaned / unlinked files and 16 directories
1/18/14 2:51:49.000 PM kernel[0]: USBF: 4.218 The IOUSBFamily was not able to enumerate a device.
1/18/14 2:51:49.000 PM kernel[0]: IO80211Controller::dataLinkLayerAttachComplete(): adding AppleEFINVRAM notification
1/18/14 2:51:51.000 PM kernel[0]: NVDAStartup: Official
1/18/14 2:51:51.000 PM kernel[0]: NVDAStartup: Official
1/18/14 2:51:51.000 PM kernel[0]: NVDANV50HAL loaded and registered
1/18/14 2:51:51.000 PM kernel[0]: AGC: 3.4.12, HW version=1.7.3, flags:0, features:4
1/18/14 2:51:51.000 PM kernel[0]: init
1/18/14 2:51:51.000 PM kernel[0]: probe
1/18/14 2:51:51.000 PM kernel[0]: start
1/18/14 2:51:51.000 PM kernel[0]: [IOBluetoothHCIController][start] -- completed
1/18/14 2:51:51.000 PM kernel[0]: NVDANV50HAL loaded and registered
1/18/14 2:51:51.000 PM kernel[0]: Previous Shutdown Cause: 3
1/18/14 2:51:51.000 PM kernel[0]: SMC::smcInitHelper ERROR: MMIO regMap == NULL - fall back to old SMC mode
1/18/14 2:51:51.000 PM kernel[0]: flow_divert_kctl_disconnect (0): disconnecting group 1
1/18/14 2:51:52.000 PM kernel[0]: 00000000 00000020 NVEthernet::setLinkStatus - not Active
1/18/14 2:51:52.000 PM kernel[0]: DSMOS has arrived
1/18/14 2:51:52.000 PM kernel[0]: AirPort: Link Down on en1. Reason 8 (Disassociated because station leaving).
1/18/14 2:51:52.000 PM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key MOTP (kSMCKeyNotFound)
1/18/14 2:51:52.000 PM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key BEMB (kSMCKeyNotFound)
1/18/14 2:51:54.000 PM kernel[0]: Ethernet [nvenet]: Link up on en0, 1-Gigabit, Full-duplex, Symmetric flow-control, Debug [796d,0000,0de1,000d,cde1,7c00]
1/18/14 2:51:54.000 PM kernel[0]: 3b9aca00 00500030 NVEthernet::setLinkStatus - Active
1/18/14 2:51:54.000 PM kernel[0]: VM Swap Subsystem is ON
1/18/14 2:51:56.000 PM kernel[0]: createVirtIf(): ifRole = 1
1/18/14 2:51:56.000 PM kernel[0]: in func createVirtualInterface ifRole = 1
1/18/14 2:51:56.000 PM kernel[0]: AirPort_Brcm4331_P2PInterface::init name <p2p0> role 1
1/18/14 2:51:56.000 PM kernel[0]: AirPort_Brcm4331_P2PInterface::init() <p2p> role 1
1/18/14 2:51:56.000 PM kernel[0]: Created virtif 0xffffff8028b93c00 p2p0
1/18/14 2:51:57.000 PM kernel[0]: hfs: mounted Recovery HD on device disk0s3
1/18/14 2:51:58.000 PM kernel[0]: hfs: unmount initiated on Recovery HD on device disk0s3
1/18/14 2:52:07.000 PM kernel[0]: AppleKeyStore:Sending lock change 0
1/18/14 2:52:20.000 PM kernel[0]: CODE SIGNING: cs_invalid_page(0x1000): p=243[GoogleSoftwareUp] final status 0x0, allow (remove VALID)ing page
1/18/14 2:52:22.000 PM kernel[0]: **** [IOBluetoothHCIController][SearchForTransportEventTimeOutHandler] -- Missing Bluetooth Controller Transport!
1/18/14 2:52:50.000 PM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key B0PS (kSMCKeyNotFound)
1/18/14 2:52:50.000 PM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key B0OS (kSMCKeyNotFound)
1/18/14 3:01:11.000 PM kernel[0]: hfs: mounted Recovery HD on device disk0s3
1/18/14 3:01:12.000 PM kernel[0]: hfs: unmount initiated on Recovery HD on device disk0s3
No idea what to make of this, I have read online people having similar problems, please advise.and lastly these :
1/19/14 11:29:16.302 AM SystemUIServer[173]: *** WARNING: -[NSImage compositeToPoint:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
1/19/14 11:29:16.302 AM SystemUIServer[173]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
1/19/14 11:29:16.446 AM com.apple.IconServicesAgent[199]: main Failed to composit image for binding VariantBinding [0x521] flags: 0x8 binding: FileInfoBinding [0x337] - extension: jpg, UTI: public.jpeg, fileType: ????.
1/19/14 11:29:16.448 AM quicklookd[215]: Warning: Cache image returned by the server has size range covering all valid image sizes. Binding: VariantBinding [0x203] flags: 0x8 binding: FileInfoBinding [0x103] - extension: jpg, UTI: public.jpeg, fileType: ???? request size:16 scale: 1
1/19/14 11:29:16.453 AM com.apple.IconServicesAgent[199]: main Failed to composit image for binding VariantBinding [0x437] flags: 0x8 binding: FileInfoBinding [0x221] - extension: mp4, UTI: public.mpeg-4, fileType: ????.
1/19/14 11:29:16.456 AM quicklookd[215]: Warning: Cache image returned by the server has size range covering all valid image sizes. Binding: VariantBinding [0x403] flags: 0x8 binding: FileInfoBinding [0x303] - extension: mp4, UTI: public.mpeg-4, fileType: ???? request size:16 scale: 1
1/19/14 11:29:16.707 AM com.apple.SecurityServer[15]: Session 100013 created
1/19/14 11:29:16.827 AM talagent[172]: CGSBindSurface: Invalid window 0x22
1/19/14 11:29:16.827 AM WindowServer[86]: _CGXWindowRightsRelinquish: Invalid window 0x22
1/19/14 11:29:16.828 AM talagent[172]: CGSConnectionRelinquishWindowRights(cid, result, reservedRights): CGError 1001 on line 875
1/19/14 11:29:16.828 AM WindowServer[86]: _CGXTerminateWindowList: Invalid window 34
1/19/14 11:29:16.927 AM com.apple.NotesMigratorService[219]: Joined Aqua audit session
1/19/14 11:29:17.826 AM WindowServer[86]: disable_update_timeout: UI updates were forcibly disabled by application "talagent" for over 1.00 seconds. Server has re-enabled them.
1/19/14 11:29:18.144 AM com.apple.time[159]: Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
1/19/14 11:29:18.252 AM com.apple.time[159]: Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
1/19/14 11:29:18.264 AM com.apple.dock.extra[220]: <NSXPCConnection: 0x7fef2bd3f380>: received an undecodable message (no exported object to receive message). Dropping message.
1/19/14 11:29:22.588 AM com.apple.launchd.peruser.501[155]: (com.valvesoftware.steamclean[236]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
1/19/14 11:29:22.588 AM com.apple.launchd.peruser.501[155]: (com.valvesoftware.steamclean[236]) Job failed to exec(3) for weird reason: 2
1/19/14 11:29:22.612 AM com.apple.launchd.peruser.501[155]: (com.apple.iTunesHelper.32416[239]) Spawned and waiting for the debugger to attach before continuing...
1/19/14 11:29:22.000 AM kernel[0]: CODE SIGNING: cs_invalid_page(0x1000): p=237[GoogleSoftwareUp] final status 0x0, allow (remove VALID)ing page
1/19/14 11:29:23.001 AM WiFiKeychainProxy[226]: [NO client logger] <Aug 30 2013 23:40:46> WIFICLOUDSYNC WiFiCloudSyncEngineCreate: created...
1/19/14 11:29:23.002 AM WiFiKeychainProxy[226]: [NO client logger] <Aug 30 2013 23:40:46> WIFICLOUDSYNC WiFiCloudSyncEngineRegisterCallbacks: WiFiCloudSyncEngineCallbacks version - 0, bundle id - com.apple.wifi.WiFiKeychainProxy
1/19/14 11:29:26.000 AM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key B0PS (kSMCKeyNotFound)
1/19/14 11:29:26.000 AM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key B0OS (kSMCKeyNotFound)
1/19/14 11:29:31.826 AM WindowServer[86]: disable_update_likely_unbalanced: UI updates still disabled by application "talagent" after 15.00 seconds (server forcibly re-enabled them after 1.00 seconds). Likely an unbalanced disableUpdate call.
1/19/14 11:29:57.000 AM kernel[0]: jnl: b(1, 2): flushing fs disk buffer returned 0x5
1/19/14 11:29:57.582 AM com.apple.WebKit.Networking[221]: CFNetwork SSLHandshake failed (-9806)
1/19/14 11:29:57.668 AM com.apple.WebKit.Networking[221]: CFNetwork SSLHandshake failed (-9806)
1/19/14 11:29:57.756 AM com.apple.WebKit.Networking[221]: CFNetwork SSLHandshake failed (-9806)
1/19/14 11:29:57.760 AM com.apple.WebKit.Networking[221]: CFNetwork SSLHandshake failed (-9806)
1/19/14 11:29:57.893 AM com.apple.WebKit.Networking[221]: CFNetwork SSLHandshake failed (-9806)
1/19/14 11:29:58.297 AM com.apple.WebKit.Networking[221]: CFNetwork SSLHandshake failed (-9806)
1/19/14 11:29:58.559 AM com.apple.WebKit.Networking[221]: CFNetwork SSLHandshake failed (-9806)
1/19/14 11:29:58.809 AM parentalcontrolsd[249]: StartObservingFSEvents [849:] -- *** StartObservingFSEvents started event stream
1/19/14 11:30:00.628 AM com.apple.WebKit.Networking[221]: NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
1/19/14 11:30:07.235 AM PluginProcess[250]: CoreText performance note: Client called CTFontCreateWithName() using name "Times Roman" and got font with PostScript name "Times-Roman". For best performance, only use PostScript names when calling this API.
1/19/14 11:30:07.236 AM PluginProcess[250]: CoreText performance note: Set a breakpoint on CTFontLogSuboptimalRequest to debug.
1/19/14 11:30:16.319 AM com.apple.InputMethodKit.UserDictionary[265]: -[PFUbiquitySwitchboardEntryMetadata setUseLocalStorage:](760): CoreData: Ubiquity: richardharry~799AC944-6E99-5E0E-8E47-5CAF8754DC58:UserDictionary
Using local storage: 1
1/19/14 11:30:16.850 AM XBMC[268]: CPSGetCurrentProcess(): This call is deprecated and should not be called anymore.
1/19/14 11:30:16.851 AM XBMC[268]: CPSSetForegroundOperationState(): This call is deprecated and should not be called anymore.
1/19/14 11:30:17.438 AM com.apple.InputMethodKit.UserDictionary[265]: -[PFUbiquitySwitchboardEntryMetadata setUseLocalStorage:](760): CoreData: Ubiquity: richardharry~799AC944-6E99-5E0E-8E47-5CAF8754DC58:UserDictionary
Using local storage: 0
1/19/14 11:30:17.813 AM XBMCHelper[277]: XBMCHelper 0.7 starting up...
