Cisco 3120XG Server's Interface Flapping during reboot ?
hello
my customer reported strange and reproductible issue on C3120 (running latest version) during
reboot of 3120 switch ,network interfaces of servers connected to 3120 are bouncing/Flapping
several times before switch are ready to use.
Server's Bonding reports and failover/failback several times.
I look on documentation I didn't find any configurations/commands can help us to bring up
Switch Servers Interfaces only when C3120 ready to forward traffic
hope to be clear
any informations/Comments Welcomed
JYP
hello
thanks for your reply
unfortunately we already did this test, without success , may be due to some internals
hardware tests or auto configuration default parameters ?
but I didn't successful get informations yet
thanks
JYP
Similar Messages
-
Cisco Prime Configuration Archive on Interface Flap
Hey All,
We've been using Cisco Prime 2.1 for a bit now and I have a question about the configuration archive based on change events. Will Cisco Prime go and attempt to perform a config backup based on an interface flap? Looking at the audit logs it appears that it does that (see attachment). Is this a default behavior and does anyone see any benefit to this? It seems like if an interface is flapping it will continuously log into the device to see if the configuration has changed.
BrianHi Brian,
I don't think configuration achieve can be triggered due to interface flap ,however if there is any change in the configuration yes PI can do the config Archive
Go to Administration > System Settings > Configuration Archive
Archive Configuration on receiving configuration change events? Check box this option
Thanks-
Afroz
***Ratings Encourages Contributors ***** -
Sun v880 server thrown messages during reboot
he server is connected with three application server works as v480 also shown the same error, in the last error messsage we are geting ar 5 17:37:50 gtcerp1 scsi: [ID 107833 kern.notice] Requested Block: 677 Error Block: 677
Mar 5 17:37:50 gtcerp1 scsi: [ID 107833 kern.notice] Vendor: HP Serial Number: 9 $DR-1
Mar 5 17:37:50 gtcerp1 scsi: [ID 107833 kern.notice] Sense Key: Media Error
Mar 5 17:37:50 gtcerp1 scsi: [ID 107833 kern.notice] ASC: 0x11 (unrecovered read error), ASCQ: 0x0, FRU:
presently system is running fne, no console message, but why this throw so many messages during reboot.
Mar 4 07:42:24 gtcerp1 tictimed[1224]: [ID 423602 user.error] [tictimed]: stopping on SIGTERM or SIGPWR.
Mar 4 07:42:24 gtcerp1 tictimed[1224]: [ID 423602 user.error] [tictimed]: stopping on SIGTERM or SIGPWR.
Mar 4 07:42:34 gtcerp1 syslogd: going down on signal 15
Mar 4 07:44:13 gtcerp1 genunix: [ID 540533 kern.notice] ^MSunOS Release 5.9 Version Generic_118558-03 64-bit
Mar 4 07:44:24 gtcerp1 luxadm[64]: [ID 972850 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@3/fp@0,0:fc::216000c0ff07a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
Mar 4 07:44:24 gtcerp1 luxadm[64]: [ID 650835 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@3/fp@0,0:fc::256000c0ffc7a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
Mar 4 07:44:13 gtcerp1 genunix: [ID 943905 kern.notice] Copyright 1983-2003 Sun Microsystems, Inc. All rights reserved.
Mar 4 07:44:24 gtcerp1 luxadm[64]: [ID 733177 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@4/fp@0,0:fc::226000c0ffa7a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
Mar 4 07:44:13 gtcerp1 Use is subject to license terms.
Mar 4 10:37:22 gtcerp1 luxadm[64]: [ID 972850 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@3/fp@0,0:fc::216000c0ff07a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
Mar 4 07:44:13 gtcerp1 genunix: [ID 678236 kern.info] Ethernet address = 0:3:ba:4d:d0:98
Mar 4 10:37:22 gtcerp1 luxadm[64]: [ID 650835 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@3/fp@0,0:fc::256000c0ffc7a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
Mar 4 07:44:13 gtcerp1 unix: [ID 389951 kern.info] mem = 16777216K (0x400000000)
Mar 4 10:37:22 gtcerp1 luxadm[64]: [ID 733177 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@4/fp@0,0:fc::226000c0ffa7a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
Mar 4 07:44:13 gtcerp1 unix: [ID 930857 kern.info] avail mem = 16490520576
Mar 4 07:44:13 gtcerp1 rootnex: [ID 466748 kern.info] root nexus = Sun Fire 880
Mar 4 07:44:13 gtcerp1 mpxio: [ID 181378 kern.info] /scsi_vhci (scsi_vhci0) multipath capabilities enabled.
