Cisco APPNAV Controller module on the WaaS - deployment

Similar Messages

• Deploying a custom login module to the J2EE engine

  I have developed a custom login module, and want to deploy it to the SAP j2ee engine. How should I go about this ? I tried packaging it as a jar and then using the deploytool, went into user management to register the module, but when the module was invoked I got an error in the log saying "Cannot load a login module".
  The way I currently deploy it is packaged with the Example Calculator, and this works. I just add my 2 java files into the web module (in com.sap.examples.calculator.beans) and it gets packaged in the war file.
  Can anyone help with the "proper" way of deploying my module ?
  Thanks in advance

  Hi Brad,
  >
  > What I'm actually trying to do is NOT deploy my
  > custom login module with an application. But rather
  > deploy the jar file as a library to the J2EE engine,
  > so that any application can use it by configuring it
  > in their login stacks. I'm still not totally clear
  > whether this is possible or not.
  Once again - It is possible to deploy the login module as a library to the J2EE Engine; furthermore, this is the PREFERRED way to use login modules!
  >
  > What I have currently done:
  >
  > 1. developed custom login module packaged as a jar in
  > NW studio (2 class files)
  >
  > 2. Using deploytool I deploy the jar as a library to
  > the j2ee engine. This works and the library shows up
  > under the libraries section.
  >
  > 3. Register the login module in the user
  > management->manage security stores section. I'm
  > unsure if this works properly. Do I just provide the
  > full path to the required class ? For example
  > "com.example.myloginmodule.LoginModule"
  > I have a suspicion that my error of "cannot load a
  > login module" stems from here.
  >
  > 4. I have then followed your step and added a
  > reference to the libray (Hard reference) and this
  > seems ok.
  >
  Sorry, Brad, I've made a mistake here. You need to set a reference from the Security Provider Service to the library that contains the login module (not from the application). To do that at runtime, you'll have to use the Configuration Adapter service on the J2EE Engine. For a description of the procedure, see this page in the documentation: http://help.sap.com/saphelp_nw04/helpdata/en/dd/1e3a3e5069eb6ce10000000a114084/frameset.htm
  You need to provide additional entry of the following type in the security-provider.xml file:
  <reference type="library" strength="weak">
          Your-library-name-here
        </reference>
  Regards,
  Ivo.
  Message was edited by: Ivaylo Ivanov

• Deploying application with several web modules having the same context root

  Hi,
  I would like to be able to deploy an application in Weblogic 12c having one ejb module and several web modules with the same context root. Even though the web modules have the same context root, each of them is deployed to a different virtual host.
  Weblogic allows deploying the modules this way as long as their targets are different (i.e. each having a distinct virtual host). However this works only when I don't select a target for the .ear:
  Component Type Current Targets
  application.ear Enterprise Application (None specified)
  application.jar EJB AdminServer
  web1.war WEBAPP virtualHost1
  web2.war WEBAPP virtualHost2
  However if I select as target for the .ear to be AdminServer, the deployment doesn't work anymore, complaining that the context roots are in conflict.
  If I remove web2.war from the .ear and deploy the .ear and .jar to AdminServer and web1.war to virtualHost1, the deployment works but the strange thing is that the web application can be accessed also through the AdminServer's main network channel, even though I would expect that it should be accessible only through virtualHost1 network channel. I believe this is the reason why there are context root conflicts when specifying a target for the .ear, because both wars are made accessible to the main network channel.
  The reason why I want to keep the wars inside the same .ear is because I want to make them access the application's local EJBs (since as far as I know it's not possible to access a local EJB outside the application even if they belong to the same VM).
  Is there a way to deploy the web modules only to the virtual hosts without being targeted to the main network channel?
  Regards,
  Alexandru

  Murphy's Law: If anything can go wrong it will
  A corollary to Murphy's law: When everything fails, read the manual.
  Web application funda: Every web application must have its own context root. So, if wkfsocos is one
  web application then, wkfsocos1 is another web application -
  and hence must have its own context root.
  Hello Aman,
  If you are in E-Commerce version 4.0, then read this
  [ISA_Buildtool document |https://service.sap.com/~sapdownload/011000358700001920472003E/ISA_BuildTool_10.pdf]
  to create a copy of the application in its own context root.
  From your URL pattern I guess you are in E-Commerce version 4.0.
  If you are in E-Commerce 5.0 or above, then the
  [Extension Guide |http://service.sap.com/~sapdownload/011000358700006120622006E/]gives steps to create a copy with its own context root for use in modification.
  (See the chapter on - Creating a project specific Web Application with own context root )
  Both these links require access to SAP Service Marketplace. You can also find the
  documents through /instguides shortcut in Service Marketplace.
  Easwar Ram
  http://www.parxlns.com

