Boadcast control in management vlan

Hi...
I faced a problem where the management vlan was down due to exessive broadcast caused by some fiber uplink going bad.
I can use udld but not sure whether it can be used where the uplink is UTP.
I am thinkung of having several mamangement vlans, instead o keeping all my switches in a single one.
Is that a good practise? Any other ideas?
Thanks.

You can enable UDLD with UTP. Creating multiple management VLANs depends on how much broadcast traffic is there within that vlan under normal circumstances, how many nodes are in the vlan, how many trunks are there, are there any hubs in use and a few other factors. It doesn't hurt to create another management vlan for management and the reason why many networks out there just have one management vlan is for simplification.
Pls. rate all helpful posts.
--Sundar

Similar Messages

Wireless AP Management VLAN and BVIs

Hi All,
I've been looking around and I can't find a solution to what I am trying to achieve and I was hoping the community may have had more luck than I have.
I'm looking to have my management VLAN for my AP setup as a tagged BVI but I'm struggling to get it setup. I can set it up fine using BVI1 and having it just accessed on the native VLAN but I see this as a security flaw, I don't really want direct access into my management network on the switch.
Now there may be a better way of preventing this but I am, at least compared to many, still fairly new to Cisco and this seems to be the best approach. Please see below for my current config, hopefully you can let me know where I am going wrong.
Also, as a note, at the moment I am mainly focusing on the management security of the AP before I check the wifi config, hence the radios still being shutdown so there may also be small errors in this. I have also removed some elements which are not relevant.
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP01
no ip source-route
no ip cef
dot11 syslog
dot11 ssid <Guest secure network SSID>
   vlan 30
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii <key>
dot11 ssid <Internal Secure SSID>
   vlan 10
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii <key>
ip ssh version 2
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
encryption vlan 10 mode ciphers aes-ccm tkip
encryption vlan 30 mode ciphers aes-ccm tkip
ssid <Guest secure network SSID>
ssid <Internal Secure SSID>
antenna gain 0
packet retries 64 drop-packet
channel 2437
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption vlan 10 mode ciphers aes-ccm tkip
encryption vlan 30 mode ciphers aes-ccm tkip
ssid <Guest secure network SSID>
ssid <Internal Secure SSID>
antenna gain 0
peakdetect
no dfs band block
packet retries 64 drop-packet
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 spanning-disabled
no bridge-group 10 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 spanning-disabled
no bridge-group 100 source-learning
interface GigabitEthernet0.101
encapsulation dot1Q 999 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface BVI1
no ip address
no ip route-cache
shutdown
interface BVI100
mac-address <Actual ethernet address>
ip address 10.33.100.101 255.255.255.0
no ip route-cache
ip default-gateway 10.33.100.254
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
bridge 100 protocol ieee
bridge 100 route ip
line con 0
logging synchronous
line vty 0 4
transport input ssh
end
As you can see I am using BVI100 as the management VLAN for the device and BVI1 is shutdown with vlan 999/int gi0/101 holding bridge group 1.
With this setup I can't get any IP communication, send or receive but I can see the MAC address on the switch in the MAC address table on vlan100. There is also no entries in the ARP table of the AP.
The switch is setup with vlan 999 untagged and vlans 10,30,100 as tagged.
Hope you can help! Thanks for any advice in advanced.
Many thanks,
Martin.

Yea that would work and I have set it up like this without issue but I'm trying to limit access to the management VLAN, I don't want someone to be able to plug directly into the switch and be on the same broadcast domain as alll of the other equipment.
There are otherways of achieving this but I felt like I was so close with the above config but I was just missing something.

Autonymouse AP1121 - Management Vlan and SSID Vlan

Hello,
We are using an ACS server to authenticate wireless users to active directory this works fine. The issue occurs when we try to pull an ip and we can't fomr the dhcp. The vlan we have the SSID on is vlan 10 and the management vlan of the AP is vlan 500. The ip-helper info is correct because wired users on vlan 10 get an ip immedialty. We just can't pull one with the AP. Does anyone know the config for this? Here is my current config, the client authenticate through the ACS 4.2 but pull no ip, the only way for me to manage the ap is to have the native vlan command on there, once i remove it i can't telnet. What is the fix for this? Thanks
current switch port config ap is plugged into.
interface FastEthernet1/0/48
switchport trunk encapsulation dot1q
switchport trunk native vlan 500
switchport mode trunk