1/19/14 11:30:18.684 AM WindowServer[86]: Display 0x4272100 captured by conn 0x1224f
1/19/14 11:30:18.973 AM WindowServer[86]: Display 0x4272100 released by conn 0x1224f
1/19/14 11:30:20.083 AM mDNSResponder[60]: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 00007FB93A011960 Richards-MacBook-Pro.local. (AAAA) that's already in the list
1/19/14 11:30:20.083 AM mDNSResponder[60]: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 00007FB93A011DF0 6.5.F.1.4.B.E.F.F.F.2.3.3.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. (PTR) that's already in the list
1/19/14 11:30:20.083 AM mDNSResponder[60]: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 00007FB93A812F60 Richards-MacBook-Pro.local. (Addr) that's already in the list
1/19/14 11:30:20.083 AM mDNSResponder[60]: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 00007FB93A8133F0 5.1.168.192.in-addr.arpa. (PTR) that's already in the list
1/19/14 11:30:46.085 AM loginwindow[63]: magsafeStateChanged state changed old 2 new 1
1/19/14 11:31:00.000 AM kernel[0]: jnl: b(1, 2): flushing fs disk buffer returned 0x5
1/19/14 11:32:31.807 AM mds[59]: (Normal) Volume: volume:0x7f8af205c000 ********** Bootstrapped Creating a default store:0 SpotLoc:(null) SpotVerLoc:(null) occlude:0 /Volumes/firmwaresyncd.wT3x8l
1/19/14 11:34:20.000 AM kernel[0]: considerRebuildOfPrelinkedKernel prebuild rebuild has expired
1/19/14 1:10:08.000 PM bootlog[0]: BOOT_TIME 1390155008 0
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.appstore" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.authd" sharing output destination "/var/log/system.log" with ASL Module "com.apple.asl".
Output parameters from ASL Module "com.apple.asl" override any specified in ASL Module "com.apple.authd".
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.authd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.bookstore" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.eventmonitor" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.install" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.iokit.power" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.mail" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.MessageTracer" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.performance" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.securityd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.securityd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.securityd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.securityd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.securityd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.securityd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM syslogd[18]: Configuration Notice:
ASL Module "com.apple.securityd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
1/19/14 1:10:09.000 PM kernel[0]: Longterm timer threshold: 1000 ms
1/19/14 1:10:09.000 PM kernel[0]: Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64
1/19/14 1:10:09.000 PM kernel[0]: vm_page_bootstrap: 889394 free pages and 85454 wired pages
1/19/14 1:10:09.000 PM kernel[0]: kext submap [0xffffff7f807a5000 - 0xffffff8000000000], kernel text [0xffffff8000200000 - 0xffffff80007a5000]
1/19/14 1:10:09.000 PM kernel[0]: zone leak detection enabled
1/19/14 1:10:09.000 PM kernel[0]: "vm_compressor_mode" is 4
1/19/14 1:10:09.000 PM kernel[0]: standard timeslicing quantum is 10000 us
1/19/14 1:10:09.000 PM kernel[0]: standard background quantum is 2500 us
1/19/14 1:10:09.000 PM kernel[0]: mig_table_max_displ = 74
1/19/14 1:10:09.000 PM kernel[0]: AppleACPICPU: ProcessorId=0 LocalApicId=0 Enabled
1/19/14 1:10:09.000 PM kernel[0]: AppleACPICPU: ProcessorId=1 LocalApicId=1 Enabled
1/19/14 1:10:09.000 PM kernel[0]: calling mpo_policy_init for TMSafetyNet
1/19/14 1:10:09.000 PM kernel[0]: Security policy loaded: Safety net for Time Machine (TMSafetyNet)
1/19/14 1:10:09.000 PM kernel[0]: calling mpo_policy_init for Sandbox
1/19/14 1:10:09.000 PM kernel[0]: Security policy loaded: Seatbelt sandbox policy (Sandbox)
1/19/14 1:10:09.000 PM kernel[0]: calling mpo_policy_init for Quarantine
1/19/14 1:10:09.000 PM kernel[0]: Security policy loaded: Quarantine policy (Quarantine)
1/19/14 1:10:09.000 PM kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
1/19/14 1:10:09.000 PM kernel[0]: The Regents of the University of California. All rights reserved.
1/19/14 1:10:09.000 PM kernel[0]: MAC Framework successfully initialized
1/19/14 1:10:09.000 PM kernel[0]: using 16384 buffer headers and 10240 cluster IO buffer headers
1/19/14 1:10:09.000 PM kernel[0]: AppleKeyStore starting (BUILT: Sep 19 2013 22:20:34)
1/19/14 1:10:09.000 PM kernel[0]: IOAPIC: Version 0x11 Vectors 64:87
1/19/14 1:10:09.000 PM kernel[0]: ACPI: sleep states S3 S4 S5
1/19/14 1:10:09.000 PM kernel[0]: AppleIntelCPUPowerManagement: (built 22:16:38 Sep 19 2013) initialization complete
1/19/14 1:10:09.000 PM kernel[0]: pci (build 22:16:29 Sep 19 2013), flags 0x63008, pfm64 (36 cpu) 0xf80000000, 0x80000000
1/19/14 1:10:09.000 PM kernel[0]: [ PCI configuration begin ]
1/19/14 1:10:09.000 PM kernel[0]: console relocated to 0xf80010000
1/19/14 1:10:09.000 PM kernel[0]: [ PCI configuration end, bridges 7, devices 19 ]
1/19/14 1:10:09.000 PM kernel[0]: NVEthernet::start - Built Sep 19 2013 22:20:06
1/19/14 1:10:09.000 PM kernel[0]: FireWire (OHCI) Lucent ID 5901 built-in now active, GUID 002332fffeb41f56; max speed s800.
1/19/14 1:10:09.000 PM kernel[0]: USBF: 0.928 The IOUSBFamily is having trouble enumerating a USB device that has been plugged in. It will keep retrying. (Port 4 of Hub at 0x4000000)
1/19/14 1:10:09.000 PM kernel[0]: mcache: 2 CPU(s), 64 bytes CPU cache line size
1/19/14 1:10:09.000 PM kernel[0]: mbinit: done [64 MB total pool size, (42/21) split]
1/19/14 1:10:09.000 PM kernel[0]: Pthread support ABORTS when sync kernel primitives misused
1/19/14 1:10:09.000 PM kernel[0]: rooting via boot-uuid from /chosen: E5D93962-01E5-3C42-BD6D-2C20E6069DA4
1/19/14 1:10:09.000 PM kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
1/19/14 1:10:09.000 PM kernel[0]: com.apple.AppleFSCompressionTypeZlib kmod start
1/19/14 1:10:09.000 PM kernel[0]: com.apple.AppleFSCompressionTypeDataless kmod start
1/19/14 1:10:09.000 PM kernel[0]: com.apple.AppleFSCompressionTypeZlib load succeeded
1/19/14 1:10:09.000 PM kernel[0]: com.apple.AppleFSCompressionTypeDataless load succeeded
1/19/14 1:10:09.000 PM kernel[0]: AppleIntelCPUPowerManagementClient: ready
1/19/14 1:10:09.000 PM kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@B/AppleMCP79AHCI/PR T0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageD river/PLEXTOR PX-128M3 Media/IOGUIDPartitionScheme/SSD@2
1/19/14 1:10:09.000 PM kernel[0]: BSD root: disk0s2, major 1, minor 2
1/19/14 1:10:09.000 PM kernel[0]: jnl: b(1, 2): replay_journal: from: 10301440 to: 11706368 (joffset 0x3ba000)
1/19/14 1:10:09.000 PM kernel[0]: BTCOEXIST off
1/19/14 1:10:09.000 PM kernel[0]: BRCM tunables:
1/19/14 1:10:09.000 PM kernel[0]: pullmode[1] txringsize[ 256] txsendqsize[1024] reapmin[ 32] reapcount[ 128]
1/19/14 1:10:09.000 PM kernel[0]: jnl: b(1, 2): journal replay done.
1/19/14 1:10:09.000 PM kernel[0]: hfs: mounted SSD on device root_device
1/19/14 1:10:09.000 PM kernel[0]: hfs: Removed 0 orphaned / unlinked files and 6 directories
1/19/14 1:10:08.464 PM com.apple.launchd[1]: *** launchd[1] has started up. ***
1/19/14 1:10:08.464 PM com.apple.launchd[1]: *** Shutdown logging is enabled. ***
1/19/14 1:10:09.370 PM com.apple.SecurityServer[15]: Session 100000 created
1/19/14 1:10:09.000 PM kernel[0]: IO80211Controller::dataLinkLayerAttachComplete(): adding AppleEFINVRAM notification
1/19/14 1:10:10.000 PM kernel[0]: USBF: 4.249 The IOUSBFamily was not able to enumerate a device.
1/19/14 1:10:11.617 PM com.apple.SecurityServer[15]: Entering service
1/19/14 1:10:11.000 PM kernel[0]: NVDAStartup: Official
1/19/14 1:10:11.000 PM kernel[0]: NVDAStartup: Official
1/19/14 1:10:11.000 PM kernel[0]: NVDANV50HAL loaded and registered
1/19/14 1:10:11.000 PM kernel[0]: AGC: 3.4.12, HW version=1.7.3, flags:0, features:4
1/19/14 1:10:11.000 PM kernel[0]: init
1/19/14 1:10:11.000 PM kernel[0]: probe
1/19/14 1:10:11.000 PM kernel[0]: start
1/19/14 1:10:11.000 PM kernel[0]: [IOBluetoothHCIController][start] -- completed
1/19/14 1:10:11.000 PM kernel[0]: NVDANV50HAL loaded and registered
1/19/14 1:10:11.000 PM kernel[0]: Previous Shutdown Cause: 3
1/19/14 1:10:11.000 PM kernel[0]: SMC::smcInitHelper ERROR: MMIO regMap == NULL - fall back to old SMC mode
1/19/14 1:10:11.840 PM UserEventAgent[11]: Failed to copy info dictionary for bundle /System/Library/UserEventPlugins/alfUIplugin.plugin
1/19/14 1:10:11.864 PM UserEventAgent[11]: Captive: CNPluginHandler en1: Inactive
1/19/14 1:10:12.000 PM kernel[0]: flow_divert_kctl_disconnect (0): disconnecting group 1
1/19/14 1:10:12.000 PM kernel[0]: DSMOS has arrived
1/19/14 1:10:12.000 PM kernel[0]: 00000000 00000020 NVEthernet::setLinkStatus - not Active
1/19/14 1:10:12.391 PM UserEventAgent[11]: assertion failed: 13B42: com.apple.telemetry + 21716 [19C2F49F-5C72-3429-A2B4-7EF783B7F611]: 0xffffffffffffffff
1/19/14 1:10:12.412 PM fseventsd[38]: event logs in /.fseventsd out of sync with volume. destroying old logs. (1483 4 6104)
1/19/14 1:10:12.413 PM fseventsd[38]: log dir: /.fseventsd getting new uuid: DDF45A63-1CF9-44B8-9D7A-69BB28E8DE7B
1/19/14 1:10:12.000 PM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key MOTP (kSMCKeyNotFound)
1/19/14 1:10:12.000 PM kernel[0]: AirPort: Link Down on en1. Reason 8 (Disassociated because station leaving).
1/19/14 1:10:12.000 PM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key BEMB (kSMCKeyNotFound)
1/19/14 1:10:12.481 PM configd[19]: dhcp_arp_router: en1 SSID unavailable
1/19/14 1:10:12.548 PM configd[19]: setting hostname to "Richards-MacBook-Pro.local"
1/19/14 1:10:12.553 PM configd[19]: network changed.
1/19/14 1:10:14.390 PM hidd[68]: void __IOHIDPlugInLoadBundles(): Loaded 0 HID plugins
1/19/14 1:10:14.392 PM hidd[68]: Posting 'com.apple.iokit.hid.displayStatus' notifyState=1
1/19/14 1:10:14.000 PM kernel[0]: VM Swap Subsystem is ON
1/19/14 1:10:14.545 PM com.apple.usbmuxd[45]: usbmuxd-323.1 on Oct 3 2013 at 12:43:24, running 64 bit
1/19/14 1:10:14.577 PM mDNSResponder[60]: mDNSResponder mDNSResponder-522.1.11 (Aug 24 2013 23:49:34) starting OSXVers 13
1/19/14 1:10:14.689 PM loginwindow[63]: Login Window Application Started
1/19/14 1:10:14.723 PM apsd[80]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)
1/19/14 1:10:14.813 PM configd[19]: network changed.
