Mobility tunnel flapping
I am trying to understand what this error could mean to determine if I really have an issue or not.
I have one mobility anchor connected to two foreign controllers. I have a mobility tunnel on one WLAN only. I get emails from our Prime management server saying the following...
Virtual Domain: ROOT-DOMAIN
NCS has detected one or more alarms of category Controller and severity Critical in Virtual Domain ROOT-DOMAIN for the following items:
1. Message: Controller '10.140.x.x'. All anchors of WLAN 'HopeNet' are down.
E-mail will be suppressed up to 30 minutes for these alarms.
I have not noticied any network disruption during this time, but have not been connected to the SSID when I get the emails. And usually, as soon as I get the 'DOWN' email, i get an 'UP' email. Also, they seem to occur at random times.
Any ideas to the meaning of this? Thanks.
Hi Josh:
This would really be more of a wireless LAN controller/mobility anchor question than a Prime Infrastructure question. Prime Infrastructure is just the management station, and is only emailing notifications because the wireless LAN controller is sending it [Prime Infrastructure] SNMP traps about the tunnel being up and down.
The wireless LAN controllers use eping and mping to determine reachability between the anchor and foreign controllers. If one of those tests fail, the wireless LAN controller will send the tunnel down trap. Once they start passing again, the wireless LAN controller will send the tunnel up trap.
What this means is that something in the network is causing the eping and mping to fail. You may want to open a TAC service request against the anchor controller to have someone look at the mobility anchor status flipping.
Similar Messages
-
DMVPN - One Spoke VPN tunnel flap - deleting SA reason "IKMP_ERR_NO_RETRANS"
Dear All,
Please help to find the reason for below DMVPN IP sec tunnel flap.
#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
x.x.x.x y.y.y.y MM_NO_STATE 4983 ACTIVE (deleted)
IPv6 Crypto ISAKMP SA
#sh log | i 4984
04:58:47.155: ISAKMP:(4984): OU = DE_FRA_ASR1001_R2
Feb 12 04:58:47.155: ISAKMP:(4984): processing SIG payload. message ID = 0
Feb 12 04:58:47.159: ISAKMP:(4984):SA authentication status:
Feb 12 04:58:47.159: ISAKMP:(4984):SA has been authenticated with x.x.x.x
Feb 12 04:58:47.159: ISAKMP:(4984):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Feb 12 04:58:47.159: ISAKMP:(4984):Old State = IKE_I_MM5 New State = IKE_I_MM6
Feb 12 04:58:47.159: ISAKMP:(4984):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Feb 12 04:58:47.159: ISAKMP:(4984):Old State = IKE_I_MM6 New State = IKE_I_MM6
Feb 12 04:58:47.163: ISAKMP:(4984):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Feb 12 04:58:47.163: ISAKMP:(4984):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
Feb 12 04:58:47.163: ISAKMP:(4984):Need XAUTH
Feb 12 04:58:47.163: ISAKMP:(4984): initiating peer config to x.x.x.x 0. ID = -847734916
Feb 12 04:58:47.163: ISAKMP:(4984): sending packet to x.x.x.x my_port 500 peer_port 500 (I) CONF_XAUTH
Feb 12 04:58:47.163: ISAKMP:(4984):Sending an IKE IPv4 Packet.
Feb 12 04:58:47.167: ISAKMP:(4984):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Feb 12 04:58:47.167: ISAKMP:(4984):Old State = IKE_P1_COMPLETE New State = IKE_XAUTH_REQ_SENT
Feb 12 04:58:47.203: ISAKMP (4984): received packet from x.x.x.x dport 500 sport 500 Global (I) CONF_XAUTH
Feb 12 04:58:47.207: ISAKMP:(4984): processing HASH payload. message ID = -1617704027
Feb 12 04:58:47.207: ISAKMP:(4984):Processing delete with reason payload
Feb 12 04:58:47.207: ISAKMP:(4984):delete doi = 1
Feb 12 04:58:47.207: ISAKMP:(4984):delete protocol id = 1
Feb 12 04:58:47.207: ISAKMP:(4984):delete spi_size = 16
Feb 12 04:58:47.207: ISAKMP:(4984):delete num spis = 1
Feb 12 04:58:47.207: ISAKMP:(4984):delete_reason = 28
Feb 12 04:58:47.207: ISAKMP:(4984): processing DELETE_WITH_REASON payload, message ID = -1617704027, reason: Unknown delete reason!
Feb 12 04:58:47.207: ISAKMP:(4984):peer does not do paranoid keepalives.
Feb 12 04:58:47.207: ISAKMP:(4984):peer does not do paranoid keepalives.
Feb 12 04:58:47.207: ISAKMP:(4984):deleting SA reason "IKMP_ERR_NO_RETRANS" state (I) CONF_XAUTH (peer x.x.x.x)
Feb 12 04:58:47.207: ISAKMP:(4984):deleting node -1617704027 error FALSE reason "Informational (in) state 1"
Feb 12 04:58:47.211: ISAKMP:(4984): sending packet to x.x.x.x my_port 500 peer_port 500 (I) CONF_XAUTH
Feb 12 04:58:47.211: ISAKMP:(4984):Sending an IKE IPv4 Packet.
