Cisco 3120XG Server's Interface Flapping during reboot ?

hello
my customer reported strange and reproductible issue on C3120 (running latest version) during
reboot of 3120 switch ,network interfaces of servers connected to 3120 are bouncing/Flapping
several times before switch are ready to use.
Server's Bonding reports and failover/failback several times.
I look on documentation I didn't find any configurations/commands can help us to bring up
Switch Servers Interfaces only when C3120 ready to forward traffic
hope to be clear
any informations/Comments Welcomed
JYP

hello
thanks for your reply
unfortunately we already did this test, without success , may be due to some internals
hardware tests or auto configuration default parameters ?
but I didn't successful get informations yet
thanks
JYP

Similar Messages

  • Cisco Prime Configuration Archive on Interface Flap

    Hey All,
    We've been using Cisco Prime 2.1 for a bit now and I have a question about the configuration archive based on change events.  Will Cisco Prime go and attempt to perform a config backup based on an interface flap?  Looking at the audit logs it appears that it does that (see attachment).  Is this a default behavior and does anyone see any benefit to this?  It seems like if an interface is flapping it will continuously log into the device to see if the configuration has changed.
    Brian

    Hi Brian,
    I don't think configuration achieve can be triggered due to interface flap ,however if there is any change in the configuration yes PI can do the config Archive
    Go to Administration > System Settings > Configuration Archive
    Archive Configuration on receiving configuration change events?    Check box this option
    Thanks-
    Afroz
    ***Ratings Encourages Contributors *****