• After WAAS deployment network is dead slow

  Hi All
  After deploying WAAS , i.e. WAE-302 module in Cisco 2811 Router on core and edge with default setting and running wccp on the router , network is dead slow .
  Core and edge network are connected with dedicated 2MB lease line.
  License is Transport.
  I can see traffic optimizing on WAE core and Edge but netwrok is dead slow.
  Any suggestions.
  Regards

  What was changed on the routers during this implementation? Only configuring the module, enabling wccp 61/62 and enabling redirection on the LAN/WAN interfaces?
  Were additional routes added? Is it possible a routing loop was introduced? Do you see a reasonable number of connections on the WAEs?
  I suggest looking at the following to see if any problems are indicated:
  On the routers:
  show ip wccp - should see most packets redirected via CEF
  On the WAEs:
  show wccp gre - look for any high counters that don't look right
  type-tail syslog.txt 50 - look for messages indicating possible problems

• Remote access VPN with Cisco Router - Can not get the Internal Lan .

  Dear Sir ,
  I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status.
  I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
  Below is the IP address of the device.
  Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01
  IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01
  IP address:10.10.10.1
  Mask:255.255.255.0 F0/0
  IP Address :20.20.20.1
  Mask :255.255.255.0
  F0/1
  IP address :192.168.1.3
  Mask:255.255.255.0
  F0/0
  IP address :20.20.20.2
  Mask :255.255.255.0
  F0/1
  IP address :192.168.1.1
  Mask:255.255.255.0
  I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2.
  Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0
  Need your help to fix the problem.
  Router R2 Configuration :!
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R2
  boot-start-marker
  boot-end-marker
  no aaa new-model
  memory-size iomem 5
  no ip icmp rate-limit unreachable
  ip cef
  no ip domain lookup
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  ip tcp synwait-time 5
  interface FastEthernet0/0
  ip address 20.20.20.2 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 10.10.10.1 255.255.255.0
  duplex auto
  speed auto
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  control-plane
  line con 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line aux 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line vty 0 4
  login
  end
  Router R1 Configuration :
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R1
  boot-start-marker
  boot-end-marker
  aaa new-model
  aaa authentication login USERAUTH local
  aaa authorization network NETAUTHORIZE local
  aaa session-id common
  memory-size iomem 5
  no ip icmp rate-limit unreachable
  ip cef
  no ip domain lookup
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  username vpnuser password 0 strongpassword
  ip tcp synwait-time 5
  crypto keyring vpnclientskey
  pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp client configuration group remotevpn
  key cisco123
  dns 192.168.1.2
  wins 192.168.1.2
  domain mycompany.com
  pool vpnpool
  acl VPN-ACL
  crypto isakmp profile remoteclients
  description remote access vpn clients
  keyring vpnclientskey
  match identity group remotevpn
  client authentication list USERAUTH
  isakmp authorization list NETAUTHORIZE
  client configuration address respond
  crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
  crypto dynamic-map DYNMAP 10
  set transform-set TRSET
  set isakmp-profile remoteclients
  crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
  interface FastEthernet0/0
  ip address 20.20.20.1 255.255.255.0
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map VPNMAP
  interface FastEthernet0/1
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip local pool vpnpool 192.168.50.1 192.168.50.10
  ip forward-protocol nd
  ip route 10.10.10.0 255.255.255.0 FastEthernet0/0
  no ip http server
  no ip http secure-server
  ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
  ip access-list extended NAT-ACL
  deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
  permit ip 192.168.1.0 0.0.0.255 any
  ip access-list extended VPN-ACL
  permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
  control-plane
  line con 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line aux 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line vty 0 4
  end

  Dear All,
  I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .
  Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
  Waiting for your responce .
  --Milon

• Need some help with a controller module

  i have a controller module with a model # of CA1009. i've been trying to track down a configuration manual online but haven't had any luck. what i'm trying to determine is whether or not this particular model supports a fiber connection.
  here are some other specs:
  part #: 603-6332
  number above part #: KC62706LS9UA
  thanks for the help!

