Prime, MSE and WLC NMSP Status
I have a 5508 WLC and have loaded a demo of Prime 2.1 and MSE 8.0.
The NMSP status is showing as inactive in Prime and MSE and therefore the clients are not showing on the map I have loaded.
Any ideas?
MSE doesn't sync with WLC when added with PI 2.1.1
CSCup93101
Description
Symptom:
NMSP is not active between MSE and WLC when added using PI 2.1.1.
Conditions:
This applies to only MSE added Prime Infrastructure after upgrade to 2.1.1 on Prime Infrastructure.
If the MSE was already added to Prime Infrastructure in 2.1 or previous releases, and then upgrade to PI 2.1.1 was performed customers will not run into the NMSP problem between MSE and WLC after the PI upgrade to PI 2.1.1.
Workaround:
Push a template (Templates > Features and Technologies > Controller > Security > AAA > AP or MSE Authorization) with MSE MAC address and key hash.
Please contact Cisco TAC for a patch.
Last Modified:
Dec 11,2014
Status:
Fixed
Severity:
2 Severe
Product:
Network Level Service
Known Affected Releases:
(1)
2.1(1)
Similar Messages
-
Hi
Just installed Prime 1.3, currently upgrading wlc's to 7.0.240 (WiSM), we have a MSE as well, what version should this be on, currently on 7.0.230 as this matched the WCS?
I'm sure I read somewhere it had to be the same version as the controllers or the WCS.Hi,
on this link you can find all compatibility information
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html -
Hello,
I need to develop a solution of wIPS, but I'm not sure about the compatibility between the MSE and the WLC. My WLC is in 7.6.100 version and the MSE is 3310 model. Reviewing documentation, the MSE can only update until 7.3 version. Somebody knows if the version between wlc and mse must match, or which are the restrictions. Additionally, i can use Prime I or WSC, we have both systems.but I'm not sure about the compatibility between the MSE and the WLC.
Here is the compatibility information.
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#pgfId-148604
My WLC is in 7.6.100 version
You should consider upgrade this to min 7.6.130.0 as that is the stable code of 7.6.x software train.
MSE is 3310 model. Reviewing documentation, the MSE can only update until 7.3 version. Somebody knows if the version between wlc and mse must match, or which are the restrictions.
It does not need to be exact match between WLC & MSE versions. Refer release notes of each product & version, it will listed the new features added in each releases. Since MSE 3310 not supporting 7.3.x onward, I would plan for MSE migration anyway. You can go with VM in later versions of MSE & no need to buy hardware for that.
Additionally, i can use Prime I or WSC, we have both systems
Go with Prime as WCS is not supported any longer. What's the reason still keeping the WCS ?
HTH
Rasika
**** Pls rate all useful responses **** -
Prime Infrastructure and WLC 2504 N+1 config syncronization
I've setup 2 cisco 2504 WLC's in a N+1 configuration, before we purchased Prime Infrastructure. Now I'm trying to syncronize the configurations between the two devices in PI. I've setup a configuration group, and it seems using templates will keep the configuration syncronized between the two devices. Is it possible for PI to automatically create the templates based on the current configuration of the device. Plus with PI 2.1 it seems like I have to create a template for every section of the configuration, shouldn't there be just one large template that has all the configurations.
Yes, you should be able to discover templates from the WLC
HTH,
Steve -
MSE NMSP status inactive after WLC 5508 HA failover
I have a customer who has a Prime Infrastructure 2.0 server and MSE 7.4 server for Context Aware Services. The MSE also has the AeroScout Tag Engine for Tracking the AeroScout RFID tags it has deployed. They have a WLC 5508 HA pair running version 7.4 at their main campus, and two other standalone WLC 5508s at 2 other smaller campuses. The issue they are having is that when a failover of the WLC5508 HA pair occurs at their main campus, they lose tracking of the WiFi and AeroScout clients. The other WLCs are not affected.
When this happens, the Prime Infrastructure show the NMSP status of the WLC5508 HA pair as inactive. The PI gives the message that the time of the WLC is before the MSE. But the PI, MSE, and WLCs are all synched to the same Campus NTP server, and the time shows the same time down to the second. I can get the WLC communicating to the MSE again by removing the Assignment of the WLC to the MSE, then re-adding it to the MSE a few minutes later.
