Error in GUI of Cisco 3850 Switch with Wireless Controller.
Hi,
I have Configured 3850 switch wireless controller. But while accessing the controller through GUI, I faced following errors while configuring it through GUI.
Because its complecated to configure it through CLI.
Attached are the snaps of error faced.
and if I didnt get this error, and able to configure, I can save it because of this error.
Please help me on this issue, so that I can easily configure the controller.
Brgds,
Ninad Thakare
Hi Sandeep,
Here is the configuration which I have did.
ip http server
ip http secure-server
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
wireless mobility controller
wireless management interface Vlan4 ( Voice VLAN )
wlan FG-WiFi 1 FG-WiFi
client vlan 4
ip dhcp server 10.106.72.1
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 testing1234
no security wpa wpa2
no security wpa wpa2 ciphers aes
no wmm
no shutdown
wlan GLOBALACCESSII 2 GLOBALACCESSII
client vlan 4
ip dhcp server 10.106.72.1
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 testing1234
no security wpa wpa2
no security wpa wpa2 ciphers aes
no wmm
no shutdown
ap group default-group
ap group 3850WLC
wlan FG-WiFi
vlan 4
wlan GLOBALACCESSII
vlan 4
end
Brgds,
Ninad Thakare
Similar Messages
-
Emergency Responder and Cisco 3850 Switches
I'm running Cisco ER V8.5, and recently installed new Cisco 3850 Switches. All the phones connected to the 3850 switches show a "unlocated" status. I've check the hardware compatibility Matrix for ER V8.5 and the 3850 is not on it.
What are my options for locating these phones in ER and assigning them to an ERL. Manually defining the phones? Is there a patch or update to ER V8.5 that would make a 3850 compatible?I haven't used the 3850's with ER yet so can't speak to that specifically, but generally speaking you have more flexibility using location by subnets vs switches. Scalability-wise, you can add way more subnets than switches. There's more going on under the hood if you're locating by switches so the process overhead is greater.
The only downside with using subnets is if you need to get more granular with your locations than your deployed subnets allow (ie a single voice subnet for an entire building but you need to define and assign locations at the floor level). As long as you've been a little forward thinking on the route/switch side, you'll be fine.
hope that helps,
will -
Cisco prime 2.1 not showing wired clients connected to Cisco 3850 switches
Hello All,
I have around 80 Cisco 3850 switches at a customer network and they are using prime infrastructure 2.1.2 to manage these devices. Most of the features are working fine except that the prime does not show the wired clients connected to the switches. The wireless clients are shown properly but not the wired clients. Their core switches are nexus 7k. The SNMP configuration on the switches is as follows.
snmp-server group xxxx v3 priv write xxxx-VIEW-WR
snmp-server view xxx-VIEW-WR mib-2 included
snmp-server trap-source Vlan100
snmp-server host x.x.x.x version 3 priv testuser
Please help me to resolve this issue.
ShabeebI managed to get the end hosts connected in 3850 switches with the use of snmp context command. But now the issue is that prime is showing only the mac address of the device , not the IP address.
Is there anyway to resolve this issue? -
How can i configure hsrp in cisco 3850 switch please guide me
how can i configure hsrp in cisco 3850 switch please guide me
Hi Mauleshg,
Please the below mention link to configure Hsrp hope this will help you.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ip/configuration_guide/b_fhrp_3se_3850_cg/b_fhrp_3se_3850_cg_chapter_010.html
Br.
Mohseen Patel -
Cisco 3850 Switch getting message %SPI_FC-3-HIGH_WMARK_REACHED
Hi Team,
We have one Cisco 3850 Switch installed at the Customer site and getting the message as below,
Mar 28 10:57:11.578: %SPI_FC-3-HIGH_WMARK_REACHED: Number of messages in the queue for channel 9 has reached maximum.
-Traceback= 1#830db5fd318976b0280defe233875463 :10000000+153F71C :10000000+B5E9B0 :10000000+B5EBA4 :10000000+3CC5CC :10000000+3CD0B4 :10000000+39AB00 :10000000+27CDD2C :10000000+7C7814 :10000000+27AC29C
.Mar 28 10:58:31.585: %SPI_FC-3-HIGH_WMARK_REACHED: Number of messages in the queue for channel 9 has reached maximum.
