DNS IP on WLC
Hi Team
Just change out the new DNS IP address WLC is taken the changes but when I connect any device it still showing up the old DNS entry. I have rebooted the AP and device that didnt help.
Any thoughts.
Thanks
Eddie
Hi Stephen/Patrick,
Can you try and confirm if below works?
Switch(config)#parameter-map type webauth global
Switch(config-params-parameter-map)#virtual-ip ipv4 1.1.1.1 ?
virtual-host Virtual host name
Switch(config-params-parameter-map)#virtual-ip ipv4 1.1.1.1 virtual-host
Regards,
Ankur
Similar Messages
-
Hi
Has anyone successfully got AP's discovering the WLC using the DNS name CISCO-LWAPP-CONTROLLER?
I cant seem to get the dns server to work properly. I added a host called CISCO-LWAPP-CONTROLLER but it keeps appending the domain name to the end of it. I notice that the documentation states the discovery looks for CISCO-LWAPP-CONTROLLER@localdomain
I'm using MS DNS server. Can anyone help or provide a screenshot of the correct setup on dns.
Thanks.It was the .localdomain part causing me problems. When I captured packets I noticed that the AP was querying DNS for CISCO-LWAPP-CONTROLLER and the DNS respone was "not found". NSLOOKUP from a client gave the same response, but clients in the Active Directory domain resolved the address.
I added the DHCP option DOMAIN NAME with the name of my AD domain. The AP then queried for CISCO-LWAPP-CONTROLLER.test.co.uk and this worked.
So I summary I had
DHCP scope for AP's.
DNS servers in options
Defailt Gateway in options
Domain Name in options -
WLC Guest portal - External DNS issue
I have an interesting behavior. When my guest users attach to the guest network, I want them to use some external DNS source and not my organizations DNS servers. So, I set the dhcp scope options to point to other DNS Servers. When I do, the users don't seem to be redirected to the WLC guest portal, they get nothing and because of that, they cannot get to the Internet.
I am not sure why this is happening. The re-direction URL is https://1.1.1.1/login.html?redirect=www.google.com?/ocid=iehp
I don't understand why pointing a guest client to an external DNS servers would cause the guest login page not to come up.The issue is likely that you are attempting to redirect an HTTPS page. See this link for more information:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#anc7
You didn't mention your code rev, but it seems that 8.0 is able to redirect HTTPS for guest portal. -
WLC 5508 and WPA/WPA2 causes client DNS lookups to fail
Hi all, we just recently received a brand new 5508 with 6.0.199.4 firmware. We currently have three LAP-1250s that associate just fine to the WLC.
For testing purposes only, we enabled WPA2 with both types of encryption TKIP and AES with an ASCII PSK. The clients are able to connect, authenticate and get an IP address from our local (same subnet) DHCP server. They also get the DNS info from our DHCP server. However, the problem is that they are not able to do any DNS lookups. I haven't run wireshark yet to confirm, but it sounds very familiar to this problem: https://supportforums.cisco.com/message/3202369
I've even had clients use nslookup with both of my DNS servers and they are not able to resolve. I'm not sure if the request or the reply is being blocked/dropped, but I can find out tomorrow.
Now the strange part - if I turn off WLAN security altogether, it works! That's right, I just disable L2 security for the WLAN and re-connect the clients and they are able to do full DNS lookups.
AND - if I leave L2 security configured (WPA2 with PSK), and enable L3 Passthrough security - the clients get to the auth web page, click the "accept" button and are then able to do full DNS lookups too.
What could be the problem here? There's nothing I see configured for the L2 or L3 security settings that could be the culprit. We're using default (from Cisco) configuration, so there's no ACLs configured or anything like that to block DNS.
Another strange thing here which may or not be related - during initial configuration the setup asked for a virtual IP - so I gave it one - 1.1.2.2. Now when I do an ipconfig /all on the client, I see this 1.1.2.2 address listed as the DHCP server. Why is this? It's definitely getting an IP address and DNS info from the correct DHCP server, so not sure why this is showing up.
