Cisco 2504 OEAP NAT directly connect AP's no ip
I setup my 2504 to work with OEAP. When I enabled NAT on the management interface the one AP I have directly connected to the WLC is no longer getting an IP address. Any idea why this is?
First, it is not recommended to have an AP directly connected to the WLC, you really need to connect it to an upstream switch and let it connect that way.
My first thought would be that you need to take a look a the below link that talk about how the NAT ip commands work.
http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/command/reference/cli70MR1commands.html#wp14087790
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered
Similar Messages
-
Hii frnds,
here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
Below is the out put from the router
r1#sh run
Building configuration...
Current configuration : 3488 bytes
! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname r1
boot-start-marker
boot-end-marker
enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
aaa new-model
aaa authentication login local-console local
aaa authentication login userauth local
aaa authorization network groupauth local
aaa session-id common
dot11 syslog
ip source-route
ip cef
ip domain name r1.com
multilink bundle-name authenticated
license udi pid CISCO1841 sn FHK145171DM
username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group ra-vpn
key xxxxxx
domain r1.com
pool vpn-pool
acl 150
save-password
include-local-lan
max-users 10
crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
crypto dynamic-map RA 1
set transform-set my-vpn
reverse-route
crypto map ra-vpn client authentication list userauth
crypto map ra-vpn isakmp authorization list groupauth
crypto map ra-vpn client configuration address respond
crypto map ra-vpn 1 ipsec-isakmp dynamic RA
interface Loopback0
ip address 10.2.2.2 255.255.255.255
interface FastEthernet0/0
bandwidth 8000000
ip address 117.239.xx.xx 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map ra-vpn
interface FastEthernet0/1
description $ES_LAN$
ip address 192.168.10.252 255.255.255.0 secondary
ip address 10.10.10.1 255.255.252.0 secondary
ip address 172.16.0.1 255.255.252.0 secondary
ip address 10.10.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpn-pool 172.18.1.1 172.18.1.100
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
ip nat inside source list 100 pool INTERNETPOOL overload
ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
access-list 100 permit ip 10.10.7.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.1.255 any
access-list 100 permit ip 172.16.0.0 0.0.3.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
control-plane
line con 0
login authentication local-console
line aux 0
line vty 0 4
login authentication local-console
transport input telnet ssh
scheduler allocate 20000 1000
end
r1>sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 117.239.xx.xx
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.2.2.2/32 is directly connected, Loopback0
C 10.10.7.0/24 is directly connected, FastEthernet0/1
L 10.10.7.1/32 is directly connected, FastEthernet0/1
C 10.10.8.0/22 is directly connected, FastEthernet0/1
L 10.10.10.1/32 is directly connected, FastEthernet0/1
117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 117.239.xx.xx/28 is directly connected, FastEthernet0/0
L 117.239.xx.xx/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/22 is directly connected, FastEthernet0/1
L 172.16.0.1/32 is directly connected, FastEthernet0/1
172.18.0.0/32 is subnetted, 1 subnets
S 172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.252/32 is directly connected, FastEthernet0/1
r1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
117.239.xx.xx 49.206.59.86 QM_IDLE 1043 ACTIVE
IPv6 Crypto ISAKMP SA
r1 #sh crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: giet-vpn, local addr 117.239.xx.xx
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
current_peer 49.206.59.86 port 50083
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x550E70F9(1427009785)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5668C75(90606709)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550169/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x550E70F9(1427009785)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550170/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:hi Maximilian Schojohann..
First i would like to Thank you for showing interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF " Router cpu processer goes to 99% and hangs...
In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
so plz give me an alternate solution ....thanks in advance.... -
Cisco 3850 - Direct Connect APs
Can you non-directly connect APs to a 3850. For example if you had multiple offices within one branch site and your 3850 MC was in the server rack and had 2960s in the other offices. Could you connect your APs to the 2960 switch and have them joined to the 3850 MC?
I've read that APs need to be directly connected to the 3850 however it supports flexconnect?
Would appreciate if anyone could shed some light.
Thanks,3850 won't support flexconnect. Also you have to directly connect AP to 3850 (not via transient switches like 2960).
Refer this Q&A to find answer to your both queries
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/qa_c67-722110.html
HTH
Rasika -
Cannot ping Cisco C series server using direct connect to UCSM
We have connected 2 Cisco C series servers (VIC 1225 Cards) with direct connect to Fabric Interconnects and managed via UCSM but cannot get network working.