We are not sure why the WLC 5508 HA pair occasionally fails over to the standby or back to the primary. We have not seen any cause for the HA pair failover. Is there something we need to do to the WLC HA pair so that the NMSP still works if a failover of the WLC occurs. The customer is planning on converting one of their other Standalone WLCs to a HA Pair also.That is what I have been doing. But the problem is that the I have had to do this about 3 times in the last 6 weeks. Each time correlates with a failover of the WLC 5508 pair. Will this have to be done each time there is a failover, or is there some setting on the WLCs, MSE, or Prime Infrastructure that can prevent having manually to un-assign, then re-assign the WLC to the MSE.
-
Controller - NMSP status inactive
Prime 1.2
Controller - NMSP status INACTIVE
I having a problem with one particular controller seen by my Standalone MSE
see snapshot below, I have 2 other old controllers running exactly the same code (4.2.207.0) which are seen by MSE as NMSP ACTIVE
Is there a setting I need to change on this particular controller?
NMSP Troubleshooting Checklist
Controller reachable from NCS
Controller reachable from MSE
Controller time after MSE time
MSE KeyHash present on the Controller
Controller Keyhash matches with the MSE
Pre-5.1.x.x Controller assigned to Single MSETake a look at this thread as it may help.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Virtualized WLC + Prime + MSE solution
Dear all,
we are facing some problem to deploy a virtualized localization solution made of WLC, Prime Infrastructure and MSE.
We constructed, in our lab, on a UCS C220M3 with VMWare 5.1 the following solution:
Virtual WLC version 7.3.101 (ip address 10.0.1.249)
Prime Infrastructure 1.2.0.103 (ip address 10.0.1.250)
Virtual MSE 7.3.101 (ip address 10.0.1.247)
WLC is working properly, can register APs and is properly integrated with the Prime. For the localization solution we deployed three access points:
-one 3502 in flex connect mode
-two 1142 in monitor mode
The problem came out when we started to work with the MSE. MSE has been registered inside Prime and synchronized with maps and controller.
After that we checked the maps but no information was displayed. So we started facing the problem and we found that the NMSP protocol remained inactive even if the troubleshooting windows didn't report any explicit issue.
At this stage we started checking the debug messages and in particular, for the NMSP we countinuously received the follwing message:
*nmspRxServerTask: Nov 17 17:55:09.777: Allocated new NMSP connection 0
*nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit: SSL_new() conn ssl 0x2aaaae71ab88
*nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
*nmspRxServerTask: Nov 17 17:55:09.778: -- returns WANT_READ for conn ssl 0x2aaaae71ab88
*nmspRxServerTask: Nov 17 17:55:09.778: sslConnectionInit() success with Connection state: INIT, SSL state: HANDSHAKING
*nmspRxServerTask: Nov 17 17:55:09.785: doSSLRecvLoop: Handshake has not completed for conn 0
*nmspRxServerTask: Nov 17 17:55:09.785: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
*nmspRxServerTask: Nov 17 17:55:09.785: -- returns WANT_READ for conn ssl 0x2aaaae71ab88
*nmspRxServerTask: Nov 17 17:55:10.100: doSSLRecvLoop: Handshake has not completed for conn 0
*nmspRxServerTask: Nov 17 17:55:10.100: sslConnectionInit: SSL_do_handshake for conn ssl 0x2aaaae71ab88, conn state: INIT, SSL state: HANDSHAKING
*nmspRxServerTask: Nov 17 17:55:10.100: -- handshake failed for conn ssl 0x2aaaae71ab88,error = error:00000000:lib(0):func(0):reason(0)
*nmspRxServerTask: Nov 17 17:55:10.100: freeing Nmsp conn ssl 0x2aaaae71ab88, conn id 0
Also the statistics for the NMSP protocol emphatized an SSL error:
(Cisco Controller) >show nmsp statistics summary
NMSP Global Counters
Client Measure Send Fail......................... 0
Send RSSI with no entry.......................... 0
APP msg too big.................................. 0
Failed Select on Accept Socket................... 0
Failed SSL write................................. 0
Partial SSL write................................ 0
SSL write returned zero.......................... 0
SSL write attempts to want read.................. 0
SSL write attempts to want write................. 0
SSL write got default error...................... 0
SSL write max data length sent................... 0
SSL write max attempts to write in loop.......... 0
SSL read returned zero........................... 0
SSL read attempts to want read................... 0
SSL read attempts to want write.................. 0