Do you have sub interfaces for vlan 10 being brigged through the radio interface?
Example config below...
interface Dot11Radio0.10
description Secure Wireless access
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
Also verify that vlan 10 is allowed on the trunk interface of the switch by typing "show int trunk"

Restrict management vlan

Hi,
I've been looking around the forums and cisco documents for an answer to my question, and get close but cannot quite seem to find an answer i understand.
I am looking to create a managemenet vlan (vlan 100) on which all the switches have their management ip address and also allow me to place management ports for certain servers.
Currently on my 3750 i can ssh/http to the ip address of any of the vlan interfaces set up on it and log in.
I only want to be able to do this from the ip address set up for vlan 100.
I can then set up ACLs to restrict where i can access vlan 100 from.
Is this possible? If so, how?

Just to try and present a different angle here as the use of a network-wide Management VLAN is simply not a good idea.
Spanning VLANs over your entire network introduces STP loops and instability that (IMO) should be avoided at all possible costs. If you have a typical structured network with Core, Distribution & Access or for smaller networks just a Core & Access then you should really be keeping access VLANs local to switches (or stacks if you have 3750's) using trunks with only the allowed VLANs enabled or better still Layer-3 routed uplinks. This way all uplinks will always be in a forwarding state and you will get better utilisation of your infrastructure links, plus any STP instability issues are removed. Have a read of the campus design SRND at the SRND site (http://www.cisco.com/go/srnd).
Based on your comments (Currently on my 3750 i can ssh/http to the ip address of any of the vlan interfaces) you are running these switches as Layer-3 devices (routers) so the concept of a management VLAN does dwindle a bit anyway. What i would suggest is using /32 loopback interfaces to manage these devices and lock the VTY lines (& HTTP/HTTPS if you use it?) down with access-classes restricting access to certain networks (typically where your management hosts are). You can also configure control-plane policing as an extra level of defence to deny or rate limit access to control-plane protocols (routing, management etc). Be careful with control-plane policing though as I have got myself into some odd situations with it.
HTH
Andy

1200: Native VLAN & Management VLAN

I want to keep the management VLAN and native VLAN seperate. Is this the correct setup when using VLAN 999 as the native VLAN and VLAN 100 for the management VLAN.
Management VLAN 100 (10.100.0.0/24)
### Trunk SW ###
description "AP"
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
### AP ###
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 99 key 1 size 128bit 7 3831CB248113D952741376BEC352 transmit-key
encryption vlan 99 mode wep mandatory
encryption vlan 11 mode ciphers tkip
ssid xoxoxo
vlan 11
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
ssid xxx
vlan 99
authentication network-eap eap_methods
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
station-role root
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
bridge-group 11 subscriber-loop-control
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
bridge-group 11 spanning-disabled
interface Dot11Radio0.99
encapsulation dot1Q 99
no ip route-cache
bridge-group 99
bridge-group 99 subscriber-loop-control
bridge-group 99 block-unknown-source
no bridge-group 99 source-learning
no bridge-group 99 unicast-flooding
bridge-group 99 spanning-disabled
interface dot11radio 0.999
encapsulation dot1q 999 native
interface dot11radio 0.100
encapsulation dot1q 100
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
interface FastEthernet0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
no bridge-group 11 source-learning
bridge-group 11 spanning-disabled
interface FastEthernet0.99
encapsulation dot1Q 99
no ip route-cache
bridge-group 99
no bridge-group 99 source-learning
bridge-group 99 spanning-disabled
interface fastethernet 0.999
encapsulation dot1q 999 native
interface fastethernet 0.100
encapsulation dot1q 100
interface BVI100
ip address 10.100.0.110 255.255.255.0
no ip route-cache
ip default-gateway 10.100.0.1

This looks correct to me. Do you have a non_root bridge on their other side?
Are you able to trunk all 4 VLANS with this config?

Management VLAN on a WAP371.

