DCHP snooping requirement on 5760 controller
To All;
I like to know if DHCP snooping is a requirement in a centralized deployment where there is one 5760 and 5508 for guest access.
In "Converged-Access-White Paper" page 31 states DHCP snooping is required in the Converged Access deployment and I am not clear if this requirement is for deployments with 3850 switches which is not my case.
Thanks;
I am not referring to AP IP addresses, but client IP (Yes it is a good practice to keep AP IP in DHCP so it is more flexible from operation point of view).
I like to know if DHCP and DCHP snooping are REQUIREMENT for roaming when the APs are associated to a 5760 instead of 3850
No, it is not specific to 5760 instead of 3850. It is a best practice configuration in Converged Access where enabling DHCP snooping on wireless vlans help to build different client database tables & helping wireless client to get IP addresses much quicker.
HTH
Rasika
**** Pls rate all useful responses ****
Similar Messages
-
Cisco 5760 controller in centralized mode supports 4404 controller as anchor controller?
Hello All,
I have a cisco 5760 controller running in centralized mode. I want to configure one 4404 controller as anchor controller to work with the 5760 controller. Is this supported?.
Thanks in advance
ShabeebNo, It is not supported.
You cannot have a mobility peer with 5760 unless you enable "new mobility" on its peer . In CUWN products this is supported in 5508/WiSM2/8510 on specific codes. In current supported codes it has to be 7.6.x or 8.x.
As you know 4400 only supported upto 7.0.x code. So new mobility is not supported, hence you cannot peer with CA products.
In case if you have a "new mobility" supported WLC, here how you configure it
http://mrncciew.com/2014/05/06/configuring-new-mobility/
HTH
Rasika
**** Pls rate all useful responses **** -
Required PCI Driver Controller
Hi ,
Model No : Hp Pavilion 15e034tx
Required : Bluetooth Controller
: Pci Device
: Video controllerPlease provide the PCI\VEN character strings for the devices that you need drivers for.
See the following image. It is an example. Note the places I have pointed out woith narrows and circles.
Right click a device without a driver and click on properties to invoke the device's properties window.
****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
2015 Microsoft MVP - Windows Experience Consumer -
I am unable to find 3D video controller, Bluetooth controller and PCI device for HP 15-r033tx. Can anyone please provide the links.
This question was solved.
View Solution.Hi:
First install the Intel chipset driver and reboot.
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-130504-1&cc=us&dlc=en&lc=e...
Next, install the Intel HD graphics driver and reboot.
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-134230-1&cc=us&dlc=en&lc=e...
Then install the nVidia graphics driver and reboot.
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-130198-1&cc=us&dlc=en&lc=e...
You can also find the rest of the W7 x64 drivers and software you need at the link below...
http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?cc=us&dlc=en&lc=en&os=4063&product=7308900&soft...
The PCI dev needs this driver...
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-140783-1&cc=us&dlc=en&lc=en...
The bluetooth needs this driver...
http://h20565.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_130390_1 -
Guest Controller License requirement ???
Hi All ,
Question regarding the Guest controller ( Ancher controller). ... What license will be required to guest controller ???
Assume i have a LAN controller with a license of 100 AP , and now i am going to plan for guest user WiFi access as well but with separt Controller.
Will i need guest controller with 100 AP license ???
Your quick response will be helpful for me and if possible please share the URL for reference. Thanks.There is no need for any license for anchoring Guest in you network. You can configure you current WLC for the same.
Below is the link for configuration guide.
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html -
UPNP-DLNA TV access through Cisco Controller 5760 & AP 3702
Hello,
I am trying to connect a Windows Media Server and a TV in the same vlan. The Media Server is connected to a switch and the TV is in WiFi connected to a Cisco 3702 managed by a 5760 controller. I enable the multicast and broadcast commands in the controller but it still does not work.
wireless multicast
wireless broadcast
When I tested in a switch the TV and the Media Server works, but not when one of them are in the WiFi.
Thanks for your help,
Cesar.Hello Rasika,
The software we are using is Windows Media Player. I read that it use multicast streaming.
The test was in a different switch where the controller is connected, but the other switch where the test was done, is connected through trunk ports.