Thanks, Matt/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi Matt,
Just wanted to jump in, and also mention it may be worth attempting to disable the fastpath feature on the 5508, and test your failing client again. You may be hitting CSCti34667.
debug fastpath cfgtool --fc.disable
This command can be run via Telnet/SSH. Please keep in mind that fastpath will automatically re-enable periodically, so we recommend disabling every 10 minutes as a workaround for any known fastpath issues. You can do so by running the following Macro in TeraTerm:
:mainloop
sendln "debug fastpath cfgtool --fc.disable"
pause 600
goto mainloop
If you find that disabling fastpath resolves your concern, you can reach out to TAC for an Escalation Image with the fix for this one.
Best,
Drew -
DNS host name for virtual IP on WLC 5760?
Hi all,
Does anybody of you know, if there is a way in setting a DNS hostname for the virtual IP on the 5760 WLC?
The parameter-map does not offer any option.
AireOS based WLCs do offer it in order to see a DNS name instead of the virtual IP when connecting to the captive portal.
Thanks in advance,
PatrickHi Stephen/Patrick,
Can you try and confirm if below works?
Switch(config)#parameter-map type webauth global
Switch(config-params-parameter-map)#virtual-ip ipv4 1.1.1.1 ?
virtual-host Virtual host name
Switch(config-params-parameter-map)#virtual-ip ipv4 1.1.1.1 virtual-host
Regards,
Ankur -
WLC in two different WAN sites using same DNS
I have two different wlc's that are located in different locations and WAN sites. I want them to use the same DNS for both sites since there is no need to add a specific server in the small areas. When adding a DNS entry for "cisco-capwap-controller" for AP discovery, is there a way to make it distinguish which local controller to use?
Hi,
We had a similar issue with different controllers in different sites, for different wireless networks. I got around the issue by creating wireless specific subdomains to hold the relevant dns records in.
For example:
Site A = siteA.rf.mycompany.com
A Record = cisco-capwap-controller 10.1.1.100
Site B = siteB.rf.mycompany.com
A Record = cisco-capwap-controller 10.2.2.100
Site C = siteC.rf.mycompany.com
A Record = cisco-capwap-controller 10.3.3.100
HTH
Paul -
WLC 5508 DNS discovery fails. After a ping it works!
Hello guys,
I have a deployment with a 5508 HA Cluster. The AP´s (2702) should be discoverd with DNS. I get only the message:
%CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP
When i Ping the Controller:
ping cisco-capwap-controller
The AP gets discovered. I tried this with 3 AP´s. Every time the the same behavior.
Does anybody know that?
Regards StefanHi Stefan,
I would configure DHCP option 43, in that way AP will get WLC info as part of DHCP assignment,
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html
HTH
Rasika
**** Pls rate all useful responses **** -
Ap associating with a different WLC through DNS
Hello Guys,
I have some 5 ap in the network, since 2 days I have got into a issue, all the access points have registered with a different WLC which is in our main office instead of getting registered with the local WLC, need help on this issue. It does a DNS resolution and gets connected to the central WLC, but the same setup is running up in multiple locations.
Regards
KrishnaIt is best to configure the primary and secondary WLC in the high availability. This way if something happens and the ap joins the wrong WLC, it will move back. This is the issue if you keep option 43 enabled and or DNS resolution. If you want to make sure that AP's at a local site stays on that WLC, block udp 12222 & 12223 from crossing the wan. This way the AP's will not join the WLC at HQ. makes sense?
Sent from Cisco Technical Support iPhone App -
Hi,
I setup a mini wireless LAN network lab with a not for resale 2106 wireless lan controller and a sales air-lap1242ag access point. I do not have a DHCP and DNS in my lab environment. I have configured the WLC with the basic configuration using the CLI wizard, i also configured the WLC as a DHCP server for clients that will be connecting to the APs associated to the controller.
I powered up the AP and connect the ethernet port directly to the controller, the controller issued an IP address to the AP, the AP downloaded a new operating system from the controller but failed to join the controller.
I check both debug message on the controller console and the trap messages on the controller's GUI and it say the AP could not download a configuration from the controller and it is beacuse of invalid license. Below is the trap message:
Configuration Phase Statistics
Requests Received
Responses Sent
Unsuccessful Request Processed
Reason For Last Unsuccessful Attempt
Last Successful Attempt Time
Last Unsuccessful Attempt Time
Last Error Summary
Last AP Message Decryption Failure
Last AP Connection Failure
Last Error Occurred
Last Error Occurred Reason
Last Join Error Timestamp
Also, I tried to log into the GUI of the AP using the both the username and password ''Cisco'' but I cannot get into the device. I can only get in through the CLI. In the CLI, almost all the commands I enter gives an error the it is disabled. I don't know what to do any more, I want to know if the access point is faulty or i am not doing the right thing.
