AP 1100 with freeradius VLAN problem
Hi there.
I have an installation which consists in a Cisco Access Point 1100 and a freeradius server connected to a LDAP server.
I want to setup several VLANs and assing them to the users depending on what group they belong to. All the freeradius and LDAP stuff is working, users get authenticated using their user/password stored in LDAP and everything runs smoothly. However, I can't get the AP to assing the VLANs dinamically.
I pass this Radius attributes (from the freeradius log):
Tunnel-Medium-Type:1 = 802
Tunnel-Type:1 = VLAN
Tunnel-Private-Group-Id:1 = "11"
Do I have to pass any other attribute? Are there any format errors in the attributes I pass?. I would say they are Ok, but can't tell.
On the other hand, I could have a problem on the AP1100 configuration. I simply added the VLANs (names and ID, no Native Mode).
Do I need to tweak any other setting? Is there any kind of filter or something to activate?.
Thank you very much in advance,
Hi,
If the phone is not associating to the AP you need to verify that the configuration on the phone (check under "Network config" tab) is the same than in the AP.
Verify
-SSID is set to "specify" and the SSID1 value is the same that what is configured on the AP for that vlan.
-The "Authentication" selected is the same than in the AP. If it's LEAP verify as well the username/pwd configured. If it's Shared key, doublecheck the Web key under Encryption parameter (it's easy to mistype numbers from 1-3 as they are on same key than A-F).
If those two are properly configured you will see under "site survey"a list of AP matching SSID and authentication method.
Make sure as well that non supported features are unchecked on the AP for the vlan where your phones reside(TKIP/MIC,PMIP)
Similar Messages
-
I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN .
HI All,
I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN . the WLC are providing the HQ and one of the Branches the Wireless services .
Am using all the available 9 SSIDs at the HQ , and am using only 4 of it at the Brnche.
The problem that i have are happening only at the Branch office as i cant room between the SSIDs within Diferent VLANs but i can do it with the one that pointing to the same VLAN. Once the client ( Laptop/Phone ) connected to one of the SSIDs. it imposiible to have him connected to the other ones with Different VLAN. meanwhile, It says its connected to the other SSID but its not getting IP from that pool.
here is the Show Run-Config from my WLC .. and the Problem happening between the SSID AMOBILE and ASTAFF. i have the Debug while am switching between the SSIDs if needed .
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.11.04 10:20:47 =~=~=~=~=~=~=~=~=~=~=~=
show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco 5500 Series Wireless LAN Controller"
PID: AIR-CT5508-K9, VID: V01, SN: FCW1535L01G
Burned-in MAC Address............................ 30:E4:DB:1B:99:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 12
Press Enter to continue or <ctrl-z> to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... WLAN Controller 5508
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 10.125.18.15
Last Reset....................................... Software reset
System Up Time................................... 41 days 5 hrs 14 mins 42 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... US - United States
--More or (q)uit current module or <ctrl-z> to abort
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +20 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 10
Number of Active Clients......................... 61
Burned-in MAC Address............................ 30:E4:DB:1B:99:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 12
Press Enter to continue or <ctrl-z> to abort
AP Bundle Information
Primary AP Image Size
ap3g1 5804
ap801 5192
ap802 5232
c1100 3096
c1130 4972
c1140 4992
c1200 3364
c1240 4812
c1250 5512
c1310 3136
c1520 6412
c3201 4324
c602i 3716
Secondary AP Image Size
ap801 4964
c1100 3036
--More or (q)uit current module or <ctrl-z> to abort
c1130 4884
c1140 4492
c1200 3316
c1240 4712
c1250 5064
c1310 3084
c1520 5244
c3201 4264
Press Enter to continue or <ctrl-z> to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Press Enter to continue or <ctrl-z> to abort
Network Information
RF-Network Name............................. OGR
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
--More or (q)uit current module or <ctrl-z> to abort
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Enabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or <ctrl-z> to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or <ctrl-z> to abort
AP Summary
Number of APs.................................... 8
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KNOWLOGY_DC01 2 AIR-LAP1131AG-A-K9 00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1 US 1
KNOWLOGY_DC02 2 AIR-LAP1131AG-A-K9 00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1 US 1
KN1252_AP01 2 AIR-LAP1252AG-A-K9 00:21:d8:ef:06:50 Knowlogy Confere 1 US 1
KN1252_AP02 2 AIR-LAP1252AG-A-K9 00:22:55:8e:2e:d4 Server Room Side 1 US 1
Anham_AP03 2 AIR-LAP1142N-A-K9 70:81:05:88:15:b5 default location 1 US 1
ANHAM_AP01 2 AIR-LAP1142N-A-K9 70:81:05:b0:e4:62 Small Conference 1 US 1
ANHAM_AP04 2 AIR-LAP1131AG-A-K9 00:1d:45:86:e1:b8 Conference room 1 US 1
ANHAM_AP02 2 AIR-LAP1142N-A-K9 70:81:05:96:7a:49 Copy Room 1 US 1
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
KNOWLOGY_DC01 disabled -
KNOWLOGY_DC02 disabled -