Feb 12 04:58:47.211: ISAKMP:(4984):purging node 20363770
Feb 12 04:58:47.211: ISAKMP:(4984):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Feb 12 04:58:47.211: ISAKMP:(4984):Old State = IKE_XAUTH_REQ_SENT New State = IKE_DEST_SA
Feb 12 04:58:47.211: ISAKMP:(4984):deleting SA reason "IKMP_ERR_NO_RETRANS" state (I) CONF_XAUTH (peer x.x.x.x)
Feb 12 04:58:47.215: ISAKMP:(4984):deleting node 1519432799 error FALSE reason "IKE deleted"
Feb 12 04:58:47.215: ISAKMP:(4984):deleting node -847734916 error FALSE reason "IKE deleted"
Feb 12 04:58:47.215: ISAKMP:(4984):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Feb 12 04:58:47.215: ISAKMP:(4984):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Thanks for your kind responseI gave up on fixing what was there and rebuilt from scratch including regenerating the key with the same modulus. And now it works. I don't know what fixed it, could even have been curruption of the startup-config since I replaced that, but it's working and right now that's all I care about.
-
A couple of weeks ago we did an upgrade to controller code 7.0.235.3 on our WiSM's and upgraded WCS to 7.0.230.0.
Since then, I have one AIR-LAP1252AG-A-K9 that will not stay up.
AP04
CAPWAP Up Time
4 h 13 m 46 s
CAPWAP Join Taken Time
1 m 22 s
Users keep complaining about getting kicked off or not being able to join.
There is another 1252 AP on the same switch that feeds this one that seems to be working ok, so I don't think it's a network issue.
AP03
CAPWAP Up Time
6 d 3 h 27 m 41 s
CAPWAP Join Taken Time
25 s
Any idea if the code upgrade would have anything to do with this? Could it be a hardware issue or a cabling issue?
Users did not report this problem until after the upgrade.Joe -- I might open a TAC case for this. As this is impacting your user performance.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection." -
WLC mobility group between 4404 and 5508 controllers
Mobility 'Control and Data Path Down' between 4404 and 5508 WLC's.
Hello, we have 5 x 4404 WLC's running 7.0.240.0 with mobility configured fine between them.
We have installed a 5508 with HA running 7.4.110.0, and have tried to add it to the mobility group, however we see 'Control and Data Path Down' between the new 5508 and all the 4404 controllers.
All controllers have:
The same virtual address
Management interfaces are in the same VLAN, and indeed all the controllers connect via the same pair of 3750X stacked switches.
The default mobility domain name is the same
4404 output when issung the command 'show mobility summary'
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... SGH-Mobility
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0xe209
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 6
Mobility Control Message DSCP Value.............. 0
5508 ouput when issueing the command 'show mobility summary'
Mobility Architecture ........................... Flat
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... SGH-Mobility
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0xe209
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 6
Mobility Control Message DSCP Value.............. 0
I've spent quite some time double checking all the configurations to no avail.
Has anybody seen this problem before?
Kind regards
Dave BellThanks Sandeep.
I am well versed with WLC's and mobility, however trying to add a 5508 to a mobility group with 4404's has come up with a bit of a curve ball.
All the 4404 controllers all joined the mobility group fine, no problems at all - its only the 5508 I am struggling with.
In theory its simple, populate the IP address, and MAC addres of the management interface of the remote WLC, as long as the management interfaces are in the same VLAN, and the Default Mobility Domain Name are the same it should come up.
Interestingly I have found the 5508 reports its own management interface MAC address incorrectly when viewing the Mobility Groups:
For example:
{Screen shot WLC1.jpg}
5508 management address is 10.95.x.x and when viewing the Mobility Management screen it shows its own MAC address as bc:16:65:f9:37:60.
however!
From our router is I do an sh arp | i 10.95.x.x (controller management address), I see:f872.eaee.becf.
{Screen shot wlc2.jpg}
Hence the WLC reports as: bc:16:65:f9:37:60
and
The network reports as: f872.eaee.becf for the same IP address.
I have changed the other WLC's to the MAC adress seen on the network for the new controller, aka changed from
bc:16:65:f9:37:60
to
f8:72:ea:ee:be:cf
I now see the controllers reporting the mobility with the new controller as 'Control Path Down', however I am at a loss as to what may be causing this?
Kind regards
Dave Bell -
Guest Wireless Tunnelling - DHCP Issue
Hi,
I'm attempting to implement Guest Anchor tunnelling between two WLC's but I've run into an odd issue I cannot find a clear answer to.
We have two 5508 WLC's, both Running 7.4.100.0.
The Guest Anchor Controller obviously resides in a DMZ, it's functionality has been proven by connecting an AP directly to it, and connecting the the guest WLAN.
The two controllers have been configured as Mobility Peers, the Mobility Tunnel between them is up (mping and eping both successful, status is up).
The Guest WLAN has been replicated on both controllers, I have set the Mobility Anchor on the WLAN. The Guest Anchor has itself as the mobility anchor and the Internal Controller has the Guest Anchor set.
DHCP is provided by the Guest Anchor's internal DHCP Server. DHCP Proxy is enabled on both Controllers, with the Option 82 format set to AP-MAC. Both Controllers WLAN settings are set to DHCP Server Override, pointed to the Management IP of the Guest Anchor and DHCP Addr. Assignment required.
The problem I'm experiencing is with connecting clients through the Internal WLC. The Client Associates to the Internal WLC and obtains a lease from the Guest Anchor and connects to the network. A few seconds later the client is dessociated from the internal controller. On every subsequent connection attempt, the client does not recieve a response to it's DHCP Requests, and hence ends up with an apipa address.
The Message logs on two controllers return the following errors:
INTERNAL CONTROLLER:
*apfReceiveTask: Jun 27 14:03:25.839: #APF-4-HANDOFF_END_RCVD: apf_mm.c:1626 Handoff end received in wrong role (peer Ip: 0.0.0.0, sender:GUEST_ANCHOR_IP, Role:0) for mobile Client_MAC
GUEST ANCHOR CONTROLLER:
*DHCP Server: Jun 27 14:03:14.466: #DHCP-4-REQIP_NOT_PRESENT: dhcpd.c:559 Received a packet without a requested ip!.