Service profiles have been created and pushed with only 1 VLAN and the default VLAN as native but cannot communicate with IP address configured. Mac address is learnt at the Nexus 5K northbound switches. Seems to be a VLAN tagging issue somewhereWe do not use the CIMC as the server is all managed from UCSM and the CIMC has to be set to default for this mode
Sorry I was not clear; I mean of course that even with UCSM, your C-series server will get an IP address for CIMC, which is used if you open a KVM session. You should be able to ping this IP address. -
Wi-Fi Installation in large property W/Cisco 2504
Hi,
I have an interesting job where i am having to fit a wifi network through a large property. I was advised to use the Cisco 2504 WLC and 9 x Cisco AIR-AP1142N access points.
I know that out of the box the AP's (in standalone versions) have the GUI enabled.
Not being completley up with CLI etc, is the WLC GUI enabled straight out of the box? if not, is it complicated to get it up and running? I'm pretty good at learning/understanding these things just as long as i have a rough idea of what to do!
Thanks in advance,
JoshThats great, Thanks steve.
I have the Controller (although AP's are still on order - out of stock ) but i have one final question before i start to set it up!
I'm looking at this guide: http://www.cisco.com/en/US/docs/wireless/controller/2500/quick/guide/ctr2504_q_s.html#wp34023 and it talks about Management interface. I presume the management IP address would be the fixed ip of the controller if you like.
So if i had a network with a DHCP server. The Router/Server was 192.168.2.1 and the DHCP range started from .10, i could set this to be 192.168.2.2 with the router of the management interface to be .2.1. I then could set the VLAN id to be 0 as i don't need a seperate managment lan (it's only for a house afterall, and if i lock it down with passwords it should be fine).
With the Management Port, i presume that can be the port that connects into the main PoE Switch, similalry the Management DHCP server would be 192.168.2.1?
Virtual Gateway IP address i guess is irelevant as there will be no mobility group?
And DHCP bridging, like on any other wifi system/AP would be 'No' as the Router will be dealing with all DHCP requests?
Thanks again for your fantastic help so far!
Josh -
How do you promote a static route over a directly connected?
Hi all,
I have a need for a static route to be used instead of a directly connected route. (Long story - involving firewalls and anti-spoofing.. but can go further if required)
I am using a Cisco 3750 switch. I notice directly connected routes have a metric of 0, and the highest metric I can give a static route is 1.
Therefore, how is it possible for me to make the switch use the static route and not the directly connected?
Any help would be appreciated!
Cheers,
BenHi Rick,
Thanks for your patience.
Maybe I should start again.
Initially we had 16 VLANs within the 10.0/16 address space. We have some Cisco 3750's connected by dark fibre accross a couple of kms and then lower access switches all hanging of these by some means. The network is flat.
We have a checkpoint firewall hanging off one of the 3750s connected using a TRUNK port. The firewall has an IP address on all VLANs and is used to route traffic between VLANs based on its ruleset.
So if I have a user in VLAN 10 who wants to talk to VLAN 20, they travel to the firewall, if a rule permits the access, the firewall routes the packet on to VLAN 2 and the switches deliver at Layer 2.
The switches all have their default VLAN 1 disabled, and have an IP address on our management VLAN to allow us to manage the switches.
Its quite important that this IP is on a secured management VLAN as we don't want just anyone being able to snoop switch logins etc..
If we need to login to a switch, the firewall routes our traffic from whatever VLAN we are on to the Management VLAN.
One of our VLANs (the Desktop VLAN) is quite large (approx 1300 hosts) and suffers a great deal from too much arp broadcast traffic.
As we have a flat switched network across several kms, the cost of putting in routers to subnet this large VLAN is excessive.
However, the 3750's we have are perfectly capable of routing between VLANs, so we decide to create a load of new VLANs instead of subnetting our large VLAN. We don't want to use the firewall to route between these new VLANs as thats just giving the firewall more to do, and previously all these hosts were on a single subnet, so we have no need for any strict security - at most we can use ACLs on the switches if we even need that!
So far so good.
With 1300 hosts, we obviously can't make sudden topology changes. Therefore we need to be able to route between the Desktop VLAN and the new VLANs.
We therefore introduce the static routes between the firewall and the switches.