Hello,
When I try and configure the WAP371 to use my management VLAN, I lose control of the WAP. I am connecting it to my 3750-X stack, and I have the port it is connected to configured as an 802.1Q trunk, and the 3750-X shows the port up as an 802.1Q trunk. I have configured VLAN 501 as the management VLAN and when I configure the management VLAN on the WAP371 to use VLAN 501, and I set an appropriate static IP for this VLAN, and an appropriate default gateway, I can no longer communicate with the WAP371. I do know it is properly using VLAN tags, as the other SSIDs are communicating with hosts on the respective VLANs associated with each SSID. I have tried leaving the untagged VLAN support on, I have turned it off. I am out of ideas on what else to try. If anyone else has successfully configured the WAP371 to use a tagged VLAN I would love to hear about what was needed.
Thx
Bryan

My name Eric Moyers. I am an Engineer in the Small Business Support Center.
I am sorry to hear that you are experiencing this issue.
What is the management VLAN that is used on the other parts of your network? I would suggest calling in to open a case with one of our phone engineers so that we can work with you.
Eric Moyers
.:|:.:|:. CISCO | Eric Moyers | Cisco Technical Support |
Wireless and Surveillance Subject Matter Expert
Please rate helpful Posts and Let others know when your Question has been answered.

Error while deploying objects from Control Center Manager

I got the error "The Network Adapter could not establish the connection"
while deploying my objects (dimensions, cubes, mappings etc) from Control Center Manager Oracle 10g R2.
Any idea to ressolve it..........

Some more details would be helpful ...

Configuration Management/Change Control/Build Management contract help needed in Missouri*** *** **

Configuration Management/Change Control/Build Management
Needs to have instituted a config management process before.
web development history
Tools/Skills:
CVS
ANT
Unit Testing
Unix
BEA Weblogic
John D Allen
CEO/President.
Leveridge Systems INC.
v1 (480) 899 9341
mailto:[email protected]
http://www.leveridgesystems.com

Could you post an example of your problem ?
CC
Chilly Charly (aka CC)
E-List Master - Kudos glutton - Press the yellow button on the left...

3702i AP's not Joining WLC - Layer 3 discovery request not received on management VLAN