Has anyone else seen similar behaviour? Does anyone have an ideas what might be causing this?
Many Thanks,
PaulHi George,
Thanks for the reply.
The Guest WLAN on the Internal Controller is Anchored to the WLC in the DMZ. The Guest Anchor is anchored to itself.
There are only two controllers in the configuration, so breaking off one of the Anchors isn't really an option.
I have tested the Guest Anchor as a Standalone WLC by connecting an AP directly to it, in that configuration DHCP works as expected. -
Mobility Wireless Domain GROUP
Hi Everybody,
I need some of your comment and explanation regarding the configuration of Mobility Group on Wireless Unified Architecture
I have to WLC both run version 7.0.116.0, i want deploy a unified wireless on the 2 Sites, and the site are on Different network separate by Router
I want to know if i can setup a Mobility Domain Group for have a common Wireless Environment where my client can have different DHCP Ip, bu the same SSID on Both Site and permit the Roaming ?
Bellow is a Poor Design of what i Expected, just for give you a quick idea
Thank you in advancedHey,
Q: I want to know if i can setup a Mobility Domain Group for have a common Wireless Environment where my client can have different DHCP Ip, bu the same SSID on Both Site and permit the Roaming ?
A: Indeed you can.
You can add each controller to the controller mobility group, for the different IPs the two controllers will make Layer 3 roaming.
In this case you have WLC1 -> AP1 -> VLAN1 <--> Client
this client is connected to SSID and has VLAN1 IP address
Now this client has moved to AP2 -> WLC2 -> VLAN 2 (Same SSID)
WLC1 will become the anchor and WLC2 will become the foreign. Client entry will remain active in both controller, the client IP will be from VLAN1.
This means that the traffic will be sent between the two controller inside the EoIP mobility tunnel and the client had smooth roaming.
Cheers,
Nour -
Config air-lap1041n-e-k9 with cisco 5500 (5508) series wireless controller. how to?
Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number : 73-14034-04
PCA Assembly Number : 800-34273-05
PCA Revision Number : A0
PCB Serial Number : FOC16075VZ3
Top Assembly Part Number : 800-34284-03
Top Assembly Serial Number : FCZ1611W414
Top Revision Number : A0
Product/Model Number : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
ap-manager 2 untagged 209.165.200.231 Dynamic Yes No
management 1 untagged 209.165.200.230 Static Yes No
service-port N/A N/A 192.168.1.157 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, GraciasHi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 management Disabled
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast
IP Status
c4:64:13:8f:93:40 209.165.200.230 hosp 0.0.0.0
Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address Port State Tout
Authorization Servers
Idx Server Address Port State Tout
Accounting Servers
Idx Server Address Port State Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
Primary ..................................... Local DB
Timer:
Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f00000000000000000000
00
Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network Netmask Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name State Type Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
^
% Invalid input detected at '^' marker.
logging facility kern
^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established -
Guest Portal web page load is slow and timesout on occasions
Hi All,
I'm hitting a rather unusual issue with our Guest WLAN users. Firstly let me describe the topology:-
2 x 5508 WLC controllers one Foreign and one Anchor. Mobility tunnel between the two WLC's as the Guest WLAN is on the WLC sitting in the DMZ.
30+ 2702i AP's running in FlexConnect mode for Dot1X WLAN and Central Switching for Guest WLAN.
Cisco ISE 1.3 acting as Radius server and providing Authentication and Authorisation policies.
Dot1x Authentication and Authorisation works fine with Dynamic VLAN assignment based on AD memberships.
The issue is with the Guest WLAN is that from a security perspective we weren't allowed to use the Central Web Authentication using L2 MAC filtering with the L3 Security of None as described in Cisco Document: 115732.
So the Guest WLAN has been set up with no L2 security and the L3 Security of Web Policy with Web Authentication to External Server i.e. Cisco ISE and RADIUS override on the Advanced tab of the Guest WLAN.
So a client connects to the Guest WLAN SSID > receives the DHCP IP address hosted by the Anchor WLC and then one opens a browser types in the URL and the Security message is presented > Continue to this website (not recommended) selected and the process of receiving the Web Redirect Sign On Web page begins and hangs around forever.
Depending on the Client i.e. Apple IPAD the sign on page loads correctly although can be slow to start with but a successful login is completed, but with windows clients and MAC Air books there is an issue with the browser either timing out the page and a retry is necessary or we can't move beyond the following page - https://x.x.x.x:8443/portal /PortalSetup.action?portal=194a5780-5e4e-11e4-b905-005056bf2f0a?switch_url=https://1.1.1.1/login.html&client mac=00:23:4e:86:98:3c&wlan=GUEST&redirect=www.cisco.com/
Any suggestions would be really appreciated with this as it's creating a lot of frustration.
Thanks in advance.
Regards,
MarkHi Mark,
Yes Guest Cert will need to be external. Because Guest Users if they have a non-corporate laptop for example will not have your Internal Company Certs installed in their browser (that you loaded onto ISE), so they cannot trust your internal Cert.
If your open Firefox or IE under Options/Security View Certificates you will see a list, if its a Guest you will see well known public Certs like Geotrust, Verisign etc.
For my setup I brought a GeoTrust cert and loaded this into ISE, this way Guests will always Trust the Geostrust ISE cert like https://guest.com for example and the login will appear and be trusted. -
Wireless guest have no connectivity in the DMZ
Hi,
I am deploying a new wireless setup with two 2504 controllers, one for the corporate ssid and one for guest segment.
The anchor controller used for web-authentication has 1 leg in the inside network (10.x.x.x) and 1 leg in the dmz 192.168.100.x (to ASA 5515 v9.0) on the 192.168.100.0 /24 range.