--More or (q)uit current module or <ctrl-z> to abort
KN1252_AP01 disabled -
KN1252_AP02 disabled -
Anham_AP03 disabled -
ANHAM_AP01 disabled -
ANHAM_AP04 disabled -
ANHAM_AP02 disabled -
Press Enter to continue or <ctrl-z> to abort
AP Location
Total Number of AP Groups........................ 3
Site Name........................................ ANHAM8075
Site Description................................. ANHAM 8075 Location
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
9 knowlogy_ogr Disabled None
7 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Anham_AP03 2 AIR-LAP1142N-A-K9 70:81:05:88:15:b5 default location 1 US 1
ANHAM_AP01 2 AIR-LAP1142N-A-K9 70:81:05:b0:e4:62 Small Conference 1 US 1
ANHAM_AP04 2 AIR-LAP1131AG-A-K9 00:1d:45:86:e1:b8 Conference room 1 US 1
ANHAM_AP02 2 AIR-LAP1142N-A-K9 70:81:05:96:7a:49 Copy Room 1 US 1
Site Name........................................ Knowlogy_DC
--More or (q)uit current module or <ctrl-z> to abort
Site Description................................. DC Center Access points
WLAN ID Interface Network Admission Control Radio Policy
2 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
3 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KNOWLOGY_DC01 2 AIR-LAP1131AG-A-K9 00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1 US 1
KNOWLOGY_DC02 2 AIR-LAP1131AG-A-K9 00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1 US 1
Site Name........................................ OGR
Site Description................................. 1934 OGR Office
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
2 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
--More or (q)uit current module or <ctrl-z> to abort
7 knowlogy_ogr Disabled None
9 knowlogy_ogr Disabled None
8 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KN1252_AP01 2 AIR-LAP1252AG-A-K9 00:21:d8:ef:06:50 Knowlogy Confere 1 US 1
KN1252_AP02 2 AIR-LAP1252AG-A-K9 00:22:55:8e:2e:d4 Server Room Side 1 US 1
Site Name........................................ default-group
Site Description................................. <none>
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
2 knowlogy_ogr Disabled None
3 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
5 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
7 knowlogy_ogr Disabled None
8 knowlogy_ogr Disabled None
--More or (q)uit current module or <ctrl-z> to abort
9 knowlogy_ogr Disabled None
10 management Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Press Enter to continue or <ctrl-z> to abort
AP Config
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... KNOWLOGY_DC01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:1d:45:86:ed:4e
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.100
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................ wireless.knowlogy.com
Primary Cisco Switch IP Address.................. 10.125.18.15
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abortIP Address.................. 10.125.18.15
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
--More or (q)uit current module or <ctrl-z> to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX1134T0QG
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 48 days, 20 h 19 m 18 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:33 2013
Join Taken Time.................................. 0 days, 00 h 10 m 47 s
--More or (q)uit current module or <ctrl-z> to abort
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211b
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:1d:71:09:8f:90
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
--More or (q)uit current module or <ctrl-z> to abort
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
--More or (q)uit current module or <ctrl-z> to abort
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 11
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
--More or (q)uit current module or <ctrl-z> to abort
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... KNOWLOGY_DC01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:1d:45:86:ed:4e
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.100
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
--More or (q)uit current module or <ctrl-z> to abort
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................ wireless.knowlogy.com
Primary Cisco Switch Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
--More or (q)uit current module or <ctrl-z> to abort
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
AP Serial Number................................. FTX1134T0QG
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or <ctrl-z> to abort
AP Up Time....................................... 48 days, 20 h 19 m 18 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:33 2013
Join Taken Time.................................. 0 days, 00 h 10 m 47 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:1d:71:09:8f:90
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 20
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or <ctrl-z> to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 15 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 44
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
--More or (q)uit current module or <ctrl-z> to abort
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Press Enter to continue or <ctrl-z> to abort
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... KNOWLOGY_DC02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:36:c5:c4
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.101
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