PLEASE HELP!!!!!!!!!!!!!!!!!!!Thank you for the quick response.
The controller is running firmware version:
Software Version 6.0.199.4
Emergency Image Version 6.0.199.4
The AP can ping the Management IP address of the controller successfully via console. I have also entered in the AP the WLC's Management IP address information and it is still the same. Below is the message I'm getting on the console of the AP it self:
*Jul 9 13:06:09.803: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 9 13:06:10.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip:
192.168.50.246 peer_port: 5246
*Jul 9 13:06:10.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 9 13:06:11.636: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 192.168.50.246 peer_port: 5246
*Jul 9 13:06:11.638: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.50.246
*Jul 9 13:06:11.638: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Jul 9 13:06:11.724: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Jul 9 13:06:11.726: %DTLS-5-ALERT: Received WARNING : Close notify alert from
192.168.50.246
*Jul 9 13:06:11.727: %DTLS-5-PEER_DISCONNECT: Peer 192.168.50.246 has closed conne
ction.
*Jul 9 13:06:11.727: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 1
92.168.50.246:5246
*Jul 9 13:06:11.772: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 9 13:06:11.772: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
I will also like to know if AIR-LAP1242AG is compatible with WLC 2106 controller.
Any help will be greatly appreciated, i really need to resolve this issue in my LAB now so that I don't go to my customer site to fumble.
thanks in advance. -
WLAN Clients not browsing on Cisco Wireless Controller WLC NME-AIR-WLC12-K9
HiI have a question and i need a solution and expert help.I have done a deployment which involves Security (ASA5540), Routing/voice gateway/wlc NME-AIR-WLC12-k9) and Switching (Cisco3845-ccme/k9)Below is the list of equipment used:1. Cisco ASA 5540 - which is connected at the edge to the ISP router
2. Core Switch WS-C4948E as core and DHCP Server for all VLANs
3. Access/Distribution Switches WS-C3560G-48PS-S connected as trunk to the core switch
4. Router/Voice Gateway/WLC Cisco3845-CCME/K9 - This is the voice gateway and also the WLC
5. Wireless APs AIR-LAP1242AG-E-K9 (12 qty)Here is the deployment scenario:1. G0/0 of the ASA is connected to a 7200 router from the ISP (Public IP Add)
2. G0/1 of the ASA is connected to gig 1/3 on the Core Switch on VLAN 2 which is the management VLAN (Local IP 10.1.1.2)
3. Port 3 of the Core switch is on vlan 2 connected to ASA - Management IP of Core Switch is 10.1.1.1. Core Switch is the DHCP Server for all VLANS on the network.
4. All the Access/Distribution switches are configured with IP Addresses on VLAN 2
5. Telephony Services is configured on the router and DHCP Pool for Access Points and Wireless Clients is running on the router.
6. Two DHCP pools were created on the router for APs and Wireless Clients.
7. G0/0 of the router is configured on the same network that issues dhcp ip to the AP and is connected to gig 1/1 on the core switch
8 G0/1 of the router is configured as the voice port for the IP Telephony Services and is connected to G 1/2 on the core switch1. Clients receiving DHCP IP on the Core Switch can communicate with all vlans and can browse to the Internet.
2. IP Telephony Services is running well.
3. Client on wireless can get IP from the DHCP on the router but cannot browse.I have pings from the router to the core switch and firewall, but clients connected to the wireless
cannot ping other vlans on the core switch and vice versa.The port connecting the router to the core switch is an Access Port, i have changed to to trunk but still no changes.My biggest problem now is how to make the clients on the wireless communicate with other clients on the network and be able to browse to the Internet.Below is the configs on the router and core switch.Router ConfigNimc_Voice_Router#sh run
Building configuration...