  Not sure what you're looking for here; supports a fibre connection? The 603-4406 CA1009 is the Apple Xserve RAID Controller Module, a component of the [Xserve RAID|http://manuals.info.apple.com/en/xserveraid_userguide.pdf]; it's the drive-facing part of the "whole show" within the SAN controller, and not part of the side "facing" the FC SAN.

• WDS Server Service won't start - 'An error occurred trying to start the Windows Deployment Services Server.'

  I'm having issues installing starting the WDS server service on Win 2008 R2,  this is happening on multiple (all 2008 R2) systems on this domain so I'm beginning to think it's either AD or network related, in event viewer I get the following error.
  'An error occurred trying to start the Windows Deployment Services Server.'
  Error Information: 0x0906
  EventID : 257 
  single domain, single forest, 2008 R2 functional level, both system are virtual plugged into same vswitch on a flat network.
  any ideas what might be the issue?  I've never had an issue getting this working on many occasions before today and I've come to many a dead end looking at other articles thus far... 
  With WDS tracing enabled I get the following error information:
  [4304] 09:22:11: ===>Starting logging of module [WDSServer]
  [4304] 09:22:11: [UDPPorts] Policy: 1, Dynamic Port Range: 64001-65000.
  [4304] 09:22:11: [RPC] Using Tcp Port 5040 for Rpc Calls.
  [4304] 09:22:11: [RPC] Client Impersonation Logging=Disabled
  [4304] 09:22:11: [RPC] Host Name: sccm.domain.local
  [4304] 09:22:11: [RPC] NTLM/Kerberos Spn: ldap/sccm.domain.local
  [4304] 09:22:11: [RPC] Initialized
  [3756] 09:22:11: [RPC] Server Started.
  [4304] 09:22:11: [BINLSVC][RPC][Ep={5F4FB9F0-C0E3-41C1-AA00-9A7C690AC3A3}] Registered
  [4304] 09:22:11: [BINLSVC] Provider Initialized.
  [4304] 09:22:11: [WDSDDPS][RPC][Ep={FA0A27E1-C2BA-4B3B-94B2-025E82FFAA6D}] Registered
  [4304] 09:22:11: [WDSDDPS][RPC][Ep={011D24AC-CB3A-4739-A339-5D2E1B5306CE}] Registered
  [4304] 09:22:11: [51][WDSDDPS] [d:\w7rtm\base\ntsetup\opktools\wds\ddp\server\ddpprovider.cpp:196] Expression: , Win32 Error=0x906
  [4304] 09:22:11: [WDSDDPS][RPC][Ep={FA0A27E1-C2BA-4B3B-94B2-025E82FFAA6D}] Closed
  [4304] 09:22:11: [WDSDDPS][RPC][Ep={011D24AC-CB3A-4739-A339-5D2E1B5306CE}] Closed
  [4304] 09:22:11: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\wdsprovider.cpp:144] Expression: , Win32 Error=0x906
  [4304] 09:22:11: [WDSDDPS] Initialization Failed (rc=2310)
  [4304] 09:22:11: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\wdsprovhdl.cpp:172] Expression: , Win32 Error=0x906
  [4304] 09:22:11: [WDSDDPS] Deleted.
  [4304] 09:22:11: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\wdsservice.cpp:178] Expression: , Win32 Error=0x906
  [4304] 09:22:11: [Udp] Listen Shutdown.
  [3756] 09:22:11: [RPC] Server terminated (rc=0)
  [4304] 09:22:11: [RPC] Listen Stopped.
  [4304] 09:22:11: [BINLSVC] Shutting down
  [4304] 09:22:11: [BINLSVC][RPC][Ep={5F4FB9F0-C0E3-41C1-AA00-9A7C690AC3A3}] Closed
  [4304] 09:22:11: [BINLSVC] Deleted.