The ASA has internal and external context.
The Mobility tunnel is up.
The ASA is doing DHCP, and the hosts receive IP addresses and (public) DNS 173.194.67.94.
Problem is the hosts cannot do DNS lookup and thus no redirection to the web-portal.
The ASA shows no denies. When I ping the DNS from the Anchor controller, I see the following.
Jul 11 2013 07:44:17: %ASA-6-302020: Built outbound ICMP connection for faddr 173.194.67.94/0 gaddr 10.101.114.172/815 laddr 10.101.114.172/815
Jul 11 2013 07:44:19: %ASA-6-302021: Teardown ICMP connection for faddr 173.194.67.94/0 gaddr 10.101.114.172/815 laddr 10.101.114.172/815
A packet sniffer shows that hosts connected send DNS requests and never get anything back.
How should approach this issue from here?Hi,
after some changes, the WLC can now reach the public DNS server.
However, the hosts cannot do anything. (no nslookup, no ping)
I removed web-authentication from the WLAN config to simplify troubleshooting, but even so, the result is the same.
Host receives IP address and DNS server.
When I do a packet tracer on the outside context, from the guest (wifi) segment to the DNS, I see the packet is dropped.
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
my config is:
object network Guest_wireless
subnet 192.168.100.0 255.255.255.0
access-list GUEST extended permit ip object Guest_wireless any
access-list GUEST extended permit icmp object Guest_wireless any
access-group GUEST in interface Guest_wireless
interface GigabitEthernet0/3.2
nameif Guest_wireless
security-level 40
ip address 192.168.100.254 255.255.255.0 standby 192.168.100.253
object network Guest_wireless
nat (dmz,outside) dynamic "public ip"
Thanks -
Cisco 2504 as Anchor not passing TCP 8443
Hello,
I have a very strange scenario with 2504 WLC. It is deployed as an Anchor with 5508 as the foreign. In summary, my set up is as follows:
2504 - Anchor (version 7.6.120), Port 1- MGT, Port 2 - Guest subnet, No AAA Server, Internal DHCP server
5508 - Foreign (version 7.6.101.1, Guest interface (dummy, non-routable and no vlan on switch), MAC filtering, ACL-redirect, AAA with Radius NAC.
The mobility tunnels are up and FW rule also allows DNS and TCP/8443 from the guest subnet. The guest client receives its DHCP address and queries external DNS on the DMZ, but after that nothing happens. The web redirect URL times out.
I can see hits on the FW ACL for the DNS query and response but none for TCP/8443. The client browser times out. From wireshark, I can see the client query the DNS for the ISE hostname and the DNS replies with the IP address, but I don't see the guest send a packet to ISE. It's as if the DNS packet flows through the Guest interface, but the TCP/8443 packet doesn't flow out of the Anchor WLC to the Foreign to be sent to ISE.
Please does anyone understand this very strange occurrence.After contacting Cisco TAC without a successful resolution, I discovered that Policy Set was the problem. This was very strange as the Policy set was evaluated and the correct Authz policy applied.
I had a policy set with Radius conditions equal 802.11 AND Wireless_MAB. This was to separate it from another policy set for 802.1X. The Wireless_MAB policy set was evaluated and the web redirect ACL was applied by ISE, but after that ISE didn't respond with the Guest Portal page.
As soon as I removed the condition Wireless_MAB from the policy set definition, the Guest portal worked.
I think Cisco should either evaluate the Policy set functionality and fix it or release a statement that Policy set can't work with 2 conditions defined, which I think doesn't make sense as why would I use Policy set for Radius Nas_Port_type 802.11. This means the 802.1X Policy set would be checked first (if it is first in the order) before the Wireless_MAB Policy as both use NAS_port_type of 802.11. -
Guest wireless in 7.0.98 hitting the splash page
I have set up Guest wireless before with my own customized splash screen for local authentication on version 5.xx on a 4404 controller.
I have the same task again but this time with a 2201 controller and the latest ios.
Try as hard as I can i cannot get a guest wireless user to hit the splash page where it gives the certificate warning or past that to the login box.
Is there some subtle difference in the set up with 7.0.98. I did notice that when setting up the DHCP scope for the 7.0.98 i had to use the DHCP server IP as the managment interface. On my last try with 5.x I used the 192.168.80.1 address (the guest WLAN) So there is a difference right there.
Anyway the clients get an IP address so no issue there but i cannot get the cert warning up let alone the splash page. Eveidently there is a tick box I am missing. I wouldnt mide but having done this a few times before I am really stumped. I have wiped the config and started again going through my old notes step by step plus digging out the cisco documentation.
If there any debugging I can stick on please let me know.
Thanks,
NeilThank you :-) Hopefully I have captured everything you need.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.06.27 09:22:56 =~=~=~=~=~=~=~=~=~=~=~=
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-WLC2112-K9, VID: V05, SN: JMX1520Z02W
Burned-in MAC Address............................ 64:00:F1:91:76:40
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.98.0
RTOS Version..................................... 7.0.98.0
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 7.0.98.0
Build Type....................................... DATA + WPS
System Name...................................... GB-LON-WLC1
System Location.................................. London GHO
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 10.y.y.22
System Up Time................................... 2 days 20 hrs 45 mins 31 secs
System Timezone Location.........................