Current configuration : 10513 bytes
! Last configuration change at 13:03:55 Nigeria Mon Nov 29 2010 by admin
! NVRAM config last updated at 13:03:56 Nigeria Mon Nov 29 2010 by admin
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Nimc_Voice_Router
boot-start-marker
boot-end-marker
! card type command needed for slot/vwic-slot 0/2
logging message-counter syslog
enable secret
aaa new-model
! aaa authentication login default local
aaa session-id common
clock timezone Nigeria 1
dot11 syslog
ip source-route
ip dhcp excluded-address 10.1.12.1 10.1.12.10
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool LWAAP-AP
network 10.1.12.0 255.255.255.0
default-router 10.1.12.1
option 43 hex f104.c0a8.0002
dns-server 83.229.88.30 4.2.2.2 193.238.28.249
option 60 ascii "Cisco AP c1240"
ip dhcp pool Wireless
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
ip cef
no ip domain lookup
ip domain name nimc.gov.ng
ip name-server 83.229.88.30
ip name-server 193.238.28.249
ip name-server 4.2.2.2
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
archive
log config
hidekeys
interface GigabitEthernet0/0
description Connection to AP
ip address 10.1.12.1 255.255.255.0
ip helper-address 192.168.0.2
load-interval 30
duplex auto
speed auto
media-type rj45
interface Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/1
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
media-type rj45
interface FastEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 2000000
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
interface Integrated-Service-Engine1/0
ip address 192.168.0.1 255.255.255.0
no keepalive
interface Integrated-Service-Engine1/0.15
encapsulation dot1Q 15
ip address 192.168.1.1 255.255.255.0
interface Integrated-Service-Engine1/0.100
encapsulation dot1Q 100
ip forward-protocol nd
ip forward-protocol udp 12223
ip route 10.1.0.0 255.255.255.0 10.1.1.1
ip route 10.1.1.0 255.255.255.0 10.1.1.1
ip route 10.1.2.0 255.255.255.0 10.1.1.1
ip route 10.1.3.0 255.255.255.0 10.1.1.1
ip route 10.1.4.0 255.255.255.0 10.1.1.1
ip route 10.1.5.0 255.255.255.0 10.1.1.1
ip route 10.1.6.0 255.255.255.0 10.1.1.1
ip route 10.1.7.0 255.255.255.0 10.1.1.1
ip route 10.1.8.0 255.255.255.0 10.1.1.1
ip route 10.1.9.0 255.255.255.0 10.1.1.1
ip route 10.1.10.0 255.255.255.0 10.1.1.1
ip route 10.1.11.0 255.255.255.0 10.1.1.1
ip route 10.1.12.0 255.255.255.0 10.1.1.1
ip route 192.168.0.0 255.255.255.0 10.1.1.1
ip route 192.168.1.0 255.255.255.0 10.1.1.1
no ip http server
ip http secure-server
!Core Switch Configsh run
Building configuration...Current configuration : 10622 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
hostname Nimc_Core
boot-start-marker
boot-end-marker!
aaa new-model
aaa authentication login default local
aaa session-id common
storm-control broadcast include multicast
ip subnet-zero
no ip domain-lookup
ip domain-name nimc.gov.ng
ip dhcp excluded-address 10.1.2.1 10.1.2.10
ip dhcp excluded-address 10.1.4.1 10.1.4.10
ip dhcp excluded-address 10.1.5.1 10.1.5.10
ip dhcp excluded-address 10.1.6.1 10.1.6.10
ip dhcp excluded-address 10.1.7.1 10.1.7.10
ip dhcp excluded-address 10.1.8.1 10.1.8.10
ip dhcp excluded-address 10.1.9.1 10.1.9.10
ip dhcp excluded-address 10.1.10.1 10.1.10.10
ip dhcp excluded-address 10.1.3.1 10.1.3.10
ip dhcp pool Voice
network 10.1.2.0 255.255.255.0
next-server 10.1.2.1
option 150 ip 10.1.2.2
default-router 10.1.2.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
ip dhcp pool SF_DGs_Office
network 10.1.3.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.3.1
dns-server 81.199.3.7
lease 10
ip dhcp pool Admin_Process_Fac_Mgt
network 10.1.4.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.4.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool SF_IDD
network 10.1.5.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.5.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool Finance_Fin_Inv
network 10.1.6.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.6.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool Finance_CS
network 10.1.7.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.7.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool FF_Human_Capital_Mgt
network 10.1.8.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.8.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool FF_Legal_Services
network 10.1.9.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.9.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool SF_Procurement_Serv
network 10.1.10.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.10.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip vrf mgmtVrf
errdisable recovery cause bpduguard
errdisable recovery interval 180
power redundancy-mode redundant
spanning-tree mode mst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree mst configuration
name xxxx
revision 1
instance 1 vlan 1-20
spanning-tree mst 1 priority 0
spanning-tree vlan 1-20 priority 0
vlan internal allocation policy ascending
interface FastEthernet1
ip vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/2
switchport access vlan 4
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/3
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/4
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/5
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/6
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/7
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/8
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast!