1/19/14 1:10:14.814 PM configd[19]: network changed: DNS*
1/19/14 1:10:14.000 PM kernel[0]: Ethernet [nvenet]: Link up on en0, 1-Gigabit, Full-duplex, Symmetric flow-control, Debug [796d,0000,0de1,000d,cde1,7c00]
1/19/14 1:10:14.000 PM kernel[0]: 3b9aca00 00500030 NVEthernet::setLinkStatus - Active
1/19/14 1:10:14.841 PM mDNSResponder[60]: D2D_IPC: Loaded
1/19/14 1:10:14.841 PM mDNSResponder[60]: D2DInitialize succeeded
1/19/14 1:10:14.847 PM mDNSResponder[60]: 4: Listening for incoming Unix Domain Socket client requests
1/19/14 1:10:14.907 PM networkd[105]: networkd.105 built Aug 24 2013 22:08:46
1/19/14 1:10:15.163 PM WindowServer[91]: Server is starting up
1/19/14 1:10:15.180 PM WindowServer[91]: Session 256 retained (2 references)
1/19/14 1:10:15.180 PM WindowServer[91]: Session 256 released (1 references)
1/19/14 1:10:15.208 PM mds[59]: (Normal) FMW: FMW 0 0
1/19/14 1:10:15.231 PM WindowServer[91]: Session 256 retained (2 references)
1/19/14 1:10:15.234 PM WindowServer[91]: init_page_flip: page flip mode is on
1/19/14 1:10:15.235 PM locationd[65]: NBB-Could not get UDID for stable refill timing, falling back on random
1/19/14 1:10:15.298 PM digest-service[104]: label: default
1/19/14 1:10:15.298 PM digest-service[104]: dbname: od:/Local/Default
1/19/14 1:10:15.298 PM digest-service[104]: mkey_file: /var/db/krb5kdc/m-key
1/19/14 1:10:15.299 PM digest-service[104]: acl_file: /var/db/krb5kdc/kadmind.acl
1/19/14 1:10:15.346 PM digest-service[104]: digest-request: uid=0
1/19/14 1:10:15.348 PM awacsd[78]: Starting awacsd connectivity_executables-97 (Aug 24 2013 23:49:23)
1/19/14 1:10:15.402 PM awacsd[78]: InnerStore CopyAllZones: no info in Dynamic Store
1/19/14 1:10:15.475 PM digest-service[104]: digest-request: netr probe 0
1/19/14 1:10:15.478 PM digest-service[104]: digest-request: init request
1/19/14 1:10:15.489 PM digest-service[104]: digest-request: init return domain: BUILTIN server: RICHARDS-MACBOOK-PRO indomain was: <NULL>
1/19/14 1:10:15.711 PM locationd[65]: Location icon should now be in state 'Inactive'
1/19/14 1:10:15.739 PM locationd[65]: locationd was started after an unclean shutdown
1/19/14 1:10:15.887 PM systemkeychain[87]: done file: /var/run/systemkeychaincheck.done
1/19/14 1:10:16.196 PM WindowServer[91]: Found 1 modes for display 0x00000000 [1, 0]
1/19/14 1:10:16.257 PM WindowServer[91]: Found 36 modes for display 0x00000000 [30, 6]
1/19/14 1:10:16.272 PM WindowServer[91]: Found 1 modes for display 0x00000000 [1, 0]
1/19/14 1:10:16.274 PM WindowServer[91]: Found 1 modes for display 0x00000000 [1, 0]
1/19/14 1:10:16.289 PM WindowServer[91]: mux_initialize: Mode is logout
1/19/14 1:10:16.292 PM WindowServer[91]: Found 36 modes for display 0x00000000 [30, 6]
1/19/14 1:10:16.298 PM WindowServer[91]: Found 1 modes for display 0x00000000 [1, 0]
1/19/14 1:10:16.336 PM WindowServer[91]: WSMachineUsesNewStyleMirroring: false
1/19/14 1:10:16.337 PM WindowServer[91]: Display 0x04272100: GL mask 0x5; bounds (0, 0)[1440 x 900], 36 modes available
Main, Active, on-line, enabled, built-in, boot, Vendor 610, Model 9c84, S/N 0, Unit 0, Rotation 0
UUID 0x3147e958136865fbc8914fc8d5b55131
1/19/14 1:10:16.337 PM WindowServer[91]: Display 0x003f003d: GL mask 0xa; bounds (0, 0)[0 x 0], 1 modes available
off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0
UUID 0xffffffffffffffffffffffffffffffff
1/19/14 1:10:16.000 PM kernel[0]: createVirtIf(): ifRole = 1
1/19/14 1:10:16.000 PM kernel[0]: in func createVirtualInterface ifRole = 1
1/19/14 1:10:16.000 PM kernel[0]: AirPort_Brcm4331_P2PInterface::init name <p2p0> role 1
1/19/14 1:10:16.000 PM kernel[0]: AirPort_Brcm4331_P2PInterface::init() <p2p> role 1
1/19/14 1:10:16.000 PM kernel[0]: Created virtif 0xffffff801a52d800 p2p0
1/19/14 1:10:16.343 PM WindowServer[91]: WSSetWindowTransform: Singular matrix
1/19/14 1:10:16.350 PM WindowServer[91]: Display 0x04272100: GL mask 0x5; bounds (0, 0)[1440 x 900], 36 modes available
Main, Active, on-line, enabled, built-in, boot, Vendor 610, Model 9c84, S/N 0, Unit 0, Rotation 0
UUID 0x3147e958136865fbc8914fc8d5b55131
1/19/14 1:10:16.350 PM WindowServer[91]: Display 0x003f003d: GL mask 0xa; bounds (2464, 0)[1 x 1], 1 modes available
off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0
UUID 0xffffffffffffffffffffffffffffffff
1/19/14 1:10:16.351 PM WindowServer[91]: CGXPerformInitialDisplayConfiguration
1/19/14 1:10:16.351 PM WindowServer[91]: Display 0x04272100: Unit 0; Alias(0, 0x5); Vendor 0x610 Model 0x9c84 S/N 0 Dimensions 13.03 x 8.15; online enabled built-in, Bounds (0,0)[1440 x 900], Rotation 0, Resolution 1
1/19/14 1:10:16.351 PM WindowServer[91]: Display 0x003f003d: Unit 1; Alias(1, 0xa); Vendor 0xffffffff Model 0xffffffff S/N -1 Dimensions 0.00 x 0.00; offline enabled, Bounds (2464,0)[1 x 1], Rotation 0, Resolution 1
1/19/14 1:10:16.351 PM WindowServer[91]: CGXMuxBoot: Boot normal
1/19/14 1:10:16.449 PM WindowServer[91]: GLCompositor: GL renderer id 0x0102260e, GL mask 0x00000003, accelerator 0x00004bab, unit 0, caps QEX|MIPMAP, vram 256 MB
1/19/14 1:10:16.458 PM WindowServer[91]: GLCompositor: GL renderer id 0x0102260e, GL mask 0x00000003, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT
1/19/14 1:10:16.458 PM WindowServer[91]: GLCompositor: GL renderer id 0x0202260c, GL mask 0x0000000c, accelerator 0x0000293b, unit 2, caps QEX|MIPMAP, vram 256 MB
1/19/14 1:10:16.468 PM WindowServer[91]: GLCompositor: GL renderer id 0x0202260c, GL mask 0x0000000c, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT
1/19/14 1:10:16.468 PM WindowServer[91]: GLCompositor enabled for tile size [256 x 256]
1/19/14 1:10:16.468 PM WindowServer[91]: CGXGLInitMipMap: mip map mode is on
1/19/14 1:10:16.481 PM loginwindow[63]: **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.
1/19/14 1:10:16.484 PM airportd[83]: airportdProcessDLILEvent: en1 attached (up)
1/19/14 1:10:16.611 PM WindowServer[91]: Display 0x04272100: Unit 0; ColorProfile { 2, "Color LCD"}; TransferTable (256, 12)
1/19/14 1:10:16.775 PM loginwindow[63]: Setting the initial value of the magsave brightness level 2
1/19/14 1:10:16.840 PM loginwindow[63]: Login Window Started Security Agent
1/19/14 1:10:16.965 PM SecurityAgent[120]: This is the first run
1/19/14 1:10:16.965 PM SecurityAgent[120]: MacBuddy was run = 0
1/19/14 1:10:16.992 PM WindowServer[91]: _CGXGLDisplayContextForDisplayDevice: acquired display context (0x7fe83bd10560) - enabling OpenGL
1/19/14 1:10:17.095 PM launchctl[117]: com.apple.findmymacmessenger: Already loaded
1/19/14 1:10:17.368 PM com.apple.SecurityServer[15]: Session 100004 created
1/19/14 1:10:17.889 PM parentalcontrolsd[136]: StartObservingFSEvents [849:] -- *** StartObservingFSEvents started event stream
1/19/14 1:10:18.000 PM kernel[0]: hfs: mounted Recovery HD on device disk0s3
1/19/14 1:10:18.253 PM mds[59]: (Normal) Volume: volume:0x7ff508824a00 ********** Bootstrapped Creating a default store:0 SpotLoc:(null) SpotVerLoc:(null) occlude:0 /Volumes/Recovery HD
1/19/14 1:10:18.356 PM WindowServer[91]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
1/19/14 1:10:18.365 PM fseventsd[38]: Logging disabled completely for device:1: /Volumes/Recovery HD
1/19/14 1:10:18.000 PM kernel[0]: hfs: unmount initiated on Recovery HD on device disk0s3
1/19/14 1:10:18.433 PM UserEventAgent[122]: Failed to copy info dictionary for bundle /System/Library/UserEventPlugins/alfUIplugin.plugin
1/19/14 1:10:18.435 PM WindowServer[91]: Display 0x04272100: Unit 0; ColorProfile { 2, "Color LCD"}; TransferTable (256, 12)
1/19/14 1:10:18.467 PM WindowServer[91]: Display 0x04272100: Unit 0; ColorProfile { 2, "Color LCD"}; TransferTable (256, 12)
1/19/14 1:10:28.538 PM configd[19]: network changed: v4(en0+:192.168.1.5) DNS+ Proxy+ SMB
1/19/14 1:10:28.561 PM configd[19]: setting hostname to "new-host-3.home"
1/19/14 1:10:29.692 PM ntpd[42]: proto: precision = 1.000 usec
1/19/14 1:10:30.820 PM apsd[80]: Unrecognized leaf certificate
1/19/14 1:10:31.484 PM awacsd[78]: Exiting
1/19/14 1:10:41.933 PM SecurityAgent[120]: User info context values set for richardharry
1/19/14 1:10:42.660 PM SecurityAgent[120]: Login Window login proceeding
1/19/14 1:10:42.000 PM kernel[0]: **** [IOBluetoothHCIController][SearchForTransportEventTimeOutHandler] -- Missing Bluetooth Controller Transport!
1/19/14 1:10:42.977 PM loginwindow[63]: Login Window - Returned from Security Agent
1/19/14 1:10:43.064 PM loginwindow[63]: USER_PROCESS: 63 console
1/19/14 1:10:43.000 PM kernel[0]: AppleKeyStore:Sending lock change 0
1/19/14 1:10:43.238 PM com.apple.launchd.peruser.501[155]: Background: Aqua: Registering new GUI session.
1/19/14 1:10:43.282 PM com.apple.launchd.peruser.501[155]: (com.apple.cmfsyncagent) Ignored this key: UserName
1/19/14 1:10:43.283 PM com.apple.launchd.peruser.501[155]: (com.apple.EscrowSecurityAlert) Unknown key: seatbelt-profiles
1/19/14 1:10:43.284 PM com.apple.launchd.peruser.501[155]: (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
1/19/14 1:10:43.289 PM launchctl[158]: com.apple.pluginkit.pkd: Already loaded
1/19/14 1:10:43.290 PM launchctl[158]: com.apple.sbd: Already loaded
1/19/14 1:10:43.322 PM distnoted[160]: # distnote server agent absolute time: 35.829365312 civil time: Sun Jan 19 13:10:43 2014 pid: 160 uid: 501 root: no
1/19/14 1:10:43.505 PM WindowServer[91]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
1/19/14 1:10:44.200 PM WindowServer[91]: Display 0x04272100: Unit 0; ColorProfile { 2, "Color LCD"}; TransferTable (256, 12)
1/19/14 1:10:44.391 PM sharingd[183]: Starting Up...