  • Sun v880 server thrown messages during reboot

    he server is connected with three application server works as v480 also shown the same error, in the last error messsage we are geting ar 5 17:37:50 gtcerp1 scsi: [ID 107833 kern.notice]      Requested Block: 677 Error Block: 677
    Mar 5 17:37:50 gtcerp1 scsi: [ID 107833 kern.notice]      Vendor: HP Serial Number: 9 $DR-1
    Mar 5 17:37:50 gtcerp1 scsi: [ID 107833 kern.notice]      Sense Key: Media Error
    Mar 5 17:37:50 gtcerp1 scsi: [ID 107833 kern.notice]      ASC: 0x11 (unrecovered read error), ASCQ: 0x0, FRU:
    presently system is running fne, no console message, but why this throw so many messages during reboot.
    Mar  4 07:42:24 gtcerp1 tictimed[1224]: [ID 423602 user.error] [tictimed]: stopping on SIGTERM or SIGPWR.
    Mar  4 07:42:24 gtcerp1 tictimed[1224]: [ID 423602 user.error] [tictimed]: stopping on SIGTERM or SIGPWR.
    Mar  4 07:42:34 gtcerp1 syslogd: going down on signal 15
    Mar  4 07:44:13 gtcerp1 genunix: [ID 540533 kern.notice] ^MSunOS Release 5.9 Version Generic_118558-03 64-bit
    Mar  4 07:44:24 gtcerp1 luxadm[64]: [ID 972850 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@3/fp@0,0:fc::216000c0ff07a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
    Mar  4 07:44:24 gtcerp1 luxadm[64]: [ID 650835 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@3/fp@0,0:fc::256000c0ffc7a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
    Mar  4 07:44:13 gtcerp1 genunix: [ID 943905 kern.notice] Copyright 1983-2003 Sun Microsystems, Inc.  All rights reserved.
    Mar  4 07:44:24 gtcerp1 luxadm[64]: [ID 733177 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@4/fp@0,0:fc::226000c0ffa7a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
    Mar  4 07:44:13 gtcerp1 Use is subject to license terms.
    Mar  4 10:37:22 gtcerp1 luxadm[64]: [ID 972850 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@3/fp@0,0:fc::216000c0ff07a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
    Mar  4 07:44:13 gtcerp1 genunix: [ID 678236 kern.info] Ethernet address = 0:3:ba:4d:d0:98
    Mar  4 10:37:22 gtcerp1 luxadm[64]: [ID 650835 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@3/fp@0,0:fc::256000c0ffc7a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
    Mar  4 07:44:13 gtcerp1 unix: [ID 389951 kern.info] mem = 16777216K (0x400000000)
    Mar  4 10:37:22 gtcerp1 luxadm[64]: [ID 733177 user.error] ID[luxadm.create_fabric_device.2316] configuration failed for line (/devices/pci@9,700000/SUNW,qlc@4/fp@0,0:fc::226000c0ffa7a6ca) in file: /etc/cfg/fp/fabric_WWN_map.old. I/O error
    Mar  4 07:44:13 gtcerp1 unix: [ID 930857 kern.info] avail mem = 16490520576
    Mar  4 07:44:13 gtcerp1 rootnex: [ID 466748 kern.info] root nexus = Sun Fire 880
    Mar  4 07:44:13 gtcerp1 mpxio: [ID 181378 kern.info] /scsi_vhci (scsi_vhci0) multipath capabilities enabled.
    Mar  4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] scsi_vhci0 at root
    Mar  4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] scsi_vhci0 is /scsi_vhci
    Mar  4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] pcisch0 at root: SAFARI 0x8 0x700000
    Mar  4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] pcisch0 is /pci@8,700000
    Mar  4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] pcisch1 at root: SAFARI 0x8 0x600000
    Mar  4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] pcisch1 is /pci@8,600000
    Mar  4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] pcisch2 at root: SAFARI 0x9 0x700000
    Mar  4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] pcisch2 is /pci@9,700000
    Mar  4 07:44:13 gtcerp1 rootnex: [ID 349649 kern.info] pcisch3 at root: SAFARI 0x9 0x600000
    Mar  4 07:44:13 gtcerp1 genunix: [ID 936769 kern.info] pcisch3 is /pci@9,600000
    Mar  4 07:44:13 gtcerp1 qlc: [ID 171021 kern.info] Qlogic FCA Driver v20040825-1.40 (0)
    Mar  4 07:44:13 gtcerp1 qlc: [ID 637753 kern.info] NOTICE: qlc(0): Firmware version 2.1.140
    Mar  4 07:44:14 gtcerp1 qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(0): Loop ONLINE
    Mar  4 07:44:14 gtcerp1 pcisch: [ID 370704 kern.info] PCI-device: SUNW,qlc@2, qlc0
    Mar  4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] qlc0 is /pci@8,600000/SUNW,qlc@2
    Mar  4 07:44:14 gtcerp1 qlc: [ID 171021 kern.info] Qlogic FCA Driver v20040825-1.40 (1)
    Mar  4 07:44:14 gtcerp1 qlc: [ID 637753 kern.info] NOTICE: qlc(1): Firmware version 3.2.110
    Mar  4 07:44:14 gtcerp1 qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(1): Loop OFFLINE
    Mar  4 07:44:14 gtcerp1 pcisch: [ID 370704 kern.info] PCI-device: SUNW,qlc@3, qlc1
    Mar  4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] qlc1 is /pci@9,700000/SUNW,qlc@3
    Mar  4 07:44:14 gtcerp1 qlc: [ID 171021 kern.info] Qlogic FCA Driver v20040825-1.40 (2)
    Mar  4 07:44:14 gtcerp1 qlc: [ID 637753 kern.info] NOTICE: qlc(2): Firmware version 3.2.110
    Mar  4 07:44:14 gtcerp1 qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(2): Loop OFFLINE
    Mar  4 07:44:14 gtcerp1 pcisch: [ID 370704 kern.info] PCI-device: SUNW,qlc@4, qlc2
    Mar  4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] qlc2 is /pci@9,700000/SUNW,qlc@4
    Mar  4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] fp0 is /pci@8,600000/SUNW,qlc@2/fp@0,0
    Mar  4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] fp1 is /pci@9,700000/SUNW,qlc@3/fp@0,0
    Mar  4 07:44:14 gtcerp1 genunix: [ID 936769 kern.info] fp2 is /pci@9,700000/SUNW,qlc@4/fp@0,0
    Mar  4 07:44:14 gtcerp1 qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(2): Loop ONLINE
    Mar  4 07:44:15 gtcerp1 scsi: [ID 799468 kern.info] ssd1 at fp0: name w2100000c507a995e,0, bus address e8
    Mar  4 07:44:15 gtcerp1 genunix: [ID 936769 kern.info] ssd1 is /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100000c507a995e,0
    Mar  4 07:44:15 gtcerp1 scsi: [ID 799468 kern.info] ssd0 at fp0: name w210000008715a66e,0, bus address ef
    Mar  4 07:44:15 gtcerp1 genunix: [ID 936769 kern.info] ssd0 is /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w210000008715a66e,0
    Mar  4 07:44:15 gtcerp1 scsi: [ID 799468 kern.info] ssd22 at fp0: name w2100000c5080e94e,0, bus address e4
    Mar  4 07:44:15 gtcerp1 genunix: [ID 936769 kern.info] ssd22 is /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100000c5080e94e,0
    Mar  4 07:44:15 gtcerp1 scsi: [ID 799468 kern.info] ssd33 at scsi_vhci0: name g600c0ff00000000007a6ca587d8cff00, bus address g600c0ff00000000007a6ca587d8cff00
    Mar  4 07:44:15 gtcerp1 genunix: [ID 936769 kern.info] ssd33 is /scsi_vhci/ssd@g600c0ff00000000007a6ca587d8cff00.