So the firewall says:
route 10.1.0.0/16 via Multilayer switch IP on 10.1.0.0/16
The multilayer switch says:
route 10.0.0.0/16 via Firewall IP on 10.1.0.0/16
This allows routing perfectly between the Desktop VLAN and the new VLANs.
However the moment we enable ip routing on the switches we break access between the desktop VLAN and the Management VLAN.
A packet leaves the desktop VLAN through the default gateway on the firewall. This is then routed to the Management VLAN. The return packet doesn't use the Management VLAN default gateway (firewall), it follows the static route on the switch and ends up at the firewall on 10.1.0.0/16. This is subsequently dropped as the firewall knows the packet hasn't come from the 10.1.0.0/16 network, it originally came from the desktop VLAN on 10.0.0.0/16.
It might seem we can define a route on the switch to say:
route 10.0.50.0/24 (management VLAN) via 10.0.50.254 (firewall). However, this would result in all packets from 10.1.0.0/16 being dropped by the firewall.
The other problem is that if we are on a new VLAN and want to talk to the management VLAN. The packet goes to its default gateway on the switch. The switch says - "I have an IP on the management VLAN, its directly connected" - therefore it ignores the static route, and passes the packet on its way. We have now bypassed the firewall, which is bad.
Incidentally the return packets get routed through the firewall and dropped, as the original packet didn't come through the firewall, there is no entry in the state table for its return.
I think if we turned off the management interface on the switch and managed it through the interface on 10.1.0.0/16, I assume everything would work. However, we don't want to do this for a whole load of other reasons I wont go into.
Im sure there must be a fairly simple solution - I just don't have enough experience!
Cheers,
Ben -
Direct connect to UCS FI from EMC VNX 5300
Hi,
I'm looking for any configuration recommendations or best practices for configuring a VNX 5300 unified for direct connect to UCS Fabric Interconnects.
The direct connect wil be 10GB on both the file and block side.
Are their any guides or recommendations anyone may have?
I've looked and cannot find much.Hi Manuel,
Two things:
1) Take a look at the following matrix for the supported version
http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/interoperability/matrix/Matrix8.html
2) Currently the direct attch FC is supported under a restricted to topologies in which the zoning database is provided from an upstream Cisco MDS 9000 switch or Nexus 5000 or 5500 switch. Hence you would still have to conenct an MDS or a N5K to the FIs for the zoning info.
./Abhinav -
Direct Connect OSPF and BGP AWS failover setup
Hi,
We recently installed AWS Direct Connect which was successful but now we are looking at the best way to automatically fail over if our Direct Connect fails to route via our back VPN.
The setup
Cisco 6500 distributes routes via OSPF internally to all production environments with one area set.
A second Cisco 2901 was installed to support the AWS Direct Connect which uses BGP with a single ASN. This router is connected to the Cisco 6500 and now within the OSPF area. Static routes exist to the Cisco 2901 currently which unless we physically detach from the network fail over wont work.
What we want to achieve
The Cisco 2901 Direct Connect to be the default AWS route until we have a link issue or alike and dynamically fail over to our VPN via the firewall to AWS. What we are confused is do we advertise these BGP routes within OSPF or should we setup BGP on the Cisco 6500?
I appreciate your time.Hi,
We recently installed AWS Direct Connect which was successful but now we are looking at the best way to automatically fail over if our Direct Connect fails to route via our back VPN.
The setup
Cisco 6500 distributes routes via OSPF internally to all production environments with one area set.
A second Cisco 2901 was installed to support the AWS Direct Connect which uses BGP with a single ASN. This router is connected to the Cisco 6500 and now within the OSPF area. Static routes exist to the Cisco 2901 currently which unless we physically detach from the network fail over wont work.
What we want to achieve
The Cisco 2901 Direct Connect to be the default AWS route until we have a link issue or alike and dynamically fail over to our VPN via the firewall to AWS. What we are confused is do we advertise these BGP routes within OSPF or should we setup BGP on the Cisco 6500?
I appreciate your time. -
Help required to implement Cisco 2504 WLC and 1042 Access Points
Hi,
My name is Vidya Sagar. I am new to Wireless technology. We are planning to implement Wireless in our office. I have given the requirements below. Kindly go through the details and let me know how to start.
We have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.
I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
Please give me a implementation plan to do this. I would like to use LDAP or ACS for authentication purpose.