-Traceback= 1#830db5fd318976b0280defe233875463 :10000000+153F71C :10000000+B5E9B0 :10000000+B5EBA4 :10000000+3CC5CC :10000000+3CD0B4 :10000000+39AB00 :10000000+27CDD2C :10000000+7C7814 :10000000+27AC29C
--More-- .Mar 28 10:59:51.586: %SPI_FC-3-HIGH_WMARK_REACHED: Number of messages in the queue for channel 9 has reached maximum.
-Traceback= 1#830db5fd318976b0280defe233875463 :10000000+153F71C :10000000+B5E9B0 :10000000+B5EBA4 :10000000+3CC5CC :10000000+3CD0B4 :10000000+39AB00 :10000000+27CDD2C :10000000+7C7814 :10000000+27AC29C
Please suggest the meaning of these messages and suggestion for resolution on the same.
Attaching show version, show logging for this Switch.
Regards
AshutoshHi Akilhasan,
The switch is hitting a bug which is currently under investigation. The latter implies there is no official workaround, but my suggestion would be that you consider reloading the switch outside of business hours (considering preventive measures i. e. back the configuration up, save changes, etc.).
The most stable version and recommended per Cisco is 03.03.03. There is newer 03.06.00 available, just released past June, so you may consider as well upgrading the IOS, of course under a properly carried out risk assessment, and you can roll back if something unexpected occurs. I would suggest doing so only if you have a solid knowledge of the customer's network and business needs.
Hope this helps.
Kind regards,
- Ed -
Cisco 3850 Switch and Windows 7 IP Conflicts
Team,
Last evening (Christmas eve) we setup a pair of Cisco 3850 with IP Base version 3.3.35SE (recommended) and 3.7.0E (very latest).
We got these to replace a very old switch that had died. Attached to this network are windows 7 PC's with all the standard patches, service packs, etc.
with standard port configs - no PC would work - and in fact on each screen we got the windows 7 IP Conflict pop up box.
This seemed very odd to us, as we know these IP's are all static (no dhcp on this segment at all)
we went with a very vanilla config on each port
interface g1/0/1
switchport host
that is it - nothing special at all.
well, after hours of research we found the 3850 has a problem where its "ip device tracking" (even though disabled, by way of NOT being enabled on any interface) will effect the windows 7 PC's ip address in use detection port start up phase!
This is a very big problem. I am frankly SHOCKED Cisco would release a major switch that is going to not work when connected to the average network with windows 7 PC's.
we tried 3+ hours of prescribed work-arounds found when researching this issue -
ip device tracking probe delay 10 (global config)
ip device tracking max 0 (disabed, on interface)
finally,
nmsp attach suppress (interface, however this appears to be a default command in all IOS-XE versions we tried, as the command did NOT show in the show run) . this effected many different nic card vendors (laptops, desktops) and nic card drivers levels from old to very recent.
Finally,
we compared a 3850 in another location to this one - and we never got HIT by this problem before because that 3850 only as TRUNK ports and no windows 7 hosts directly attached.
Doing more research, I found out this also can effect vmware guests running windows SERVER.
this is now a huge issue as we have a scheduled deployment of 3850's throughout our network which is going to be put on hold.
the work-around I came up with which is not great is -
Make ALL the "access" ports connected to PC TRUNK ports and leave the NATIVE vlan (untagged) as the vlan you want the PC's to be in
interface g1/0/1
switchport mode trunk
switchport trunk native vlan 1
this is NOT an acceptable workaround as this presents security issues even with
switchport trunk allowed vlan 1, etc. as the only allowed vlan.
Note: this issue manifested itself and windows 7 PC's were UNABLE to use the network. if you do "ipconfig /all | more" you would see
192.168.0.140(duplicate) and the interface would actually use 169.254.0.239(duplicate) so the duplicate message appeared twice in the output.
1) With and without an SVI interface on each 3850 for the vlan where the windows 7 machines had a duplicate
2) when we had an SVI and the command ip device tracking probe use-svi (or whatever the hidden command is I forget now, but it took it)
3) when we had aaa new-model configured - and not configured - thinking this was some artifact of having aaa turn on something like 802.1x port state
4) when could confirm NO DHCP SNOOPING
5) when we DID not use static IP's - and had the switch assign DHCP addresses - the Windows 7 PC's STILL had duplicates and didnt work for their "Just leased" ip's.
6) when we could confirm ios-xe ip device tracking = disabled with show ip device tracking status, etc.
This is a major problem for this 3850 and unless we get a definitive answer on why this is happening and how we can rectify we are going to have to return our 3850's and get HP Procurve's something I would rather avoid doing. There is NO REASON I can imagine other than older switches who's ports default to ROUTED ports (i.e.. no ip switchport) where a switch should not at least function as a bare switch with essentially a default configuration out of the box.