    Errors?
    I don't see anything that a good call to Oracle Technical Support can't fix.
    Go use your service contract and open a Support Request (SR).
    Else wipe the system and resinstsall everything fresh.
    While you are at it, you should patch your Solaris 9 system with the newest full bundle you can get.
    SunOS Release 5.9 Version Generic_118558-03That system is about a decade under-patched.
    That suggests a deliberate lack of continual maintenance.

  • Why does the sensing interface flap or frequently go to the down state in IDS ?

    Hi all,
    this is the answer I found in Cisco website, but according to this, I didnot make any updates or any configuration changes, but stilll my sensing interface is going down. I'm not even getting the error messages which they have mentioned at the end.
    Ans: During a signature update and reconfigurations, sensorApp stops to process packets as it processes the new signatures in the update. The network driver detects that sensorApp has stopped and pulls any new packets from the buffer. So the network driver does different things, which depends on the configuration and sensor model:
    Promiscuous Interface—It brings the link down on the interfaces, and brings the link back up once sensorApp starts to monitor again.
    Inline Interface or Inline Vlan Pair—It depends on the Bypass setting:
    Bypass Auto—The driver keeps the link up and begins to pass packets through without analysis. It then reverts back to sending the packets through sensorApp once sensorApp starts to monitor again.
    Bypass Off—The driver brings the link down on the interfaces, which is the same as in promiscuous mode, and brings them back up once sensorApp starts to monitor again.
    So, if sensor app does not pull packets from the buffer, which possibly occurs because there is no interface configured to process packets, then the driver can put the interface in a down state.
    These logs are seen when the sensing interface flaps:
    28Jun2011 09:03:09.483 6050.885 interface[409] Cid/W errWarning Inline databypass has started. 28Jun2011 09:03:13.639 4.156 interface[409] Cid/W errWarning Inline databypass has stopped. 28Jun2011 09:19:23.922 970.283 interface[409] Cid/W errWarning Inline databypass has started. 28Jun2011 09:19:27.486 3.564 interface[409] Cid/W errWarning Inline databypass has stopped.

    It is possible you are overloading that little 4215. If that is the case you should also be seeing "missed packet percentage" messages in your events.
    How much traffic is your 4215 getting? Those sensors will start to drop packets for inspection at about 30 Mb/s.
    - Bob

  • How to set two radius servers one is window NPS another is cisco radius server

    how to set two radius servers one is window NPS another is cisco radius server
    when i try the following command, once window priority is first , i type cisco radius user name, it authenticated fail
    i can not use both at the same time
    radius-server host 192.168.1.3  is window NPS
    radius-server host 192.168.1.1 is cisco radius
    http://blog.skufel.net/2012/06/how-to-integrating-cisco-devices-access-with-microsoft-npsradius/
    conf t
    no aaa authentication login default line
    no aaa authentication login local group radius
    no aaa authorization exec default group radius if-authenticated
    no aaa authorization network default group radius
    no aaa accounting connection default start-stop group radius
    aaa new-model
    aaa group server radius IAS
     server 192.168.1.1 auth-port 1812 acct-port 1813
     server 192.168.1.3 auth-port 1812 acct-port 1813
    aaa authentication login userAuthentication local group IAS
    aaa authorization exec userAuthorization local group IAS if-authenticated
    aaa authorization network userAuthorization local group IAS
    aaa accounting exec default start-stop group IAS
    aaa accounting system default start-stop group IAS
    aaa session-id common
    radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
    radius-server host 192.168.1.2 auth-port 1812 acct-port 1813
    radius-server host 192.168.1.3 auth-port 1645 acct-port 1646
    radius-server host 192.168.1.3 auth-port 1812 acct-port 1813
    privilege exec level 1 show config
    ip radius source-interface Gi0/1
    line vty 0 4
     authorization exec userAuthorization
     login authentication userAuthentication
     transport input telnet
    line vty 5 15
     authorization exec userAuthorization
     login authentication userAuthentication
     transport input telnet
    end
    conf t
    aaa group server radius IAS
     server 192.168.1.3 auth-port 1812 acct-port 1813
     server 192.168.1.1 auth-port 1812 acct-port 1813
    end

    The first AAA server listed in your config will always be used unless/until it becomes unavailable. At that point the NAD would move down to the next AAA server defined on the list and use that one until it becomes unavailable and then move to third one, and so on. 
    If you want to use two AAA servers at the same time then you will need to put a load balancer in front of them. Then the virtual IP (vip) will be listed in the NADs vs the individual AAA servers' IPs. 
    I hope this helps!
    Thank you for rating helpful posts!