1/19/14 1:10:44.822 PM com.apple.SecurityServer[15]: Session 100008 created
1/19/14 1:10:45.207 PM WindowServer[91]: disable_update_timeout: UI updates were forcibly disabled by application "SystemUIServer" for over 1.00 seconds. Server has re-enabled them.
1/19/14 1:10:45.891 PM WindowServer[91]: common_reenable_update: UI updates were finally reenabled by application "SystemUIServer" after 1.68 seconds (server forcibly re-enabled them after 1.00 seconds)
1/19/14 1:10:46.125 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class AMDRadeonX4000_AMDAccelDevice.
1/19/14 1:10:46.125 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class AMDRadeonX4000_AMDAccelSharedUserClient.
1/19/14 1:10:46.125 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class AMDSIVideoContext.
1/19/14 1:10:46.125 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IGAccelDevice.
1/19/14 1:10:46.125 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IGAccelSharedUserClient.
1/19/14 1:10:46.125 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IGAccelVideoContextMain.
1/19/14 1:10:46.125 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IGAccelVideoContextMedia.
1/19/14 1:10:46.126 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IGAccelVideoContextVEBox.
1/19/14 1:10:46.126 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IOHIDParamUserClient.
1/19/14 1:10:46.126 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IOSurfaceRootUserClient.
1/19/14 1:10:46.126 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class Gen6DVDContext.
1/19/14 1:10:46.126 PM com.apple.audio.DriverHelper[195]: The plug-in named AirPlay.driver requires extending the sandbox for the mach service named com.apple.AirPlayXPCHelper.
1/19/14 1:10:46.175 PM com.apple.audio.DriverHelper[195]: The plug-in named BluetoothAudioPlugIn.driver requires extending the sandbox for the IOKit user-client class IOBluetoothDeviceUserClient.
1/19/14 1:10:46.175 PM com.apple.audio.DriverHelper[195]: The plug-in named BluetoothAudioPlugIn.driver requires extending the sandbox for the mach service named com.apple.blued.
1/19/14 1:10:46.175 PM com.apple.audio.DriverHelper[195]: The plug-in named BluetoothAudioPlugIn.driver requires extending the sandbox for the mach service named com.apple.bluetoothaudiod.
1/19/14 1:10:46.360 PM WindowServer[91]: disable_update_timeout: UI updates were forcibly disabled by application "Finder" for over 1.00 seconds. Server has re-enabled them.
1/19/14 1:10:46.410 PM xpcproxy[199]: assertion failed: 13B42: xpcproxy + 3438 [EE7817B0-1FA1-3603-B88A-BD5E595DA86F]: 0x2
1/19/14 1:10:46.480 PM com.apple.IconServicesAgent[200]: IconServicesAgent launched.
1/19/14 1:10:46.513 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.514 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.514 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.514 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.514 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.515 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.515 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.515 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.515 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.515 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.516 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.517 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.517 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.517 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.517 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.517 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.518 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.518 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.518 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.518 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.518 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.519 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.519 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.519 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.519 PM Finder[174]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.576 PM com.apple.IconServicesAgent[200]: Failed to mmap file. The file has zero length.
1/19/14 1:10:46.855 PM xpcproxy[207]: assertion failed: 13B42: xpcproxy + 3438 [EE7817B0-1FA1-3603-B88A-BD5E595DA86F]: 0x2
1/19/14 1:10:46.889 PM com.apple.SecurityServer[15]: Session 100011 created
1/19/14 1:10:47.092 PM UserEventAgent[159]: Failed to copy info dictionary for bundle /System/Library/UserEventPlugins/alfUIplugin.plugin
1/19/14 1:10:47.656 PM WindowServer[91]: common_reenable_update: UI updates were finally reenabled by application "Finder" after 2.30 seconds (server forcibly re-enabled them after 1.00 seconds)
1/19/14 1:10:47.922 PM SystemUIServer[173]: Cannot find executable for CFBundle 0x7fce9bdd2b40 </System/Library/CoreServices/Menu Extras/Clock.menu> (not loaded)
1/19/14 1:10:47.949 PM SystemUIServer[173]: Cannot find executable for CFBundle 0x7fce9bc25fb0 </System/Library/CoreServices/Menu Extras/Battery.menu> (not loaded)
1/19/14 1:10:47.950 PM SystemUIServer[173]: Cannot find executable for CFBundle 0x7fce9bc26700 </System/Library/CoreServices/Menu Extras/Volume.menu> (not loaded)
1/19/14 1:10:48.167 PM accountsd[213]: assertion failed: 13B42: liblaunch.dylib + 25164 [FCBF0A02-0B06-3F97-9248-5062A9DEB32C]: 0x25
1/19/14 1:10:48.454 PM SystemUIServer[173]: *** WARNING: -[NSImage compositeToPoint:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
1/19/14 1:10:48.454 PM SystemUIServer[173]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
1/19/14 1:10:48.591 PM XBMC[165]: CPSGetCurrentProcess(): This call is deprecated and should not be called anymore.
1/19/14 1:10:48.615 PM XBMC[165]: CPSSetForegroundOperationState(): This call is deprecated and should not be called anymore.
1/19/14 1:10:48.737 PM com.apple.SecurityServer[15]: Session 100013 created
1/19/14 1:10:49.001 PM com.apple.time[159]: Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
1/19/14 1:10:49.048 PM com.apple.time[159]: Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
1/19/14 1:10:49.057 PM com.apple.NotesMigratorService[217]: Joined Aqua audit session
1/19/14 1:10:49.310 PM Console[169]: setPresentationOptions called with NSApplicationPresentationFullScreen when there is no visible fullscreen window; this call will be ignored.
1/19/14 1:10:50.434 PM XBMCHelper[226]: XBMCHelper 0.7 starting up...
1/19/14 1:10:50.764 PM com.apple.dock.extra[224]: <NSXPCConnection: 0x7f91d1471e90>: received an undecodable message (no exported object to receive message). Dropping message.
1/19/14 1:10:51.495 PM WindowServer[91]: Display 0x4272100 captured by conn 0xf40f
1/19/14 1:10:51.755 PM WindowServer[91]: Display 0x4272100 released by conn 0xf40f
1/19/14 1:10:53.163 PM mDNSResponder[60]: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 00007FBFA3003B60 Richards-MacBook-Pro.local. (AAAA) that's already in the list
1/19/14 1:10:53.163 PM mDNSResponder[60]: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 00007FBFA3003FF0 6.5.F.1.4.B.E.F.F.F.2.3.3.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. (PTR) that's already in the list
1/19/14 1:10:53.163 PM mDNSResponder[60]: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 00007FBFA2814960 Richards-MacBook-Pro.local. (Addr) that's already in the list
1/19/14 1:10:53.163 PM mDNSResponder[60]: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 00007FBFA2814DF0 5.1.168.192.in-addr.arpa. (PTR) that's already in the list
1/19/14 1:10:53.640 PM imagent[203]: [Warning] *** Listener ID: com.apple.soagent does not have capability: (Status), not allowing request
1/19/14 1:10:53.641 PM imagent[203]: [Warning] *** Listener ID: com.apple.soagent does not have capability: (Status), not allowing request
1/19/14 1:10:53.643 PM imagent[203]: [Warning] 1 IMFoundation 0x00007fff9536edd7 IMLogBacktraceToDepth + 69
1/19/14 1:10:53.643 PM imagent[203]: [Warning] 2 imagent 0x0000000100dfcec5 imagent + 77509
1/19/14 1:10:53.643 PM imagent[203]: [Warning] 3 imagent 0x0000000100defa4c imagent + 23116
1/19/14 1:10:53.643 PM imagent[203]: [Warning] 4 CoreFoundation 0x00007fff8faa1dec __invoking___ + 140
1/19/14 1:10:53.643 PM imagent[203]: [Warning] 5 CoreFoundation 0x00007fff8faa1c54 -[NSInvocation invoke] + 308
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 6 CoreFoundation 0x00007fff8fb447a6 -[NSInvocation invokeWithTarget:] + 54
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 7 IMFoundation 0x00007fff9536b774 im_local_object_peer_event_handler + 7384
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 8 IMFoundation 0x00007fff9536b455 im_local_object_peer_event_handler + 6585
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 9 IMFoundation 0x00007fff9536b856 im_local_object_peer_event_handler + 7610
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 10 IMFoundation 0x00007fff9536b9a4 im_local_object_peer_event_handler + 7944
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 11 Foundation 0x00007fff974060de __NSThreadPerformPerform + 229
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 12 CoreFoundation 0x00007fff8fae78f1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 13 CoreFoundation 0x00007fff8fad9129 __CFRunLoopDoSources0 + 441
1/19/14 1:10:53.644 PM imagent[203]: [Warning] 14 CoreFoundation 0x00007fff8fad87ef __CFRunLoopRun + 831
1/19/14 1:10:53.645 PM imagent[203]: [Warning] 15 CoreFoundation 0x00007fff8fad8275 CFRunLoopRunSpecific + 309
1/19/14 1:10:53.645 PM imagent[203]: [Warning] 16 Foundation 0x00007fff9740ba7c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 253
1/19/14 1:10:53.645 PM imagent[203]: [Warning] 17 Foundation 0x00007fff974f470a -[NSRunLoop(NSRunLoop) run] + 74
1/19/14 1:10:53.645 PM imagent[203]: [Warning] 18 imagent 0x0000000100df22a9 imagent + 33449
1/19/14 1:10:53.645 PM imagent[203]: [Warning] 19 libdyld.dylib 0x00007fff8ec7a5fd start + 1
1/19/14 1:10:53.645 PM imagent[203]: [Warning] 20 ??? 0x0000000000000001 0x0 + 1
1/19/14 1:11:11.000 PM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key B0PS (kSMCKeyNotFound)
1/19/14 1:11:11.000 PM kernel[0]: SMC::smcReadKeyAction ERROR: smcReadData8 failed for key B0OS (kSMCKeyNotFound)
1/19/14 1:11:28.917 PM com.apple.InputMethodKit.UserDictionary[243]: -[PFUbiquitySwitchboardEntryMetadata setUseLocalStorage:](760): CoreData: Ubiquity: richardharry~799AC944-6E99-5E0E-8E47-5CAF8754DC58:UserDictionary
Using local storage: 1
1/19/14 1:11:29.118 PM com.apple.InputMethodKit.UserDictionary[243]: -[PFUbiquitySwitchboardEntryMetadata setUseLocalStorage:](760): CoreData: Ubiquity: richardharry~799AC944-6E99-5E0E-8E47-5CAF8754DC58:UserDictionary
Using local storage: 0
1/19/14 1:11:43.417 PM com.apple.launchd.peruser.501[155]: (com.valvesoftware.steamclean[254]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
1/19/14 1:11:43.417 PM com.apple.launchd.peruser.501[155]: (com.valvesoftware.steamclean[254]) Job failed to exec(3) for weird reason: 2
1/19/14 1:11:43.463 PM com.apple.launchd.peruser.501[155]: (com.apple.iTunesHelper.32416[257]) Spawned and waiting for the debugger to attach before continuing...
1/19/14 1:11:43.000 PM kernel[0]: CODE SIGNING: cs_invalid_page(0x1000): p=255[GoogleSoftwareUp] final status 0x0, allow (remove VALID)ing page
1/19/14 1:11:43.803 PM WiFiKeychainProxy[244]: [NO client logger] <Aug 30 2013 23:40:46> WIFICLOUDSYNC WiFiCloudSyncEngineCreate: created...