Mar 4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] scsi_vhci0 at root
Mar 4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] scsi_vhci0 is /scsi_vhci
Mar 4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] pcisch0 at root: SAFARI 0x8 0x700000
Mar 4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] pcisch0 is /pci@8,700000
Mar 4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] pcisch1 at root: SAFARI 0x8 0x600000
Mar 4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] pcisch1 is /pci@8,600000
Mar 4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] pcisch2 at root: SAFARI 0x9 0x700000
Mar 4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] pcisch2 is /pci@9,700000
Mar 4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] pcisch3 at root: SAFARI 0x9 0x600000
Mar 4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] pcisch3 is /pci@9,600000
Mar 4 07:44:13 gtcerp1 qlc: [ID 171021 kern.info] Qlogic FCA Driver v20040825-1.40 (0)
Mar 4 07:44:13 gtcerp1 qlc: [ID 637753 kern.info] NOTICE: qlc(0): Firmware version 2.1.140
Mar 4 07:44:14 gtcerp1 qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(0): Loop ONLINE
Mar 4 07:44:14 gtcerp1 pcisch: [ID 370704 kern.info] PCI-device: SUNW,qlc@2, qlc0
Mar 4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] qlc0 is /pci@8,600000/SUNW,qlc@2
Mar 4 07:44:14 gtcerp1 qlc: [ID 171021 kern.info] Qlogic FCA Driver v20040825-1.40 (1)
Mar 4 07:44:14 gtcerp1 qlc: [ID 637753 kern.info] NOTICE: qlc(1): Firmware version 3.2.110
Mar 4 07:44:14 gtcerp1 qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(1): Loop OFFLINE
Mar 4 07:44:14 gtcerp1 pcisch: [ID 370704 kern.info] PCI-device: SUNW,qlc@3, qlc1
Mar 4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] qlc1 is /pci@9,700000/SUNW,qlc@3
Mar 4 07:44:14 gtcerp1 qlc: [ID 171021 kern.info] Qlogic FCA Driver v20040825-1.40 (2)
Mar 4 07:44:14 gtcerp1 qlc: [ID 637753 kern.info] NOTICE: qlc(2): Firmware version 3.2.110
Mar 4 07:44:14 gtcerp1 qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(2): Loop OFFLINE
Mar 4 07:44:14 gtcerp1 pcisch: [ID 370704 kern.info] PCI-device: SUNW,qlc@4, qlc2
Mar 4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] qlc2 is /pci@9,700000/SUNW,qlc@4
Mar 4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] fp0 is /pci@8,600000/SUNW,qlc@2/fp@0,0
Mar 4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] fp1 is /pci@9,700000/SUNW,qlc@3/fp@0,0
Mar 4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] fp2 is /pci@9,700000/SUNW,qlc@4/fp@0,0
Mar 4 07:44:14 gtcerp1 qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(2): Loop ONLINE
Mar 4 07:44:15 gtcerp1 scsi: [ID 799468 kern.info] ssd1 at fp0: name w2100000c507a995e,0, bus address e8
Mar 4 07:44:15 gtcerp1 genunix: [ID 936769 kern.info] ssd1 is /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100000c507a995e,0
Mar 4 07:44:15 gtcerp1 scsi: [ID 799468 kern.info] ssd0 at fp0: name w210000008715a66e,0, bus address ef
Mar 4 07:44:15 gtcerp1 genunix: [ID 936769 kern.info] ssd0 is /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w210000008715a66e,0
Mar 4 07:44:15 gtcerp1 scsi: [ID 799468 kern.info] ssd22 at fp0: name w2100000c5080e94e,0, bus address e4
Mar 4 07:44:15 gtcerp1 genunix: [ID 936769 kern.info] ssd22 is /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100000c5080e94e,0
Mar 4 07:44:15 gtcerp1 scsi: [ID 799468 kern.info] ssd33 at scsi_vhci0: name g600c0ff00000000007a6ca587d8cff00, bus address g600c0ff00000000007a6ca587d8cff00
Mar 4 07:44:15 gtcerp1 genunix: [ID 936769 kern.info] ssd33 is /scsi_vhci/ssd@g600c0ff00000000007a6ca587d8cff00.Errors?