Hi Guys,
This is a follow up post to this thread: https://supportforums.cisco.com/discussion/12400481/3702i-not-joint-2504
Have been playing around with my AP's and made sure the time is correct on all the devices ( WLC and Switch). I have also moved the AP's to the same Vlan as the management IP of the WLC.
if I move the AP's to the same Vlan as the WLC they join and are happy, as soon as I move them to a different Vlan they cant join and there time goes back to the default plus they do not seem to save the WLC details to flash but still remember the test names I give them.
it appears that option 43 is working fine as I can see it look for the WLC IP and I have done some trouble shooting on the WLC and it looks like it see's the AP but doesn't except it.
please see below for the boot up of the AP and the WLC logs:
AP
IIOS Bootloader - Starting system.
*** deleted for breverity *****
Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
executing...
Secondary Bootloader - Starting system.
Montserrat Board
*** deleted for breverity *****
Boot CMD: 'boot flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
executing...
*** deleted for breverity *****
cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
Processor board ID FGL1838X4T1
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.0.110.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: F4:4E:05:B7:1E:84
Part Number : 73-15243-01
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC18343WPR
Top Assembly Part Number : 068-05054-03
Top Assembly Serial Number : FGL1838X4T1
Top Revision Number : A0
Product/Model Number : AIR-CAP3702I-Z-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:19.755: Registering HW DTLS
*Mar 1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is 2500
*Mar 1 00:00:19.815: APAVC: WlanPAKs 42878 RadioPaks 42270
*Mar 1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
*Mar 1 00:00:26.167: record size of 3ss: 1168 read_ptr: 4F9698E
*Mar 1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
*Mar 1 00:00:31.251: record size of vht: 2904 read_ptr: 4F9698E
*Mar 1 00:00:31.407: Wait until the stile protocol list is initialized.
*Mar 1 00:00:32.651: Start STILE Activation
*Mar 1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 1 00:00:35.447: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 19-Dec-14 11:20 by prod_rel_team
*Mar 1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
*Mar 1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
*Mar 1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
*Mar 1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
*Mar 1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
*Mar 1 00:00:50.431: DPAA Initialization Complete
*Mar 1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Mar 1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
*Mar 1 00:00:53.867: Currently running a Release Image
*Mar 1 00:00:54.287: Incorrect certificate in SHA2 PB !
*Mar 1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
*Mar 1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
*Mar 1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
*Mar 1 00:01:02.707: APAVC: Registering with CFT
*Mar 1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
*Mar 1 00:01:02.707: APAVC: Reattaching Original Buffer pool for system use
*Mar 1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar 1 00:01:10.103: AP image integrity check PASSED
*Mar 1 00:01:10.187: Incorrect certificate in SHA2 PB !
*Mar 1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
*Mar 1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
*Mar 1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
Not in Bound state.
*Mar 1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
Not in Bound state.
*Mar 1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
WLC:
isco Controller) >show time
Time............................................. Tue Jan 27 17:44:47 2015
Timezone delta................................... 0:0
Timezone location................................ (GMT +8:00) HongKong, Bejing, Chongquing
NTP Servers
NTP Polling Interval......................... 3600
   Index NTP Key Index NTP Server NTP Msg Auth Status
   1 0 150.101.176.226 AUTH DISABLED
(Cisco Controller) >show ap join stats summary
Incorrect input! Use 'show ap join stats summary [all/<ap-mac>]'
(Cisco Controller) >show ap join stats summary all
Number of APs.............................................. 2
Base Mac AP EthernetMac AP Name IP Address Status
f4:4e:05:aa:a6:a0 f4:4e:05:94:c3:98 APf44e.0594.c398 10.1.1.22 Joined
f4:4e:05:b6:ce:f0 N A Test_1 10.1.20.7 Not Joined
(Cisco Controller) >show ap join stats detailed f4:4e:05:b6:ce:f0
Sync phase statistics
- Time at sync request received............................ Not applicable
- Time at sync completed................................... Not applicable
Discovery phase statistics
- Discovery requests received.............................. 45
- Successful discovery responses sent...................... 21
- Unsuccessful discovery request processing................ 24
- Reason for last unsuccessful discovery attempt........... Layer 3 discovery request not received on management VLAN
- Time at last successful discovery attempt................ Jan 27 17:45:49.705
- Time at last unsuccessful discovery attempt.............. Jan 27 17:45:49.705
Join phase statistics
- Join requests received................................... 0
- Successful join responses sent........................... 0
- Unsuccessful join request processing..................... 0
- Reason for last unsuccessful join attempt................ Not applicable
- Time at last successful join attempt..................... Not applicable
- Time at last unsuccessful join attempt................... Not applicable
Configuration phase statistics
--More-- or (q)uit
- Configuration requests received.......................... 0
- Successful configuration responses sent.................. 0
- Unsuccessful configuration request processing............ 0
- Reason for last unsuccessful configuration attempt....... Not applicable
- Time at last successful configuration attempt............ Not applicable
- Time at last unsuccessful configuration attempt.......... Not applicable
Last AP message decryption failure details
- Reason for last message decryption failure............... Not applicable
Last AP disconnect details
- Reason for last AP connection failure.................... Not applicable
- Last AP disconnect reason................................ Not applicable
Last join error summary
- Type of error that occurred last......................... Lwapp discovery request rejected
- Reason for error that occurred last...................... Layer 3 discovery request not received on management VLAN
- Time at which the last join error occurred............... Jan 27 17:45:49.705
AP disconnect details
- Reason for last AP connection failure.................... Not applicable
   Ethernet Mac : 00:00:00:00:00:00 Ip Address : 10.1.20.7
(Cisco Controller) >show interface summary
Number of Interfaces.......................... 4
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
ap LAG 20 10.1.20.231 Dynamic No No
guest LAG 30 10.1.30.231 Dynamic No No
management LAG 10 10.1.1.231 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
SWITCH
witch#show run
Building configuration...
*** deleted for breverity *****
no aaa new-model
clock timezone AWST 8
system mtu routing 1500
ip routing
ip dhcp pool WAP_Pool
   network 10.1.20.0 255.255.255.0
   default-router 10.1.20.1
   option 43 hex f104.0a01.01e7
ip dhcp pool Clients
   network 10.1.30.0 255.255.255.0
   default-router 10.1.30.1
   dns-server 203.0.178.191
ip dhcp pool test
   network 10.1.1.0 255.255.255.0
   default-router 10.1.1.1
crypto pki trustpoint TP-self-signed-4082587776
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4082587776
revocation-check none
rsakeypair TP-self-signed-4082587776
*** deleted for breverity *****
*** deleted for breverity ***** !
interface FastEthernet0/3
description *** WLC ****
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/4
description **** AP *****
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/5
description **** AP ****
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/6
i*** deleted for breverity ***** !
interface Vlan10
description *** Managment ***
ip address 10.1.1.230 255.255.255.0
interface Vlan20
description *** WIRELESS APS ***
ip address 10.1.20.1 255.255.255.0
interface Vlan30
ip address 10.1.30.1 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
l*** deleted for breverity *****
ntp clock-period 36028827
ntp source FastEthernet0/1
ntp server 121.0.0.42
ntp server 202.127.210.37
end
I have also placed a Device in Vlan 20 and it is able to ping the WLC and the WLC can ping it s routing is working.
Thanks