SSL read got default error....................... 0
Failed SSL read - Con Rx buf freed............... 0
Failed SSL read - Con/SSL freed.................. 0
Max records read before exiting SSL read......... 0
--More-- or (q)uit
Highest Prio Tx Q full........................... 0
Normal Prio Tx Q full............................ 0
Highest Prio Tx Q Sent........................... 0
Normal Prio Tx Q Sent............................ 0
Highest Prio Tx Q count.......................... 0
Normal Prio Tx Q count........................... 0
Messages sent by APPs to Highest Prio TxQ........ 0
Max Measure Notify Msg........................... 0
Max Info Notify Msg.............................. 0
Max Highest Prio Tx Q Size....................... 0
Max Normal Prio Tx Q Size........................ 0
Max Rx Size...................................... 1
Max Info Notify Q Size........................... 0
Max Client Info Notify Delay..................... 0
Max Rogue AP Info Notify Delay................... 0
Max Rogue Client Info Notify Delay............... 0
Max Client Measure Notify Delay.................. 0
Max Tag Measure Notify Delay..................... 0
Max Rogue AP Measure Notify Delay................ 0
Max Rogue Client Measure Notify Delay............ 0
Max Client Stats Notify Delay.................... 0
Max RFID Stats Notify Delay...................... 0
RFID Measurement Periodic........................ 0
--More-- or (q)uit
RFID Measurement Immediate....................... 0
SSL Handshake failed............................. 1319
NMSP Rx detected con failure..................... 0
NMSP Tx detected con failure..................... 0
NMSP Tx buf size exceeded........................ 0
NMSP Tx Invalid msg id .......................... 0
Reconnect Before Conn Timeout.................... 0
Rogue AP Info Changed DB Full.................... 0
Rogue AP Meas Changed DB Full.................... 0
Rogue Client Info Changed DB Full................ 0
Rogue Client Meas Changed DB Full................ 0
Looking around the Internet we found a similar case where the issue was solved dealing with the authorization list upon the wireless lan controller but after the suggested check we saw that the MSE is correctly authorized inside the controller: Here's the "show auth-list" on the WLC:
(Cisco Controller) >show auth-list
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
APs Allowed to Join
AP with Manufacturing Installed Certificate.... no
AP with Self-Signed Certificate................ no
AP with Locally Significant Certificate........ no
Mac Addr Cert Type Key Hash
00:0c:29:68:c8:57 LBS-SSC 6d6703ef9cccfb5a430e04b3ad128f8170fb435c
that perfectly matches what was on the MSE:
cmd> show server-auth-info
invoke command: com.aes.server.cli.CmdGetServerAuthInfo
AesLog queue high mark: 50000
AesLog queue low mark: 500
Server Auth Info
MAC Address: 00:0c:29:68:c8:57
Key Hash: 6d6703ef9cccfb5a430e04b3ad128f8170fb435c
Certificate Type: SSC
Finally I tried to look around the MSE logs and here what I found tailing the locserver errors:
==> /opt/mse/logs/locserver/locserver-error-0-0.log <==
11/17/12 17:54:13.513 ERROR[locp] [36] Error in ConnectHandler(endPoint) <LocpSessionTarget mode=CLIENT><LocpEndPoint status=HANDSHAKE totalBytesSent=72000 totalBytesReceived=1315800><LocpEndPoint.Key host=10.0.1.249 port=16113/></LocpEndPoint></LocpSessionTarget>
11/17/12 17:54:13.513 ERROR[com.aes] [36] [ConnectHandler:handle-09] THROW
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1128)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1100)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)
at com.aes.server.locp.transport.IOChannelSecure.doHandshake(IOChannelSecure.java:230)
at com.aes.server.locp.transport.LocpTransportService$ConnectHandler.handle(LocpTransportService.java:354)
at com.aes.server.locp.transport.ChannelEventDispatcherImpl$HandlerTask.run(ChannelEventDispatcherImpl.java:348)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1528)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952)
at com.aes.server.locp.transport.IOChannelSecure.doTasks(IOChannelSecure.java:265)
at com.aes.server.locp.transport.IOChannelSecure.doHandshake(IOChannelSecure.java:193)
... 8 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:346)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:111)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 15 more
Everything seems to bring to a certificate error but I don't know, from a side if this is the right direction of investigfation and, from the other, where to check for this certificate and how to find a solution.