I don't see anything that a good call to Oracle Technical Support can't fix.
Go use your service contract and open a Support Request (SR).
Else wipe the system and resinstsall everything fresh.
While you are at it, you should patch your Solaris 9 system with the newest full bundle you can get.
SunOS Release 5.9 Version Generic_118558-03That system is about a decade under-patched.
That suggests a deliberate lack of continual maintenance. -
Why does the sensing interface flap or frequently go to the down state in IDS ?
Hi all,
this is the answer I found in Cisco website, but according to this, I didnot make any updates or any configuration changes, but stilll my sensing interface is going down. I'm not even getting the error messages which they have mentioned at the end.
Ans: During a signature update and reconfigurations, sensorApp stops to process packets as it processes the new signatures in the update. The network driver detects that sensorApp has stopped and pulls any new packets from the buffer. So the network driver does different things, which depends on the configuration and sensor model:
Promiscuous Interface—It brings the link down on the interfaces, and brings the link back up once sensorApp starts to monitor again.
Inline Interface or Inline Vlan Pair—It depends on the Bypass setting:
Bypass Auto—The driver keeps the link up and begins to pass packets through without analysis. It then reverts back to sending the packets through sensorApp once sensorApp starts to monitor again.
Bypass Off—The driver brings the link down on the interfaces, which is the same as in promiscuous mode, and brings them back up once sensorApp starts to monitor again.
So, if sensor app does not pull packets from the buffer, which possibly occurs because there is no interface configured to process packets, then the driver can put the interface in a down state.
These logs are seen when the sensing interface flaps:
28Jun2011 09:03:09.483 6050.885 interface[409] Cid/W errWarning Inline databypass has started. 28Jun2011 09:03:13.639 4.156 interface[409] Cid/W errWarning Inline databypass has stopped. 28Jun2011 09:19:23.922 970.283 interface[409] Cid/W errWarning Inline databypass has started. 28Jun2011 09:19:27.486 3.564 interface[409] Cid/W errWarning Inline databypass has stopped.It is possible you are overloading that little 4215. If that is the case you should also be seeing "missed packet percentage" messages in your events.
How much traffic is your 4215 getting? Those sensors will start to drop packets for inspection at about 30 Mb/s.
- Bob -
How to set two radius servers one is window NPS another is cisco radius server
how to set two radius servers one is window NPS another is cisco radius server
when i try the following command, once window priority is first , i type cisco radius user name, it authenticated fail
i can not use both at the same time
radius-server host 192.168.1.3 is window NPS
radius-server host 192.168.1.1 is cisco radius
http://blog.skufel.net/2012/06/how-to-integrating-cisco-devices-access-with-microsoft-npsradius/
conf t
no aaa authentication login default line
no aaa authentication login local group radius
no aaa authorization exec default group radius if-authenticated
no aaa authorization network default group radius
no aaa accounting connection default start-stop group radius
aaa new-model
aaa group server radius IAS
server 192.168.1.1 auth-port 1812 acct-port 1813
server 192.168.1.3 auth-port 1812 acct-port 1813
aaa authentication login userAuthentication local group IAS
aaa authorization exec userAuthorization local group IAS if-authenticated
aaa authorization network userAuthorization local group IAS
aaa accounting exec default start-stop group IAS
aaa accounting system default start-stop group IAS
aaa session-id common
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
radius-server host 192.168.1.2 auth-port 1812 acct-port 1813
radius-server host 192.168.1.3 auth-port 1645 acct-port 1646
radius-server host 192.168.1.3 auth-port 1812 acct-port 1813
privilege exec level 1 show config
ip radius source-interface Gi0/1
line vty 0 4
authorization exec userAuthorization
login authentication userAuthentication
transport input telnet
line vty 5 15
authorization exec userAuthorization
login authentication userAuthentication
transport input telnet
end
conf t
aaa group server radius IAS
server 192.168.1.3 auth-port 1812 acct-port 1813
server 192.168.1.1 auth-port 1812 acct-port 1813
endThe first AAA server listed in your config will always be used unless/until it becomes unavailable. At that point the NAD would move down to the next AAA server defined on the list and use that one until it becomes unavailable and then move to third one, and so on.