Hey Scott,
I gave that a shot and still no luck, log's from AP boot up:
IIOS Bootloader - Starting system.
flash is writable
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 67 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 20894208
flashfs[0]: Bytes available: 20264448
flashfs[0]: flashfs fsck took 20 seconds.
Base Ethernet MAC address: f4:4e:05:b7:1e:84
Ethernet speed is 100 Mb - FULL Duplex
Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
executing...
Secondary Bootloader - Starting system.
Montserrat Board
40MB format
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 67 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 20894208
flashfs[0]: Bytes available: 20264448
flashfs[0]: flashfs fsck took 21 seconds.
flashfs[1]: 0 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 12257280
flashfs[1]: Bytes used: 1024
flashfs[1]: Bytes available: 12256256
flashfs[1]: flashfs fsck took 1 seconds.
Base Ethernet MAC address: f4:4e:05:b7:1e:84
Boot CMD: 'boot flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
   cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, California 95134-1706
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 19-Dec-14 11:20 by prod_rel_team
Montserrat Board
40MB format
Tide XL MB - 40MB of flash
Initializing flashfs...
flashfs[2]: 67 files, 9 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 40900608
flashfs[2]: Bytes used: 20894208
flashfs[2]: Bytes available: 20006400
flashfs[2]: flashfs fsck took 14 seconds.
flashfs[2]: Initialization complete.
flashfs[4]: 0 files, 1 directories
flashfs[4]: 0 orphaned files, 0 orphaned directories
flashfs[4]: Total bytes: 11999232
flashfs[4]: Bytes used: 1024
flashfs[4]: Bytes available: 11998208
flashfs[4]: flashfs fsck took 0 seconds.
flashfs[4]: Initialization complete.
Copying radio files from flash: to ram:
Copy in progress...CCCCC
Copy in progress...CCC
Copy in progress...CCCC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...CCCCC
Copy in progress...CCCC
Copy in progress...CC
Uncompressing radio files...
...done Initializing flashfs.
Radio0 present 8764 8000 0 A8000000 A8010000 0
Rate table has 650 entries (20 legacy/224 11n/406 11ac)
POWER TABLE FILENAME = ram:/Q2.bin
Radio1 present 8864 8000 0 80000000 80100000 4
POWER TABLE FILENAME = ram:/Q5.bin
Radio2 not present 0 0 0 0 0 8
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
Processor board ID FGL1838X4T1
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.0.110.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: F4:4E:05:B7:1E:84
Part Number : 73-15243-01
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC18343WPR
Top Assembly Part Number : 068-05054-03
Top Assembly Serial Number : FGL1838X4T1
Top Revision Number : A0
Product/Model Number : AIR-CAP3702I-Z-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:19.755: Registering HW DTLS
*Mar 1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is 2500
*Mar 1 00:00:19.815: APAVC: WlanPAKs 42878 RadioPaks 42270
*Mar 1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
*Mar 1 00:00:26.167: record size of 3ss: 1168 read_ptr: 4F9698E
*Mar 1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
*Mar 1 00:00:31.251: record size of vht: 2904 read_ptr: 4F9698E
*Mar 1 00:00:31.407: Wait until the stile protocol list is initialized.
*Mar 1 00:00:32.651: Start STILE Activation
*Mar 1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 1 00:00:35.447: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 19-Dec-14 11:20 by prod_rel_team
*Mar 1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
*Mar 1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
*Mar 1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
*Mar 1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
*Mar 1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
*Mar 1 00:00:50.431: DPAA Initialization Complete
*Mar 1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Mar 1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
*Mar 1 00:00:53.867: Currently running a Release Image
*Mar 1 00:00:54.287: Incorrect certificate in SHA2 PB !
*Mar 1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
*Mar 1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
*Mar 1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
*Mar 1 00:01:02.707: APAVC: Registering with CFT
*Mar 1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
*Mar 1 00:01:02.707: APAVC: Reattaching Original Buffer pool for system use
*Mar 1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar 1 00:01:10.103: AP image integrity check PASSED
*Mar 1 00:01:10.187: Incorrect certificate in SHA2 PB !
*Mar 1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
*Mar 1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
*Mar 1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
Not in Bound state.
*Mar 1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
Not in Bound state.
*Mar 1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP

Start Button from Control Center Manager OWB 10.2.0.3.33

Hi Folks,
the start Button from the Control Center Manager is grey and I cannot run drop, replace, etc. jobs. I've tried with the owb owner with the same result. The Service is running. I also restart the data base but again the same result. Any ideas...?
Thanks
Pavel

Please forgive the simple first question:
Have you deployed these objects yet?