Regards,
Vidya SagarLets just do this simple first before you start using ACS as that will require a certificate installed on the ACS for using PEAP.
So first off, the WLC we will say is in vlan 10. When you are going through the startup wizard, make sure you define the vlan tag to 10 on the management interface. Make sure your virtual interface is an IP address that is not routed in your network, like an out of band IP.
Make sure the WLC time is correct or use NTP!!!!
Now you should be able to http or https to the WLC. I would upgrade the code to v7.4 and install the FUS image. Please reference this link for the upgrade procedure. You don't have to upgrade now... I would wait till you get everything working first.
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
Now I would connect the APs on the same vlan as the WLC for now. Make sure there is dhcp on that subnet. Once the APs have joined, then you can move them to any subnet you want. Since you don't have many APs it would be okay to leave them in the same vlan as the WLC management or out them on any other vlan you choose. The APs will be connected to an access port NOT a trunk port!!!!
The WLC will need to be connected on a dot1q trunk port only allowing vlans 10,100,116,121. The 2504 running v7.4 will support LAG (etherchannel). Any ways, your switch port should look like this for example only
Interface gigabit1/0/1
description WLC2504
switch port trunk encapsulation dot1q
switchoort mode trunk
switch trunk allowed vlans 10,100,116,121
spanning-tree portfast trunk
channel-mode group 10 mode on << only for v7.4 if you use lag
Don't connect all four ports right now, just port one!!!!
Your Guest vlan, you will need to create an ACL to block traffic from accessing the internal network. You might want to allow dhcp and DNS bit I would leave it open first until you can verify everything is working.
Now on the WLC you need to create a dynamic interface for vlan 100, 116, and 121. If you click on the Controller tab in the GUI and click on interfaces on the left hand side, that will take you to where you can add/delete/modify your interfaces. When creating these interfaces, make sure you add the dhcp server IP address for the primary and or backup.
Now that you have your dynamic interfaces created, its time I create your SSID. Now click on the WLAN tab on the GUI and click on WLAN and then on the too right select Create New and then click go. Select WLAN on the drop down menu and then for the profile name I would use the SSID name also for simplicity.lean e the WLAN id to 1 for this and 2 for the next and so on. After defining these and clicking Apply you can now define your SSID. On the General tab, enable the status and leave the radio policy to all for now, you can decide later what you want to use. Choose your interface you wan to place this SSID on and enable Broadcast SSID for now and leave everything else alone. Now click on the Security tab and on the layer 2 Security, leave it at WPA + WPA2, only check WPA2 Policy and for WPA2 encryption choose AES only. Now go to the bottom of that screen and choose PSk. We will do pre shared key for now so you get to understand the setup and make sure everything is working first. Now on the PSK format, choose ASCII and put your pre shared key in the input box. Make this simple to for testing. You don't want to put in symbols or anything like that. When you are don with that, check apply on the top right and test.
Now you can repeat this with your other SSIDs just to test. Your guest network you can leave open for now to test open authentication.
Here are some links for the WebAuth feature:
https://supportforums.cisco.com/docs/DOC-13954
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b1a506.shtml
Now if you want to use ACS with PEAP, here is some links for that:
https://supportforums.cisco.com/videos/2499
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
https://www.google.com/url?sa=t&source=web&cd=8&ved=0CFQQtwIwBw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWk_bRdmsQlA&ei=_BEyUeCYM8TdqAHHsICAAw&usg=AFQjCNF8PiVBQK1Kipb4j8AzD153bKtmgA&sig2=smHhNVmCr2of2NzbnDhGmw
Well that is it, hopefully you can get the wireless up for testing and verifying everything works!
Sent from Cisco Technical Support iPhone App -
Limitations associated with Direct Connecting arrays to UCS FIs.
I understand that in order to direct connect an array to UCS, the FIs have to be put into Switch mode(NPIV). But once the FI's are in Switch Mode, is it impossible to attach other SAN switches to the fabric interconnects?
It is my understanding that you could accomplish this because it wouldn't be much different then an extended SAN fabric in which an array's traffic would have to travel through 2 FC switches to arrive at a host. But perhaps I'm missing something.
Thanks in advance.You can have directly attached storage and FC switches at the same time, in fact until recently it was required since UCS did not do zoning.
http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-infrastructure-ucs-manager-software/116082-config-ucs-das-00.html
The questions is whether you really want to do it that way, I think for 95% of deployments, if not more, end host mode is recommended.