Configured Country............................... GB - United Kingdom
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +48 C
--More or (q)uit current module or to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 0
Burned-in MAC Address............................ 64:00:F1:91:76:40
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. lon
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Multicast Address : 239.0.1.1
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE
1 Normal Forw Enable Auto 100 Full Up Enable N/A
2 Normal Disa Enable Auto Auto Down Enable N/A
3 Normal Disa Enable Auto Auto Down Enable N/A
4 Normal Disa Enable Auto Auto Down Enable N/A
5 Normal Disa Enable Auto Auto Down Enable N/A
6 Normal Disa Enable Auto Auto Down Enable N/A
7 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
8 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
londonap1 2 AIR-LAP1131G-E-K9 00:21:d8:48:2b:96 London GHO 1 GB 1
Press Enter to continue or to abort
AP Location
Site Name........................................ GUEST
Site Description................................. GUEST - WebAuth - London
WLAN ID Interface Network Admission Control
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 london-vlan10 Disabled
2 london-guest Disabled
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GB-LONdon 2 AIR-LAP1131G-E-K9 00:21:d8:48:2b:96 London GHO 1 GB 1
--More or (q)uit current module or to abort
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 8
Cisco AP Name.................................... Gb-london
Country code..................................... GB - United Kingdom
Regulatory Domain allowed by Country............. 802.11bg:-E 802.11a:-E
AP Country code.................................. GB - United Kingdom
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:48:2b:96
IP Address Configuration......................... DHCP
IP Address....................................... 10.y.y.12
IP NetMask....................................... 255.255.254.0
Gateway IP Addr.................................. 10.y.y.1
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Disabled
Cisco AP Location................................ London
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................ London
Primary Cisco Switch IP Address.................. 10.y.y.22
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.98.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131G-E-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FCW1244V0FQ
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 2 days, 10 h 19 m 12 s
AP LWAPP Up Time................................. 0 days, 00 h 32 m 36 s
Join Date and Time............................... Mon Jun 27 07:50:18 2011
Join Taken Time.................................. 0 days, 00 h 00 m 31 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211g
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
--More or (q)uit current module or to abort
Number Of WLANs ........................... 2
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:23:5e:4a:f9:b0
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ GB
--More or (q)uit current module or to abort
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 13
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 6
Tx Power Level 1 .......................... 14 dBm
Tx Power Level 2 .......................... 11 dBm
Tx Power Level 3 .......................... 8 dBm
Tx Power Level 4 .......................... 5 dBm
Tx Power Level 5 .......................... 2 dBm
Tx Power Level 6 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
--More or (q)uit current module or to abort
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11,12,
......................................... 13
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
--More or (q)uit current module or to abort
CleanAir Management Information
CleanAir Capable......................... No
AP does not have the 802.11a radio.
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Number Of Slots.................................. 2
AP Name.......................................... londonap1
MAC Address...................................... 00:21:d8:48:2b:96
Slot ID........................................ 0
Radio Type..................................... RADIO_TYPE_80211b/g
Sub-band Type.................................. All
Noise Information
Noise Profile................................ PASSED
Channel 1.................................... -91 dBm
Channel 2.................................... -88 dBm
Channel 3.................................... -88 dBm
Channel 4.................................... -86 dBm
Channel 5.................................... -86 dBm
Channel 6.................................... -87 dBm
Channel 7.................................... -84 dBm
Channel 8.................................... -88 dBm
Channel 9.................................... -90 dBm
Channel 10................................... -85 dBm
Channel 11................................... -83 dBm
Channel 12................................... -89 dBm
Channel 13................................... -89 dBm
Interference Information
--More or (q)uit current module or to abort
Interference Profile......................... PASSED
Channel 1.................................... -63 dBm @ 1 % busy
Channel 2.................................... -128 dBm @ 0 % busy
Channel 3.................................... -63 dBm @ 2 % busy
Channel 4.................................... -46 dBm @ 8 % busy
Channel 5.................................... -44 dBm @ 2 % busy
Channel 6.................................... -64 dBm @ 1 % busy
Channel 7.................................... -46 dBm @ 4 % busy
Channel 8.................................... -128 dBm @ 0 % busy
Channel 9.................................... -70 dBm @ 4 % busy
Channel 10................................... -128 dBm @ 0 % busy
Channel 11................................... -65 dBm @ 14 % busy
Channel 12................................... -128 dBm @ 0 % busy
Channel 13................................... -128 dBm @ 0 % busy
Load Information
Load Profile................................. PASSED
Receive Utilization.......................... 0 %
Transmit Utilization......................... 9 %
Channel Utilization.......................... 14 %
Attached Clients............................. 0 clients
Coverage Information
Coverage Profile............................. PASSED
Failed Clients............................... 0 clients
--More or (q)uit current module or to abort
Client Signal Strengths
RSSI -100 dbm................................ 0 clients
RSSI -92 dbm................................ 0 clients
RSSI -84 dbm................................ 0 clients
RSSI -76 dbm................................ 0 clients
RSSI -68 dbm................................ 0 clients
RSSI -60 dbm................................ 0 clients
RSSI -52 dbm................................ 0 clients
Client Signal To Noise Ratios
SNR 0 dB.................................. 0 clients
SNR 5 dB.................................. 0 clients
SNR 10 dB.................................. 0 clients
SNR 15 dB.................................. 0 clients
SNR 20 dB.................................. 0 clients
SNR 25 dB.................................. 0 clients
SNR 30 dB.................................. 0 clients
SNR 35 dB.................................. 0 clients
SNR 40 dB.................................. 0 clients
SNR 45 dB.................................. 0 clients
Nearby APs
Radar Information
Channel Assignment Information
Current Channel Average Energy............... unknown
--More or (q)uit current module or to abort
Previous Channel Average Energy.............. unknown
Channel Change Count......................... 0
Last Channel Change Time..................... Mon Jun 27 07:50:15 2011
Recommended Best Channel..................... 1
RF Parameter Recommendations
Power Level.................................. 1
RTS/CTS Threshold............................ 2347
Fragmentation Tnreshold...................... 2346
Antenna Pattern.............................. 0
Persistent Interference Devices
Classtype Channel DC (%%) RSSI (dBm) Last Update Time
All third party trademarks are the property of their respective owners.