Any ideas? I'm working well now with the ports ALL in trunking mode with vlan 1 native, but this is not a scalable workaround we can live with as we have security risks of a port not blocking certain vlans from going out ports to pc's, etc. that attackers could send tags on at that point, etc.
thanks,
Joe Brunner
#19366thanks for replying - i'm not onsite (its a standalone network) - but here is what it is -
Answers in line -
This all stems from a switch replacement correct?
yes a 10 year old Allied Telesyn switch was replaced that had no config - like a hub, just used for connectivity.
Are these 3850's in a stack?
>yes, tested all aspects of the stack many times.
Does it have a managment ip address -If so, is it using the old switch ip address
>old switch had no ip - i made a "management interface" on vlan 1 - BUT no ip on the built-in management interface on the switch.
What are they connecting to? (a router/L3 switch/anohter switch- cisco-HP etc..)
>various other devices - only 1 link back to a single 3750x stack. that switch is "hardened" so to speak to reveal or propagate very little by design.
How are they connected( L3 interface/L2 trunk/access port)
>all ports are left in trunk mode with vlan 1 as the active and untagged port. this was the workaround done to ever get the switch going. in "out of the box" or default mode as we initially wanted (no config) links to windows 7 PC's didnt work. links to linux or other devices non-windows did work!
Are thse switches performing inter-vlan routing or just acting as host switches?
>dumb flat network, no routing.
Is ip routing enabled?
>not unless enabled on 3850 by default. I didnt type "ip routing"
Do you have multiple vlans in your network and if so ar ethe being propergated to these new switches?
Your 7 pcs = are they just client pcs not servers?
client PC's - no servers OS per say.
can you confirm something like ICS isnt enabled (Internet connection sharing) on any of them?
>yes not enabled.
Are the just using one NIC each?
> one machine is dual homed - but we know where its "second nic" goes - to another cisco network which is NOT connected back to this one. we traced all our ports a few times thinking even perhaps some small hub was "reflecting" traffic back to us - like a blackbox. Strangest thing -
default config out of the box - with ALL ports SHUTDOWN EXCEPT the single windows 7 facing port - the windows 7 machine STILL registered an IP CONFLICT when connected to the 3850 - even when it had NO SVI's!!! (i know mind numbing). if you disconnected the pc and connected it to an old cisco switch - it worked fine!!! wow.
sh switch
2 identical 3850's in working stack. power and network stacked. both at same version, etc - upgraded each time with "software install file flash:<long ios name>.bin
tested all power and general 3850 stacking. saw no issues.
sh int trunk
>all ports are now trunks (hence the workaround used to get it up).
has 20 trunks to PC's and some single connected switches (far away on fiber) - all allow only vlan 1 - no other vlans were created - very very simple network. vlan 1 is native
sh vlan brief
>just vlan 1 - no vlans created, checked this many times - had vlan 100 at one point - made sure it was gone over a period of hours.
sh vtp status
not setup - left complete default; no vtp domain set - connected to all switches in transparent model if a switch connection exists.
sh cdp neighbours
cant post (for god and country LOL) but there is one link back to our "core" so to speak - that switch is hardened not to allow any settings to slip over to new switches so hence no vtp, cdp is one to help troubleshooting.
sh ip route
just the L and C routes for the vlan 1 ip address 192.168.17.1/24
no static routes
no vlan interfaces other than int vlan 1
no ip address on g0/0/0 -> the default 3850 management interface hard assigned to the 3850 VRF you cant remove.
int g0/0/0
ip vrf forwarding Switch_Mgmt
i can get over there if you think of anything else key to show the group.
thanks,
Joe -
If i connect cisco AP - CAP2702i to another switch, and use trunk port between Cisco3850 and the other switch , can the AP able to register with Cisco3850 with wireless LAN controller ? or the AP has to directly connect to Cisco3850 in order to register?
The AP and 3850 wireless management are in same Vlan( vlan202). The AP is new unit and did not join MC before.
What i did on 3850 :
input command - wireless management interface vlan 202
- ap cdp
- wireless mobility controller
Is there any config i miss out on 3850 and any config need to be set on AP ?
From Ap console output show me "could not discover WLC using dhcp ip". Is it due to AP dont have IP address? If AP register with WLC through layer 2 , i believe there is no related with IP.Correct me if i'm wrong.