May someone give us some help?
Thank in advance to all.
Regards.
MarcoHi Pongsatorn,
This is caused by a bug with the ID - CSCub42987. And yes, it only applies to the Virtual WLC's.
Here is the work-around: (need to be performed from the CLI of the MSE as follows)
1. cmdshell
2. config unauthenticated-nmsp true
3. exit
4. service msed restart
Ram. -
Prime 1.3 and WLC 7.6 Can I push guest accounts?
Hi all
My Customer needs to update the WLC to 7.6 (from 7.4) due to 3700 APs, but does not use the ac or other new features (yet).
He has a Prime 1.3 update 4, where the guest Account are created.
Can he, after the WLC Upgrade to 7.6.130.0 still see the WLC from Prime 1.3 and Push guest accounts to the WLC?
The migration to PI 2.1 will be planned.
Thanks
WillemCisco Prime 1.3 doesn't support 7.6 please check the compatibility matrix
Table 4 Cisco Prime Infrastructure and Cisco Wireless Release Compatibility Matrix
Cisco Prime Infrastructure
Cisco WLC
Cisco MSE
ISE
Remarks
Update 4 for 1.3.0.20
Update 1 for 1.3.0.20
1.3.0.20
7.4.121.0
7.4.110.0
7.4.100.60
7.4.100.0
7.3.112.0
7.3.101.0
7.2.115.2
7.2.111.3
7.2.110.0
7.2.103.0
7.0.250.0
7.0.240.0
7.0.235.3
7.0.235.0
7.0.230.0
7.1.91.0
7.0.220.0
7.0.116.0
7.0.98.218
7.0.98.0
7.4.121.0
7.4.110.0
7.4.100.0
7.3.101.0
7.2.110.0
7.2.103.0
7.0.240.0
7.0.230.0
7.0.220.0
7.0.201.204
7.0.112.0
7.0.105.0
1.0
1.1
1.2 -
MSE wIPS services - NMSP Connection active/not active
Hi all,
Recently deployed Prime Infra 1.3.0.20, MSE 7.4.110.0 and WLC 7.4.110.x.
The CAS and wIPS services are up but wIPS Profiles can't be push to controller.
Though when using GUI, NMSP is active..
..but when using CLI via /opt/mse/wips/bin/wips_cli, sometimes it will display no WLC found then seconds later it will display Pending donwload to controller, NMSP connection -> No response
wIPS>show wlc all
No WLC found
wIPS>
wIPS>
wIPS>show wlc all
WLC MAC Profile Profile Status IP NMSP Connection Status
XX:XX:XX:XX:XX:E0 Default Pending download to controller xx.xxx.xx.68 No Response
wIPS>show wlc all
WLC MAC Profile Profile Status IP NMSP Connection Status
XX:XX:XX:XX:XX:E0 Default Pending download to controller xx.xxx.xx.68 No Response
wIPS>show wlc all
No WLC found
Screenshot in wIPS Profile Assignment
MSE output command using /etc/init.d/msed status
STATUS:
Health Monitor is running
Starting MSE Platform, Waiting to check the status.