interface GigabitEthernet1/9
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/10
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/11
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/12
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/13
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/14
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/15
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/16
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/17
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/18
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/19
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/20
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/21
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/22
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/23
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/24
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/25
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/26
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/27
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/28
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/29
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/30
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/31
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfastinterface GigabitEthernet1/32
switchport access vlan 2
switchport voice vlan 4
interface GigabitEthernet1/33
switchport mode access
interface GigabitEthernet1/34
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/35
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/36
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/37
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/38
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/39
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/40
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/41
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/42
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/43
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/44
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/45
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/46
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/47
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/48
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
no ip address
shutdown
interface Vlan2
description Management
ip address 10.1.1.1 255.255.255.0
interface Vlan3
description Enterprise
ip address 10.1.0.1 255.255.255.0
interface Vlan4
description Voice
ip address 10.1.2.1 255.255.255.0
interface Vlan5
description SS_DGs_Office
ip address 10.1.3.1 255.255.255.0
interface Vlan6
description Admin_Process_Fac_Management
ip address 10.1.4.1 255.255.255.0
interface Vlan7
description SF_National_Identity_Database
ip address 10.1.5.1 255.255.255.0
interface Vlan8
description Fin_Finance_Investment
ip address 10.1.6.1 255.255.255.0
interface Vlan9
description Fin_Corporate_Services
ip address 10.1.7.1 255.255.255.0
interface Vlan10
description FF_Human_Capital_Management
ip address 10.1.8.1 255.255.255.0
interface Vlan11
description FF_Legal_services
ip address 10.1.9.1 255.255.255.0
interface Vlan12
description SF_Procurement_Services
ip address 10.1.10.1 255.255.255.0
ip default-gateway 10.1.1.2
ip route 0.0.0.0 0.0.0.0 10.1.1.2
ip route 10.1.1.0 255.255.255.0 10.1.1.2
ip route 10.1.2.0 255.255.255.0 10.1.1.2
ip route 10.1.3.0 255.255.255.0 10.1.1.2
ip route 10.1.4.0 255.255.255.0 10.1.1.2
ip route 10.1.5.0 255.255.255.0 10.1.1.2
ip route 10.1.6.0 255.255.255.0 10.1.1.2
ip route 10.1.7.0 255.255.255.0 10.1.1.2
ip route 10.1.8.0 255.255.255.0 10.1.1.2
ip route 10.1.9.0 255.255.255.0 10.1.1.2
ip route 10.1.10.0 255.255.255.0 10.1.1.2
ip route 10.1.11.0 255.255.255.0 10.1.1.2
ip http server
--More--
control-plane
line con 0
stopbits 1
line vty 0 4
end
Please i need somebody to help meI wouldn't configure an ip address on the service engine subinterface.
Try setting up a vlan interface on the router with that ip address and the subinterface will be linked to the vlan interface through the encapsulation command. A vlan interface will better work as a gateway for the wireless clients
Nicolas -
Connecting to a wlc across subnets
I have recently purchased a 4402 wireless controller to manage our access points. When I put the APs on the same subnet as the ap-manager subnet I get the ap to connect. When I put the ap on the wireless subnet, it will not connect. Does not even register.
I read I need to do layer 3 routing on the 4502 for this to work. I am trying to do that now. Do I need to set up anything on my switches to make sure that the packets go through(sort of like defining where to find the DHCP server) or should it just work? Do I need to set up a WLAN ID that matches the WLAN ID that the switches use? I thought I tried that first and had no luck. Any ideas on this vague question?
I am trying to dig through the documentation to see if I can find the answer but so far I have not found anything.
Sent from Cisco Technical Support iPhone AppYou will want to make sure your APs can route from where ever you install them to the WLC managment address.