AP does not have the 802.11a radio.
Press Enter to continue or to abort
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Enabled
Priority 5............................... Enabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Guard Interval .............................. Any
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More or (q)uit current module or to abort
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice max limit on number of call............. 0
CAC SIP-Voice configuration
SIP Codec Type ............................... CODEC_TYPE_G711
--More or (q)uit current module or to abort
SIP call bandwidth ........................... 64
SIP call bandwith sample-size ................ 20
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Best-effort AC - Admission control (ACM)...... Disabled
Background AC - Admission control (ACM)....... Disabled
Press Enter to continue or to abort
802.11a Advanced Configuration
AP Name MAC Address Admin State Operation State Channel TxPower
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -100 dBm
Max Transmit Power............................. 100 dBm
Transmit Power Update Contribution............. SNI..
Transmit Power Assignment Leader............... GB-LON-WLC1 (10.y.y.22)
Last Run....................................... 116 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI..
CleanAir Event-driven RRM option............... Disabled
CleanAir Event-driven RRM sensitivity.......... Medium
Channel Assignment Leader...................... GB-LON-WLC1 (10.y.y.22)
Last Run....................................... 116 seconds ago
DCA Sensitivity Level.......................... MEDIUM (15 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
--More or (q)uit current module or to abort
Radio RF Grouping
802.11a Group Mode............................. AUTO
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... GB-LON-WLC1 (10.44.64.22)
802.11a Group Member......................... GB-LON-WLC1 (10.44.64.22)
802.11a Last Run............................... 116 seconds ago
802.11a CleanAir Configuration
Clean Air Solution............................... Disabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35
Interference Device Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
TDD Transmitter.......................... Enabled
Jammer................................... Enabled
Continuous Transmitter................... Enabled
DECT-like Phone.......................... Enabled
Video Camera............................. Enabled
WiFi Inverted............................ Enabled
--More or (q)uit current module or to abort
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Enabled
Canopy................................... Enabled
WiMax Mobile............................. Enabled
WiMax Fixed.............................. Enabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
TDD Transmitter.......................... Disabled
Jammer................................... Enabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Disabled
Canopy................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Additional Clean Air Settings:
CleanAir Event-driven RRM State.............. Disabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
--More or (q)uit current module or to abort
802.11a CleanAir AirQuality Summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
Press Enter to continue or to abort
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Enabled
Priority 5............................... Enabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Guard Interval .............................. Any
Beacon Interval.................................. 100
--More or (q)uit current module or to abort
CF Pollable mode................................. Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
--More or (q)uit current module or to abort
Voice AC - Admission control (ACM)............ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice max limit on number of call............. 0
CAC SIP-Voice configuration
SIP Codec Type ............................... CODEC_TYPE_G711
SIP call bandwidth: .......................... 64
SIP call bandwidth sample-size ............... 20
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
Best-effort AC - Admission control (ACM)...... Disabled
Background AC - Admission control (ACM)....... Disabled
Press Enter to continue or to abort
802.11b Advanced Configuration
AP Name MAC Address Admin State Operation State Channel TxPower
londonap1 00:23:5e:4a:f9:b0 ENABLED UP 1* 1(*)
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
--More or (q)uit current module or to abort
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -100 dBm
Max Transmit Power............................. 100 dBm
Transmit Power Update Contribution............. SNI..
Transmit Power Assignment Leader............... GB-LON-WLC1 (10.44.64.22)
Last Run....................................... 530 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds
--More or (q)uit current module or to abort
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI..
CleanAir Event-driven RRM option............... Disabled
CleanAir Event-driven RRM sensitivity.......... Medium
Channel Assignment Leader...................... GB-LON-WLC1 (10.44.64.22)
Last Run....................................... 530 seconds ago
DCA Sensitivity Level: ...................... MEDIUM (10 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... 0 days, 00 h 33 m 07 s
Average...................................... 0 days, 00 h 33 m 07 s
Maximum...................................... 0 days, 00 h 33 m 07 s
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... GB-LON-WLC1 (10.44.64.22)
--More or (q)uit current module or to abort
802.11b Group Member......................... GB-LON-WLC1 (10.44.64.22)
802.11b Last Run............................... 530 seconds ago
802.11a CleanAir Configuration
Clean Air Solution............................... Disabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35
Interference Device Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
Bluetooth Link........................... Enabled
Microwave Oven........................... Enabled
802.11 FH................................ Enabled
Bluetooth Discovery...................... Enabled
TDD Transmitter.......................... Enabled
Jammer................................... Enabled
Continuous Transmitter................... Enabled
DECT-like Phone.......................... Enabled
Video Camera............................. Enabled
802.15.4................................. Enabled
--More or (q)uit current module or to abort
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Enabled
Canopy................................... Enabled
Xbox..................................... Enabled
WiMax Mobile............................. Enabled
WiMax Fixed.............................. Enabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
Bluetooth Link........................... Disabled
Microwave Oven........................... Disabled
802.11 FH................................ Disabled
Bluetooth Discovery...................... Disabled
TDD Transmitter.......................... Disabled
Jammer................................... Enabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
802.15.4................................. Disabled
WiFi Inverted............................ Enabled
WiFi Invalid Channel..................... Enabled
SuperAG.................................. Disabled
Canopy................................... Disabled
--More or (q)uit current module or to abort
Xbox..................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Additional Clean Air Settings:
CleanAir Event-driven RRM State.............. Disabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
802.11a CleanAir AirQuality Summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
Press Enter to continue or to abort
q
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... lon
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x209c
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Status
64:00:f1:91:76:40 10.44.64.22 lon 0.0.0.0 Up
Press Enter to continue or to abort
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 2
Probe request rate-limiting interval............. 500 msec
Aggregate Probe request interval................. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Press Enter to continue or to abort
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango State:Disabled
Press Enter to continue or to abort
Interface Configuration
Interface Name................................... ap-manager
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.y.y.23
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.y.y.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Physical Port.................................... 1
Primary DHCP Server.............................. 10.y.y.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... guest
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 192.168.x.1
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.x.2
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 80
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... london-vlan10
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.x.x.149
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.x.x.20
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 10
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 10.44.64.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... management
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 10.y.y.22
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.y.y.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 10.y.y.19
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... 64:00:f1:91:76:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
Press Enter to continue or to abort
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... corporate
Network Name (SSID).............................. corporate
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ london-vlan10
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More or (q)uit current module or to abort
WLAN Configuration
WLAN Identifier.................................. 2
Profile Name..................................... Guest
Network Name (SSID).............................. GUEST
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ Guest-network
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.44.64.22
DHCP Address Assignment Required................. Enabled
--More or (q)uit current module or to abort
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
--More or (q)uit current module or to abort
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More or (q)uit current module or to abort
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
Press Enter to continue or to abort
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimite -
Guest Anchor - Web Passthrough - Apple device web redirect issue
Hi All,
I've setup a Guest Mobility Anchor at DMZ with 5508 WLC. I've setup the EoIP mobility tunnel and everything works so far.