  • Interface flapping and always shows up/up even other side is shutdown

    Hi, there, I have a interface flapping issue in my network. 2 Cat3560 is connected through 2 trunk port configured with port-channel. When I shutdown one of port in Vlan100, other 2 ports in the same vlan will flap going up and down and OSPF will lose the neighbor. One thing I notice that is when I shutdown the switch port, on the other side of router, the L1-L2 is still up/up. I think it should be up/down. I have a keepalive setting on the router interface to 1800. Any body can give me some hints here to troubleshoot?
    Here is the switch configs.
    Building configuration...
    no service pad
    ip subnet-zero
    ip routing
    no ip domain-lookup
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    interface Port-channel1
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 999
    switchport trunk allowed vlan 100,200,300,400,600,700
    switchport mode trunk
    interface GigabitEthernet0/1
    switchport access vlan 600
    speed 100
    duplex full
    interface GigabitEthernet0/2
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/3
    switchport access vlan 600
    speed 100
    duplex full
    interface GigabitEthernet0/4
    switchport access vlan 700
    speed 100
    duplex full
    interface GigabitEthernet0/5
    switchport access vlan 700
    speed 100
    duplex full
    interface GigabitEthernet0/6
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/7
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/8
    switchport access vlan 100
    interface GigabitEthernet0/9
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/10
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/11
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/12
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/13
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/14
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/15
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/16
    switchport access vlan 100
    speed 100
    duplex full
    interface GigabitEthernet0/17
    speed 100
    duplex full
    interface GigabitEthernet0/27
    switchport access vlan 400
    interface GigabitEthernet0/28
    switchport access vlan 400
    interface GigabitEthernet0/29
    switchport access vlan 400
    interface GigabitEthernet0/30
    switchport access vlan 200
    interface GigabitEthernet0/31
    switchport access vlan 200
    interface GigabitEthernet0/45
    switchport access vlan 500
    speed 100
    duplex full
    interface GigabitEthernet0/46
    switchport access vlan 500
    speed 100
    duplex full
    interface GigabitEthernet0/47
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 999
    switchport trunk allowed vlan 100,200,300,400,600,700
    switchport mode trunk
    channel-group 1 mode on
    interface GigabitEthernet0/48
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 999
    switchport trunk allowed vlan 100,200,300,400,600,700
    switchport mode trunk
    channel-group 1 mode on
    interface Vlan1
    no ip address
    shutdown
    interface Vlan100
    ip address 192.168.40.11 255.255.252.0
    no ip redirects
    no ip proxy-arp
    standby 1 ip 192.168.40.1
    standby 1 priority 110
    standby 1 preempt
    standby 1 track Vlan600 20
    interface Vlan200
    no ip address
    interface Vlan600
    ip address 192.168.35.1 255.255.255.0
    router ospf 7
    log-adjacency-changes
    network 192.168.0.0 0.0.255.255 area 0
    ip classless
    =====================
    When I shutdown interface gig 0/2, interface gig0/3 and gig0/4 will go down as well and come back online after a while.
    Thanks for your help.

    Your question is really missing a BUNCH of details, but I will take a stab at it:
    1) Why on earth do you have a keepalive set to 1800 seconds on the router?
    2) Your discussion and config above only talks about qty 2 c3560 switches. Where is the router in this topology?
    3) You are going against several Cisco best practices here with your trunk ports:
    a) I would never config a port-channel as mode 'on' because the switches will ignore any errors on the ports that would not keep the channel stable because you have configured them to hard set on. ALWAYS set the port channel to mode 'desirable silent'. The config needs to match on both ends of the link.
    b) I would never config a port as a trunk mode 'on' without also running UDLD. It appears that your 2-port port-channel trunk above is using copper ports. You MUST enable UDLD on the copper gigabit ports manually (UDLD is enable by default on fiber gigabit ports). You may need to 'udld enable' globally on the switch depending on the IOS version. Obviously, as above, the same config needs to be done on both switches.
    4) The log message that you get when you say ports g0/3 and g0/4 go down, is that for just VLAN 100 or are they line-protocol messages?
    5) When port g0/2 goes down, are there any other ports in VLAN 100 still up?
    6) What are the results of the following commands:
    show int g0/3 switchport
    show spanning-tree summary
    show spanning-tree int po1
    show spanning-tree int g0/2
    show spanning-tree int g0/3
    show spanning-tree int g0/4
    show spanning-tree vlan 100
    show spanning-tree vlan 600
    show int status
    show etherchannel summary
    show etherchannel detail
    show int trunk mod 0
    Post more details and I'll try to help...