Start_Service is Not Available in OWB Control Center Manager

I am running OWB 10.2.0.1.0
I have one problem connecting to the Control Center Manager
(RTC-5260,RTC-5301).
RTC -5260: Failed to connect to Control Center. Please check you have provided the correct host, user, password, and service name.
RTC - 5301: The Control Center Service is not currently available.
I am logging as my repository owner and I run the script start_service.sql in Sql*Plus location in “@OracleHome\owb\rtp\sql\....”.
SQL> @e:\OraHome_1\owb\rtp\sql\start_service.sql;
Not available
Diagnostics:
service startup failure using command "cmd /q/c E:\OraHome_1\owb\bin\win32\run_
service.bat -manual 1 E:\OraHome_1 REP_PROPIETARIO WORACLE10G.BFGP.COM 1521 JDE
OWB" reason ORA-29532: Java call terminated by uncaught Java exception: java.io
.IOException: service early exit: code=0 : err=2007/02/16-14:51:50-GMT-04:00 [8
72380] oracle.wh.runtime.platform.adapter.InfrastructureException: RPE-01003: A
n infrastructure condition prevented the request from completing.
- ORA-01882:
timezone region not found
at oracle.wh.runtime.platform.service.controller
.PlatformDb.connect(PlatformDb.java:83) at oracle.wh.runtime.platform.service
.Service.<init>(Service.java:125) at oracle.wh
PL/SQL procedure successfully completed.
SQL> @e:\OraHome_1\owb\rtp\sql\show_service.sql;
Not Available
PL/SQL procedure successfully completed.
How can I place availably the service?
pls help...
regards
Jorge M. Tomioka M.
[email protected]

Hi Jorge,
You have something to do in your local PC with regard to its timezone setting. Please follow the below link ...
RTC-5260 AND RTC-5301
Cheers,
Swagata

VWLC clients getting DHCP address from management VLAN

Hi,
We have a strange scenario whereby some wireless employees are obtaining addresses from the management VLAN.
Some details:
DHCP managed by MS DHCP 2008 R2 (in remote data centre)
Cisco vWLC AIR-CTVM-K9 running v7.6.110.0
AP's are a mix of 2602 and 3702 (46 and 2 of each respectively)
SSID's are employee, guest, and production devices (all mapped to their own interface with relevant VLAN tag as per normal)
AP's all in FlexConnect mode as per vWLC caveats
Some employees are receiving addresses in the wireless management VLAN. This network only has six DHCP addresses available as it is solely for AP's, WLC and HSRP gateway. Obviously this gets exhausted very quickly leaving us with a scenario where clients are not obtaining DHCP addresses.
I understand that with FlexConnect mode, it will assign IP's from the native VLAN. What I don't understand is why most clients receive addresses in the correct VLAN, but a handful do not, and then cannot get an address from DHCP. Obviously the ideal scenario would be to put the AP's into local mode but unless this has changed in a SW release then I don't believe it's possible...
My question is: How do I get ALL the employees to obtain addresses from their interface and not the management VLAN?
Thanks in advance.

Hi,
I think we need a closer look to your configurarion to eliminate some possibilities:
- What is the WLAN security you choose?
- What is the interface that is configured under the WLAN?
- Does your WLAN have local switching enabled?
- If your security is using RADIUS server, do you have AAA override enabled under the WLAN config?
- If your security is using RADIUS server, do you send any attributes to the users?
- You have eliminate that clients that got management vlan IPs are always on same AP or they can be on any AP.
HTH
Amjad

Best Practices for management VLAN

Hi guys,
I have a client with a data center where they have lots of VLANs running off a 3750 (main switch) and then they have a 3550 and a 2950 running off from this main 3750.
They have lots of VLANs configured and I see that Vlan1 is not being used. Currently, all the IPs of the switches and routers belong to one of the customer Vlan's.
I've read that this is bad practice and that a management VLAN should be created. But I think I've also read that when it comes to management Vlans, one needs to stay away from Vlan1
So I am not sure how to tackle this.
any help?
thanks

Here is a very good discussion which should answer all your questions.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc12936/14
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm#wp39009

Why does management VLAN ID matter in Cisco AP541n configuration?

is working on configure AP541n AP, is able to connect to the AP wired, assign AP static IP with proper subnet mask & default gateway,
when it's done, everything looks perfectly, but since I changed the management VLAN ID from 1 to 2, I can't even connect to the AP wired from the PC, why does the change matter?
thanks.