--More or (q)uit current module or <ctrl-z> to abort
AP Serial Number................................. FTX1230T24F
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 48 days, 20 h 24 m 41 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:35 2013
Join Taken Time.................................. 0 days, 00 h 10 m 48 s
--More or (q)uit current module or <ctrl-z> to abort
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211b
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:a5:0c:30
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
--More or (q)uit current module or <ctrl-z> to abort
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
--More or (q)uit current module or <ctrl-z> to abort
Current Tx Power Level .................... 1
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
--More or (q)uit current module or <ctrl-z> to abort
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... KNOWLOGY_DC02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:36:c5:c4
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.101
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
--More or (q)uit current module or <ctrl-z> to abort
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
--More or (q)uit current module or <ctrl-z> to abort
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
AP Serial Number................................. FTX1230T24F
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or <ctrl-z> to abort
AP Up Time....................................... 48 days, 20 h 24 m 41 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:35 2013
Join Taken Time.................................. 0 days, 00 h 10 m 48 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:a5:0c:30
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 20
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or <ctrl-z> to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 15 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 36
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
--More or (q)uit current module or <ctrl-z> to abort
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Press Enter to continue or <ctrl-z> to abort
Cisco AP Identifier.............................. 5
Cisco AP Name.................................... KN1252_AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:ef:06:50
IP Address Configuration......................... DHCP
IP Address....................................... 10.125.18.101
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.125.18.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Disabled
Cisco AP Location................................ Knowlogy Conference Rooms Side
Cisco AP Group Name.............................. OGR
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.4.10.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. PoE/Medium Power (15.4 W)
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1252AG-A-K9
AP Image......................................... C1250-K9W8-M
IOS Version...................................... 12.4(23c)JA5
--More or (q)uit current module or <ctrl-z> to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX122990L5
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 118
WLAN 1 :........................................ 111
WLAN 2 :........................................ 111
WLAN 4 :........................................ 112
WLAN 6 :........................................ 112
WLAN 7 :........................................ 111
WLAN 9 :........................................ 112
WLAN 8 :........................................ 112
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 26 days, 00 h 24 m 39 s
--More or (q)uit current module or <ctrl-z> to abort
AP LWAPP Up Time................................. 26 days, 00 h 23 m 48 s
Join Date and Time............................... Wed Oct 9 10:59:07 2013
Join Taken Time.................................. 0 days, 00 h 00 m 50 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 7
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:df:a5:90
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
11000 Kilo Bits.......................... MANDATORY
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
--More or (q)uit current module or <ctrl-z> to abort
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 ..........Well you need to understand the behavior of h-reap or what it's called now, FlexConnect. In this mode, the clients are still remembers on the WLC until the session timer/idle timer expires. So switching between SSID's in h-reap will not be the same when switching when the AP's are in local mode.
Take a look at the client when connected in FlexConnect in the WLC GUI monitor tab. Thus will show you what ssid and vlan the client is on. Now switch to a different ssid and compare this. It's probably the same because the client has not timed out. Now go back to the other ssid and look again. Now on the WLC, remove or delete the client and then switch to the other ssid at the same time. Or switch SSID's and then remove the client. The client will join the new ssid and in the monitor tab, you should see the info.
There is no need to have clients have multiple SSID's unless your testing. Devices should only have one ssid profile configured to eliminate any connectivity issues from the device wanting to switch SSID's.
Sent from Cisco Technical Support iPhone App -
VLAN problems with SG200-8P and Cisco ASA 5505 (Sec Plus license)
Hi, I've been pulling my hair out trying to get simple vlan trunking working between these devices.