  • WLC "radius server overwrite interface" setting

    Hello
    I'm looking at using "radius server overwrite interface" on a WLAN as a replacement for Called-Station-ID for Radius to match on SSID.
    When I enable "radius server overwrite interface" on a WLAN and join a client to the SSID I can see (via packet capture) that the WLC is correctly sourcing the Radius packets with the WLAN's "dynamic" interface IP Address. The problem is that the Radius server doesn't repond to these requests. Radius is configured with rules to match the new IP address but I see nothing (pass or fail) in the logs.
    Interestingly, the packet captures shows the correct NAS IP address (the WLAN interface IP Address) but always shows the WLC hostname as NAS-ID (regardless of NAS-ID settings on the WLAN or WLAN interface)
    I've tried WLC software 7.4.110.0, 7.4.121.0 and 7.6.100.0 with the same results but Radius never responds. Radius is Cisco ACS 5.5.0.46. Any ideas as to why this is happening?
    Thanks
    Andy

    Hi Scott
    installed ACS 5.4 0.46.6 and I still have the same problem - ACS doesn't respond to request from WLC when  "radius server overwrite interface" is enabled on WLAN and nothing appears in the logs. With  "radius server overwrite interface" disabled on the WLAN, authentication is a success and I can see this in the logs.
    I had a look a the packet captures I took earlier and the attributes in the Access-Request look ok - the only attribute I wasn't sure about was Message-Authenticator. Found this ietf document http://www.ietf.org/rfc/rfc2869.txt which mentions "silent discards" of Radius packets with non existent or incorrect Message-Authenticator attributes. I'm not sure if this is what I'm seeing on ACS when it receives the  "radius server overwrite interface" Access-Request packets. ACS is under contract so I will contact TAC about this.
    Mt production ACS cluster was upgraded from latest version of 5.3 to 5.5 with no loss of historic logs (logging after upgrade worked fine also). The upgrade did take a while with the log-collector. When it had completed I checked the Data Upgrade Status under Monitoring configuration and it showed that the upgrade was successful.
    Thanks for your help with this.
    Cheers
    Andy

  • Flexconnect Radius Server Overwrite interface Question

    Hello All,
    Can someone confirm/comment on the following:
    In a flexconnect scenario, for site 1, i would like to source the radius requests to a remote radius (at the flexconnect site 1).  as i can understand i need to enable the RAdius Server Overwrite interface option. Is that all?
     Also, for flexconnect sites X this can also be done per WLAN X configuration. 
    Is this correct?
    Thanks

    Hi pana,
    Answers below :
    Meaning that, even if i configure the Flexconnect groups with local authentication, then how does the Flexconnect ap reach the local radius?
    When you are working with local authentication, the AP will communicate with the local RADIUS Server using the local routing in the branch office without the 802.1X traffic being sending to the WLC......the AP will communicate directly to the local radius server using it IP address and the local routing. (This communication is transparent if you see from the WLC because the WLC will not intermediate the authentication between the client and RADIUS, who will intermediate is the AP. The WLC will receive informations when the AP is in connected mode about the client and the authentication method and etc after the user was authenticated).
    Example :
                                                                                                               RADIUS SERVER
    WLC ----SWITCH L3------ROUTER----(MPLS Link)-----ROUTER---SWITCH L3---AP
    The WLC continues managing the Access Point but will  not"talk" to the RADIUS Server, who will "talk" to the RADIUS Server is the AP in the branch office using the SWITCH L3 (Asumming that you have the RADIUS in one network and the AP in another network in the same branch office)
    Understand now ?
    As i can understand, in a local switching/local authentication scenario the Flexconnect ap can only map a WLAN to local VLAN( route-able network on the remote site) that serves for the users-data plane. Then in conjunction with the radius server override option, how can this FlexconnectAP send requests to the local radius? I can only suppose that it will do so using the users locally mapped VLAN/WLAN but i cant reference this anywhere. 
    The AP will only send the requests do the local radius only if you configure the FlexConnect Local Auth and FlexConnect Group. Enabling this option the AP will use it IP Address to communicate with RADIUS without the WLC intermedianting this communication.
    Without the FlexConnect Local Auth enable in the WLAN the AP will continue directing the 802.1X requests to the WLC and the WLC will send to the RADIUS Server and in this situation if you enabled the radius overwrite interface the WLC will try to reach the RADIUS Server using the WLAN interface and not the management the interface. (You do not need the radius overwrite interface option to work with Local Auth if you want to use the AP as a Authenticatior, you only use this interface if you want that the WLC with central authentication direct the 802.1X authentications to the RADIUS)
    One information about the VLAN/WLAN is really mapped statically but you can manipulate it using the RADIUS Atrributes, changing the VLANs from the USERs based in the AD Group and after the authentication. It can work in local auth scenario or central auth scenario.
    http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch7_HREA.html#pgfId-1103070
    I hope it helps and if not helps i think i am not understanding the real question.