This is the command you asked me:
controller#sh wireless multicast
Multicast : Enabled
mDNS : Enabled
AP Capwap Multicast : Multicast
AP Capwap Multicast group Address : 239.3.3.3
AP Capwap Multicast QoS Policy Name : unknown
AP Capwap Multicast QoS Policy State : None
Wireless Broadcast : Enabled
Wireless Multicast non-ip-mcast : Disabled
Vlan Non-ip-mcast Broadcast MGID
1 Enabled Enabled Disabled
102 Enabled Enabled Disabled
110 Enabled Enabled Enabled
112 Enabled Enabled Enabled
114 Enabled Enabled Enabled
116 Enabled Enabled Enabled
210 Enabled Enabled Enabled
212 Enabled Enabled Enabled
the vlan 102 is my management vlan. The vlan where the PC Windows Media Server is located is vlan 116.
Thanks for your help,
Cesar. -
WLC 5760 with internal DHCP server, clients no get IP address
Hi all,
I have 2 Cisco 5760 WLC (active-standby) IOS-Xe 03.03.03SE with one WLAN.
sh wlan summary
Number of WLANs: 1
WLAN Profile Name SSID VLAN Status
1 Invitados_ADSL Guest 905 UP
sh vlan
VLAN Name Status Ports
1 default active Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
Te2/0/4, Te2/0/5, Te2/0/6
100 VLAN0100 active Te1/0/1, Te2/0/1
101 Planta_1 active
905 Internet active Te1/0/2, Te2/0/2
The DHCP server is internal.
Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
The workaround done by me to solve the issue is “clear ip dhcp binding *”.
Some days later the problem appears again.
I see this bug with a similar problem:
NGWC blocks DHCP traffic if wireless broadcast disabled
CSCun88928
Description
Symptom:
Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
Conditions:
Seen on 3.3.2 IOS-XE
Workaround:
Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
OR
Enable "wireless broadcast" globally
My DHCP configuration is:
ip dhcp relay information trust-all
ip dhcp snooping vlan 905
ip dhcp snooping
ip dhcp excluded-address 172.16.0.1 172.16.0.19
ip dhcp excluded-address 172.16.1.250 172.16.1.254
ip dhcp pool Invitados
network 172.16.0.0 255.255.254.0
default-router 172.16.0.1
dns-server 212.66.160.2 212.49.128.65
lease 0 8
I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
DHCP Snooping and Trust Configuration on CT5760
ip dhcp snooping vlan 100, 200
ip dhcp snooping wireless bootp-broadcast enable
ip dhcp snooping
interface TenGigabitEthernet1/0/1
description Connection to Core Switch
switchport trunk allowed vlan 100, 200
switchport mode trunk
ip dhcp relay information trusted ip dhcp snooping trust
interface Vlan100
description Client Vlan
ip dhcp relay information trusted
My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
Thanks in advance.
Regards.
DYes, test it with the command you mentioned
ip dhcp snooping wireless bootp-broadcast enable
HTH
Rasika
**** Pls rate all useful responses ***** -
New Cisco 5760 and Prime 2.1
Hi@all,
we have deployed two new 5760 with Prime 2.1 -> New we have Problems.
Our old system was three WLC 4404 with WCS 7.0.240, this system works well but was outdated, so we make a clean install of the prime, generate new maps and installed the licenses.
This morning we changed the wlc, some of our antennas are connected with the new wlc but the most send a failure:
*%DTLS-4-BAD_CERT: 1 wcm: Certificate verification failed. Peer IP: 172.20.22.220
Aug 4 13:25:23.819: *%DTLS-3-HANDSHAKE_FAILURE: 1 wcm: Failed to complete DTLS handshake with peer 172.20.22.220 for AP 0000.0000.0000Reason: no certificate returned
This is the first problem, we don´t know why some aps will work and some not.
The second thing is that we can´t generate dynamic interfaces in Prime, if we want´t to send the template to the controllers we get these meassage:
Currently no controllers are added to Prime Infrastructure or the selected template options do not match any controller where the template can be applied.
But the controllers are listed and sync with the prime.
An the third thing is, the 5760 don´t work in a mobility group. We have decided to the centralized mode, so we give both wlc the same mob.-groupe get them the multicast-address, but in both devices, the control-link is down.
I know many problems, but maybe someone of you have solutions.
IOS athe 5760 are 3.3.2 and we use the prime 2.1.
kind regards
RenéHi Rene
Glad to see you sort out AP registration issues.
Configuring Dynamic interface on 5760 is not mandatory. If you want you can configure it like on a switch (ie interface vlan x & then IP address under it)
What you want to do is
1. Define all wireless users L2 vlans on your 5760
2. Enable DHCP snooping for the required vlans where you will map it to WLANs
3. Trust DHCP snooping on your 5760 Port Channel & Physical interfaces connect to wired network.
If you want to use interface-group this post may help you as well. 3850 or 5760 configuration syntax is same as both operate on IOS-XE
http://mrncciew.com/2014/07/30/vlan-groups-in-57603850/
NB: Dynamic interface of user vlan on 5760 or 3850 is required when you set DHCP server configuration under WLAN setting where you want to send different WLAN DHCP request to different DHCP servers.