Hi,
When working with access points in IOS mode also known as autonomous the access point requiers that you configure an Ip address on the BVI1 which is linked to the bridge group 1 and set us untagged.
Now when working with VLANS if the access point has an ip address on vlan x then you will need to confiugre this as the native vlan and with the bridgroup 1.
If you do not do this then you will see the issue you are reporting.
In other words if the access point will have an ip address for vlan 30 the the native vlan on the ap will need to be vlan 30 and vlan or the subnet for vlan one linked to the bridge group 1
Sent from Cisco Technical Support iPhone App

(OWB 10g R2) Control Center Manager won't start

Hi,
I'm in the middle of upgrading from OWB10g Release 1 to OWB10g Release 2 on a testbox.
I have completed the steps to upgrade the runtime metadata (I did the Move, then I upgraded the locations and then I ran the tcl script in OMBPlus).
Now, I have gone to the DEFAULT_CONFIGURATION for my project and I updated the default control center for my project.
Follow me so far?
Okay, here's the problem.... when I try to start the "Control Center Manager" from the Design Center's Tool menu.... I see nothing but a grey window with a titlebar and nothing else.
This happens regardless of whether I try to launch the Control Center Manager from a windows client or the linux server.
On the linux server I see this output after I enter the username and password to connect to the Control Center Manager:
java.lang.RuntimeException: Cannot find handler method handleView
at oracle.wh.ui.editor.listener.ReflectListener.findMethod(ReflectListener.java:80)
at oracle.wh.ui.editor.listener.ReflectListener.<init>(ReflectListener.java:28)
at oracle.wh.ui.editor.listener.ReflectPopupMenuListener.<init>(ReflectPopupMenuListener.java:63)
at oracle.wh.ui.editor.menu.MenuUtils.addEventHandler(MenuUtils.java:83)
at oracle.wh.ui.editor.menu.MenuDefinitionImpl.initMenuItem(MenuDefinitionImpl.java:167)
at oracle.wh.ui.editor.menu.MenuDefinitionImpl.constructMenu(MenuDefinitionImpl.java:197)
at oracle.wh.ui.editor.menu.MenuDefinitionImpl.createMenuBar(MenuDefinitionImpl.java:144)
at oracle.wh.ui.editor.Editor.init(Editor.java:1045)
at oracle.wh.ui.editor.Editor.showEditor(Editor.java:1431)
at oracle.wh.ui.editor.Editor.showEditor(Editor.java:1421)
at oracle.wh.ui.runtime.deploymentManager.DeploymentManagerEditor.<init>(DeploymentManagerEditor.java:127)
at oracle.wh.ui.runtime.deploymentManager.DeploymentManagerEditor.<init>(DeploymentManagerEditor.java:110)
at oracle.wh.ui.runtime.RuntimeController.startDeployManager(RuntimeController.java:270)
at oracle.wh.ui.runtime.RuntimeController.actionPerformed(RuntimeController.java:200)
at oracle.wh.service.sdk.OWBConsumer.dataItemAvailable(OWBInfoBus.java:381)
at javax.infobus.DefaultController.fireItemAvailable(DefaultController.java:90)
at javax.infobus.InfoBus.fireItemAvailable(InfoBus.java:989)
at oracle.wh.service.sdk.OWBInfoBus.produce(OWBInfoBus.java:160)
at oracle.wh.service.sdk.OWBInfoBus.produce(OWBInfoBus.java:76)
at oracle.wh.ui.console.commands.TreeMenuHandler.notify(TreeMenuHandler.java:94)
at oracle.wh.ui.console.commands.DeploymentMgrCmd.performAction(DeploymentMgrCmd.java:26)
at oracle.wh.ui.console.commands.TreeMenuHandler$1.run(TreeMenuHandler.java:188)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:178)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:454)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:145)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:137)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:100)
------------ could not find : oracle/wh/ui/common/media/T_projectObj.gif
Class of this owner is : oracle.wh.repos.impl.application.CMPWBDataWarehouse
Class of this owner is : oracle.wh.repos.impl.application.CMPWBDataWarehouse