  • Cisco isr 819 cellular interface...

    my cisco isr 819 constantly cycles between the gigabyte interface and the cellular...? _i have the device configured for auto failover with the gigabyte interface being the primary and the cellular as backup. _i used Cisco Configuration Pro to configure the router. _i have attached the router config for expert evaluation.....thanks in advance.

    Yes you are correct Cinthia, it is the NAT and depending on which external interface i configure first with NAT, that's the only interface providing NAT to out going packets.
    What i hope to achieve with my C819HG ISR router is provide the G0 interface as primary internet access. If that access goes down i want the Cellular0 interface to come up and provide a path to the internet. When the G0 access is restored i want the Cellular0 interface to go back to standby.   
    here is my config.....
    ! Last configuration change at 14:30:15 Chicago Thu Feb 19 2015 by ADMIN
    version 15.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname rtr-cisco
    boot-start-marker
    boot-end-marker
    aqm-register-fnf
    no aaa new-model
    clock timezone Chicago -6 0
    clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
    crypto pki trustpoint TP-self-signed-3083563774
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-3083563774
     revocation-check none
     rsakeypair TP-self-signed-3083563774
    crypto pki certificate chain TP-self-signed-3083563774
     certificate self-signed 01
      3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 33303833 35363337 3734301E 170D3135 30323133 32313035
      35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30383335
      36333737 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100AB4C 2DA1C3C3 CABBB054 765A1E14 A7BA0347 AFFD1913 B04113DD A21D7CEB
      F09F6572 5BF58323 586BEF24 929003D4 4CAD8864 A00FF40A A59A9969 C12615A0
      1DFE5527 BA6E2C27 33F75615 A36DA242 42862F33 D2823AA3 B838AA3B C938930A
      6D48BD79 11BD9CF5 8B7BEBC8 8C6D9D34 6E5415EB A3CFF3C7 E48F20C4 B18B15FE
      38BD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
      551D2304 18301680 14B5AEAA D7E9FEF2 3A4FF79D 4251425F EF9F28DC 61301D06
      03551D0E 04160414 B5AEAAD7 E9FEF23A 4FF79D42 51425FEF 9F28DC61 300D0609
      2A864886 F70D0101 05050003 81810039 C6D2590C 0741F53E 62E6E7CE 62534CF9
      3A8A6C79 BECBACD7 AF73FA4C 8ED5C059 58A7B08C FBCE2ED0 66196250 20C570AC
      8D802A6B 5E33FFD7 580BBC4C 7C442C42 0F77E3FD F465B724 69D29CFF 19F59635
      D55A9E71 290CE668 B2C74CA1 ED641A2E 714BC06F 17CE9E44 B998945A C1733318
      BFDA96CD 9D66ACA7 B1D79229 8A1322
            quit
    ip dhcp excluded-address 172.17.37.1 172.17.37.9
    ip dhcp excluded-address 172.17.37.16 172.17.37.254
    ip dhcp pool ciscoPool
     import all
     network 172.17.37.0 255.255.255.0
     dns-server 8.8.8.8 8.8.4.4
     default-router 172.17.37.1
    ip domain name sr.nwris.noaa.gov
    ip cef
    no ipv6 cef
    multilink bundle-name authenticated
    chat-script lte "" "AT!CALL1" TIMEOUT 20 "OK"
    license udi pid C819HG-4G-V-K9 sn FTX181583HV
    username ADMIN privilege 15 secret 4 wYSo2PORqoebHxp3dazS6tzNpgOc5RQBMmrsFZ5l6jE
    controller Cellular 0
    track 1 ip sla 1 reachability
    ip ssh version 2
    ip scp server enable
    interface Cellular0
     ip address negotiated
     ip nat outside
     ip virtual-reassembly in
     encapsulation slip
     dialer in-band
     dialer string lte
     dialer-group 1
     async mode interactive
    interface FastEthernet0
     no ip address
    interface FastEthernet1
     no ip address
    interface FastEthernet2
     no ip address
    interface FastEthernet3
     no ip address
    interface GigabitEthernet0
     description $ETH-WAN$
     ip address dhcp client-id GigabitEthernet0 hostname rtr-wxk37
     ip nat outside
     ip virtual-reassembly in
     duplex auto
     speed auto
    interface Serial0
     no ip address
     shutdown
     clock rate 2000000
    interface Vlan1
     ip address 172.17.37.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
    ip local policy route-map track-primary-if
    ip forward-protocol nd
    no ip http server
    ip http authentication local
    ip http secure-server
    ip nat inside source list 1 interface Cellular0 overload
    ip nat inside source list 2 interface GigabitEthernet0 overload
    ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 track 1
    ip route 0.0.0.0 0.0.0.0 Cellular0 253
    ip sla auto discovery
    ip sla 1
     icmp-echo 8.8.8.8 source-interface GigabitEthernet0
    ip sla schedule 1 life forever start-time now
    dialer-list 1 protocol ip permit
    route-map track-primary-if permit 1
     match ip address 100
     set interface GigabitEthernet0
    route-map source permit 10
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 172.17.37.0 0.0.0.255
    access-list 2 remark CCP_ACL Category=2
    access-list 2 permit 172.17.37.0 0.0.0.255
    access-list 100 remark CCP_ACL Category=0
    access-list 100 permit icmp any host 8.8.8.8
    control-plane
    mgcp behavior rsip-range tgcp-only
    mgcp behavior comedia-role none
    mgcp behavior comedia-check-media-src disable
    mgcp behavior comedia-sdp-force disable
    mgcp profile default
    line con 0
     no modem enable
    line aux 0
    line 2
     no activation-character
     no exec
     transport preferred none
     transport input all
     stopbits 1
    line 3
     script dialer lte
     modem InOut
     no exec
     transport input all
     rxspeed 100000000
     txspeed 50000000
    line vty 0 4
     login local
     transport input ssh
    scheduler allocate 20000 1000
    ntp update-calendar
    ntp server 24.56.178.140 source GigabitEthernet0
    ntp server 129.6.15.28 prefer source GigabitEthernet0
    ntp server 132.163.4.102 source Cellular0
    end