  It seems I've found out the solution myself,  the issue seems to be caused when DHCP and WDS are on the same server, The installation must identify this during the first installation of WDS but not on subsequent installations, the method to
  get it working again is:
  1.      
  Install WDS Role (using defaults)
  2.      
  Make the following registry change:
  HKLM\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSPXE\UseDhcpPorts  =  0
  3.      
  Run the following command line to initialize Windows Deployment Services:
  wdsutil /initialize-server /reminst:D:\RemoteInstall
  4.      
  Run the following command to enable the DHCP port registry setting
  wdsutil /Set-Server /UseDHCPPorts:No /DHCPOption60:Yes

• Cisco ISE Vs Cisco Anyconnect Posture module with Advanced Endpoint Protection

  We are planning to use cisco Anyconnect posture module with Adv Endpoint protection to examine the VPN users- This can check whether they a antivirus/anti spyware software installed on their work station and can force to update def file if its older than specified number of days, it can also check the firewall status on their workstation and enable if its not already.This can detect keylogger and emulation softwares also.
  Do we get any additional advantages in using ISE compared to Anyconnect posture module ......
  Siddhartha       

  These are good questions. We had them last year before we decided to purchase ISE, specifically for our VPN users.
  I will be watching this thread to see what kind of responses you get.
  As of right now, I can verify the ISE can indeed check if specific Anti-Virus is installed (i.e., your corporate AntiVirus), or if ANY (supported by Cisco within ISE) antivirus is installed, and it can force an update process for the AV if it detects that the DAT files are older than a admin specified amount of time.
  Our issue at the moment (if you haven't searched the forums) is ISE detected the proper WSUS updates are indeed installed on the users systems and allowing the users system to talk to our internal WSUS server.
  We are now wondering if the Advanced Endpoint licensing on the ASA would have been a better way to go.
  Wishing you luck in finding your answers for us all.
  Dirk

• Cisco wireless controller and AP-binding domain how do you integrate wireless domain authentication?

  With Cisco equipment wlc 2500 and AP 1600 combines windows 2008 r2 domain controller to achieve the following purposes, 
  1, all cell phones and laptops can access the wireless network with a domain user authentication. 
  2, the guest network should how to do it? 
  My idea is: 
  Made a total of two ssid below 
  Mobile users cnnewcity_mobile: Use webportal certification, so the center certification, local forwarding 
  Computer users cnnewcity_wifi: transparent certification, local forwarding, local authentication 
  The basic steps are as follows: 
  1, set the Radius server clients (AP or controller) 
  2, locking authorization group --- this should be based on the domain user group authorization radius server 
  3, the mobile roaming - different locations on the DHCP server choose to do this you have to consider the next 43 
  4, the establishment of a two vlan to a mobile user to the computer user, create a DCHP scope on the DHCP
  I do not know if you have wood there are better ways?

  Integrating the AD to the WLC Requires:
  1. AD to be registered:
   AT: Security->AAA
      AT: LDAP     
      CLICK: New
      Server IP:    <AD IP>
      Port Number:    389     
      Simple Bind:    Authenticated
      Bind User:    CN=Administrator,CN=Users,DC=testing,DC=local,DC=com
      Bind Pass:    <LDAP Admin pass>
      Confirm Pass: <LDAP Admin pass>
      User Base DN:    OU=WebAuth_Users,DC=testing,DC=local,DC=com
      User Attrib:    sAMAccountName      
      User Obj. Type:    person        
  Enable at WLAN Profile
  1. AT: WLAN->WLANs
      CLICK: <Desired WLAN> -typically web authentication
  2. AT: Security Tab
      AT: AAA Servers
  3. AT: LDAP Servers
      **Select Created LDAP
  4. Apply to Save
  Source: Tried it in implementations :))

• Could not resolve CISCO-LWAPP-CONTROLLER

  Hi..
  I have AP Cisco Aironet 1250.  I want upgrade to LWAPP. AP using static IP address. When AP try to joinm error message displayed "DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER".
  Loading file /c1250...
  extracting info (292 bytes)
  Image info:
      Version Suffix: k9w8-.124-10b.JDD
      Image Name: c1250-k9w8-mx.124-10b.JDD
      Version Directory: c1250-k9w8-mx.124-10b.JDD
      Ios Image Size: 4352512
      Total Image Size: 4352512
      Image Feature: WIRELESS LAN|LWAPP
      Image Family: C1250
      Wireless Switch Management Version: 4.2.207.0
  Extracting files...
  c1250-k9w8-mx.124-10b.JDD/ (directory) 0 (bytes)
  extracting c1250-k9w8-mx.124-10b.JDD/c1250-k9w8-mx.124-10b.JDD (3956889 bytes)
  %LWAPP-5-!CHANGED: LWAPP changed state to JOIN
  %LWAPP-5-CHANGED: LWAPP changed state to IMAGE
  Error messages:
  *Jun 30 09:46:16.491: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
  *Jun 30 09:46:16.491: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
  *Jun 30 09:46:16.491: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
  *Jun 30 09:46:16.651: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
  *Jun 30 09:46:16.651: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
  *Jun 30 09:46:16.651: Logging LWAPP message to 255.255.255.255.
  Any help?
  Thanks.