If you want to use two AAA servers at the same time then you will need to put a load balancer in front of them. Then the virtual IP (vip) will be listed in the NADs vs the individual AAA servers' IPs.
I hope this helps!
Thank you for rating helpful posts! -
Interface flapping and always shows up/up even other side is shutdown
Hi, there, I have a interface flapping issue in my network. 2 Cat3560 is connected through 2 trunk port configured with port-channel. When I shutdown one of port in Vlan100, other 2 ports in the same vlan will flap going up and down and OSPF will lose the neighbor. One thing I notice that is when I shutdown the switch port, on the other side of router, the L1-L2 is still up/up. I think it should be up/down. I have a keepalive setting on the router interface to 1800. Any body can give me some hints here to troubleshoot?
Here is the switch configs.
Building configuration...
no service pad
ip subnet-zero
ip routing
no ip domain-lookup
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 100,200,300,400,600,700
switchport mode trunk
interface GigabitEthernet0/1
switchport access vlan 600
speed 100
duplex full
interface GigabitEthernet0/2
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/3
switchport access vlan 600
speed 100
duplex full
interface GigabitEthernet0/4
switchport access vlan 700
speed 100
duplex full
interface GigabitEthernet0/5
switchport access vlan 700
speed 100
duplex full
interface GigabitEthernet0/6
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/7
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/8
switchport access vlan 100
interface GigabitEthernet0/9
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/10
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/11
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/12
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/13
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/14
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/15
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/16
switchport access vlan 100
speed 100
duplex full
interface GigabitEthernet0/17
speed 100
duplex full
interface GigabitEthernet0/27
switchport access vlan 400
interface GigabitEthernet0/28
switchport access vlan 400
interface GigabitEthernet0/29
switchport access vlan 400
interface GigabitEthernet0/30
switchport access vlan 200
interface GigabitEthernet0/31
switchport access vlan 200
interface GigabitEthernet0/45
switchport access vlan 500
speed 100
duplex full
interface GigabitEthernet0/46
switchport access vlan 500
speed 100
duplex full
interface GigabitEthernet0/47
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 100,200,300,400,600,700
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet0/48
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 100,200,300,400,600,700
switchport mode trunk
channel-group 1 mode on
interface Vlan1
no ip address
shutdown
interface Vlan100
ip address 192.168.40.11 255.255.252.0
no ip redirects
no ip proxy-arp
standby 1 ip 192.168.40.1
standby 1 priority 110
standby 1 preempt
standby 1 track Vlan600 20
interface Vlan200
no ip address
interface Vlan600
ip address 192.168.35.1 255.255.255.0
router ospf 7
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
ip classless
=====================
When I shutdown interface gig 0/2, interface gig0/3 and gig0/4 will go down as well and come back online after a while.
Thanks for your help.Your question is really missing a BUNCH of details, but I will take a stab at it:
1) Why on earth do you have a keepalive set to 1800 seconds on the router?
2) Your discussion and config above only talks about qty 2 c3560 switches. Where is the router in this topology?
3) You are going against several Cisco best practices here with your trunk ports:
a) I would never config a port-channel as mode 'on' because the switches will ignore any errors on the ports that would not keep the channel stable because you have configured them to hard set on. ALWAYS set the port channel to mode 'desirable silent'. The config needs to match on both ends of the link.
b) I would never config a port as a trunk mode 'on' without also running UDLD. It appears that your 2-port port-channel trunk above is using copper ports. You MUST enable UDLD on the copper gigabit ports manually (UDLD is enable by default on fiber gigabit ports). You may need to 'udld enable' globally on the switch depending on the IOS version. Obviously, as above, the same config needs to be done on both switches.
4) The log message that you get when you say ports g0/3 and g0/4 go down, is that for just VLAN 100 or are they line-protocol messages?
5) When port g0/2 goes down, are there any other ports in VLAN 100 still up?
6) What are the results of the following commands:
show int g0/3 switchport
show spanning-tree summary
show spanning-tree int po1
show spanning-tree int g0/2
show spanning-tree int g0/3
show spanning-tree int g0/4
show spanning-tree vlan 100
show spanning-tree vlan 600
show int status
show etherchannel summary
show etherchannel detail
show int trunk mod 0
Post more details and I'll try to help... -
WLC "radius server overwrite interface" setting
Hello
I'm looking at using "radius server overwrite interface" on a WLAN as a replacement for Called-Station-ID for Radius to match on SSID.