How APs find the controller can happen a few different ways:
1) DNS A record
2) Layer 2 broadcast (which you seen already)
3) IP Route Forward
4) DHCP Option 43
5) Manual Prime the AP
Most folks lead with option 43.
http://www.my80211.com/cisco-wlc-labs/2009/7/4/cisco-dhcp-option-43-configuration-nugget.html
if you check the config guide you will explain the other processes. -
DHCP Error with WLC 2504 and Aironet 2600 setup across subnets
Hey guys
I have just setup a new WLC 2504 controller to manage a WiFi service that will span 6 geographic locations. The local networks at each location are on different subnets (all 192.168.x.x) and are linked up via IPSEC VPN links, and there is Active Directory spanning the sites, with DNS and DHCP servers running at each location.
I tested the WLC at our main office with a single AP, and it worked fine. The AP set itself up, and wireless devices connect with no probs. Great! Yesterday I headed out to one of our remote sites, and connected an AP to their network - and that seemed to work fine too. Within a few minutes I was able to see the WiFi network I'd setup, and my smartphone connected to it straight away (as I'd rpeviously connected at the main office), so I was pretty happy that all was working well.
This morning however I've had notification that wifi performance at the remote site isn't great. I've got someone to check their ip address, and I've found that their IP address and default gateway match the LAN at the main office where the WLC is based - NOT the LAN where the wireless client is. Obvioulsy this is not ideal!
So I guess my question is, what have I done wrong? (I guess I HAVE done something wrong!?). And how can I get wireless clients at remote sites to pick up an IP from the DHCP server at THEIR site?
Any help would be greatly appreciated!
Thanks!Hello Tim,
What mode your APs are in? Local mode? or FlexConnect mode?
If local mode, then all the traffic will be tunnelled to the WLC and they'll be same as if you are connecting from the WLC location.
If you use FlexConnect APs (which is recommended for remote sites) you can configure FlexConnect groups on the WLC and add each location in a specific group. In that group you can decide what VLAN the users should be in.
Check this link for FlexConnect group configuration
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1230080
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
LAP 1240 won't join WLC across subnets
I am having a problem getting LAPs that are in other subnets to join our WLC. If I take the LAP and place it on the same VLAN/subnet as the WLC, it joins as expected. If I move it to another subnet, I get the following:
*Mar 1 00:00:13.065: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 08-Feb-08 17:24 by prod_rel_team
*Mar 1 00:00:13.119: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:00:13.519: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:00:14.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:00:14.536: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:00:14.545: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 24 seconds
*Mar 1 00:00:15.536: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:00:28.133: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:28.171: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:28.177: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:00:28.192: SSC Load Current Size crypto_mykey 120, offset 9389, Saved Size soap_cert_crypto_mykey 124
*Mar 1 00:00:28.390: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:28.892: Logging LWAPP message to 255.255.255.255.
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
%LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.115.75, mask 255.255.255.192, hostname AP0013.c3a7.bf97
Translating "CISCO-LWAPP-CONTROLLER.mydomain.here"...domain server (X.X.X.X) [OK]
%LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
%LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
%LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.mydomain.here
%LWAPP-3-CLIENTEVENTLOG: Controller address Y.Y.Y.Y obtained through DNS
%LWAPP-5-CHANGED: LWAPP changed state to JOIN
%LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
%LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
%LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - 2169-WLC4402-1)
%LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
%SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
%LWAPP-5-CHANGED: LWAPP changed state to DOWN
I have checked the WLC for any messages that look like crypto or other problems, but I don't see anything that stands out. Any suggestions or pointers would be greatfully accepted.%LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
Can you provide more information such as:
1. How many APs can the WLC4402 support and how many are currently joined?
2. What is your WLC's firmware?
3. Is there a possibility of a duplicate IP address in your network?
Troubleshoot a Lightweight Access Point Not Joining a Wireless LAN Controller
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml -
WLC 4402 Multiple clients can connect to AP but only one gets an IP
I have a 4402 which is connected to a 4506 Switch int Gig 3/1 via a trunk port. The Managment and AP-manger interfaces are on vlan 6
interface GigabitEthernet3/1
description Trunk Port to WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-6
switchport mode trunk
end
I have a 1142N AP also connected to the switch and it pulls a DHCP IP Address and configs etc and registers to the WLC. It too is on Vlan 6 and it is connected to the 4506 on int gig 4/33 which is an access port.