HTH
Rasika
**** Pls rate all useful responses **** -
WLC 5760 and 802.11r/CCKM support
Experts;
I have a couple of 5760 controllers running as MC/MA and I am planning to enable Layer 3 roaming between the two 5760 MC/MA controllers. On a 5508 controller running Air-IOS there is an option, "fast transition", for devices that support 802.11r, my understanding if a device doesn't support 802.11r "fast transition" should not be checked.
I like to know if there is a similar command or option for 802.11r support on a 5760 controller and if the only configuration option to establish mobility between the 5760 controllers is that both controllers need to be in the same mobility group.
Thanks;
JuanHi Juan,
my understanding if a device doesn't support 802.11r "fast transition" should not be checked
This is because certain clients that does not support 802.11r (like Mac OSX) won't like when SSID advertising 802.1X & 802.r FT (802.11r mixed mode) on the same SSID. Therefore they will not associate to that SSID. See this post as it listed 802.11r supported & unsupported devices/OS.
https://supportforums.cisco.com/discussion/12314591/8021r-and-fast-roaming
You need to have IOS-XE 3.6 onward to support 802.11r mix mode. (7.6 or 8.0 for AireOS codes)
Regarding config you will find that options (enabling & Over the DS tick box) under SSID configuration (refer link provided by Daniel). If you want to go more into detail how these different options work please read below, I have used 3850 in these post, but config should be same for a 5760.
1. http://mrncciew.com/2014/09/06/cwsp-802-11r-ft-association/
2. http://mrncciew.com/2014/09/08/cwsp-802-11r-over-the-ds-ft/
3. http://mrncciew.com/2014/09/07/cwsp-802-11r-over-the-air-ft/
In your case both 5760 should be in same mobility group in order to MDID to be same which is required for 802.11r fast roaming.
Pls do not forget to rate our responses if that is useful
HTH
Rasika -
Upgrade LIC for 5760 and 3850(L-LIC-CTIOS-1A)
Hi ,
the license part number (L-LIC-CTIOS-1A) is available from both 5760 primary upgrade LIC and 3850 Primary upgrade LIc with same prices as well
My Question is,
if i purchase L-LIC-CTIOS-1A with the primary upgrade lic as
L-LIC-CT5760-UPG
Upg license SKU for Cisco 5760 WirelessController (e-deliv)
will i be able to use it for 3850 switches as well because the primary upgrade LIC for 3850 is
L-LIC-CT3850-UPG
Upg license SKU for Cisco 3850 WirelessController (e-deliv)
Hope i am clear and if anybody has come across this suitation please replyFound the answer
it can be transferred between 3850 and 5760 controllers
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/product_bulletin_c25-720777.pdf
AP License for Cisco Catalyst 3850
There is no license required for a Cisco Catalyst 3850 to operate as a distributed termination point for Access
Points (Mobility Agent mode). The same switch can also operate in the full controller Mobility Controller (MC)
mode by adding an AP license for up to 50 Access Points. Other devices that can act as an MC are the new Cisco
Wireless Controller 5760, Cisco Wireless Controller 5508 and Cisco Wireless Services Module 2 (WiSM2)
wireless controllers. AP licenses can be transferred between two 3850 switches or between 3850 and 5760
controller. -
Domain controller 2008 Server with SP2
Here is a real issue which i cannot track down what is causing it.
It appears that in windows 2008 Server running DHCP, DNS and AD i am getting some weird errors on the clients.
The client machines are all Windows 7 Professional x64.
The Issue is that the Domain controller seems to disappear as the logon server from the client after a few days. On some it indicates that there was no logon server available, but still logs in.. Which should be impossible since i have group policy configured
to block the ability of logon without a logon server.
The issue with this, is that over time, the desktops seem to go rogue, they no longer populate the information as to password expiration, and at times don't allow the clients to access the network shares.
The security log, shows hit and miss as to if it sees them log into the domain.
the weird issue is that if you log out, switch user, and change the users password, then log back into the desktop with domain\username and a new password the issue goes away for about 10 days.. then re-appears and causes all sorts of fun issues on the domain.
I took another step and decided that i would give a shot to building a clone test network, using a cloned image of the Domain controller, and it doesn't seem to happen on that side..The test network just has less PC's but they are all the same hardware..
Here is what i have troubleshot so far:
DNS looks fine.. no errors or issues..
DHCP looks fine, no duplicates etc..