When I enable "radius server overwrite interface" on a WLAN and join a client to the SSID I can see (via packet capture) that the WLC is correctly sourcing the Radius packets with the WLAN's "dynamic" interface IP Address. The problem is that the Radius server doesn't repond to these requests. Radius is configured with rules to match the new IP address but I see nothing (pass or fail) in the logs.
Interestingly, the packet captures shows the correct NAS IP address (the WLAN interface IP Address) but always shows the WLC hostname as NAS-ID (regardless of NAS-ID settings on the WLAN or WLAN interface)
I've tried WLC software 7.4.110.0, 7.4.121.0 and 7.6.100.0 with the same results but Radius never responds. Radius is Cisco ACS 5.5.0.46. Any ideas as to why this is happening?
Thanks
AndyHi Scott
installed ACS 5.4 0.46.6 and I still have the same problem - ACS doesn't respond to request from WLC when "radius server overwrite interface" is enabled on WLAN and nothing appears in the logs. With "radius server overwrite interface" disabled on the WLAN, authentication is a success and I can see this in the logs.
I had a look a the packet captures I took earlier and the attributes in the Access-Request look ok - the only attribute I wasn't sure about was Message-Authenticator. Found this ietf document http://www.ietf.org/rfc/rfc2869.txt which mentions "silent discards" of Radius packets with non existent or incorrect Message-Authenticator attributes. I'm not sure if this is what I'm seeing on ACS when it receives the "radius server overwrite interface" Access-Request packets. ACS is under contract so I will contact TAC about this.
Mt production ACS cluster was upgraded from latest version of 5.3 to 5.5 with no loss of historic logs (logging after upgrade worked fine also). The upgrade did take a while with the log-collector. When it had completed I checked the Data Upgrade Status under Monitoring configuration and it showed that the upgrade was successful.
Thanks for your help with this.
Cheers
Andy -
Flexconnect Radius Server Overwrite interface Question
Hello All,
Can someone confirm/comment on the following:
In a flexconnect scenario, for site 1, i would like to source the radius requests to a remote radius (at the flexconnect site 1). as i can understand i need to enable the RAdius Server Overwrite interface option. Is that all?
Also, for flexconnect sites X this can also be done per WLAN X configuration.
Is this correct?
ThanksHi pana,
Answers below :
Meaning that, even if i configure the Flexconnect groups with local authentication, then how does the Flexconnect ap reach the local radius?
When you are working with local authentication, the AP will communicate with the local RADIUS Server using the local routing in the branch office without the 802.1X traffic being sending to the WLC......the AP will communicate directly to the local radius server using it IP address and the local routing. (This communication is transparent if you see from the WLC because the WLC will not intermediate the authentication between the client and RADIUS, who will intermediate is the AP. The WLC will receive informations when the AP is in connected mode about the client and the authentication method and etc after the user was authenticated).
Example :
RADIUS SERVER
WLC ----SWITCH L3------ROUTER----(MPLS Link)-----ROUTER---SWITCH L3---AP
The WLC continues managing the Access Point but will not"talk" to the RADIUS Server, who will "talk" to the RADIUS Server is the AP in the branch office using the SWITCH L3 (Asumming that you have the RADIUS in one network and the AP in another network in the same branch office)
Understand now ?
As i can understand, in a local switching/local authentication scenario the Flexconnect ap can only map a WLAN to local VLAN( route-able network on the remote site) that serves for the users-data plane. Then in conjunction with the radius server override option, how can this FlexconnectAP send requests to the local radius? I can only suppose that it will do so using the users locally mapped VLAN/WLAN but i cant reference this anywhere.
The AP will only send the requests do the local radius only if you configure the FlexConnect Local Auth and FlexConnect Group. Enabling this option the AP will use it IP Address to communicate with RADIUS without the WLC intermedianting this communication.