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  You configuration is not correct. You can remove the line ‘domain-name CISCO-LWAPP-CONTROLLER.mydomain.com’ or replace it with ‘domain-name mydomain.com’ and configure the DNS server with both "CISCO-LWAPP-CONTROLLER.mydomain.com" and "CISCO-CAPWAP-CONTROLLER.mydomain.com" pointing to 172.16.00.25.
  I suggest that you remove this line and forget about DNS and go for DHCP option 60 and 43 as you already have configured. You do not need both the DNS configuration and DHCP option 43.
  Since you have configured ‘option 60 ascii "Cisco AP c1250"’ and ‘option 43 hex f104ac100019’ then your 1250s should try to associate with the controller 172.16.00.25.
  Please post more of the syslog and look for events regarding DHCP option 43.
  Is the address 172.16.00.25 for the WLC correct?
  Regards,
  André

• CISCO-LWAPP-CONTROLLER

  Hello,
  I am trying to get this officeextend working.
  I connected the ap and checked the H-Reap box and then officeextend and gave it a public ip. This public ip is NAT'd to the dmz controller on the firewall. (The dmz controller is 5508 running code 6.0.199.4)
  I have connected this officeextend 1132 ap to a broadband connection and this gets an ip of 192.168.1.23 on its fa0 interface. all good till now.
  when i console onto the officeextend 1132 AP, i get an error msg could not resolve Cisco-LWAPP-Controller.abc.uk....domain server (192.168.1.254) and Cisco-CAPWAP-Controller.home.uk...think it needs DNS set to the public ip on the local asdl box, is it ?
  if this is the case, I am not sure if i can do this as this is controlled by the ISP

  I have added this now scott on the management interface but still cant get the AP to join the controller. This AP is connected to a broadband wireless router connected back to a ADSL router that has the DNS settings
  (also i cant see any traffic hitting on ports 5246 and 5247 on the firewall. so think this AP is not trying to go out )
  it comes up with
  CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  Translating "CISCO-CAPWAP-CONTROLLER.Abc.uk"...domain server (192.168.1.254)
  *Apr  8 16:25:39.983: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
  Translating "CISCO-LWAPP-CONTROLLER.Abc"...domain server (192.168.1.254)
  *Apr  8 16:25:42.095: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.Abc.uk
  config on AP
  service password-encryption
  hostname AP6400.f14d.b6ba
  logging rate-limit console 9
  enable secret 5 $1$ACEH$BuOIS/RYEP5ZXvWxbyCFS/
  aaa new-model
  aaa authentication login default local
  aaa authentication login reap_eap_methods group radius
  aaa session-id common
  eap profile lwapp_eap_profile
  method fast
  crypto pki trustpoint Cisco_IOS_MIC_cert
  revocation-check none
  rsakeypair Cisco_IOS_MIC_Keys
  crypto pki trustpoint cisco-root-cert
  revocation-check none
  rsakeypair Cisco_IOS_MIC_Keys
  crypto pki trustpoint airespace-device-root-cert
  revocation-check none
  rsakeypair Cisco_IOS_MIC_Keys
  crypto pki trustpoint airespace-new-root-cert
  revocation-check none
  rsakeypair Cisco_IOS_MIC_Keys
  crypto pki trustpoint airespace-old-root-cert
  revocation-check none
  rsakeypair Cisco_IOS_MIC_Keys
  username Cisco secret 5 $1$2zkE$CaKkr5zDUWwltKRFvrIto0
  ip ssh version 2
  interface Dot11Radio0
  no ip route-cache
  mbssid
  speed  basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  power client local
  packet retries 64 drop-packet
  interface Dot11Radio0.2
  encapsulation dot1Q 2 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip route-cache
  mbssid
  power client local
  packet retries 64 drop-packet
  interface Dot11Radio1.2
  encapsulation dot1Q 2 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  ip address dhcp client-id FastEthernet0
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  no ip http server
  logging trap errors
  logging origin-id string AP:6400.f14d.b6ba
  logging facility kern
  logging snmp-trap notifications
  logging snmp-trap informational
  logging snmp-trap debugging
  logging 255.255.255.255
  radius-server local
    no authentication eapfast
    no authentication leap
    no authentication mac
    nas 66.11.22.33 key 7 111D110C041B18030A2632253C363832
    group hreap
  control-plane
  line con 0
  line vty 0 4
  transport input none
  line vty 5 15
  transport input none
  end