AD has all the information correctly, and the security log looks fine, most of the time..
Windows updates are all up to date
All desktops have logon scripts, but i have removed the cached data from the management console (Cred manager)
Modified Group policy and forced it across the network.. Can see the GPResult from the clients and they have the updated settings, but the clients don't seem to care..
Group policy is set to wait till network comes up and require a domain controller to log into the client desktop.. This sometimes works, sometimes does not, it was done to see if the problem was happening on other machines, there are about 15 total out of
47 currently having the issue.
All the desktops are fresh installs, not ghosted images, not clones, or something you would need to sysprep.
Thoughts?
RobHello,
please post an unedited ipconfig /all from the DC/DNS servers and a client with the problems.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
How to extend the sap.ui.core.mvc.Controller ?
We are in the process of building a web application that allows users to "plugin" their own views (pages). When they create there own views there are a number of activities that are common across all pages that occur in the onInit() and onExit() methods, additionally, we may provide additional utility functions that should be available to the controller.
Currently when creating a controller the standard is to use sap.ui.controller("some.name", { controller specific functionality } ); I would like to create a sap.ui.MyController("some.name", { controller specific functionality }); that contains the utility functions and extra functionality in the LifeCycle methods so that these are automatically available to anyone defining this type of controller.
I believe the documentation I need to reference is boilerplate code for typed Controller however I am unsure on how this can be used
I assume that I define the controller abc/xyz/MYController.js
jQuery.sap.declare({modName:"abc.xyz.MYController", type:"controller"}); // declaring a special type of module
abc.xyz.MYController = function () { // the constructor
sap.ui.core.mvc.Controller.apply(this, arguments);
jQuery.sap.require("sap.ui.core.mvc.Controller"); // this is currently required, as the Controller is not loaded by default
abc.xyz.MYController.prototype = jQuery.sap.newObject(sap.ui.core.mvc.Controller.prototype); // chain the prototypes
/* end of boilerplate code for typed Controller */
abc.xyz.MYController.prototype.onInit = function() {
// modify control tree - this is the regular lifecycle hook
console.log("Inside my new controller.");
Then use it in app/pageController.controller.js ...
jQuery.sap.require("abc.xyz.MYController");
abc.xyz.MYController("app.pageController", { ..... });
When I try this I get the Error
Uncaught Error: failed to load 'app/pageController.controller.js' from /mywebapp/js/app/pageController.controller.js: Error: Controller type app.pageController is still undefined after trying to load it. sap-ui-core-all-dbg.js:20313requi
Any help with this would be appreciated.
Regards,
TrevorHi Trevor
may this code snippet will help.
jQuery.sap.declare("example.MyController");
jQuery.sap.require("sap.ui.core.mvc.Controller");
"use strict";
sap.ui.core.mvc.Controller.extend("example.MyController", {
onInit: function () {
-D -
Should one update Embedded Controller program before a BIOS update ?
Hello All,
I have an IBM Thinkpad 600E 2645 4AU that has an old version of BIOS that am trying to update to the latest.
I read on the net that before updating the BIOS its required to update the Embedded Controller program.
This is what I read and am quoting :
" It is also important to understand that Thinkpads from IBM have two separate firmwares: the BIOS, and the Embedded Controller program. A given BIOS version will require a certain version of the Embedded Controller program. The IBM documentation is sometimes unclear about the order in which these two firmwares should be updated. On most, but not all Thinkpads, the correct update order is Embedded Controller program first, and then the BIOS. Make sure to do the two updates immediately one after the other. Newer models from Lenovo update both the Embedded Controller program and the BIOS at the same time, so you don't have to worry about it."
Could anyone let me know if this applies ? I searched the Lenovo site for a Embedded Controller program for my laptop model but found none. So wondering if this model would require the Embedded Controller program update ?
Thanks.
AlexOK, I've fixed this now.
I had Kaspersky Internet Security installed and had disabled it manually but it was obvisouly still blocking fundamental system changes like these. I uninstalled KIS completely and then ran these updates again and all worked fine. -
How to configure PortFast & BPDU Guard on an Aruba controller.
Requirement:
An Aruba controller running 6.4.3.x and above.
Solution:
PortFast:
PortFast feature basically causes a switch port or a trunk port to directly enter the forwarding state instead of going through listening and learning state of the STP.
PortFast is usually configured on an edge port, which means this port should not receive any STP BPDUs.
If this port receives any STP BPDU, this port moves back to normal/regular mode and will end up participating in listening and learning states.
BPDU Guard:
The BPDU Guard feature basically guards the port against receiving any BPDUs.