Now, I was testing multiple clients to connect to the Guest SSID and observed that Apple devices are not redirecting url, resulting unsuccessful connection.
I looked Cisco docs and added the command "config network web-auth captive-bypass enable" on the Anchor as recommended.
Even after executing the command, I'm still facing web redirect issue with Apple Devices. I don't have any issues with other devices, except Apple.
My controller running code AirOS 7.6.130.0. I'm using DMZ controller as DHCP server for Guests and public DNS servers as 8.8.8.8 & 8.8.4.4
How to solve this web redirect issue? Will a Third-party generated CSR solves the problem?
Thanks,
CJHi All,
The issue was with WISPr Protocol with iOS Clients. After upgrading the AirOS Code on the controller to 8.0.100.0; the issue with Web Redirect is resolved.
Jagan -
GUest WLAN with Anchor WLC - roaming problems
Hello,
my wireless network consists in 3 WLC 4402 which manage 40 APs.
I have a fourth WLC which I installed on my DMZ for guest vlan anchoring and web autentication.
Everiting works fine but I have a problem:
If my client associates with an AP and then I authenticate I'm ready to make traffic. As soon as my client roams to an AP managed by a differnt WLC I need to authenticate again. If I roam back to the first AP i need to reauthenticate.
In my guest WLAN I use WEB authentication provided by the internal web server of the Anchor WLC.
Thnks everybodyHere are the output of show mobility summary.
The last WLC is the anchor.
WLC1
Symmetric Mobility Tunneling (current) .......... Disabled
Symmetric Mobility Tunneling (after reboot) ..... Disabled
Mobility Protocol Port........................... 16666
Mobility Security Mode........................... Disabled
Default Mobility Domain.......................... mob1
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x392f
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 2
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Sta
tus
00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up
WLC2
Symmetric Mobility Tunneling (current) .......... Disabled
Symmetric Mobility Tunneling (after reboot) ..... Disabled
Mobility Protocol Port........................... 16666
Mobility Security Mode........................... Disabled
Default Mobility Domain.......................... mob1
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x392f
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 2
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Sta
tus
00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up
WLC3
Symmetric Mobility Tunneling (current) .......... Disabled
Symmetric Mobility Tunneling (after reboot) ..... Disabled
Mobility Protocol Port........................... 16666
Mobility Security Mode........................... Disabled
Default Mobility Domain.......................... mob1
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x392f
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 2
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Sta
tus
00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up
WLCAnchor
(Cisco Controller) >show mobility summary
Symmetric Mobility Tunneling (current) .......... Disabled
Symmetric Mobility Tunneling (after reboot) ..... Disabled
Mobility Protocol Port........................... 16666
Mobility Security Mode........................... Disabled
Default Mobility Domain.......................... mob1
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x392f
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 4
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Sta
tus
00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up
00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up
00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up -
Flexconnect AP with auto anchor at head office
hi All,
I have a head quarters with two WLC5508 anchored to another 5508 on the DMZ. Now we want to roll out wireless guest to the branches with local switching of guest wireless traffic. The guest ssid used at head quarters is anchored to the guest controller and using webauthentication.
Question 1: Can i use the same guest SSID for branch also in this case ?
Question 2 : If i only enable "HREAP local switching" feature on the guest SSID, will the other HQ SSID's still be broadcast in the HREAP branch AP's ?
I am assuming the guest ssid at branch will take IP address from local IP subnet since its local switched, webauthentication will happen on the HQ guest controller ? and once webauth completes, guest SSID traffic will be locally switched . Is this correct ?
regards
Joe1. client sends DHCP request and gets IP on locally defined VLAN on the HREAP AP
during this, the controller get to know of the client association via the CAPWAP control message from HREAP AP
Yes, but the WLC will not get any client data since the traffic isn't going back to the WLC.
2. Client opens browser and enter website address (google.com) and gets the controller webauth login page
is this step happening in the capwap tunnel or outside it ? the TCP communication between client and WLC
This happens all inside the mobility tunnel back to the anchor wlc.