• VLAN assignment without ACS on Cisco Wireless Controller 5508

  I was wondering if it is possible to do dynamic VLAN assignment on the Cisco Wireless Controller 5508 without using Cisco ACS but use Microsoft NPS server instead?  Is there a manual or article that someone can point me in the right direction?
  Thank you!

  Any RADIUS server will allow you to do the dynamic vlan assignment if you configure the right RADIUS attributes (64, 65 and 81 that Steve mentioned above).
  This doc shows example of dynamic vlan assignment with WLC and ACS.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  Same config on WLC is needed. However, on the RADIUS you need to configure the same attributes on the NPS instead.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Install and configure Cisco Network Analysis Module NAM-2

  Hi,
  Does anyone have a step-by-step document on how to install and configure Cisco NAM-2 module ?
  Thanks in advance.
  Regards,
  Lamine

  Hi Lamine,
  The official installation guides for NAM software can be found here:
  http://www.cisco.com/en/US/products/sw/cscowork/ps5401/prod_installation_guides_list.html
  Is this what you are looking for?
  Cheers,
  Shane

• Has anybody experience with "Cisco Anomaly Guard Module"

  Hello,
  had anybody experience with "Cisco Anomaly Guard Module" WS-SVC-AGM-1-K9 for Catalyst 6500?
  We're looking for some IDS/IPS prevention system which could take 2-3 Gbits of traffic. From the documentation it looks not bad, and we can get them as used parts (6500 + Sup720 + AGM +ADM) quite cheap. The second solution is Arbor with cisco12000 as boader router (10Gbit uplink) is much more expencevie.
  Arbor tries of cause sell us their solution as "Cisco Anomaly Guard Module" is ot of sale and doesn't have any new features, but from the Data sheets Cisco AGM is eactly what we need.
  Or may be is there another solution which could be comparable to those two?
  Thank you.

  Hello padatta,
  AGM/ADM are IDS/IPS systems, one can of couse discuss about the terms, but it won't be productive :).
  IDSM2 has not enough performance and it should sit inline, ADM/AGM can change he next hop for the diverted traffic and be out of traffic path during the normal operation.
  Konstantin

• Cisco CAPWAP controller ????

  Hi,
  Really sorry if this isn't the right place but am desperate for help!
  Have applied for a dream job for me to get into networking but one of the things that they have asked for that I haven't heard of before is a Cisco CAPWAP controller, is anyone able to explain the basics or it for me?
  From quick web search it seems to be a type of wireless access point!
  Any info would be useful.
  Thanks
  Sent from Cisco Technical Support iPad App

  CAPWAP
  The controller-based solution allows the splitting of 802.11 functions between the controller-based AP, which handles real-time
  portions of the standard, and the Cisco WLC, which handles items that are not time sensitive. This model is called split MAC .
  The AP handles the portions that have real-time requirements, such as the following:
  ■ Beacons management
  ■ 802.11 encryption and decryption
  ■ Frame buffering for dozing stations
  ■ Probe responses
  ■ Air monitoring for interferences and rogues
  The controller handles all other functionalities, such as the following:
  ■ 802.11 authentication and association
  ■ QoS and security management
  ■ Mobility (roaming) management
  ■ RF management
  ■ Bridging to and from the DS in the right VLAN
  Lightweight APs (LAP) communicate with the controller using a specific protocol, Control and Provisioning of Wireless Access
  Points (CAPWAP). The LAP encapsulates all 802.11 data frames received from a client into a CAPWAP frame. The data frame
  portion is simply encapsulated into a CAPWAP frame, and is not encrypted by default (data part encryption is possible but optional).
  The LAPs also constantly exchange encrypted CAPWAP control messages with the controller via the Radio Resource Management
  (RRM) engine for real-time RF management, including
  ■ Radio resource monitoring
  ■ Dynamic channel assignment
  ■ Interference detection and avoidance
  ■ Dynamic transmit power control
  ■ Coverage hole detection
  This come from a book wrote by Jerome Henry