1/19/14 1:11:43.804 PM WiFiKeychainProxy[244]: [NO client logger] <Aug 30 2013 23:40:46> WIFICLOUDSYNC WiFiCloudSyncEngineRegisterCallbacks: WiFiCloudSyncEngineCallbacks version - 0, bundle id - com.apple.wifi.WiFiKeychainProxy
1/19/14 1:11:53.913 PM parentalcontrolsd[285]: StartObservingFSEvents [849:] -- *** StartObservingFSEvents started event stream
1/19/14 1:14:16.538 PM mds[59]: (Normal) Volume: volume:0x7ff508850800 ********** Bootstrapped Creating a default store:0 SpotLoc:(null) SpotVerLoc:(null) occlude:0 /Volumes/firmwaresyncd.VuomA2
1/19/14 1:15:58.836 PM PluginProcess[238]: CoreText performance note: Client called CTFontCreateWithName() using name "Times Roman" and got font with PostScript name "Times-Roman". For best performance, only use PostScript names when calling this API.
1/19/14 1:15:58.837 PM PluginProcess[238]: CoreText performance note: Set a breakpoint on CTFontLogSuboptimalRequest to debug. -
VPN Client and AAA services on a Cisco ISR Router
Hi, my name is Jim, and I was just promoted as a trainer for the company I work for. Part of my new challenge is understanding how the configuration files in both my Terminal Services/VPN Router and Core Router work, so for many of you, these questions are going to seem very fundamental, but please help, I am an instructor in training. I hold a CCNA, CCNA-Wireless, and a CCSI cert, but I have little working experience in building and maintaining a lab....hence the need for this inquiry.
So to my questions. In our lab environment, we have a router that acts as our terminal services router and VPN router. Each laptop that connects to the lab has the Cisco VPN client loaded onto it, as well as my laptop that I teach from. My questions are these:
1. What parts of the AAA output of the running configuration tell me how to configure the VPN clients on my laptops?
2. I am using crypto key generate RSA at 1024 bits on the VPN/TS router, so does that tell me how to configure some part of the client?
3. In our lab, we are going to use a direct connection to an AP to get connected to the network, and how will the absence of an Internet connection affect the settings on the VPN client, or will they?
4. Are there helpful articles I can read that will answer some or all of these questions?
Thanks in advance,
JimHi Jim,
congratulations
Assuming a basic setup, your router will have something like this:
crypto isakmp client configuration group MyGroup
key cisco123
So on the client, you configure it to use MyGroup as the group name, and cisco123 as the (group) password.
I'm not sure I understand your question #3 and what you mean by "AP" (Access Point? So WiFi?). In any case you don't need Internet access per se, as long as you have network (IP) connectivity between the host running the vpnclient and the VPN router.
Does this help?
Herbert -
How to survive an ACS audit with aaa-reports!
For many organisations the Cisco Secure ACS server is the guardian of the network - controlling administrative access to routers and switches plus overseeing end network users over VPN, wireless and firewall.
Its no surprise therefore that it should come under intense scrutiny during an audit. Perhaps what is surprising is the lack on awareness over best practice for running ACS in a secure way. We'd like to help in our small way and below is a list of tips we've picked up over the years of providing reporting services for ACS.
Buy aaa-reports! Of course we would say that... But without the ability to aggregate the logs from all your ACS servers and report on the data, or use our query builder for forensic analysis, or import the ACS database to document the policy features enabled.... you'll have a hard time getting the evidence that an auditor might ask for.
Make sure ACS is logging the appropriate attributes for the reports you need to create. For example if you need to document who did what to devices in specific Network Device Groups (NDG) you must ensure this value actually gets logged. Performing ACS upgrades often sets logging configs back to their defaults.
Create a build specification for your ACS. Detail the "meta config" of your ACS so that after an emergency hardware swap-out or software upgrade you can quickly check that the ACS has the correct configuration. The build spec document should be under version control and is a useful item in itself to convince an auditor your system is well controlled.
Create a Change Control system for config changes on the ACS. Since its ACS that decides who gets access and what commands they run on your network its vital you report on the Administration Audit logs. During an audit you can then correlate entries in your change control system with actual edits recorded in the Admin Audit logs. aaa-reports! can document what all or individual ACS admins did in detail.
Retain 2 years of actual CSV log data on your reporting server. For general day-to-day reporting you dont need this amount, but during an audit you may be required to show what happened on a specific historic date. aaa-reports! multi-db feature will allow you to create a specific back-end database just for this task and import logs from the required time period. Alternatively use the aaa-reports! snapshot feature to regularly save its database state, for example quarterly. You may then connect aaa-reports! to any of the historic snapshot databases to report on the data from that quarter.
Regularly export the ACS database into aaa-reports! If you are running reports against log data from 2 years ago you also need to know what was in the ACS database at the same time - using a more recent ACS database might yield unexpected results because the configuration is likely to changed in the meantime. Usecsvsync to regularly grab the ACS database and keep them alongside the retained CSV logs for future reference.
Review the quality of ACS log data. From time to time its worth taking a look at the quality of the data getting logged. We often find customers with rogue scripts being automated on devices that cause the ACS Failed Attempts logs to become full of many MBs of "junk data" - essentially one failed attempt for each line of the script. If left to continue for months the real data starts to become more difficult to find.
In terms of specific questions that an audit will concentrate on, typically it will revolve around demonstrating that not only is there specific and adequate policy to control access to those parts of the network require it, but also to seek evidence that those policies are in fact working. In aaa-reports! we added a whole set of reports for TACACS+ Device Administration (TDA) that attempt to document the ACS policy configuration, answer questions such as "who can/cannot access devices and once connected what can they do?" and finally report on what did actually happen.
Below are some additional TDA specific tips:
Ensure services such as shell/exec are only enabled for ACS groups that really need it. The aaa-reports! TDA Group Summary report will list every ACS group and what TDA features are enabled. The TDA Group Detailreport can be used to inspect the policy in detail.
Check for user-level ovverides. In general users should always inherit policy from their group unless there is good reason. The aaa-reports! TDA User Summary report list users with group overriden configuration. The TDA User Detail report can be used to inspect what policy items are specific to the user.
Use Network Access Restrictions (NAR) to prevent login by unauthorised personnel. The first line of defence is to only allow device admin users access to routers and switches. We find some customers rely purely on command authorisation - this potentially lets anyone access the device who can authenticate. Imagine the scenario where ACS has "unknown authentication" enabled pointing at your Windows AD then answer "Who has access?". aaa-reports! can report group-by-group on device access controlled by NARs and therefore answer "Who has access to device XYZ?"
Use Device Command Sets (DCS) for command authorisation. Create a set of re-usable DCSs with meaningful names in preference to simple group-level command authorisations. ACS administration is simplified and the auditor should understand what the intent of the policy is by its name. aaa-reports! can document the both the content of each DCS and the group assignments, thereby answering the question "What commands can user X execute on device XYZ?"
Seek out and remove old ACS user accounts. aaa-reports! can report on inactive users both from examination of accounting logs and (if password aging is enabled) from the imported ACS database itself.
Learn how to use the aaa-reports! Query Builder. Despite the comprehensive set of pre-built canned reports, during an audit you are likely to be asked questions about a specific date, user or device. Knowing how to use the QB to build filter/sort and group/totalling queries will get the answers quickly. Take the random question "How many sessions did user X have on devices A, B and C on this date?" The aaa-reports! QB can easily create custom reports that filter on any number of attribute values, group by multiple columns and have calculated fields such as sum, count, average etc. If you have a working knowledge of Visual Basic 6 (VB6) its also possible to use a rich array of formatting and other VB6 functions to create additional fields.
The above list is of course by no means definitive as every customer will have their own specific needs from ACS and face different levels of compliance. Undergoing an audit is never easy, but at least with the right tools it doesnt have to be awful!
For more infomation on extraxi aaa-reports! or to download our free 60 day trial version please visit http://www.extraxi.com/audit.htm.
-
Not able to get outside of network on wireless - 1811W Router
I have configured router to issue ip's on two vlan's. Vlan1 works fine, vlan2 is for the wirless issues the correct ip but not will not
let me go the internet.
Any help will be greatly appreciated.
Current configuration : 9574 bytes
! Last configuration change at 17:43:57 PCTime Fri Aug 30 2013
! NVRAM config last updated at 15:36:03 PCTime Fri Aug 30 2013 by patrick
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname St.Patricks
boot-start-marker
boot-end-marker
logging message-counter syslog
no logging buffered
enable secret 5 $1$lvNA$wGnkzv7kjLmif0RNDxf2g0
no aaa new-model
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-3607837666
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3607837666
revocation-check none
rsakeypair TP-self-signed-3607837666
crypto pki certificate chain TP-self-signed-3607837666
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363037 38333736 3636301E 170D3133 30383239 30363232
34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36303738
33373636 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E525 0425ECCD 2F904636 B21AF280 AD7993E4 8F79564C 6203B366 E769FAF5
62DACE0A 40CFD386 0F5BD78F FE7C6A7C EACC4A3C 3F84A48C AC7D3280 9FF029BE
D5BA4E83 00F7BD4B 11984721 76F5CCDF D03E6CD7 84195C8F 73D770C8 99734F0D
4F583941 0BE9FD8D 87F3D876 FFDB0588 2BECA057 79DA62D2 AC47D3ED 6AE5C7F4
B3AB0203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B53742E 50617472 69636B73 301F0603 551D2304 18301680
146385C7 4B02E815 B28909F2 2A604395 37FB3F60 21301D06 03551D0E 04160414
6385C74B 02E815B2 8909F22A 60439537 FB3F6021 300D0609 2A864886 F70D0101
04050003 81810067 7A20CF98 7D7FAC17 A5B73A4A 00BEAE11 3BFFF9BC 1A74E61A
E7DC833C FDBA0BB8 A0F74011 C3B1F3AA 0CF39238 66A9AF5F EB62E3C3 D92A4289
E6000537 D253E03F A1B95F7C A545EC84 14724057 E72DAEE2 568A7B40 174FEB03
1373CFAE 4BEC84B1 794E3E1B D56E2DDC DD2B1162 7B0A782C A4D2391E 83DA63D6
4CD7029D B9F668
quit
dot11 syslog
dot11 vlan-name Wireless_VLAN vlan 2
dot11 ssid St.Patricks_WiFi
vlan 2
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
infrastructure-ssid optional
wpa-psk ascii 0 patrick1
ip source-route
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.11.1 10.10.11.99
ip dhcp pool DHCP_POOL
import all
network 10.10.10.0 255.255.255.0
dns-server 208.67.222.123 208.67.220.123
default-router 10.10.10.1
domain-name St.Patricks
ip dhcp pool WireLess_Pool
import all
network 10.10.11.0 255.255.255.0
domain-name St.Patricks_Wireless
dns-server 208.67.222.123 208.67.220.123
default-router 10.10.10.1
ip cef
ip name-server 208.67.222.123
ip name-server 208.67.220.123
no ipv6 cef
multilink bundle-name authenticated
username patrick privilege 15 secret 5 $1$MLJt$jLLnyQkm61ukzlwxHB/7f0
archive
log config
hidekeys
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 101
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
policy-map type inspect ccp-permit
class class-default
drop
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
bridge irb
interface FastEthernet0
description WAN$FW_OUTSIDE$
ip address dhcp
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
interface FastEthernet9
interface Dot11Radio0
no ip address
no dot11 extension aironet
encryption vlan 2 mode ciphers tkip
broadcast-key vlan 2 change 30
ssid St.Patricks_WiFi
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0.2
encapsulation dot1Q 2 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1
no ip address
no dot11 extension aironet
encryption vlan 2 mode ciphers tkip
broadcast-key vlan 2 change 30
ssid St.Patricks_WiFi
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio1.2
encapsulation dot1Q 2 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description $FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
interface Vlan2
ip address 10.10.11.1 255.255.255.0
bridge-group 1
interface Async1
no ip address
encapsulation slip
interface BVI1
ip address 10.10.11.1 255.255.255.0
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0 overload
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended SDM_HTTPS
remark CCP_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark CCP_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark CCP_ACL Category=1
permit tcp any any eq 22
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 remark Wireless
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip any any
control-plane
bridge 1 protocol ieee
bridge 1 route ip
banner motd ^C
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
YOU ARE NO AUTHORIZED -------- SEE ADMINISTRATOR
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
^C
alias exec s show ip int br
alias exec sr show run
line con 0
exec-timeout 0 0
logging synchronous
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
login
transport input telnet ssh
endThings looks a little weird with the VLAN 2 interface having an IP address. Once you create the BVI interface that is where all of the layer 3 stuff should go.