interface GigabitEthernet4/33
description Access port to Cisco LAP 1142
switchport access vlan 6
switchport mode access
end
My router is my dhcp server;
ip dhcp pool wlanmantraffic
network 10.6.0.0 255.255.255.0
default-router 10.6.0.1
dns-server 66.109.38.250 10.7.0.8
option 43 hex f104.3130.2e36.2e30.2e33
interface FastEthernet0/1.6
description Vlan6
encapsulation dot1Q 6
ip address 10.6.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
I am doing local authentication, so i have added users to the WLC
My problem is that the first client that connected was able to get an IP address and connect to anything internal and external.
I then connected another client on another laptop and that client could connect but not get an IP address, it just self assigned.
When i look at the clients i can see the MAC address of both Clients on the WLC, but doing a show mac address-table dynamic i only see the MAC of the client that works properly. The client that doesnt get an IP has no entry in the 4506 switch.
I am stumped, from what I understand, is that the 2nd clients traffic is being trunked to the WLC , hence it has the MAC address. But I dont know why its not getting a DHCP assigned IP address.
Thanks in advance for your help.Here is some of the WLC config,
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:25 APs"
PID: AIR-WLC4402-25-K9, VID: V02, SN: FOCblankedbyme
Burned-in MAC Address............................ 00:07:0E:55:FA:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.3
RTOS Version..................................... 7.0.235.3
Bootloader Version............................... 7.0.235.3
Emergency Image Version.......................... 7.0.235.3
Build Type....................................... DATA + WPS
System Name...................................... CISCO-LWAPP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.6.0.3
System Up Time................................... 0 days 21 hrs 7 mins 20 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US a
nd Canada)
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
--More or (q)uit current module or to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 3
Burned-in MAC Address............................ 00:07:0E:55:FA:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
AP Bundle Information
Primary AP Image Size
ap3g1 6672
ap801 5180
ap802 5220
c1100 3092
c1130 4960
c1140 4980
c1200 3360
c1240 4800
c1250 5500
c1310 3132
c1520 6400
c3201 4312
c602i 3712
Secondary AP Image Size
ap801 4952
c1100 3040
--More or (q)uit current module or to abort
c1130 4880
c1140 4492
c1200 3312
c1240 4712
c1250 5060
c1310 3080
c1520 5240
c3201 4260
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. RFMobile
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
--More or (q)uit current module or to abort
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Apple Talk ................................. Disable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Disabled
802.3 Bridging ............................. Disable
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link Mcast
Pr Type Stat Mode Mode Status Status Trap Appliance POE
1 Normal Forw Enable Auto 1000 Full Up Enable Enable N/A
2 Normal Forw Enable Auto 1000 Full Up Enable Enable N/A
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
NOSC-N-B1917-AP01 2 AIR-LAP1142N-A-K9 00:22:bd:1b:34:5a Route
23B 1 US 1
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
NOSC-N-B1917-AP01 disabled -
Press Enter to continue or to abort
AP Location
Total Number of AP Groups........................ 0
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control Radio Pol
icy
1 management Disabled None
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
NOSC-N-B1917-AP01 2 AIR-LAP1142N-A-K9 00:22:bd:1b:34:5a Route
23B 1 US 1
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... NOSC-N-B1917-AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:22:bd:1b:34:5a
IP Address Configuration......................... DHCP
IP Address....................................... 10.6.0.26
Gateway IP Addr.................................. 10.6.0.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Enabled
Cisco AP Location................................ Route 23B
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort... Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.3
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(23c)JA6
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX1337SA7D
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 6
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... danielott
AP Dot1x User Mode............................... CUSTOMIZED
AP Dot1x User Name............................... danielott
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 19 h 22 m 53 s
AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
Join Date and Time............................... Mon Nov 5 16:17:51 2012
Join Taken Time.................................. 0 days, 00 h 00 m 12 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
--More or (q)uit current module or to abort
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:27:0d:07:cb:e0
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
--More or (q)uit current module or to abort
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
--More or (q)uit current module or to abort
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... AUTOMATIC
Legacy Tx Beamforming ..................... DISABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
--More or (q)uit current module or to abort
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... NOSC-N-B1917-AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:22:bd:1b:34:5a
IP Address Configuration......................... DHCP
IP Address....................................... 10.6.0.26
Gateway IP Addr.................................. 10.6.0.1
--More or (q)uit current module or to abort
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Enabled
Cisco AP Location................................ Route 23B
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address...............Secondary Cisco Switch Name.......