Due to the 3850 is not a POE, the AP unable directly connect to 3850 . I guess have to use power adapter to power on the AP. -
Config air-lap1041n-e-k9 with cisco 5500 (5508) series wireless controller. how to?
Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number : 73-14034-04
PCA Assembly Number : 800-34273-05
PCA Revision Number : A0
PCB Serial Number : FOC16075VZ3
Top Assembly Part Number : 800-34284-03
Top Assembly Serial Number : FCZ1611W414
Top Revision Number : A0
Product/Model Number : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
ap-manager 2 untagged 209.165.200.231 Dynamic Yes No
management 1 untagged 209.165.200.230 Static Yes No
service-port N/A N/A 192.168.1.157 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, GraciasHi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 management Disabled
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast
IP Status
c4:64:13:8f:93:40 209.165.200.230 hosp 0.0.0.0
Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address Port State Tout
Authorization Servers
Idx Server Address Port State Tout
Accounting Servers
Idx Server Address Port State Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
Primary ..................................... Local DB
Timer:
Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f00000000000000000000
00
Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network Netmask Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name State Type Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
^
% Invalid input detected at '^' marker.
logging facility kern
^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established -
New Cisco 1552AP Mesh with 5508 controller version 7.0.116.0
New to working with Wireless and the Cisco Meshing concept so have a few questions to ask.
I currently have the majority of the mesh setup and configured. I have a setup with two RAPs with 9 MAPS connecting to each RAP.
First question is how many MAPS can connect to a RAP generally?
Secondly how can I block other cisco AP's that are not in my mesh network from trying to connect to my AP's
The below is constantly hammering the logs for 6 devices that are Cisco close to my mesh that are not mine.
8
Sat Nov 12 23:31:53 2011
Mesh child node '58:35:d9:aa:db:4f' has changed its parent to mesh node '88:f0:77:b7:c6:e0' from mesh node '88:f0:77:b7:c6:c0'.
Mesh Node '58:35:d9:aa:db:4f' failed to join controller, MAC address not in MAC filter list.
I have only added the MAC addresses of my AP's in to my AP Policy under security. Would these other AP's affect the mesh in any way?
What I am seeing is the AP's constantly changing the child to parent relationship. I have inherited this network and they have about 20 AP's all within a square mile which is absolutely overkill. Would this close proximity of AP's together be the cause for the constant child parent changes?
How close should I have RAP's together. The network was setup so two raps are about 20 metres apart and the AP's on one side connect to RAP1 and the other to RAP2?
How do you deal with Radar? The install is pretty much next to an airfield with radar running and a few times I have seen all the AP's disconnect and change channels.
These are a few questions to start. As I go through my logs I will continue to ask additional questions. Cheers.Out of order answers here.
Don't use the UNI-II band, this should help with the radar, for the most part. Generally I only recommend 4-6 MAP to a RAP. Othewise you can over saturate the backhaul, and of course the further out you go, the smaller the backhaul.
You could set a bridge-group name (BGN), for the RAP-MAP sectors. This can help you limit the number of MAP to RAP, it also will help keep MAPs that aren't your off your network as they do look at the BGN. However, this is not an end all method. a MAP can still try to join a MESH using 'default' as it's BGN.
If the mac address isn't in your filter, the MAP won't be able to join, and the message it sends to try, is low bandwidth.
HTH,
Steve
Please remember to rate helpful posts or to mark the question as answered so that it can be found later. -
Help with wireless controller and VLANs
Hi I'm trying to setup a wireless controller in preparation for a large site go live later this year. I'm struggling to get the controller and the WLAN using the correct VLAN. I want the controller on VLAN 100 and the clients on the WLAN on VLAN 200.
My thought is that I would need a config similar to:
Switchport for wireless controller management port set to trunk VLAN 100 and 200 with no native VLAN set.
The management interface on the controller set to VLAN 100.
A dynamic interface created on VLAN 200.
When setup like this I can get to the controller on its management address but only from VLAN100 not from another VLAN on site or from other sites over the WAN.
I have setup a WLAN which is set to use the dynamic interface on VLAN 200.
I have set the AP to use HREAP and set the native VLAN as 200 and added the dynamic interface into the VLAN mappings
When I connecting a client to the WLAN I get an address on VLAN 100.
The switchport for the AP is set to native VLAN 100 and trunk 200 – this setup works for standalone APs at other sites.
What am I missing?
Also any idea why the management interface address is not routing? The netmask and gateway are set correctly.