I would so try adding IP NAT inside to the BVI interface.
Elton
Sent from Cisco Technical Support iPhone App -
How to configure wireless Cisco 1041/EAP2 with Radius
Hello,
Having trouble configuring wireless on a Cisco 1041 with a 2012 Radius Server
I have a cisco ASA 5505 and Windows server 2012 Radius with NAP and Network Security policy
Guest Test guest works, test does not, I want the users to log into test with their AD credentials
Here is the AP config:
Thanks for any help
o service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap1
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap2
server x.x.x.x auth-port 1645 acct-port 1646
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone -0500 -5
clock summer-time -0400 recurring
ip domain name ser.local
dot11 syslog
dot11 ssid test
vlan 1
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa
mbssid guest-mode
dot11 ssid test guest
vlan 12
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7
dot11 priority-map avvid
dot11 phone dot11e
power inline negotiation injector 001b.8fac.990a
power inline negotiation prestandard source
class-map match-all _class_data_policy0
match ip dscp default
class-map match-all _class_voice_policy0
match ip dscp ef
policy-map voice_policy
class _class_voice_policy0
set cos 6
policy-map data_policy
class _class_data_policy0
set cos 0
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 12 mode ciphers aes-ccm
ssid ihiCorp
ssid ihiGuest
antenna gain 0
mbssid
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
service-policy input data_policy
service-policy output data_policy
interface Dot11Radio0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 12
bridge-group 12 subscriber-loop-control
bridge-group 12 block-unknown-source
no bridge-group 12 source-learning
no bridge-group 12 unicast-flooding
bridge-group 12 spanning-disabled
service-policy input data_policy
service-policy output data_policy
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 12
no bridge-group 12 source-learning
bridge-group 12 spanning-disabled
interface BVI1
ip address x.x.x.x 255.255.255.0
no ip route-cache
ip default-gateway x.x.x.x
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
endin order I get these messages;
The processing of Group Policy failed. Windows attempted to read the file \\test.local\sysvol\test.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
A LDAP connection with domain controller IHIserver01.ihi-press.local for domain TEST is established.
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 48. -
Share wireless internet modem from one computer to another with router model WRT120N
I am trying to share an internet connection of my Sprint wireless modem from computer 1 to computer 2. Is there a way to share the internet connection? I have successfully set up a Home Group. I have tried to share my internet connection by
right clicking on the network connections icon in the system tray -->
Open Network and Sharing Center -->
"Change Adapter Settings -->
right clicking on "Modem -->
Properties -->
Sharing -->
Allow other network users to connect through this computer's connection --> *
Home networking connection: > Local Area Connection -->
OK **
* I get this error message
"The user name and password for this connection cannot be saved for use by all users. As a result, Internet Connection Sharing can only dial this connection when you are logged on. To enable automatic dialing, you should create a new connection for all users, save your user name and password for all users, and then enable sharing for the new connection."
** I get this error message
"Since this connection is currently active, some settings will not take effect until the next time you dial it."
Next Network Magic informs me that LAN has lost connection.
I disconnect from the internet connection then connect again.
Network Magic shows my computer is not connected to the router but the internet is connected as well as the 2nd computer (Sharing the internet to). I can still connect to the internet from my computer.
I tried opening google my IE 9 browser on computer 2, not able to connect. On computer 2 Network Magic shows that all devices are connected to the router but is not connected to the internet.
Home Groups are not available now on both computers but I am still able to connect to mapped network drives.
I am running Network Magic Basic on both computers.
ipconfig /all on computer 1 shows:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Michael>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : AnnaBannana-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
PPP adapter Mobile:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Mobile
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 173.153.207.50(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 68.28.58.92
68.28.50.91
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection 10:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : U600 EVDO Network Adapter #3
Physical Address. . . . . . . . . : 00-A0-C6-00-00-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WiMAX Network Adapter
Physical Address. . . . . . . . . : F4-63-49-03-58-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 70-71-BC-5D-DC-44
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:ad99:cf32:a:955e:5b9:b42c:197b(Prefe
rred)
IPv6 Address. . . . . . . . . . . : 2002:b8c3:8b53:a:955e:5b9:b42c:197b(Prefe
rred)
Site-local IPv6 Address . . . . . : fec0::a:955e:5b9:b42c:197b%2(Preferred)
Temporary IPv6 Address. . . . . . : 2002:ad99:cf32:a:f152:48a7:38e0:4bd8(Pref
erred)
Temporary IPv6 Address. . . . . . : 2002:b8c3:8b53:a:f152:48a7:38e0:4bd8(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::955e:5b9:b42c:197b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.137.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 242250172
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C2-02-FF-70-71-BC-5D-DC-44
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{A05F6BCE-ED0A-4E3C-AFEA-96B9B0FC00E7}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{D73CCDF5-F1EE-4FBE-9C86-FB6D72F97B0C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:ad99:cf32::ad99:cf32(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 68.28.58.92
68.28.50.91
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{CDEAD959-7804-4D3A-8989-A5D8F1B154F5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1443:3dd8:473c:74ac(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::1443:3dd8:473c:74ac%26(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 335544320
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C2-02-FF-70-71-BC-5D-DC-44
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{99E66CF3-88EA-4809-A033-6BB90F33EB9C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
ipconfig /all on computer 2 shows:
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Michael>IPCONFIG /ALL
Windows IP Configuration
Host Name . . . . . . . . . . . . : HP-Mini-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-26-5E-C1-25-70
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0C-60-76-55-76-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Contro
ller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-55-CD-33-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 0C-60-76-55-76-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:ad99:cf32:a:60ec:aea0:d494:59d1(Pref
erred)
Site-local IPv6 Address . . . . . : fec0::a:60ec:aea0:d494:59d1%1(Preferred)
Temporary IPv6 Address. . . . . . : 2002:ad99:cf32:a:e92e:d367:eddc:aaae(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::60ec:aea0:d494:59d1%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 17, 2011 11:23:38 PM
Lease Expires . . . . . . . . . . : Saturday, June 18, 2011 11:23:37 PM
Default Gateway . . . . . . . . . : fe80::955e:5b9:b42c:197b%16
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 369909878
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-F1-D7-F0-00-1E-33-A3-7E-43
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{056F6EC1-7291-43F0-AAD2-9B90787CF29C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{FB5BBB88-D238-474F-9958-88E1F2149ED3}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6FC9C384-65F1-4D3E-9BEB-4DC925A0F24F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8992E75C-3566-440C-8167-94CD03CFCB37}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable Microsoft 6To4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Michael>See this thread: here.
However, please don't use 192.168.0.2 for the router but 192.168.137.2 instead. Home sharing uses 192.168.137.1 on the sharing computer instead of 192.168.0.1 as it was in earlier Windows versions.
To make the change, unplug the WRT from your network. Wire your second computer to a LAN port of the WRT.
Open the web interface at http://192.168.1.1/
On the main setup page, change the LAN IP address from 192.168.1.1 to 192.168.137.2.
On the same page, disable the DHCP server.
Save settings.
Unplug the computer. Now wire one of the numbered LAN ports of the WRT to your home sharing computer.
That's it. -
My 851W only allows a single wireless connection at a time
1st device associates fine. 2nd device gets message - You are either out or range of credentials incorrect. If I shut down the wireless adapter in the 1st device the 2nd immediately associates. Re-enable adapter in 1st device and now it cannot associate, same out of range or credentials message
Here's the full config
#sh run
Building configuration...
Current configuration : 7426 bytes
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname saa01.panjde.nj
boot-start-marker
boot system flash
boot-end-marker
logging buffered 51200
logging console informational
enable secret 5 <omittted>
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.25 10.10.10.254
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.224
default-router 10.10.10.1
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip ssh time-out 60
ip ssh authentication-retries 2
crypto pki trustpoint TP-self-signed-1218768189
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1218768189
revocation-check none
rsakeypair TP-self-signed-1218768189
crypto pki certificate chain TP-self-signed-1218768189
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323138 37363831 3839301E 170D3032 30333031 30313339
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32313837
36383138 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C851 20F52411 0EB54BDE 2A94E59E A8519700 78365D20 8A601CA9 4F39FE76
32D6132E 4818EDDD CEF23693 54DB319D E044B994 FCEE3E88 567D5F44 39973E1B
6A7CFFC9 352A199D 5BB97CE6 B8515877 02A3AD40 B585B7A7 AE459BB4 F628BAA1
E25BA349 26E529F6 20906E4C 42DE148B 334A440B ED8E18EB 10F87715 FD562047
45670203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B736161 30312E70 616E6A64 652E6E6A 2E636F6D 63617374
2E6E6574 301F0603 551D2304 18301680 14AF142A 26B99015 4E52B7CB CEDA485E
7800D40C 9B301D06 03551D0E 04160414 AF142A26 B990154E 52B7CBCE DA485E78
00D40C9B 300D0609 2A864886 F70D0101 04050003 818100C5 2DDDB22D 5D98BC9D
73426486 C9DF6AEA 463D31D9 7656D7EA E8213739 B3EC68B0 0E308062 91D379BC
5A2CEB4E 439B3678 EBC23F0E 570C0989 5904EF65 72A2A4D6 B1D8AE25 D9E38AEB
C15A3BAB 39BE35CB DE2D9524 16B74998 C67F3943 0DDEBF51 1A476AF0 8896B10E
15DE45B1 194B2B6F E736FADA 6550B219 451F63BF F3CAAE
quit
bridge irb
interface Loopback0
ip address 10.0.0.1 255.255.255.252
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface Dot11Radio0
no ip address
encryption mode ciphers tkip
ssid <omitted>
authentication open
authentication key-management wpa
wpa-psk ascii 7 <omitted>
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.31
access-list 2 permit 68.86.0.0 0.1.255.255
access-list 2 permit 10.10.10.0 0.0.0.31
access-list 2 deny any
access-list 2 remark for VTY access
access-list 20 permit 63.241.192.58
access-list 100 permit ip 10.10.10.0 0.0.0.31 any
access-list 100 deny ip any any
access-list 101 remark input ACL for Outside - CM facing - Interface
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit udp any any eq ntp
access-list 101 permit ip 68.86.0.0 0.1.255.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
control-plane
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C********************************************************************************
WARNING
This system is solely for the use of authorized and
contractors. reserves the right at any time to monitor usage of this
system to ensure compliance with this policy, all applicable policies
that apply to electronic communications, and all applicable laws. Your use of
this system constitutes your acceptance of and agreement to all applicable
electronic communications policies, your consent to monitoring by
,and your express agreement to use this system in compliance with all
applicable laws. Any unauthorized use of or access to this system may result
in a revocation of your user privileges, other disciplinary action up to and
including termination of employment or contract, or referrals to law
enforcement officials including the provision evidence of any unauthorized use
or access to law enforcement.
********************************************************************************^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 2 in
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
sntp server 68.87.96.5
sntp server 152.10.1.186
endThe router connects directly to a cable modem.