If you're already planning to attach FC switches, best to place storage on them.
Have a look at FlexPod (of Vblock) designs. -
Direct Connection between clients using sockets
Hi, I'm a new user and i have a problem with sockets:
The question is how can i directly connect two users that are already connected to a server in other machine???
I mean
user1 is connected to server
user2 is connected to server
user1 tries to communicate with user1 but don't want to use the server, and the server only provides the client1's ip
I first thought to do this:
user2 asks to server for the info of a client1-server waiting for connections, and i think it could work fine, but only if the ports are not closed by firewall, because client-server will be running in a transparent mode for user and user may not know anything about servers, sockets, ports, etc. the user only will work with a gui or something else and that's all
Does anybody know what can i do to make this possible???
PD
Sorry for my bad EnglishIt can be implemented like you said. Make one of the clients open a serversocket and pass the ip and port number through the server to the other client with information on where to connect.
If you're going to use direct connection between clients a lot then I would recommend that every client open a default serversocket at startup and register that information with the server and then every other client can ask the server for the ip and port to whatever client they wish to open a direct connection to.
Be aware that clients often are behind NATs and firewalls, so if need to deal with those issues you got to use hole punching (http://en.wikipedia.org/wiki/hole_punching) - pref on a known port like 80 - and to deal with the less frequently used application firewalls you can use http encapsulation in addition. -
Unable to directly connect WTI CMS-16 to a SG200-26 switch
Hello,
We recently replaced a Netgear 16-port JGS516 gigabit switch with a Cisco SG200-26 switch. When we did, we lost our ability to talk to our WTI CMS-16 (Western Telematics 16-port serial lines). The CMS-16 has a 10Base-T Ethernet, RJ45 connector that provides telnet access to 16 serial ports.
When we put a Netgear DS104 hub in between the CMS-16 and the SG200-26, all is well. Packets flow back and forth and we are able to ping and telnet to the CMS-16 through the hub.
When we directly connect the CMS-16 to the SG200-26 and ping the CMS-16, the "Status & Statistics"->Interface records transmitted packets and "nil" received packets. By "nil" we mean that if we wait long enough the statistics reports an occasional (about once every few minutes) 68-octet Unicast packet was received.
When the CMS-16 is directly connected, the SG200-26 link light is lit. We cannot Administration->Diagnostics->"Copper Test" because the "Copper Test" button is greyed out.
When the CMS-16 is plugged into the Netgear DS104 hub, the CMS-16 port has its 10M LED lit, and the port connected to the SG200-26 has its 100M LED lit.
Our SG200-26 switch is running firmware version 1.1.0.73. We are using a single LVAN ... nothing fancy. The CMS-16 is running firmware version 2.06.
Do we need to configure the port on the SG200-26 in some special way to deal with this legacy CMS-16 device?
chongo (Landon Curt Noll) /\oo/\Hello Dave,
We tried your idea by making the following change on the SG200-26:
Administration -> Port Management -> Port Settings -> 7 -> ((Click Edit))
((unplug the cms-16 from Port 7))
Interface: GE7
Port Description: cms-16
Administrative Status: (*) Up
Reactivate Suspected Port: [x]
Auto Negoation: [ ] Enable
Administrative Port Speed: (*) 10M
Administrative Duplex Mode: (*) Half
MDI/MDIX: (*) Auto
((Click Apply))
((Plug in ithe cms-16 to Port 7))
Unfortunately that did not fix the problem. Namely:
When we directly connect the CMS-16 to the SG200-26 and ping the CMS-16, the "Status & Statistics"->Interface records transmitted packets and "nil" received packets. By "nil" we mean that if we wait long enough the statistics reports an occasional (about once every few minutes) 68-octet Unicast packet was received. We cannot Administration->Diagnostics->"Copper Test" because the "Copper Test" button is greyed out.
When we put a Netgear DS104 Dual-Speed "hub" in between the CMS-16 and the SG200-26, all is well. Packets flow back and forth and we are able to ping and telnet to the CMS-16 through the hub. Now both the CMS-16 port and the port connected to the SG200-26 has both of their 10M LEDs lit. (i.e., the above configuration change DID force the port to operate at 10M).
Are there other parametes we need to change on the SG200-26?