Class of this owner is : oracle.wh.repos.impl.processFlow.CMPProcessInstalledModule
====== ZDockingManager : DOCK : todock: DeploymentManagerTabsTag: station: ROOT : constraint : East
===add component name: ROOT : size: java.awt.Dimension[width=200,height=300]
===add component name: DeploymentManagerTabsTag : size: java.awt.Dimension[width=400,height=416]
ZDockingManager:==== before showpanel
====== ZDockingManager : DOCK : todock: DeploymentManagerMonitorTag: station: DeploymentManagerTabsTag : constraint : South
===remove component name: DeploymentManagerTabsTag : size: java.awt.Dimension[width=400,height=416]
===add component name: DeploymentManagerTabsTag : size: java.awt.Dimension[width=400,height=416]
===add component name: DeploymentManagerTabsTag : size: java.awt.Dimension[width=400,height=416]
===add component name: null : size: java.awt.Dimension[width=400,height=416]
===add component name: DeploymentManagerMonitorTag : size: java.awt.Dimension[width=200,height=116]
ZDockingManager:==== before showpanel
====== ZDockingManager : DOCK : todock: DeploymentManagerButtonToolBarTag: station: MenuBarPanel : constraint : South
===add component name: MenuBarPanel : size: java.awt.Dimension[width=205,height=26]
===add component name: null : size: java.awt.Dimension[width=191,height=30]
ZDockingManager:===== before undock:
ZDockingManager:==== undock panel : DeploymentManagerButtonToolBarTag
ZDockingManager:==== undock panel 2 : DeploymentManagerButtonToolBarTag
0 : V1
===remove component name: null : size: java.awt.Dimension[width=191,height=30]
===remove component name: MenuBarPanel : size: java.awt.Dimension[width=205,height=26]
ZDockingManager:===== after undock:
====== ZDockingManager : DOCK : todock: DeploymentManagerButtonToolBarTag: station: MenuBarPanel : constraint : South
===add component name: MenuBarPanel : size: java.awt.Dimension[width=205,height=26]
===add component name: null : size: java.awt.Dimension[width=191,height=30]
Layout Not Found: DeployMgrLayout.xml
setVisible called for editor: Control Center: MM_RUNTIME_REP, value = true
Posting GUI_STARTING on oracle.wh.ui.runtime.deploymentManager.DeploymentManagerEditor[frame2,0,0,1024x768,invalid,hidden,layout=java.awt.BorderLayout,title=Control Center: MM_RUNTIME_REP,resizable,normal,defaultCloseOperation=DO_NOTHING_ON_CLOSE,rootPane=javax.swing.JRootPane[,0,0,0x0,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=null,alignmentY=null,border=,flags=385,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
RUNTIME_SERVICES_DEBUG [AWT-EventQueue-0] DeploymentUtils.AdapterTypeWBTypeMapping.addBType: ERROR already added key= Table value= CMPProfileTable
RUNTIME_SERVICES_DEBUG [AWT-EventQueue-0] DeploymentUtils.AdapterTypeWBTypeMapping.addAType: ERROR already added key= CMPAdvancedQueue value= AdvancedQueue
RUNTIME_SERVICES_DEBUG [AWT-EventQueue-0] DeploymentUtils.AdapterTypeWBTypeMapping.addBType: ERROR already added key= AdvancedQueue value= CMPAdvancedQueue
Has this happened to anyone else?

Hi, thanks for responding...
When I run show_service.sql it says the Control Center Service is Available. (See below).
==================================
Connected to:
Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> @./show_service.sql
Available
PL/SQL procedure successfully completed.
SQL>
===================================
And when I do a ps command on linux I see the process running.
oracle 23349 1 0 12:03 ? 00:00:00 /bin/sh /u01/app/oracle/product/10.2.0/owb/owb/bin/unix/run_service.sh -automatic 1 /u01/app/o
oracle 23351 23349 0 12:03 ? 00:00:02 ../../../jdk/jre/bin/java -Xmx768M -Djava.awt.headless=true -DORACLE_HOME=/u01/app/oracle/prod
Do you suggest I run the service_doctor.sql even though the service looks like it is available?
Thanks.

Boadcast control in management vlan

Similar Messages

Maybe you are looking for