The issue is not DHCP, it is that the clients cannot associate with the router AP. Until is associates it will of course not sent a DHCP discover. Only a single laptop can associate at a time. As soon as the 1st laptop is powered down, the 2nd laptop can associate. Turn the 1st laptop back on and it cannot associate until the 2nd is powered down. There is not even a log message that the 2nd laptop is trying to associate
1st laptop associates and then is powered off:
000220: Oct 19 20:26:40.912 EDT: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0026.b6ea.3a3e Associated SSID[c0mcastNET0] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
000225: Oct 19 20:33:29.491 EDT: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0026.b6ea.3a3e Reason: Disassociated because sending station is leaving (or has left) BSS SSID[c0mcastNET0]
Almost Immediately 2nd laptop associates
000226: Oct 19 20:33:31.912 EDT: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0026.b6ea.3bee Associated SSID[c0mcastNET0] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK] -
Wireless Intermittent Super Slow DNS lookup bug in 10.6.4
I don't normally post things on forums these days, as usually I can find just about any solution by searching long enough, but this issue has perplexed me to the point I actually had to come on here.
Believe me, that's a big deal, I don't give up easily.
I have spent -countless- hours searching, on here, on google, on any "solutions" or "technical" sites I could find, and the closest I can find to a solution are countless people complaining about the EXACT SAME PROBLEM that I have observed and, repeatedly, reproduced again and again, which in every single case boil down to this:
You had 10.6.x (x being 3 or less) with a wireless connection on your home network and all is well.
You upgraded to 10.6.4 and all seemed fine for maybe 24 hours or so... then it happens. You go to load a website, and it's "looking for site" or "waiting for site" in your status bar... hmm, maybe it's just this site you say, so you try another, or a few others in other tabs, but they all have the same problem.
You try to ping the sites, but the network utility can't resolve the domain to even ping them.
Your roommate, all the while, is surfing and gaming just fine on the exact same router you are on, so no, it's not the network hardware, it's not your ISP, hmm, what could it be?
All of a sudden, ALL of the sites you had in like 20 tabs load up at screaming speeds, "WOW" you say, "guess there must have just been some gunk in the wires or something" (notice the irony of the situation: no wires)... anyway, all seems fine again suddenly, surfing is fine for a few minutes, you're back to normal... and it happens again, suddenly NO site will resolve, NO dns will resolve, you can't check email or ping any domain... and so the cycle begins. Of course, you can just plug an ethernet cable straight into the router, but doesn't that kind of defeat the purpose of having wireless networking in the first place?
It continues like this, indefinitely, and it all starts roughly 24 hours after 10.6.4 has been installed.
I have read reports of people on macbooks, people on imacs, people on all sorts of different wireless hardware, but the symptoms are the same.
I know the problem is with the OS update, it's purely software. I know that it has nothing to do with hardware because simply reverting to 10.6.3 solves the problem -every single time- and then "upgrading" to 10.6.4 causes the problem to come back within 24 hours -every single time- (have been reverting using Time Machine to simplify this testing process), so no, where the problem is isn't what perplexes me; what perplexes me is that there are posts that started almost a few days after 10.6.4 came out, and so far there's STILL no fix? Are you freaking serious? Does the Apple programming team not have access to anything other than Apple-Branded Airport Extreme Base Stations to perform wireless network QA testing on?
Get a Linksys guys, grab a D-Link, go get some of the hardware people actually USE and test it on that and see what happens, it doesn't take long to see what's happening.
I blame the programmers because I am one myself and know how easy it is to screw up a rock-solid system with one little typo. Heck, which patch was it, 10.5.7 or 10.5.8 I think? Can't remember exactly, but it was supposed to be such a great "bug fix" patch... and it came with the config file for Apache set to DENY ALL INCOMING EXTERNAL CONNECTIONS by default (in a hidden file that can only be modified by the root user mind you... so much for the average user running a personal web server on THAT version), so yeah, one tiny mistake and it has huge consequences, my question is: what's taking so long to track down what's going on in 10.6.4 and fix it? Can we at least get a patch or something?
I find it really lame and really such a cop-out to see so many irrelevant "solutions" offered, "try specifying different DNS servers" (doesn't matter, whatever causes this bug doesn't care which servers you have specified, it simply sits there and does NOTHING for 2-3 minutes, and THEN when it actually DOES do a dns lookup, it gets the results in the time expected: instantly), to more extreme matters, like resetting hardware, which again has absolutely nothing to do with this bug.
Here is why anyone can see this is an obvious bug that the programming team needs to admit, investigate and correct:
A. happens immediately after the software update
B. happens to EVERYONE who uses traditional wireless routers for internet use
C. is 100% repeatedly reproducible
D. occurs on all different models of computers and all different ISP's and with all different DNS servers specified.
E. has the same symptoms on every system (lightning fast internet for 2-3 minutes, then "waiting for site" for 1-3 minutes)
F. affects EVERY network-using program on the computer (email, network utility, firefox, safari) SIMULTANEOUSLY
G. does not affect surfing to or interacting with IP addresses directly, only with trying to perform DNS lookups from ANY program with ANY dns server (or no dns server) set in network preferences.
Come on guys, just read it through, think about it for a few minutes, for anyone that has worked with and knows the underlying source code, and what changes went in between 10.6.3 and 10.6.4 specifically to networking, should have a light bulb pop up over their head and say "oh YEAH, we never uncommented that one line..." or something to that effect.I see a very similar issue, but it's been occurring on my laptop for 4 or 5 months, which must be way before 10.6.4. My roommate and friend's laptops all work fine on my network. And my laptop works fine on anyone else's network. But MY laptop on MY network always gives the abysmal DNS performance as described in the original post: 40% of requests time out. Wireless or wired, it doesn't matter. Exact same behavior.
It also doesn't matter whether I use my Netgear router as DNS server, or my ISP, or OpenDNS, or Google. Exact same behavior.
When I do a network trace, it looks like most DNS requests my computer sends out simply never get responded to. (Could they be malformed when they hit the wire? I don't even see an error reply) A few make it through. And when there's a IPv6 (AAAA) record sent, my computer returns a "port unreachable" ICMP message. A screenshot of all of this dialogue is here:
http://img545.imageshack.us/i/screenshot20100913at114.png/
I recently had opportunity to cancel my cable service, and reinstate it for a lower price. They came out, tested the line (strong signal), gave me a new cable box. Yet the issue persists. Exact same behavior.
Firewall is disabled. I've deleted the network interfaces and added them back. Nothing helps.
(As I recall, this issue may even have been present before I reinstalled 10.6 over 10.5, so I'm not too confident a total reinstall would help.)
Any help? I'm about ready to buy a new laptop to fix this damned problem. Web browsing is nearly impossible, as is. -
WLAN Clients not browsing on Cisco Wireless Controller WLC NME-AIR-WLC12-K9
HiI have a question and i need a solution and expert help.I have done a deployment which involves Security (ASA5540), Routing/voice gateway/wlc NME-AIR-WLC12-k9) and Switching (Cisco3845-ccme/k9)Below is the list of equipment used:1. Cisco ASA 5540 - which is connected at the edge to the ISP router
2. Core Switch WS-C4948E as core and DHCP Server for all VLANs
3. Access/Distribution Switches WS-C3560G-48PS-S connected as trunk to the core switch
4. Router/Voice Gateway/WLC Cisco3845-CCME/K9 - This is the voice gateway and also the WLC
5. Wireless APs AIR-LAP1242AG-E-K9 (12 qty)Here is the deployment scenario:1. G0/0 of the ASA is connected to a 7200 router from the ISP (Public IP Add)
2. G0/1 of the ASA is connected to gig 1/3 on the Core Switch on VLAN 2 which is the management VLAN (Local IP 10.1.1.2)
3. Port 3 of the Core switch is on vlan 2 connected to ASA - Management IP of Core Switch is 10.1.1.1. Core Switch is the DHCP Server for all VLANS on the network.
4. All the Access/Distribution switches are configured with IP Addresses on VLAN 2
5. Telephony Services is configured on the router and DHCP Pool for Access Points and Wireless Clients is running on the router.
6. Two DHCP pools were created on the router for APs and Wireless Clients.
7. G0/0 of the router is configured on the same network that issues dhcp ip to the AP and is connected to gig 1/1 on the core switch
8 G0/1 of the router is configured as the voice port for the IP Telephony Services and is connected to G 1/2 on the core switch1. Clients receiving DHCP IP on the Core Switch can communicate with all vlans and can browse to the Internet.
2. IP Telephony Services is running well.
3. Client on wireless can get IP from the DHCP on the router but cannot browse.I have pings from the router to the core switch and firewall, but clients connected to the wireless
cannot ping other vlans on the core switch and vice versa.The port connecting the router to the core switch is an Access Port, i have changed to to trunk but still no changes.My biggest problem now is how to make the clients on the wireless communicate with other clients on the network and be able to browse to the Internet.Below is the configs on the router and core switch.Router ConfigNimc_Voice_Router#sh run
Building configuration...
Current configuration : 10513 bytes
! Last configuration change at 13:03:55 Nigeria Mon Nov 29 2010 by admin
! NVRAM config last updated at 13:03:56 Nigeria Mon Nov 29 2010 by admin
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Nimc_Voice_Router
boot-start-marker
boot-end-marker
! card type command needed for slot/vwic-slot 0/2
logging message-counter syslog
enable secret
aaa new-model
! aaa authentication login default local
aaa session-id common
clock timezone Nigeria 1
dot11 syslog
ip source-route
ip dhcp excluded-address 10.1.12.1 10.1.12.10
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool LWAAP-AP
network 10.1.12.0 255.255.255.0
default-router 10.1.12.1
option 43 hex f104.c0a8.0002
dns-server 83.229.88.30 4.2.2.2 193.238.28.249
option 60 ascii "Cisco AP c1240"
ip dhcp pool Wireless
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
ip cef
no ip domain lookup
ip domain name nimc.gov.ng
ip name-server 83.229.88.30
ip name-server 193.238.28.249
ip name-server 4.2.2.2
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
archive
log config
hidekeys
interface GigabitEthernet0/0
description Connection to AP
ip address 10.1.12.1 255.255.255.0
ip helper-address 192.168.0.2
load-interval 30
duplex auto
speed auto
media-type rj45
interface Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/1
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
media-type rj45
interface FastEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 2000000
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
interface Integrated-Service-Engine1/0
ip address 192.168.0.1 255.255.255.0
no keepalive
interface Integrated-Service-Engine1/0.15
encapsulation dot1Q 15
ip address 192.168.1.1 255.255.255.0
interface Integrated-Service-Engine1/0.100
encapsulation dot1Q 100
ip forward-protocol nd
ip forward-protocol udp 12223
ip route 10.1.0.0 255.255.255.0 10.1.1.1
ip route 10.1.1.0 255.255.255.0 10.1.1.1
ip route 10.1.2.0 255.255.255.0 10.1.1.1
ip route 10.1.3.0 255.255.255.0 10.1.1.1
ip route 10.1.4.0 255.255.255.0 10.1.1.1
ip route 10.1.5.0 255.255.255.0 10.1.1.1
ip route 10.1.6.0 255.255.255.0 10.1.1.1
ip route 10.1.7.0 255.255.255.0 10.1.1.1
ip route 10.1.8.0 255.255.255.0 10.1.1.1
ip route 10.1.9.0 255.255.255.0 10.1.1.1
ip route 10.1.10.0 255.255.255.0 10.1.1.1
ip route 10.1.11.0 255.255.255.0 10.1.1.1
ip route 10.1.12.0 255.255.255.0 10.1.1.1
ip route 192.168.0.0 255.255.255.0 10.1.1.1
ip route 192.168.1.0 255.255.255.0 10.1.1.1
no ip http server
ip http secure-server
!Core Switch Configsh run
Building configuration...Current configuration : 10622 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
hostname Nimc_Core
boot-start-marker
boot-end-marker!