Thanks for your help.
chongo (Landon Curt Noll) /\oo/\
p.s. We have two Network Power Switches, also by the same manufacturer (WTI) and of the same "vintage" (c. 2000) that operate just fine at 10M and Half Duplex. -
Catalyst 3650 as MC with non-directly connected APs
Hello,
I have a Catalyst 3650 operating as a Mobility Controller. I had to change the interfaces on the 3650 that connected to the access points to explicit access ports (switchport mode access). Before that command was configured, the APs sparatically dropped from the controller - now they are fine. I have a few other APs in the building that cannot be directly connected to the 3650, but need to terminate CAPWAP with it. The uplink from another switch (Access Switch 1) to the 3650 is a trunk, and the port from Acccess Switch 1 to the AP is an access port, however I getting the same message in the 3650's logs about it not being an access port and the AP is dropping connection to the MC.
How can I properly terminate CAPWAP from an AP connecting to Access Switch 1 through a trunk to the 3650 operating as a Mobility Controller?
Thankswith the 3850, the AP needs to be directly connected to the switch for it to be able to terminat the CAPWAP tunnel. If your other closet switch is a 3850, you can put it in MA mode, and build the SPG to the MC.
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/deployment_guide_c07-727067.html
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
C220 w/ VIC 1225 directly connected to NAS
Hello, does anyone know if I can directly connect a VIC1225 port to a 10GB port on a NAS system? I would be using a twinax cable to do so. My only concern is that since they are like devices, I could need some sort of twinax crossover cable. Could it be that either the VIC1225 or the NAS 10GB port have auto sensing capabilities to switch the send/receive pair?
Hi Denny,
Please find this document, as this would be useful for troubleshooting.
http://www.cisco.com/en/US/prod/collateral/modules/ps10277/ps12571/data_sheet_c78-708295.html -
Cisco Nexus 3K Layer 3 Connectivity Issue while using Optical SFP
Dear All,
Am facing L3 reachability issue between N3k switched, even in same subnet. Also checked that VLAN is allowed under trunk port.
I can able to see the switch details as CDP neighbour.
We are using SVI, and found all the SVI and Interface protocol status is up/up. So to test I use a host to directly connect N3k with Optical SFP in access port, found failure on reachability, but while replacing with SFP ethernet module instead of SFP optical module reachability is okay.
Please help me to resolve this issue.
Thanks,
Kannan,Hello Amit,
Pls find the following details..
We use SFP-10G-LR Modules on both end, we also replaced and checked with SFP-10G-SR modules as well..
Software
BIOS: version 1.9.0
loader: version N/A
kickstart: version 6.0(2)A1(1b)
system: version 6.0(2)A1(1b)
Power Sequencer Firmware:
Module 1: version v3.1
BIOS compile time: 10/13/2012
kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A1.1b.bin
kickstart compile time: 9/5/2013 14:00:00 [09/05/2013 22:37:16]
system image file is: bootflash:///n3500-uk9.6.0.2.A1.1b.bin
system compile time: 9/5/2013 14:00:00 [09/06/2013 02:25:01]
Hardware
cisco Nexus 3548 Chassis ("48x10GE Supervisor")
Thanks for the reply,and sry for my delayed response..
Maybe you are looking for
-
GL Trial Balance Report with Source Field
Hi All, How can we add Source Column to Trial Balance Report. As this Oracle's Seeded report is developed based on GL_BALANCES Table, how can we add source column to this report? Can anyone suggest on this to add source column to this report? If not
-
Hi, My scenario flow is IDoc -> PI -> ABAP Proxy (ASync). The receiver ECC system is configured to send application acknowledgement back to PI. When the proxy call fails because of any data issues it populates a fault message and the message status i
-
How to run something on shutdown before file systems unmounted
I've been trying to get kexec working with systemd, following the advice on this wiki page: https://wiki.archlinux.org/index.php/Kexec#Systemd Unfortunately, the suggested unit file does not work for me. The problem is that no matter what I do, my /
-
STMS - transports get hung on tp import
Hi There are a number of threads regarding this and I've also looked at OSS note 71353 but so far none have fixed my problem. When I attempt to import to my new development environment, the transports just hang. There are no entries in TRJOB and TRBA
-
Using ABAP memory during IDOC processing
What are implications , issues of using ABAP memory in IDOC processing i.e. let say in inbound FM , I create implicit enhancement and I submit a report and return and pass data to this report via abap memory. What are implications ? Is it recommende