Without the FlexConnect Local Auth enable in the WLAN the AP will continue directing the 802.1X requests to the WLC and the WLC will send to the RADIUS Server and in this situation if you enabled the radius overwrite interface the WLC will try to reach the RADIUS Server using the WLAN interface and not the management the interface. (You do not need the radius overwrite interface option to work with Local Auth if you want to use the AP as a Authenticatior, you only use this interface if you want that the WLC with central authentication direct the 802.1X authentications to the RADIUS)
One information about the VLAN/WLAN is really mapped statically but you can manipulate it using the RADIUS Atrributes, changing the VLANs from the USERs based in the AD Group and after the authentication. It can work in local auth scenario or central auth scenario.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch7_HREA.html#pgfId-1103070
I hope it helps and if not helps i think i am not understanding the real question. -
Cisco isr 819 cellular interface...
my cisco isr 819 constantly cycles between the gigabyte interface and the cellular...? _i have the device configured for auto failover with the gigabyte interface being the primary and the cellular as backup. _i used Cisco Configuration Pro to configure the router. _i have attached the router config for expert evaluation.....thanks in advance.
Yes you are correct Cinthia, it is the NAT and depending on which external interface i configure first with NAT, that's the only interface providing NAT to out going packets.
What i hope to achieve with my C819HG ISR router is provide the G0 interface as primary internet access. If that access goes down i want the Cellular0 interface to come up and provide a path to the internet. When the G0 access is restored i want the Cellular0 interface to go back to standby.
here is my config.....
! Last configuration change at 14:30:15 Chicago Thu Feb 19 2015 by ADMIN
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname rtr-cisco
boot-start-marker
boot-end-marker
aqm-register-fnf
no aaa new-model
clock timezone Chicago -6 0
clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-3083563774
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3083563774
revocation-check none
rsakeypair TP-self-signed-3083563774
crypto pki certificate chain TP-self-signed-3083563774
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303833 35363337 3734301E 170D3135 30323133 32313035
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30383335
36333737 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AB4C 2DA1C3C3 CABBB054 765A1E14 A7BA0347 AFFD1913 B04113DD A21D7CEB
F09F6572 5BF58323 586BEF24 929003D4 4CAD8864 A00FF40A A59A9969 C12615A0
1DFE5527 BA6E2C27 33F75615 A36DA242 42862F33 D2823AA3 B838AA3B C938930A
6D48BD79 11BD9CF5 8B7BEBC8 8C6D9D34 6E5415EB A3CFF3C7 E48F20C4 B18B15FE
38BD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14B5AEAA D7E9FEF2 3A4FF79D 4251425F EF9F28DC 61301D06
03551D0E 04160414 B5AEAAD7 E9FEF23A 4FF79D42 51425FEF 9F28DC61 300D0609
2A864886 F70D0101 05050003 81810039 C6D2590C 0741F53E 62E6E7CE 62534CF9
3A8A6C79 BECBACD7 AF73FA4C 8ED5C059 58A7B08C FBCE2ED0 66196250 20C570AC
8D802A6B 5E33FFD7 580BBC4C 7C442C42 0F77E3FD F465B724 69D29CFF 19F59635
D55A9E71 290CE668 B2C74CA1 ED641A2E 714BC06F 17CE9E44 B998945A C1733318
BFDA96CD 9D66ACA7 B1D79229 8A1322
quit
ip dhcp excluded-address 172.17.37.1 172.17.37.9
ip dhcp excluded-address 172.17.37.16 172.17.37.254
ip dhcp pool ciscoPool
import all
network 172.17.37.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 172.17.37.1
ip domain name sr.nwris.noaa.gov
ip cef
no ipv6 cef
multilink bundle-name authenticated
chat-script lte "" "AT!CALL1" TIMEOUT 20 "OK"
license udi pid C819HG-4G-V-K9 sn FTX181583HV
username ADMIN privilege 15 secret 4 wYSo2PORqoebHxp3dazS6tzNpgOc5RQBMmrsFZ5l6jE
controller Cellular 0
track 1 ip sla 1 reachability
ip ssh version 2
ip scp server enable
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
async mode interactive
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface GigabitEthernet0
description $ETH-WAN$
ip address dhcp client-id GigabitEthernet0 hostname rtr-wxk37
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface Serial0
no ip address
shutdown
clock rate 2000000
interface Vlan1
ip address 172.17.37.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip local policy route-map track-primary-if
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Cellular0 overload
ip nat inside source list 2 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 track 1
ip route 0.0.0.0 0.0.0.0 Cellular0 253
ip sla auto discovery
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0
ip sla schedule 1 life forever start-time now
dialer-list 1 protocol ip permit
route-map track-primary-if permit 1
match ip address 100
set interface GigabitEthernet0
route-map source permit 10
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.17.37.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 172.17.37.0 0.0.0.255
access-list 100 remark CCP_ACL Category=0
access-list 100 permit icmp any host 8.8.8.8
control-plane
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
mgcp profile default
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
script dialer lte
modem InOut
no exec
transport input all
rxspeed 100000000
txspeed 50000000
line vty 0 4
login local
transport input ssh
scheduler allocate 20000 1000
ntp update-calendar
ntp server 24.56.178.140 source GigabitEthernet0
ntp server 129.6.15.28 prefer source GigabitEthernet0
ntp server 132.163.4.102 source Cellular0
end -
Cisco MCS Server 7825 front side LED status..?