3. Client enters username and password for webauth
but the wlc virtual IP is not routed anywhere, so how will the username and password reach the wlc ? (through the capwap tunnel ? )
The WLC uses it VIP, client doesn't care. If you have a 3rd party certificate, you need to make sure the FQDN is resolvable with the VIP address or you will get a certificate error.
4. controller checks the username/password eiither locally defined or can be on a nac guest server or ISE ?
if the username/password reaches the controller, it should be able to verify the credentials wtih an external entity like NGS oR ISE ?
Well what is hosting the webauth... the WLC or NGS or ISE.... only one can do this and that is what you have to decide.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Need to understand WebAuth using 3850 MA, 5760 MC and 5508 GA
All,
I would appreciate if anyone could provide clarification on my current understanding of Converged Access mobility design for WebAuth and guest access. My setup is as follows:
(WAP)---(MA)---(MC)---(Firewall)---(GA)
Wireless Access Point (WAP) - 3500
Mobility Agent (MA) - Cisco 3850 (running IPServices)
Mobility Controller (MC) - WLC 5760
DMZ Firewall
Guest Anchor (GA) - WLC 5508 (running 7.5.110.0 and new mobility feature enabled)
I have my mobility domain configured with an SPG and the 3850 MAs configured into the domain. All status indicators are up for MC to MA and MC to GA. The WAPs are connected to the 3850 MA and appear on the MA using the command 'show ap summary'. There are also a number of WAPs that associate directly to the 5760 MC.
My configuration on the MC has a guest wireless service using WebAuth, which anchors over to the GA. Clients connecting to the WebAuth service on WAPs associated directly to the 5760 MC receive and IP address from the GA DMZ and are redirected to the GA WLC. This is as expected with the usual centralized wireless model.
My initial thoughts with the Mobility Agents (MA) was that it was a simple case of pointing the 3850s to the MC and the wireless service (WLAN) configurations would automatically appear. Through configuration tests and converged access deployment guides, I now believe this to no longer be the case. Therefore, for MAs to advertise wireless services they have to be individually configured. Am I correct with my thoughts?
This was proved with a Secure 802.1x WLAN on the MA and it was a simple case of replicating the 5760 Secure WLAN on the MA.
For the deployment of WebAuth wireless services on the MA 3850 switches, I have not managed to find a guide that explains how an MA anchors wireless clients to the GA. I have found documents that describe combined MC/MA configurations to GA, but not when the 3850 is just an MA. Is it is case that:
1. MA WebAuth wireless service is configured to anchor to the GA using the command 'mobility anchor <GA IP Address>'. This would require the DMZ firewall to allow mobility tunnels between the MA to GA and MC to GA, or;
2. MA WebAuth wireless service is configured to anchor to the MC using the command 'mobility anchor <MC IP Address>'. This would mean the traffic from the MA for WebAuth is tunneled to MC and then onwards to GA.
I suspect option 1 is the correct method, but would appreciate confirmation.
Also, I have not configured a Mobility Oracle (MO) since I only have one MC and the GA. If it is advisable to do, then would it be best to enable the MO on the MC or GA?
Thanks in advance
IanHi Ian,
It is a long post & many questions
I will try to answer as much as I can.
"I have not configured a Mobility Oracle (MO) since I only have one MC and the GA. If it is advisable to do, then would it be best to enable the MO on the MC or GA?"
No, you don't want MO unless your set-up is extremely large (it is similar to use of BGP route reflector to reduce complexity of having full mesh)
"My initial thoughts with the Mobility Agents (MA) was that it was a simple case of pointing the 3850s to the MC and the wireless service (WLAN) configurations would automatically appear. Through configuration tests and converged access deployment guides, I now believe this to no longer be the case. Therefore, for MAs to advertise wireless services they have to be individually configured. Am I correct with my thoughts?"
Yes, you have to configure your WLAN configuration in MC & MA, it won't automatically propagate to MA.
"For the deployment of WebAuth wireless services on the MA 3850 switches, I have not managed to find a guide that explains how an MA anchors wireless clients to the GA. I have found documents that describe combined MC/MA configurations to GA, but not when the 3850 is just an MA"
I have not configured this, but this is my understanding. You would configure MA WLAN pointing to GA as mobility anchor. Still traffic will transit through MC as it will manage MA & SPG (any thing outside SPG should go through MC)
Here is the some useful reference information I gathered over the timel. (white paper is the one you should read to cover everything)
https://supportforums.cisco.com/discussion/11984726/converged-access-design-information
HTH
Rasika
*** Pls rate all useful responses ****
Maybe you are looking for
-
Master Data Text Used as Line Items in ODS
Hi Experts! </br></br> I would just like to know if I can use the text I loaded of master data Revenue Type from R/3 in BW? </br></br> What I have done already is that I have created a customized extractor in R/3 under the CO-PA-IO node in RSA6 (sinc
-
Sub-contracting challan reconcilation..?
hi all I have problem in reconcilation of callan, While doing reconcilation , its showing error as challan already completed.. But still the challan is not reconciled, in status its showing completed. Thanks sap-mm
-
Hi All, My requirement to automatically change the schedule line dates (ETDAT) in a sales order when the requested delivery date (KETDAT) of the document is changed. The schedule line dates should automatically change to the date that is changed in t
-
Hi Guru, I have a problem in setting up a billing plan. Here is the criteria that must met 1) Billing Date must be the end of month 2) Contract Last for 1 year 3) There should have ONLY 12 invoices generated. e.g. Contract Start Date: 23/06/2009 Cont
-
Color rings on 1131's not showing blue when devices associated
Hello, I have some 1131's that host wireless SSID's, and most are working as per the documentation, meaning that the color ring is light green when waiting for a connection, and turns blue once an association happens. We seem to have uncovered two AP