Basically, no clients on VLAN 99 (guest) will receive DHCP ip addresses when plugged into the SG200. I have the SG200<>ASA VLAN trunk configured correctly, as I know it, and I've tried numerous variations (set trunk as general tag/untagged, etc., set the ap port to general tag/untag, etc). Both AP's work properly when connected to the ASA e0/3 port but either will only pull the "inside" VLAN dhcp address when connected to the SG200 switch
VLAN 1 - inside (has separate dhcp scope assigned by ASA)
VLAN 99 - guest (has separate dhcp scope assigned by ASA)
SG200
purpose
ASA 5505 (Sec Plus license)
purpose
g2
Trunk 1UP,99T
Ubiquiti AP (VLAN 1 works, VLAN 99 does not
g3
Access port 99T
vlan 99 does not work
g8
Trunk 1UP, 99T
< Trunk between switch and ASA >
Int e0/2
switchport trunk allowed vlan 1,99
switchport trunk native vlan 1
switchport mode trunk
Int e0/3
switchport trunk allowed vlan 1,99
switchport trunk native vlan 1
switchport mode trunk
Second ubiquiti AP
Both VLAN 1 and VLAN 99 clients work properlyFrustrated - yes. Confused - maybe not as much, but I could have put some more effort into the overall picture.
There are two VLANs (1 - native) and (99 - guest). There is a trunk port between the SG200 and the ASA configured as 1-untagged 99 - tagged.
No clients connected to the SG200 on VLAN 99 are able to access the ASA VLAN 99 using either a static VLAN IP address or DHCP. The problem occurs whether I configure the SG200 with an access port 99-tagged or Trunk port 1UP, 99T or general port 1U, 99UP or any combination thereof.
Anything connected to the SG200 on the native VLAN works properly.
Anything connected to the ASA VLANs (1 or 99) works properly
I have not yet tried to see what the switch is doing with the VLAN tags but I suspect I have some mismatch with the Linksys/Cisco SG200 way of setting up a VLAN and how traditional Cisco switches work.
I was hoping someone with a working SG200 - Cisco ASA setup could share their port/trunk/VLAN settings or perhaps point me in the right direction.
SG200 g2 - trunk port (1UP, 99T) -- Access Point
SG200 g2 - access port (99U)
SG200 g8 - trunk port (1UP, 99T) connected to ASA5505 e0/3
ASA5505 e0/3 (switchport trunk allowed vlan 1,99, switchport trunk native vlan 1, switchport mode trunk)
Thanks, -
I'm having problem with a setup with multiple SRW2048 connected together. However, I can see the problem when simplifying my setup and using only two SRW2048 together.
The first SRW2048 receives one connection from many different servers and sends these connections to many other SRW2048. I have configured one VLAN (untagged) per server for this switch. The goal is instead of having 4 switches to do this job, I am using only one.
The second SRW2048 receives the server connections from the other switch. It then distributes these connections to various ports. I use a different VLANs on this switch to group these connections and the server uplink together).
Everything works fine until a plug the two switches together (i.e. I can verify the VLAN connections are working by connecting directly to each switch). However, when both switches are connected, I get a flooding of all interfaces (like there is a bypass of the VLANs or a loop in the connections). This happens as soon as I have two servers connected. If I connect only one, there is no problem.
If I connect a second server through a dumb switch instead of the first SRW2048, everything works fine, so I don't think that there is a loop. The problem seems to be with the VLANs (how they "cascade" together). Anybody got an idea of what the problem is?
For those who need a better visual representation:
Server1->Port 1-8 Switch1 (VLAN1 on these ports)->Port 1 (and others) Switch2 (VLAN10 on these ports)
Server2->Port 9-16 Switch1 (VLAN2 on these ports)->Port 2 (and others) Switch2 (VLAN11 on these ports)
Etc for other servers...
All VLANs are using the default settings from the Web Interfaces on the switches (Access mode, Untagged, other ports Excluded, etc.)1. The SRW switches are standalone devices. Unlike more expensive switches like those from the Cisco Small Business Pro series they don't automatically recognize each other and configure themselves to play nicely together.
2. Generally, if you create a new VLAN on one SRW you have to create the same VLAN on all other switches and also add these to the trunks connecting the switches. Same applies to the ASA if you connect the SRWs to ASA. As long as a switch is not configured for a particular VLAN it won't accept traffic for it.
3. The only thing that you may try is GVRP. I never tried this but I think it may do what you want: add a VLAN on a single switch and then propagate this to the trunks and other switches. I can't tell how well this works and whether the ASA will accept that, too. -
AP groups with same vlans , same ssid but different subnet.
Hi Members,
I have a Cisco Flex 7500 in my datacenter and I need to connect 100 sites , each site with 2-3 APs , each side has its own network and is independent of other sites , the site only need to comunity locally and do not need to access any centralized applications.