  • Cisco MCS Server 7825 front side LED status..?

    Hi,
    Please provide me the details of Cisco MCS server 7825 front side LED status. Because i our server one LED status showing AMBER. i know about the status of two led one is for HDD one is for Ethernet and please tell me about the third one.
    Regards,
    Deepak Sambyal

    Steve - if the servers are showing blank screen on monitor connected to console, it appears they are not even initialising the POST process. It could be due to a faulty component - could be CPU, RAM, motherboard..anything....
    Generally with this kind of issues,  you try to isolate faulty hardware, by rebooting without any component and see if it reaches POST. I would suggest open a case with TAC and I hope the servers have active maintenance.
    On another note try changing the monitor cable etc. to rule out any issue with any cable or monitor (which i doubt would be the case) just to make sure and then try a reboot and see if you see anything on screen.
    -Terry

  • Cisco NAC Server

    Hello! Help me please!
    Im perform installation Cisco NAC Server 3315 ver. 4.8(2) but after that I cann't connect to Server by https - HTTP 403 Forbidden. And I can connect to NAC Server by ssh.
    What could be the reason?

    While rebooting , i am getting this:
    Starting nc_drivers:  /dev/nfastpci0
    [  OK  ]
    Starting nc_hardserver:  waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    nCipher server did not start; see /opt/nfast/log/hardserver.log
    [FAILED]
    Starting sshd:WARNING: initlog is deprecated and will be removed in a future release
    key_load_private_pem: RSA_blinding_on failed
    Could not load host key: /root/.perfigo/sec/tomcat.key
    Disabling protocol version 2. Could not load host key
    sshd: no hostkeys available -- exiting.
    [FAILED]
    Starting xinetd: [  OK  ]
    Starting console mouse services: [  OK  ]
    Starting nessusd: Loading the Nessus plugins...
    All plugins loaded                                  
    [  OK  ]
    Starting crond: [  OK  ]
    Starting anacron: [  OK  ]
    Starting atd: [  OK  ]
    Starting jexec:  Starting jexec services[  OK  ]
    Starting Ncipher services
    -- Running startup script 45drivers
    -- Running startup script 46exard
    -- Running startup script 50hardserver
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    waiting for nCipher server to become operational ...
    nCipher server did not start; see /opt/nfast/log/hardserver.log
    Starting perfigo:  click: starting router thread pid 2092 (f7b7d340)
    Failed execute command : CONNECTFORCE, Error : Connection refused
    BaseAgent process reconnecting...
    Failed execute command : ACTIVE, Error : Connection refused
    BaseAgent executes [ACTIVE] ...
    Link Detect Manager only operates when HA is enabled.
    NFastApp_Connect failed: ServerNotRunning
    And then in the hardserver log I am getting nCipher card not in operational mode. Please change the settings on the card.
    How to resolve the issue.
    Thanks
    Shalvi Yadav