Thanks
PaulJust to add to Steve's post... You only need to create a dynamic interface for vlan 200 if you have ap's also in local mode. If your ap's are in H-REAP/FlexConnect mode, you don't need a dynamic interface for vlan 200.
In you H-REAP/FlexConnect ap, you would set the wlan to vlan mapping there and the switchport configuration would be a trunk allowing vlan 100 (im assuming your native vlan for your ap) and vlan 200. You should see something like the following:
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Fujitzu/Siemens v8210 laptops bluescreen with Wireless Controller 4.2.61.0
I have noticed a problem with Wireless LAN Controller version 4.2.61.0. This version causes a blue screen with Fujitzu Siemens v8210 laptops with driver atheros ar5006eg driver version 4.1.2.111 sia installed.
Other make and model of laptops work fine with the controller such as Dell and IBM etc.
The atheros manufacturers website has a later driver than the fujitsu website which clears the fault, once you install the new driver on the laptop.
Has anyone else had this problem and would you reccomend to downgrade the Wireless LAN controller to a previous firmware release, as the bug toolkit and caveats for the controller release did not highlight this problem?Hi Carl,
Your LAPs joins the wrong WLC even when you've configured the primary/secondary controllers name OR IP address and you are using v4.2.61.0. Is this correct?
If so, then it's a well-known bug of the v4.x. Unfortunately, the workaround is CLI. It's unfortunate because you have to type the command on the WLC and specify the LAP.
The command is: config ap controller primary
This bug has been fixed on the 5.X and 6.X firmware.
Hope this helps. -
AAA authentication is fail on cisco 4505 switch with acs
i am new in AAA . i want to login switch which authentication come from cisco acs 5.1 but i configure both switch and acs 5.1. when i telnet
switch it display % Authentication fails. can anybody help me regurding this issue!!!
on cisco switch end conf:
aaa new-modle
aaa authentication login default group tacacs+
aaa authentication login TACASE group tacacs+
aaa authentication exec default group tacacs+
tacacs-server host 10.10.10.1
tacacs-server key Password!@#
line vty 0 4
login authentication TACASE
on acs 5.1 side i add switch on its vlan ip address which is connect acs 5.1 but
BUT when i login using putty terminal its show % Authentication fails.
Please help me regurding this issue!!!Hi,
what is the error message reported on ACS?
Are you sure that you are using the same key on ACS and cat4k?
Can you configure "ip tacacs source-interface " with the vlan interface you are using as source?
You can also collect these debugs:
- deb aaa authentication
- deb tacacs
Cheers
Marco -
Power up cisco 2960 switch with 12V DC Power
hi all ,
I have some issue with supply power to cisco 2960-24TT-L switch. In my server farm rack is having DC current of -48V. But however cisco switch require 12V DC current.
Cisco Spec.
Cisco Catalyst 2960-24TT-L
12V at 5 A
5 A
How can I power on the switch using DC current ? Is there any power converter which I can purchase ? your responses are very much.
ThanksYou may also go here:
https://supportforums.cisco.com/community/netpro/small-business
The Search Function is your friend.... and Google too.
How to Secure your Network
How to Upgrade Routers Firmware
Setting-Up a Router with DSL Internet Service
Setting-Up a Router with Cable Internet Service
How to Hard Reset or 30/30/30 your Router -
Cisco 3850 Switch Management Port - ACL on VTY
Hi,
I got these switches.
Switch Ports Model SW Version SW Image Mode
* 1 32 WS-C3850-24T 03.03.02SE cat3k_caa-universalk9 INSTALL
2 32 WS-C3850-24T 03.03.02SE cat3k_caa-universalk9 INSTALL
SSH access to Management port G0/0 with an ACL applied on line vty 0 4 is failing, even through the ACL is permiting traffic.
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 172.16.12.3 255.255.255.0
negotiation auto
ip access-list standard ACLVTY
permit any log
line vty 0 4
access-class ACLVTY in
exec-timeout 15 0
length 0
history size 64
transport preferred ssh
transport input ssh
transport output telnet ssh
037599: *Mar 28 2014 04:59:49.919 AEDT: %SEC-6-IPACCESSLOGS: list permit-any permitted 172.16.12.100 1 packet
# show ip access-list permit-any
Standard IP access list permit-any
10 permit any log (3 matches)
If I remove the ACL under VTY "no access-class ACLVTY in", then SSH to the management port works. If I don't use the management port and use a normal port say G1/0/1 configured on management VLAN and assigned the same IP address, then SSH works with the VTY ACL still existing.