I am trying to achieve this by Creating 100 different AP groups and assiging 2-3 AP in each groups for each branch, I will achieve WAN failover resiliency by creating flexconnect groug , the issue I am facing are as below .
1.Since all the sites has same setup , the AP and clients on all sites are in vlan 2 , so when I try to create 2 or more AP group with same vlan, it restricts me of doing so , I cannot create diffrent AP groups mapped to same Vlan .
2.If I keep the APs and Clients in the same subnet , I dont think it should be a problem , but I need your second opinion.
to give you an even better picture , look at the topology enclosed , and my question is if both STAFF and STUDENT APs are in same vlan but in 2 different broadcast domain , how would I create the AP groups.
Thank youThanks for the reply Jenn , here is my situation.
I have 2 sites lets day , site A in virginia , site B in Maryland.
SiteA - 10.1.1.0/24 - vlan 2
10.1.2.0/24 - vlan 3
10.1.3.0/30 - WAN to central site where controller sits.
SiteB - 10.2.1.0/24 - vlan 2
10.2.2.0/24 - vlan 3
10.2.3.0/30 - WAN to central site where controller sits.
both the sites will have a single ssid "XYZ" and will switch locally only.
howin my understanding the way I will deploy this is as below
1.I will create WLAN with ssid "XYZ".
2.I will create 2 AP groups lets say "Site-A" and "Site-B"
3.I will map the APs in site A to AP group "Site-A" and APs in Site B to "Site-B"
4.I will create 2 dynamic interfaces one for each AP group , now this is where I am facing problem , when I am creating dynamin interfaces , I need to specify the subnet and vlans when creating dynamic interfaces , since the vlans used is same on both sites , its not letting me create 2 interfaces with same vlan id.
in my understanding HREAP is only majorly used for WAN failover and local authentication so I am not concerned about that right not , my prime work is to udnerstand the AP group and working.
if you still need print shot let me know I will have to go at site.
also validate if my thinking is right on the 4 steps I have mentioned above , I am new to wireless and whatever I have learned I have learned in last 10 days .
Appreciate your help.
Thank you -
AP541N to external freeradius connection problem
Hi. I want to authenticate users with freeradius server installed on external pfsense firewall.
I've added GUEST ssid and set security to Dynamic WEP (or WPA Enterprise). My external pfsense freeradius server has ip 192.168.168.50 and listen on port 1812 and 1813 (I've also tried 1645 and 1646). I see no connection from Cisco AP. Any idea what am I doing wrong?
What port Cisco is making connection on?
I did some test with tools radtest from my ubuntu workstation and has no problem with connection.Good day,
Thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. It is a pleasure provided assistance with this Cisco product.
Can I ask you a little more details about your topology?
I will give you some advises, you can try disabling your OS firewall just to verity in with out it you can access, but just for test.
Also ensure that the ports 1812 and 1813 are permitted in ACL in the AP firewall, Router and also OS you are using. Please try this one and let me know if you have any question.
I hope you find this answer useful,
*Please mark the question as Answered or rate it so other users can benefit from it"
Greetings,
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer. -
Hi,
i am trying to set the network agent N100 on a trunk port on a switch (2960) without success regarding dhcp???
The problem is that the agent is not getting any ip address from a dhcp pool from a Cisco 1841 router acting as DHCP server. The topology is like this:
Router---------------------------------------------------------------------Switch--------------------------------------------------------------------On100
fa0/0
fa0/0.10
fa0/0.20
The router is on the stick with subinterfaces. Ports connecting the router and On100 on the switch are 802.1q trunk ports. I also made a simulation of this topology on the GNS3 and with wireshark i can see that dhcp discover are comming inbound fa0/0 but when i type the command:
R#show ip dhcp server statistics there are no received dhcp discover packets???It's very strange.
Did any one have experience with multiple vlan topology?
ThanksDelo,
Take a look at the document link below. Beginning on page 3 contains a sample configuration. I would recommend reading the entire document to get your arms around the VLAN discovery functionality. I can appreciate that when reading some of the documentation it can be confusing and lead you to believe that it can discover additional networks using Layer 3 routing. That said, the one thing to keep in consideration is that OnPlus/ON100, other than the Network Scanning functionality, will not traverse Layer 3 boundaries to do additional discovery/monitoring. You can manually add devices that are only accessible via Layer 3 and select to do some monitoring on those devices however they must be added manually and it will not attempt to access those devices via SSH/Telnet or SNMP. As such, it won't do functions like backing up configurations.