MSE services are up, getting the status
Server Config
Product name: Cisco Mobility Service Engine
Version: 7.4.110.0
Health Monitor Ip Address: 1.1.1.1
High Availability Role: 1
Hw Version: V01
Hw Product Identifier: AIR-MSE-VA-K9
Hw Serial Number: XXXXXX
Use HTTP: false
Legacy HTTPS: false
Legacy Port: 8001
Log Modules: -1
Log Level: INFO
Days to keep events: 2
Session timeout in mins: 30
DB backup in days: 2
Services
Service Name: Context Aware Service
Service Version: 7.4.0.45
Admin Status: Enabled
Operation Status: Up
Service Name: WIPS
Service Version: 1.0.4041.0
Admin Status: Enabled
Operation Status: Up
Service Name: Mobile Concierge Service
Service Version: 2.0.0.37
Admin Status: Disabled
Operation Status: Down
Service Name: Location Analytics Service
Service Version: 1.0.0.12
Admin Status: Disabled
Operation Status: Down
Server Monitor
Server start time: Mon Sep 30 22:57:16 PHT 2013
Server current time: Tue Oct 01 15:09:26 PHT 2013
Server timezone: Asia/Manila
Server timezone offset: 28800000
Restarts: 3
Used Memory (bytes): 613409344
Allocated Memory (bytes): 1328349184
Max Memory (bytes): 1908932608
DB virtual memory (kbytes): 0
DB virtual memory limit (bytes): 0
DB disk memory (bytes): 18164721280
DB free size (kbytes): 0
Active Sessions
Session ID: 30483
Session User ID: 1
Session IP Address: 1x.xx.xx.5
Session start time: Mon Sep 30 22:58:39 PHT 2013
Session last access time: Tue Oct 01 15:09:19 PHT 2013
Default Trap Destinations
Trap Destination - 1
IP Address: xx.xx.xx.4
Last Updated: Mon Sep 30 22:58:42 PHT 2013
Context Aware Service
Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 4069
Active Wireless Clients: 3800
Active Tags: 0
Active Rogue APs: 218
Active Rogue Clients: 0
Active Interferers: 51
Active Wired Clients: 0
Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 6000
Active Sessions: 1
Wireless Clients Not Tracked due to the limiting: 0
Tags Not Tracked due to the limiting: 0
Rogue APs Not Tracked due to the limiting: 0
Rogue Clients Not Tracked due to the limiting: 0
Interferers Not Tracked due to the limiting: 0
Wired Clients Not Tracked due to the limiting: 0
Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 0
Context Aware Sub Services
Subservice Name: Aeroscout Tag Engine
Admin Status: Disabled
Operation Status: Down
Subservice Name: Cisco Tag Engine
Admin Status: Enabled
Operation Status: Up
+++++++++++++++++++++++++
Could this be the results of DB free size (kbytes): 0? means I don't enough space for my database?
Regards,
DaveHello Rasmus,
I got NMSP issue while configuration so i did troubleshoot and root cause i found is please synchronize your appliances clock with NTP Server:
Thanks. -
MSE and Zones (Cisco Connected Mobile Experience)
Hello everybody,
I am trying to do Cisco Connected Mobile Experience work using Cisco Prime 1.3, MSE 7.4, WLC 7.4 (everything virtual appliance) and Meridian App.
It is working well, but although I have configured some zones on Cisco Prime, it is not shown on MSE and Meridian.
What can be happening? Why aren't zones shown?Dear andre.ortega,
we have similar project.
And may be you can help me, geting answers for my questions.
1. MSE v 7.5 will support navigation features. Can MSE output this information via API to Mobile Apps?
2. did u investigate other solutions for mobile apps then Meridian?
thank you. -
WCS and WLC AP values not fully in sync.
I have recently added several new aps on my network,after they connect to the controller, I set a hostname, and change the ip address to a static. However, WCS still sees the aps by the old ip and host name despite going into each one, hitting audit, and then save, any way to fix this? Thanks.
You may want to also consider the following:
1) Both the WCS and the WLC need to be at the same major revs (i.e.: The if the WCS is at v4.2, then the WLC should also be at 4.2). Failure to do so results in some significantly bizarre behavior such as errors after an audit - at least that was my experience.
2) You may have better success if you make the change from the WCS which pushes the change to the WLC and that way the WCS is already aware of the change. (Normally, this should work - I know of one instance where it does not: changing Master Controller Mode from the WCS).
3) If you feel strongly about making the change in the WLC (and are running a newer version of code in the WCS/WLC - i.e.: 4.x), there is a setting that forces the WLC to send configuration changes to the WCS once APPLY and "Save Configuration" are clicked:
From the *WCS*, click on Configure->Controllers and click on the controller you wish to change, and check the "Refresh on Save Config Trap" check box and click OK.
This will cause the controller to push any configuration changes up to the WCS after an APPLY and "Save Configuration" are clicked.
4) In terms of getting the WCS to actually synch up with the controller (assuming the WCS and WLC are at the same rev. levels), you may need to do what I did (this was subsequent to upgrading to v4.2 in both the WLC and WCS and having chronic "mismatch" status between the WCS and WLC):
From the WCS:
Configure->Controllers, check the controllers you wish to synch up. From the dropdown, select "refresh config from controller"
Next, select the DELETE option (instead of the RETAIN option). I believe that there are bugs in the software that upgrades earlier revisions to 4.2. I know that it might seem undesirable to DELETE information in the WCS, however, if you choose "DELETE", it seems to get rid of the residual information from the previous revisions that did not upgrade properly and the WCS will now be in synch with the controllers. DELETING the other settings makes the audit errors go away.