Hi,
Please provide me the details of Cisco MCS server 7825 front side LED status. Because i our server one LED status showing AMBER. i know about the status of two led one is for HDD one is for Ethernet and please tell me about the third one.
Regards,
Deepak SambyalSteve - if the servers are showing blank screen on monitor connected to console, it appears they are not even initialising the POST process. It could be due to a faulty component - could be CPU, RAM, motherboard..anything....
Generally with this kind of issues, you try to isolate faulty hardware, by rebooting without any component and see if it reaches POST. I would suggest open a case with TAC and I hope the servers have active maintenance.
On another note try changing the monitor cable etc. to rule out any issue with any cable or monitor (which i doubt would be the case) just to make sure and then try a reboot and see if you see anything on screen.
-Terry -
Hello! Help me please!
Im perform installation Cisco NAC Server 3315 ver. 4.8(2) but after that I cann't connect to Server by https - HTTP 403 Forbidden. And I can connect to NAC Server by ssh.
What could be the reason?While rebooting , i am getting this:
Starting nc_drivers: /dev/nfastpci0
[ OK ]
Starting nc_hardserver: waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
nCipher server did not start; see /opt/nfast/log/hardserver.log
[FAILED]
Starting sshd:WARNING: initlog is deprecated and will be removed in a future release
key_load_private_pem: RSA_blinding_on failed
Could not load host key: /root/.perfigo/sec/tomcat.key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
[FAILED]
Starting xinetd: [ OK ]
Starting console mouse services: [ OK ]
Starting nessusd: Loading the Nessus plugins...
All plugins loaded
[ OK ]
Starting crond: [ OK ]
Starting anacron: [ OK ]
Starting atd: [ OK ]
Starting jexec: Starting jexec services[ OK ]
Starting Ncipher services
-- Running startup script 45drivers
-- Running startup script 46exard
-- Running startup script 50hardserver
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
nCipher server did not start; see /opt/nfast/log/hardserver.log
Starting perfigo: click: starting router thread pid 2092 (f7b7d340)
Failed execute command : CONNECTFORCE, Error : Connection refused
BaseAgent process reconnecting...
Failed execute command : ACTIVE, Error : Connection refused
BaseAgent executes [ACTIVE] ...
Link Detect Manager only operates when HA is enabled.
NFastApp_Connect failed: ServerNotRunning
And then in the hardserver log I am getting nCipher card not in operational mode. Please change the settings on the card.
How to resolve the issue.
Thanks
Shalvi Yadav -
MARS Incident not triggered on interface flap
Hi,
MARS did not triggered an incident when interface flapped. I can see the event in raw messages. I have checked following rule, the count settings for this rule is set to 5, so this is getting triggered when interface flaps 5 times. Its not possible to modify the count settings.
SystemRule: State Change: Network Device
Event: OperationalStatusChange/CiscoIOS
Is there any other way so that an incident is triggered if an interface flaps once, or I have to configure a custom rule for this ?
Regards,
AkhtarYou can select the rule and then click on edit to change the count. My preference is to leave the Cisco supplied rules as they are. In this case, click on duplicate instead of edit and a copy will be made. At the top, change the group to "user rules" and you will see your copy. You can then select and edit this and change the parameters as you wish to have them. Once in the edit, click on the value to change (eg: the "5" under "count") and you can configure as required. Pay attention to the "time range" to be sure that you are getting the quantity of alerts you want. Bear in mind that for IOS there are a number of messages for each down/up fluctuation. You might want to add a qualifier in the "keyword" field (freeform text of the message) to qualify the exact message.