OnPlus autodiscovery will only use Layer 2 and that is why you would need the VLAN Trunking with DHCP in each VLAN or to SPAN a switch port. With VLAN trunking the ON100 will have an IP in the other VLAN and be able to discover devices on that now "local LAN". With port spanning, the ON100 would discover based on packets it receives. It can appear a little confusing but as long as you keep in mind that the ON100 won't discover over a Layer 3, that will help to clarify some of the confusion.
http://www.cisco.com/en/US/docs/net_mgmt/other_net_mgmt/onplus/application_notes/multivlan/onplus_on100_vlan_discovery_782079601.pdfhttp://www.cisco.com/en/US/docs/net_mgmt/other_net_mgmt/onplus/application_notes/multivlan/onplus_on100_vlan_discovery_782079601.pdf -
SRW224G4P : voice vlan problem
Hi guys ,
i've a problem with tagged vlan with my SRW224G4P.
I,ve got following scenario:
one cisco 2801-CCME/k9 router
one cisco small business SRW224G4P layer 2 managed switch
ten cisco IP phone 7940 and 7931
ten personal computer
I need to use the embedded switch on the phone to connect computer . I need to
have 2 separated vlan for data and voice traffic.
I configured srw224g4p first 12 ports as follows
interface ethernet 1/x
switchport allowed vlan add 199 untagged
switchport native vlan 199
switchport allowed vlan remove 1
switchport mode hybrid
switchport allowed vlan add 150 tagged
spanning-tree cost 100000
spanning-tree edge-port
where vlan 199 is for data and vlan 150 is for voice .
I set following dhcp pool on 2801
ip dhcp pool phones
network 192.168.150.0 255.255.255.0
default-router 192.168.150.1
domain-name cmedeis.local
option 150 ip 192.168.150.1
ip dhcp pool PC
network 192.168.199.0 255.255.255.0
default-router 1982.168.199.1
and configured router on a stick as follows
interface FastEthernet0/0.150
description CME interface
encapsulation dot1Q 150
ip address 192.168.150.1 255.255.255.0
interface FastEthernet0/0.199
encapsulation dot1Q 199
ip address 192.168.199.1 255.255.255.0
My problem is that phones connected to the switch ports doesn't recognize tagged
traffic and doesn't take ip of the corrected dhcp pool of 150 vlan.
With a cisco 2960 poe switch i configured switchport voice vlan 150 and
switchport access vlan 199 and all is fine but this small business switch don't
handle switchport voice attribute and i can't separate voice and data vlan .
Someone have idea how to avoid this problem?
Need some help , please.
ByeGood posts as always Christopher!
As Christopher mentions you will need to hard code the voice vlan on all of the phones. The phones will send the voice traffic via this vlan, and the PCs will send untagged traffic.
I hope you do not mind a tangent and I hope this is not too great of a distraction, but the thought of QoS and security came to my mind as I read this post.
Besides the vlan problems, which I am sure we can get through, there is also a concern.
Any chance you would consider a 3560 for this deployment? You have quite a few Cisco phones, a Cisco router, and many PCs. The Cisco switch would give you CDP, which would be useful for the voice vlan and power settings, as well as the important automatic QoS and security settings.
On my 3560, I applied a smart port macro. A smart port macro is a series of best practices / command sets put into a simple to use command. The one I applied is called cisco-phone. Here is the output before and after:
c3560(config)#do sho run int f0/18
interface FastEthernet0/18
end
c3560(config)#int f0/18
c3560(config-if)#macr app cisco-phone
c3560(config-if)#sw voice vlan 5
c3560(config-if)#sw ac vl 1
c3560(config-if)#do sho run int f0/18
interface FastEthernet0/18
switchport mode access
switchport voice vlan 5
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
macro description cisco-phone
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
end
The switch automatically globally enabled mls qos and configured the many class-maps, policy-maps, and applied them all accordingly. As you know, it is important to establish the trust boundaries when doing voice and QoS. These switches also uses SRR which is a very good way of applying shaping.
Does this help? I hope so. Please fire back any thoughts or questions you may have.
Andrew Lee Lissitz -
I have a mostly Cisco network with a 3750 being the primary head before the 7200 router access to the DS3. On that 3750 I have VTP server enabled with 12 VLANs. On the 3750 root switch in the new building and all the 3550s there I have setup for VTP client.