Any ideas ?
Thanks,
Rick.Hi,
IOS will accept all VTY connections by default. However, if an access-class is used, the assumption is that connections should only arrive from the global VRF. If you need control the IP source while allowing VTY connections from VRF instances, you have a try configuration option "vrf-also"
So, you should get something like this:
line vty 0 4
access-class ACLVTY in vrf-also -
VoIp settings for replacing a Cisco 3550 switch with a SF300-24P
I am adding the SF300-24P to an existing set of switches. My backbone switch is a 3560.
The 3550 I am replacing has this config for each port that supports a Shoretel phone
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
global settings include
spaning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,200 priority 28762
vlan internal allocation policy ascending
all other settings are at default
Any ideas how to replicate this on this new switch? I added the Shoretel mac address range (00-10-49) into the Telephone OUI. The phone gets power, I think it gets a 192.168.6.x address (local subnet), but then it should get an IP 10.6.0.xx on its VLAN - but it doesn't.
Some configs from the backbone are attached. I did not need to configure any of this in the 3550.
Any ideas?
FredHi fred,
The shoretel phone sounds like it is not attaching to tagged vlan 200 on my switch, the shortel voice vlan as per your screen captures.
The Voice VLAN should be tagged on my switch so that phones attach to a Voice VLAN and PC's connected on the back of the VoIP phones attach to the Data Vlan .
I scoped out, excuse the pun, the shoretel site and have attached a white paper on setting vlans and shoretel.
They mention setting option 156 on the DHCP server, so the phone can get vendor specific information etc... But the phones are not attached to the voice vlan , but the untagged data vlan. You gotta figure how to get the shortel phones to attach to vlan 200, or if you are not daisy chaining PC on the back of the phone, make vlan 200 untagged on these FastEthernet switch ports..
I have attached my SF300-48P version of my configuration and some configuration screen shots i took along the way.
Please review carefully that attached shortel document and my screen shots and a real configuration done on my SF300-48P. The configuration should be almost identical to your configuration.
I added vlan 200. and made sure that all ports were in trunk mode, even the Gigabit uplink ports.
All ports by default are in VLAN1 as you can see below
I then added all ports as tagged ports to vlan 200 as you can see below.
For the sake of Spanning tree, I then made all fast ethernet (phone or PC) ports fastports except for the uplink Gigabit ports.
If you are not sure what portfast does , here's a little tutorial I grabbed from cisco.com
Spanning-tree PortFast causes a port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch ports connected to a single workstation or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
Caution PortFast should be used only when connecting a single end station to a switch port. If you enable PortFast on a port connected to another networking device, such as a switch, you can create network loops.
When the switch powers up, or when a device is connected to a port, the port normally enters the spanning-tree listening state. When the forward delay timer expires, the port enters the learning state. When the forward delay timer expires a second time, the port is transitioned to the forwarding or blocking state.
When you enable PortFast on a port, the port is immediately and permanently transitioned to the spanning-tree forwarding state.
Your tasks I guess should be , making sure that vendor specific options for the shoretel phones are included in the DHCP configuration and that you somehow attach the shortel phones (even manually) to vlan 200.
For some reason this site adds a zip extension to the end of my running configuration. I used wordpad to look at the file
I am using firmware version 1.0.0.27 on my unit and the userid=admin password i used was admin
I hope this helps.
regards Dave
Maybe you are looking for
-
Batch edit date & time in PSE 8 Mac/Bridge
OK, maybe it's jet lag. I uploaded all my vacation photos, and realized I had forgotten to adjust camera date/timezone. I remember that earlier versions of PSE Windows had the ability to batch adjust the date/time shot, but I can't find it in Bridge
-
How do you enable/modify track pad gestures in Safari 4?
I want to configure the swipe and twist commands (besides swipe back and forth which is default).
-
Error when activating the copied data elem.:Medium key word in language DE
Hello, I have copied data element dats and created a z data element for myself and added the text description. Am getting following error.Please guide me for the same- Check data element ZDATS1 (C04EAPHALES/15.01.10/16:37) Medium key word in lang
-
Export from premier using media encoder
Hi, how can I export from my timeline into media encoder? When I go to export from premier it doesn't give many format choices.
-
User Status update on Header and Item in Sales Order
Hi, I need to update the user status in both the header and Item based on some conditions. I checked the user exit's under 'MV45AFZZ' but no use. Could any one please provide me where I can write the code to upate user status in header and Item. Than