Matthew -
HTTP server code 500 reason Internal Server Error explanation Error during
Hi,
I am trying to connect to SAP TM (Tranportation Management) System using HTTP adapter using PI 7.0.The scenario is
ECC ->PI->SAP TM. I have configured HTTP adapter as the receiver with addressing type as HTTP Destination. I have created a RFC destination of type H pointing to SAP TM on PI. I have encountered the following error after executing the scenario.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <!-- Call Adapter
-->
- <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="">
<SAP:Category>XIAdapter</SAP:Category>
<SAP:Code area="PLAINHTTP_ADAPTER">ATTRIBUTE_SERVER</SAP:Code>
<SAP:P1>500</SAP:P1>
<SAP:P2>Internal Server Error</SAP:P2>
<SAP:P3>Error during parsing of SOAP header</SAP:P3>
<SAP:P4 />
<SAP:AdditionalText />
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack>HTTP server code 500 reason Internal Server Error explanation Error during parsing of SOAP header</SAP:Stack>
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
Thanks,
KiranError during parsing of SOAP header
Can you mention what are the settings done in Receiver HTTP channel.....the request that you send to target is not in proper format.
One reason could be incorrect Content Type.....is it text/XML ?
Regards,
Abhishek. -
How setup SPA525 vpn client?How configuration Cisco VPN server?
Hi all,
How setup SPA525 vpn?
How configuration Cisco VPN server for SPA525?
Regards
JohnHi John,
Do you want to setup the SPA525 on the UC300? If so the UC300 does not support any VPN or remote users. If you need configuration help with the UC5XX just let me know.
Thank you,
Jason Nickle -
I am doing a small project on dedicated web client where in user automatically logs in non-root user and Firefox automatically starts.
I am using Fedora 14 kernel 2.6.35.12-88.fc14.i686 and Firefox 3.6.16.
I have installed only Gnome in my computer with no Nautilus or other file browser on it.
I want to edit properties of the interface windows opened while "Open File", "Save Page As" and interface opened during Downloading of any file.
Please guide me for this.First, I sent an email to the author of PhotoME to inform him of the serious issues his addon caused with Firefox latest versions.
Now, for those of you who do not have the PhotoME addon and yet experience the same problem that I had and that I described above, I suggest the following strategy.
As PhotoME did cause these problems with Firefox latest versions, I am pretty covinved other addons probably might cause these problems too. Therefore, adopt the following method.
Test one addon at a time to see if this particular addon is behind your Firefox issues like the ones I had.
So, disable one addon only at a time. Then close your Firefox and restart it from scratch and see if you still have your Firefox problems. You must restart the Firefox browser from scratch. If you still have these Firefox problems, re-enable the disabled addon, restart your Firefox (again!) and repeat the same method for every single addon that you have.
Try to be selective by choosing first addons that are more likely to cause your Firefox problems such as not very well-known or not very popular addons (like it was the case for the PhotoME addon).
If this method works or if it does not work, report it on this web page so that others can be helped with your comments.
I hope this method will help you because I was really upset that I had these Firefox problems and I first thought it was the fault of Firefox, only to discover later that this PhotoME addon was the culprit and had caused me such upset.
Maybe you are looking for
-
[SD] Third party with Ship-to different to Sold-to
Dear all, >> In sales order third-party, I change the partner Ship-to different to Sold-to. When making good receipts for the relavant Purchase order (created for this sales order), the system outputs the Error Message no. KE396: Inconsistency betwee
-
TS1470 i keep getting -23 error when trying to download from my iphone4
keep trying to upgrade my iphone 4 after sync. keep getting -23 error. whats next?
-
Dears, I want to configurate guest portal(Central Web authentication) for wireless client on Cisco ISE. I confuse that: Must i configure redirect ACL in switch? If yes which access-group or which interface i applied this redirect ACL? I read that m
-
hi I lost my adobe photoshop cd and I need the cs3 link to download it to my new computer. can you please help? thanks
-
How do I get my imovie to have a black screen when not running instead of a picture
I have an imovie I produced myself, but when it is static the picture is of me and it is aweful. I want to know how I eather creatye a blank screen for the movie when in standby, or can I add a different still image to the front to remove my ugly mug