My problem is after I assign more than 12 FE ports to a specific VLAN the next one I add to any VLAN on the same switch I lose all connectivity on the FE ports.
I have not setup interfaces for the VLANs since I'm running static IP for all of the end node machines. I haven't read where that is a problem at least so far.
I don't know a whole lot about VLAN setup other than reading most of what's here on the subject so at this point I'm hoping someone else has experienced the same problem.
Also if configs would help I'll be glad to post them.
Thanks!here is the config snippet for the 3550 as well. I've done a physical check and no access from any machine in VLAN 11.
ip subnet-zero
ip domain-list xxx.edu
ip domain-name xxx.edu
ip name-server x.x.x.x
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/2
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/3
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/4
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/5
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/6
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/7
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/8
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/9
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/10
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/11
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/12
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/13
description Riedl Hall Room 135 port
switchport access vlan 11
switchport mode access
interface FastEthernet0/14
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/15
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/16
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/17
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/18
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/19
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/20
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/21
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/22
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/23
description Riedl Hall Room 135 port
switchport mode access
interface FastEthernet0/24
description Riedl Hall Room 135 port
switchport mode access
interface GigabitEthernet0/1
switchport trunk encapsulation isl
switchport mode dynamic desirable
interface GigabitEthernet0/2
switchport trunk encapsulation isl
switchport mode dynamic auto
interface Vlan1
ip address xxx.xxx.xxx.245 255.255.255.0
ip default-gateway xxx.xxx.xxx.1
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.1
ip http server -
Can you help me with this ( vlan,accesslist,management )
here's the scenario I have two vlan 10 & 20
I have 2 switch and 1 router
the target of this setup is that vlan 10 can ping or reach vlan 20 but vlan 20 cannot be reach or ping vlan 10 it is that possible
Here's the setup
In SW0
vlan 10
name Management
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
interface FastEthernet0/2
switchport trunk allowed vlan 10
switchport mode trunk
In SW1
interface FastEthernet0/1
switchport trunk allowed vlan 20
switchport mode trunk
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
interface FastEthernet0/3
switchport access vlan 20
switchport mode access
In Router
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip access-group 1 out
interface FastEthernet0/0.20
no ip address
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip access-group 1 out
interface Vlan1
no ip address
shutdown
ip classless
access-list 1 deny 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 deny host 192.168.20.11
access-list 1 permit host 192.168.10.11
access-list 1 deny any
access-list 1 permit any
Im new so i dont know if my setup is correct ...
can any1 help me about this,,,
thanks.Hi,
let's suppose PC0(Vlan 10) wants to communicate with PC1(Vlan 20):
-traffic enters f0/0.10 with src 10.11 and dst 20.11 and it is forwarded out f0/1.20 where there is an egress ACL
-this is a standard ACL so it matches on source only and there is a hit for second entry permit 192.168.10.0 0.0.0.255
-now PC1 replies and traffic enters f0/1.20 and is forwarded out f0/0.10 where there is egress ACL
-there is a hit on first entry deny 192.168.20.0 0.0.0.255( packet src is 20.11 and dst 10.11)
So end result is that Vlan 10 cannot reach Vlan 20.
I don't think this is what you wanted
Now of course traffic sourced from any PC in Vlan 20 destined to PC0 is filtered as you wanted because it is filtered on f0/0.10 outbound as above.
ACLs are stateless and communication in TCP/IP is bidirectional so the best way to achieve what you want to do if you want to filter more than Pings would be to use CBAC or ZBF or reflexive ACLs
Regards
Alain
Don't forget to rate helpful posts. -
My iPad does not find the printer. I have tried the HP app and it works, but in any other app the printer is not seen. How do I get this printer visible to the iPad. All my other network computers find and print with out a problem.
hi
could you tell us what the other app is please -
I have an iMac 27" and am trying to import some videos of a friends wedding into iMovie however one of the movies won't import. It doesn't say why or give any error message or codes.
All of the other movies on the card download with out a problem. The movie in question is not 'corrupt' as you can watch it in iMovie direct from the SD card but as soon as you try to import it, it just says 'error'. iIve tried moving the file to an external drive ( and other variations on this theme) then importing but have had no luck.
Can anyone please help me.The mystery remains....
Thanks for the pointers. The file type is .mts (a proprietry sony one).