If it detects any incoming BPDUs on the port, it would put the port into ErrDis (Error-Disable).
This port remains in the ErrDis state unless until this port is manually changed by using a configuration command “shut” followed by a “no-shut” applied on this interface.
Configuration:
Below screen shot show the configuration of Portfast for both Trunk and Access ports.
Below screen shot shows the configuration of BPDU Guard for switch ports.
Verification
We can verify if the Portfast is enabled using the commands shown in below screen shot.
We can verify if the BPDU Guard is enabled using commands shown in below screen shot.I was having troubles with this as well when a customer had an older Aruba Controller and 2 Access Points. We went with a couple IAP-205s and needed LDAP integration. Using the above configuration there were some additional items needed. I found that I needed the DISPLAY NAME of the admin for the Admin-DN. I had created a user with the first name Aruba and the last name LDAP. This made the DISPLAY NAME "Aruba LDAP". This is what needs to be in the CN= for the Admin-DN.I also found there is a difference in using the CN= and OU=Currently our admin account is in the Users group which is a “Container”. Our actual user accounts are stored in an Orginizational Unit with sub OUs as well. So the Admin-DN needed the CN=Users and the Base-DN needed the OU=MyUserOU.For the windows machines I had to download and install the Aruba GTC Shim because the customer was previously using GTC and they were not going to a RADIUS server at the moment. My Android phone and IPHONE did not need any additional addins for the authentication. The windows laptop I am using I needed to manually create a wireless profile with… Security Tab >“Choose a network authentication method:”Microsoft: Protected EAP (PEAP)Settings >Select “Trusted Root Certification Authorities”GeoTrust Global CASelect Authentication Method:EAP-Token (This is the Aruba GTC Shim) This allowed me to use my domain login credentialsUsernamePasswordDomain (This is blank because the Base-DN already has this, if anything is put in here the authentication fails)
-
Catalyst 2955T-12 Power Supply n IGMP Snooping
Hello everyone,
I have Two Catalyst 2955T-12 switches, on this switch there are Two Power Supply (DC) options...I want to implement redundant Power Supply solution, can this Two DC Input on Switch will give this solution or I have also external Din Rail power supply...my question is how I can implement redundant power supply so that if one PS of switch fails then automatically other will start?
Also can any body tell me what IGMP snooping do? do I need to configure it? also the command (I need global command as well as port/interface based command)?
Regards,
ShahidFor the power redundancy question, I believe this link will help:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea2/2955hig/hginstal.htm
Also can any body tell me what IGMP snooping do? do I need to configure it? also the command (I need global command as well as port/interface based command)?
>>Layer 2 switches can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. As the name implies, IGMP snooping requires the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, the switch adds the host port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients.
The multicast router sends out periodic IGMP general queries to all VLANs. When IGMP snooping is enabled, the switch responds to the router queries with only one join request per MAC multicast group, and the switch creates one entry per VLAN in the Layer 2 forwarding table for each MAC group from which it receives an IGMP join request. All hosts interested in this multicast traffic send join requests and are added to the forwarding table entry.
IGMP Snooping is by default Enabled globally and per VLAN. If for some reason it is not enabled, "ip igmp snooping" at the config mode to enable it.
There is nothing else to configure.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea5/2950scg/swigmp.htm#wp1020034
Please rate helpful posts.
Maybe you are looking for
-
How Can I print my report through character mode using DOS, very very urgent
Hi all I would like to print my reports instead of from windows based, I want to print through DOS mode. While giving dos mode printouts report builder is hanging and comming out. Any help will be appreciated. Thanks Reddy
-
I'm trying to run rsnapshot through cron to automate my backups but it's not actually running rsnapshot for some reason . Here's my crontab: brian@brian-laptop:/var/log$ sudo crontab -l # DO NOT EDIT THIS FILE MANUALLY!! USE crontab -e INSTEAD. # <mi
-
I have a User Group Manager looking to order replacement media for a CS6 master collection Install in India; Where can I buy the DVDs to do a local install, in India? I cannot find it on the Adobe.com site? This page is not update nor is it helpful.
-
Why does the green light stay on at the top of my screen where pictures are taken?
MacBook Pro, OSX 10.9.2 - at the top of the frame of the screen a green light stays on - I think this is the camera. Is there a way to shut if off?
-
Basically, I'd really like to ingest media from tape of any size (1080p 23.98, 720p 23.98, 1080i 59.94, NTSC, etc) having it captured to OfflineRT (or some 35% quality Photo JPEG) immediately (no transcoding after capture) edit with it, and online mu