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.3
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
--More or (q)uit current module or to abort
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(23c)JA6
Reset Button..................................... Enabled
AP Serial Number................................. FTX1337SA7D
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 6
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... danielott
AP Dot1x User Mode............................... CUSTOMIZED
AP Dot1x User Name............................... danielott
--More or (q)uit current module or to abort
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 19 h 22 m 53 s
AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
Join Date and Time............................... Mon Nov 5 16:17:51 2012
Join Taken Time.................................. 0 days, 00 h 00 m 12 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211n-5
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:27:0d:07:cb:e0
Operation Rate Set
--More or (q)uit current module or to abort
6000 Kilo Bits........................... MANDATORY
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
--More or (q)uit current module or to abort
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 21
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 17 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
--More or (q)uit current module or to abort
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 161
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161,165
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... AUTOMATIC
Legacy Tx Beamforming ..................... DISABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
--More or (q)uit current module or to abort
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No -
Hi everyone,
What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
The wireless network is configured with 2 SSID (Staff and Guest)
Active Directory, DNS, DHCP, and NTP configured & synced.
ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
Please provide your thoughts and assistance.
RegardsYou have to implement dot1x and radius between your NAD and ISE device.
Using the switch 3850, that are the steps:
username RADIUS-HEALTH password radiusKey1 privilege 15
aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
!this password will be used to communicate with ISE and to verify reachability
!between ISE and Switch
aaa server radius dynamic-author
client 172.16.1.18 server-key 7 radiuskey
client 172.16.1.20 server-key 7 radiuskey
ip domain-name lab.local
ip name-server 172.16.1.1
dot1x system-auth-control
interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 50
switchport access vlan 10
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
ip access-list extended ACL-ALLOW
permit ip any any
!the comm between radius and ise will occur on these Port
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
snmp-server community ciscoro RO
snmp-server community public RO
snmp-server trap-source Vlan100
snmp-server source-interface informs Vlan100
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
!defining ISE servers
radius server ISE-RADIUS-1
address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
automate-tester username RADIUS-HEALTH idle-time 15
key radiusKey
Please be sure that NTP servers and time are synchronized.
enable dot1X on windows machine, or using cisco NAM.
you can enable debugging on aaa authentication to see the events.
you have to create this user on ISE (RADIUS-HEALTH).
3850#test aaa group radius username password new-code
and observe the result. You are supposed to have user authenticated successfully.
You Must also have define these device in ISE on the radius interface.
ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE.
administration-->network resources -->Network Devices-->Add
input the name
input the Ip address for radius communication
select the authentication settings and field the corresponding shared secret radius key
select snmp settings and select version 2c.
snmp community : ciscoro
you can customize the polling interval if you want and that all.
you are supposed to received message communication between your NAD and ISE.
After you can do the procedure for WLC device.
I will fill it after you have passed the first steps (3850 authentication).
Maybe you are looking for
-
CS5's save for web size preview is lying to me. Help!
So I just downloaded Photoshop CS5. For my work I need to save images through the Save for Web and I need to save it at a certain file size as a jpg. I change the percentage to get it just at right size (75K or 25K) and then hit save. Then when I loo
-
Running a G5 IMac with 10.5.1. Tried to repair permissions and Disk Utility hangs up at about 25% of the way through the process. Ran Disk Warrior. Still hangs up. Started up form Leopard Install and tried to repair permissions. Still hangs up. Other
-
Interactive Reports and menu list translations
Can anyone tell me how to translate the menu items contained in the interactive reports menu list (ie Select Columns, Filter, Sort....) ? I have translated an application into french and when I switch to that language the menu items in the interactiv
-
Using Airport Base Station as Extender
Hello, I am trying to set up an ABS as an extender for the wireless network in my house. If I have Mac Address filtering set on my original network will that carry over to the extension or do I have to put all of the Mac Address on the original netwo
-
In View, I want Bookmarks to be the default not History which is what is happening
In View, I want Bookmarks to be the default not History which is what is happening. I don't know why but I like using History but I primarily use Bookmarks.