I have now found some video converter software (Wondershare and iSkysoft) at a cost. Either will convert this file for me into .mp4. This I can then import into iMovie without any problems. I've checked this on the trial versions and it worked well but without paying am left with a giant watermark in the video
The mystery (which I still havent solved) is why did 20 other .mts files import fine and then this one not?
If you could point me in the direction of some free .mts converter software that would be the cherry on the cake.
Thanks -
I have had my ipad retina for two and a half weeks but since the week end every time i connect to the wifi network it joins then disapears as soon as i open safari for example or just disappears at intermittent intervals....i have my iphone 4s connected to the same wifi network with no such problems.
I have tried resetting the network settings to no avail
Does anyone have any suggestions?
Many thanks in advanced.I have had my ipad retina for two and a half weeks but since the week end every time i connect to the wifi network it joins then disapears as soon as i open safari for example or just disappears at intermittent intervals....i have my iphone 4s connected to the same wifi network with no such problems.
I have tried resetting the network settings to no avail
Does anyone have any suggestions?
Many thanks in advanced. -
Can someone help me with an iCloud problem when I take a picture with my iPhone 4s it some of the times go to my ipad2 but mostly it doesn't can anyone help me out
I'm assuming you have Photo Stream set up of both devices. However, it seems many users are experiencing the same as you - my take is that streaming photos is not foolproof yet.
-
Am I the only one with these various problems...??
Hi all,
I start my first post and introduction ever on this forum with a imposing problem with Aperture 3.03
I just did the upgrade to Aperture 3 & 3.03. Coming off Aperture 2, I was able to rotate, crop and do all the things I wanted by just placing the pointer while clicking, holding, and moving all at the same time with no issues. With Aperture 3.03, no such luck. I've noticed that now if I want to rotate an image or even crop an image the first effort to move anything is ignored. It shows all the signs of being ready to move something, but nothing happens, nothing moves on first try. If I stop the click and place click the second time it is responsive as usual....What gives???
Here is another issue. Cropping is all over the place and never right on the first try. Even if I have a set aspect ratio it does not provide me with the one I selected. I'm always getting the wrong aspect ratio even though the right one is selected. If I pick "Master Aspect Ratio", I get a variable ratio instead of a fixed ratio??? If I click again it changes again. This program is not stable!!
One other thing has anyone noticed that you cannot use the arrow keys to move from one picture to another after editing the photo?? It is happening to me. If I complete an edit and want to move to the next photo, the program will not respond to key commands in any way. I'm forced to return to Browser mode and even then it seems hit or miss whether is responds to key commands again. navigating seems to be a big impediment when actively editing.
So, am I the only one with these problems???
Lets hear your story...
Note: just installed the newest stability update for Snow Leopard/Aperture 3 just made available on August 18, 2010. No change...
Steve,
Bethlehem, Pa.
Message was edited by: hdskullfire2I don't see any of these issues! You have listed several, disconnected issues. Perhaps you should pick one of them, and give us a blow-by-blow of your action steps.
For rotation, click that button at the bottom of the View window, and then use one of the [ or ] bracket keys as listed for direction.
Ernie
Maybe you are looking for
-
How do I install Flash Lite 3.1 to a Windows Mobile Device in Australia
Hi All, I am just an end user not a developer. We have a mixture of devices (Palm Treo Pro, HTC Touch HD) that we want to run a Fash Version 8 website. How do we install Flash Lite OTA on these devices to view the flash content? We are in Australia.
-
Exchange 2007 Client Access and Receive Connector options not available (EMC)
We have a SBS2008 server with Exchange 2007 When I open the EMC and go to Server Configuration --> Client Access, none off the options are available (greyed out). OAW, OWA, ActiveSync are working without any problems. Outlook anywhere enabled shows F
-
Dmvpn + local break out to the internet
Hi, I have a dmvpn network, with multiple spokes. One of them, needs to have a local break out to the internet. Wasn't able to find a configuration example, so maybe if someone could show how to config it. Basically what I need is a split tunnel con
-
Why "You do not have authorization to display company codes" ? Thanks
Hello, Using the Tutorial BAPI which comes with the JCO Tutorial,I just wanna call the first function. When I run the code, it display "You do not have authorization to display company codes". Could any body please help me to explain why? Thanks a lo
-
Cloud print disappears after update
After the update to my Samsung Galaxy Note 3 Google Cloud Print no longer works. Icon is gone. Not listed in the Google folder in all apps. Not appearing in share menu. But it is listed in all apps in the settings area and listed as active in setting