aaa new-model
aaa authentication login default local
aaa session-id common
storm-control broadcast include multicast
ip subnet-zero
no ip domain-lookup
ip domain-name nimc.gov.ng
ip dhcp excluded-address 10.1.2.1 10.1.2.10
ip dhcp excluded-address 10.1.4.1 10.1.4.10
ip dhcp excluded-address 10.1.5.1 10.1.5.10
ip dhcp excluded-address 10.1.6.1 10.1.6.10
ip dhcp excluded-address 10.1.7.1 10.1.7.10
ip dhcp excluded-address 10.1.8.1 10.1.8.10
ip dhcp excluded-address 10.1.9.1 10.1.9.10
ip dhcp excluded-address 10.1.10.1 10.1.10.10
ip dhcp excluded-address 10.1.3.1 10.1.3.10
ip dhcp pool Voice
network 10.1.2.0 255.255.255.0
next-server 10.1.2.1
option 150 ip 10.1.2.2
default-router 10.1.2.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
ip dhcp pool SF_DGs_Office
network 10.1.3.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.3.1
dns-server 81.199.3.7
lease 10
ip dhcp pool Admin_Process_Fac_Mgt
network 10.1.4.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.4.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool SF_IDD
network 10.1.5.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.5.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool Finance_Fin_Inv
network 10.1.6.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.6.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool Finance_CS
network 10.1.7.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.7.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool FF_Human_Capital_Mgt
network 10.1.8.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.8.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool FF_Legal_Services
network 10.1.9.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.9.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool SF_Procurement_Serv
network 10.1.10.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.10.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip vrf mgmtVrf
errdisable recovery cause bpduguard
errdisable recovery interval 180
power redundancy-mode redundant
spanning-tree mode mst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree mst configuration
name xxxx
revision 1
instance 1 vlan 1-20
spanning-tree mst 1 priority 0
spanning-tree vlan 1-20 priority 0
vlan internal allocation policy ascending
interface FastEthernet1
ip vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/2
switchport access vlan 4
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/3
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/4
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/5
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/6
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/7
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/8
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast!
interface GigabitEthernet1/9
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/10
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/11
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/12
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/13
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/14
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/15
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/16
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/17
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/18
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/19
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/20
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/21
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/22
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/23
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/24
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/25
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/26
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/27
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/28
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/29
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/30
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/31
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfastinterface GigabitEthernet1/32
switchport access vlan 2
switchport voice vlan 4
interface GigabitEthernet1/33
switchport mode access
interface GigabitEthernet1/34
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/35
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/36
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/37
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/38
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/39
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/40
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/41
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/42
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/43
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/44
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/45
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/46
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/47
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/48
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
no ip address
shutdown
interface Vlan2
description Management
ip address 10.1.1.1 255.255.255.0
interface Vlan3
description Enterprise
ip address 10.1.0.1 255.255.255.0
interface Vlan4
description Voice
ip address 10.1.2.1 255.255.255.0
interface Vlan5
description SS_DGs_Office
ip address 10.1.3.1 255.255.255.0
interface Vlan6
description Admin_Process_Fac_Management
ip address 10.1.4.1 255.255.255.0
interface Vlan7
description SF_National_Identity_Database
ip address 10.1.5.1 255.255.255.0
interface Vlan8
description Fin_Finance_Investment
ip address 10.1.6.1 255.255.255.0
interface Vlan9
description Fin_Corporate_Services
ip address 10.1.7.1 255.255.255.0
interface Vlan10
description FF_Human_Capital_Management
ip address 10.1.8.1 255.255.255.0
interface Vlan11
description FF_Legal_services
ip address 10.1.9.1 255.255.255.0
interface Vlan12
description SF_Procurement_Services
ip address 10.1.10.1 255.255.255.0
ip default-gateway 10.1.1.2
ip route 0.0.0.0 0.0.0.0 10.1.1.2
ip route 10.1.1.0 255.255.255.0 10.1.1.2
ip route 10.1.2.0 255.255.255.0 10.1.1.2
ip route 10.1.3.0 255.255.255.0 10.1.1.2
ip route 10.1.4.0 255.255.255.0 10.1.1.2
ip route 10.1.5.0 255.255.255.0 10.1.1.2
ip route 10.1.6.0 255.255.255.0 10.1.1.2
ip route 10.1.7.0 255.255.255.0 10.1.1.2
ip route 10.1.8.0 255.255.255.0 10.1.1.2
ip route 10.1.9.0 255.255.255.0 10.1.1.2
ip route 10.1.10.0 255.255.255.0 10.1.1.2
ip route 10.1.11.0 255.255.255.0 10.1.1.2
ip http server
--More--
control-plane
line con 0
stopbits 1
line vty 0 4
end
Please i need somebody to help meI wouldn't configure an ip address on the service engine subinterface.
Try setting up a vlan interface on the router with that ip address and the subinterface will be linked to the vlan interface through the encapsulation command. A vlan interface will better work as a gateway for the wireless clients
Nicolas -
Ask the Expert: Cisco BYOD Wireless Solution: ISE and WLC Integration
With Jacob Ideji, Richard Hamby and Raphael Ohaemenyi
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the new Identity Solutions Engine (ISE) and Wireless LAN Controller (WLC) hardware/software, integration, features, specifications, client details, or just questions about Cisco's Bring-your-own device (BYOD) solution with cisco Experts Richard Hamby, Jacob Ideji, and Raphael Ohaemenyi. The interest in BYOD (Bring You Own Device) solutions in the enterprise has grown exponentially as guests and company users increasingly desire to use personal devices to access . Cisco BYOD enhances user experience and productivity while providing security, ease-of-administration, and performance. The heart of the Cisco wireless BYOD solution is Identity Solutions Engine (ISE) utilizing the Cisco Unified Wireless portfolio. Starting with ISE v1.1.1MR and WLC (Wireless LAN Controller) code v7.2.110.0 and higher, end-to-end wireless BYOD integration is reality.
Jacob Ideji is the technical team lead in the Cisco authentication, authorization and accounting (AAA) security team in Richardson, Texas. During his four years of experience at Cisco he has worked with Cisco VPN products, Cisco Network Admission Control (NAC) Appliance, Cisco Secure Access Control Server, and Dot1x technology as well as the current Cisco Identity Services Engine. He has a total of more than 12 years experience in the networking industry. Ideji holds CCNA, CCNP, CCSP, CCDA, CCDP, and CISM certifications from Cisco plus other industry certifications.
Richard Hamby works on the Cisco BYOD Plan, Design, Implement (PDI) Help Desk for Borderless Networks, where he is the subject matter expert on wireless, supporting partners in the deployment of Cisco Unified Wireless and Identity Services Engine solutions. Prior to his current position, Hamby was a customer support engineer with the Cisco Technical Assistance Center for 3 years on the authentication, authorization, accounting (AAA) and wireless technology teams.
Raphael Ohaemenyi Raphael Ohaemenyi is a customer support engineer with the authentication, authorization and accounting (AAA) team in the Technical Assistance Center in Richardson, Texas, where he supports Cisco customers in identity management technologies. His areas of expertise include Cisco Access Control Server, Cisco Network Admission Control (NAC) Appliance, Cisco Identity Services Engine, and IEEE 802.1X technologies. He has been at Cisco for more than 2 years and has worked in the networking industry for 8 years. He holds CCNP, CCDP, and CCSP certification.
Remember to use the rating system to let Jacob, Richard and Raphael know if you have received an adequate response.
Jacob, Richard and Raphael might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the wireless mobility sub community forum shortly after the event. This event lasts through Oct 5th, 2012. Visit this forum often to view responses to your questions and the questions of other community members.OOPS !!
I will repost the whole messaqge with the correct external URL's:
In general, the Trustsec design and deployment guides address the specific support for the various features of the 'whole' Cisco TS (and other security) solution frameworks. And then a drill-down (usually the proper links are embedded) to the specifc feature, and then that feature on a given device. TS 2.1 defines the use of ISE or ACS5 as the policy server, and confiugration examples for the platforms will include and refer to them.
TrustSec Home Page
http://www.cisco.com/en/US/netsol/ns1051/index.html
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/at_a_glance_c45-654884.pdf
I find this page very helpful as a top-level start to what features and capabilities exist per device:
http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
The TS 2.1 Design Guides
http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
DesignZone has some updated docs as well
http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#~bng
As the SGT functionality (at this point) is really more of a router/LAN/client solution, the most detailed information will be in the IOS TS guides like :
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/sec-usr-cts-xe-3s-asr1000-book.html
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html -
Cisco wireless and Apple Mac woes
Hello all,
I've been working with Cisco wireless and WLC's for a couple of years now but the recent onslaught of Apple Mac's is giving me heart burn. I've seen this at numerous sites now and need to throw it to eht community for guidance.
Basically we have had a number of instances where the Macs just fall off the wifi. Sometimes it's when they wake from sleep and other times when roaming between AP's (1131s with same SSID's). Our standard install is WPA2 and per ap local authentication. PC's work fine and never an issue.
We have completed a survey with a spectrum analyser and no RF interefence is present nor errors on the radio interface.
Questions:
- Is there a preferred Cisco config/setup for Mac's to work reliably? I've heard loads of rumors but nothing concrete and nor can I find anything specific.
- Should I be setting up WDS in case there is an authenticating issue.
- For those who are Mac gurus and happen to be reading. What Mac options we should look at?
This has all come to a head because the clients IT company who recommended the Macs (different from us doing the network infrastructure) are insisting that the problem is Cisco incompatibility and that we should rip out the Cisco kit and install airports (what tha!!!).
Thanks in advance for any pointers.
For those who like a config here it is .... Vanilla stuff really
Building configuration...
Current configuration : 2236 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP4
no logging console
enable secret xxxxxxxxxxxxxxxxx
no aaa new-model
dot11 syslog
dot11 ssid Home
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii xxxxxxxxxxxx
dot11 ssid avnet
vlan 2
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii xxxxxxxxxxxxxxxx
username abcd password 1234
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers tkip
encryption vlan 2 mode ciphers tkip
ssid Home
mbssid
speed basic-1.0 basic-2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 80 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface BVI1
ip address 192.168.10.54 255.255.255.0
no ip route-cache
ip default-gateway 192.168.10.1
no ip http server
no ip http secure-server
bridge 1 route ip
line con 0
line vty 0 4
login local
endYeah!! even i have come across multiple issue with MAC and Cisco.. these are the below settings which i normally do on the cisco gears and most of the times this solved the issue..
on the IOS AP disable Aironet Extentions and set the poer local and ofdm to max
no dot11 extension aironet
power local cck max
power local ofdm max
end
On the WLC, disable Aironet IE..
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull
Maybe you are looking for
-
Print only a specific control or indicator on a front panel to HTML document
Is there any way to print a specific control or indicator (not the whole front panel) to HTML document? I am trying to print a report that has a graph and some indicator value on it.
-
I'm not able to use the Characters in Captivate 6. I tried installing them from my installation CD. That didn't work. I tried installing them from Adobe's download link. That didn't work. What happens when I try to insert a Character is that the dial
-
Hi everybody, This line: System.out.println((0.1+0.7)*10);outputs 7.999999999999999 This is due to how floating point numbers are stored. When writing a code, sometimes it behaves in an intended way, sometimes it doesn't (like the one above). Is ther
-
How can define the cost center (department) manager?
We are on 11.5.0.10 Financials implementation is done(GL,AP,AR,FA,IA) In iAssets System, we want to set up the approval method to use "cost center-based approvals". (For cost center-based approvals to work properly, each cost center must have a manag
-
Hi All; I am using IIf statement by using 3 dataset PF, PO, JC =IIf( Lookup(Fields!new_mainprogrammeid.Value & "," & Fields!new_subprogrammeid.Value & "," & Fields!new_outputs.Value & "," & Fields!new_claimmonthid.Value, Fields!new_mainprogrammeid.V