  • MARS Incident not triggered on interface flap

    Hi,
    MARS did not triggered an incident when interface flapped. I can see the event in raw messages. I have checked following rule, the count settings for this rule is set to 5, so this is getting triggered when interface flaps 5 times. Its not possible to modify the count settings.
    SystemRule: State Change: Network Device
    Event: OperationalStatusChange/CiscoIOS
    Is there any other way so that an incident is triggered if an interface flaps once, or I have to configure a custom rule for this ?
    Regards,
    Akhtar

    You can select the rule and then click on edit to change the count. My preference is to leave the Cisco supplied rules as they are. In this case, click on duplicate instead of edit and a copy will be made. At the top, change the group to "user rules" and you will see your copy. You can then select and edit this and change the parameters as you wish to have them. Once in the edit, click on the value to change (eg: the "5" under "count") and you can configure as required. Pay attention to the "time range" to be sure that you are getting the quantity of alerts you want. Bear in mind that for IOS there are a number of messages for each down/up fluctuation. You might want to add a qualifier in the "keyword" field (freeform text of the message) to qualify the exact message.
    Matthew

  • HTTP server code 500 reason Internal Server Error explanation Error during

    Hi,
    I am trying to connect to SAP TM (Tranportation Management) System using HTTP adapter using PI 7.0.The scenario is
    ECC ->PI->SAP TM. I have configured HTTP adapter as the receiver with addressing type as HTTP Destination. I have created a RFC destination of type H pointing to SAP TM on PI. I have encountered the following error after executing the scenario.
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    - <!--  Call Adapter
      -->
    - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="">
      <SAP:Category>XIAdapter</SAP:Category>
      <SAP:Code area="PLAINHTTP_ADAPTER">ATTRIBUTE_SERVER</SAP:Code>
      <SAP:P1>500</SAP:P1>
      <SAP:P2>Internal Server Error</SAP:P2>
      <SAP:P3>Error during parsing of SOAP header</SAP:P3>
      <SAP:P4 />
      <SAP:AdditionalText />
      <SAP:ApplicationFaultMessage namespace="" />
      <SAP:Stack>HTTP server code 500 reason Internal Server Error explanation Error during parsing of SOAP header</SAP:Stack>
      <SAP:Retry>M</SAP:Retry>
      </SAP:Error>
    Thanks,
    Kiran

    Error during parsing of SOAP header
    Can you mention what are the settings done in Receiver HTTP channel.....the request that you send to target is not in proper format.
    One reason could be incorrect Content Type.....is it text/XML ?
    Regards,
    Abhishek.

  • How setup SPA525 vpn client?How configuration Cisco VPN server?

    Hi all,
    How setup SPA525 vpn?
    How configuration Cisco VPN server for SPA525?
    Regards
    John

    Hi John,
    Do you want to setup the SPA525 on the UC300?  If so the UC300 does not support any VPN or remote users.  If you need configuration help with the UC5XX just let me know.
    Thank you,
    Jason Nickle

  • I want to edit properties of the interface windows opened while "Open File", "Save Page As" and interface opened during Downloading of any file.

    I am doing a small project on dedicated web client where in user automatically logs in non-root user and Firefox automatically starts.
    I am using Fedora 14 kernel 2.6.35.12-88.fc14.i686 and Firefox 3.6.16.
    I have installed only Gnome in my computer with no Nautilus or other file browser on it.
    I want to edit properties of the interface windows opened while "Open File", "Save Page As" and interface opened during Downloading of any file.
    Please guide me for this.

    First, I sent an email to the author of PhotoME to inform him of the serious issues his addon caused with Firefox latest versions.
    Now, for those of you who do not have the PhotoME addon and yet experience the same problem that I had and that I described above, I suggest the following strategy.
    As PhotoME did cause these problems with Firefox latest versions, I am pretty covinved other addons probably might cause these problems too. Therefore, adopt the following method.
    Test one addon at a time to see if this particular addon is behind your Firefox issues like the ones I had.
    So, disable one addon only at a time. Then close your Firefox and restart it from scratch and see if you still have your Firefox problems. You must restart the Firefox browser from scratch. If you still have these Firefox problems, re-enable the disabled addon, restart your Firefox (again!) and repeat the same method for every single addon that you have.
    Try to be selective by choosing first addons that are more likely to cause your Firefox problems such as not very well-known or not very popular addons (like it was the case for the PhotoME addon).
    If this method works or if it does not work, report it on this web page so that others can be helped with your comments.
    I hope this method will help you because I was really upset that I had these Firefox problems and I first thought it was the fault of Firefox, only to discover later that this PhotoME addon was the culprit and had caused me such upset.

Maybe you are looking for