Subsequent audits may go better for you after performing the step shown above. However, you may need to repeat this process in item 4 above once or twice more until the database gets cleaned up, but after that my own experience has been that the WCS and WLC will eventually stay in synch.
It is unfortunate that we are forced to come up with workarounds like these when the software should clearly be able to handle this on its own, but we do what we must to get the job done.
Hope this helps,
- John
(Please rate helpful posts) -
Migrating APs and WLCs to other subnets
At the moment we have 2 and WLCs with 50 licenses and almost 100 LAPs (with fixed IP-address and with configured controller address).
I want to move the WLCs to VLAN 150 (192.168.150.0/24) and the LAPs to VLAN (192.168.160/24).
To do this do I need to change the fixed configuration of every AP to the correct IP-address and than place them in de correct VLAN and if all LAPs changed the IP-address of the controller and place him in correct VLAN? Our is there a easier way to do this.
I have read something about giving a option in the DHCP scope but I don't think that wil work in my situation because I have 2 controllers.There are multiple ways of doing this.
If you have WCS or Prime, you could push Primary Controller information to all you AP with new controller IP information (since it is not live, it won't affect AP). In this way one you change the WLC IP, AP will join your new controller as primary controller.
As Leo suggested you can use DNS or DHCP option 43 method as well. In DHCP option 43, you can give multiple controllers IP if you want. But if these two controllers are in same mobility group, irrespective of the option 43 config, AP will get to know about available controllers as long as they reach any one of your controller.
HTH
Rasika
*** Pls rate all useful responses **** -
please i have ordered for Bottom Case of white macbook (late 2009)for over 2 months now and the repair status is still processing. is dat normal? i really need the bottom case asap, how can i get it
Call Apple. Contact Apple for support and service
This is a user to user forum, we don't work for Apple. -
my phone will not load past the apple icon when trying to turn on. all it has on the screan is apple icon and a blank status bar. whats wrong? and what can i do?
Hi, Just put phone in the recovery mode and restore to the factory settings. It should work.
-
Ask the Expert: Cisco BYOD Wireless Solution: ISE and WLC Integration
With Jacob Ideji, Richard Hamby and Raphael Ohaemenyi
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the new Identity Solutions Engine (ISE) and Wireless LAN Controller (WLC) hardware/software, integration, features, specifications, client details, or just questions about Cisco's Bring-your-own device (BYOD) solution with cisco Experts Richard Hamby, Jacob Ideji, and Raphael Ohaemenyi. The interest in BYOD (Bring You Own Device) solutions in the enterprise has grown exponentially as guests and company users increasingly desire to use personal devices to access . Cisco BYOD enhances user experience and productivity while providing security, ease-of-administration, and performance. The heart of the Cisco wireless BYOD solution is Identity Solutions Engine (ISE) utilizing the Cisco Unified Wireless portfolio. Starting with ISE v1.1.1MR and WLC (Wireless LAN Controller) code v7.2.110.0 and higher, end-to-end wireless BYOD integration is reality.
Jacob Ideji is the technical team lead in the Cisco authentication, authorization and accounting (AAA) security team in Richardson, Texas. During his four years of experience at Cisco he has worked with Cisco VPN products, Cisco Network Admission Control (NAC) Appliance, Cisco Secure Access Control Server, and Dot1x technology as well as the current Cisco Identity Services Engine. He has a total of more than 12 years experience in the networking industry. Ideji holds CCNA, CCNP, CCSP, CCDA, CCDP, and CISM certifications from Cisco plus other industry certifications.
Richard Hamby works on the Cisco BYOD Plan, Design, Implement (PDI) Help Desk for Borderless Networks, where he is the subject matter expert on wireless, supporting partners in the deployment of Cisco Unified Wireless and Identity Services Engine solutions. Prior to his current position, Hamby was a customer support engineer with the Cisco Technical Assistance Center for 3 years on the authentication, authorization, accounting (AAA) and wireless technology teams.
Raphael Ohaemenyi Raphael Ohaemenyi is a customer support engineer with the authentication, authorization and accounting (AAA) team in the Technical Assistance Center in Richardson, Texas, where he supports Cisco customers in identity management technologies. His areas of expertise include Cisco Access Control Server, Cisco Network Admission Control (NAC) Appliance, Cisco Identity Services Engine, and IEEE 802.1X technologies. He has been at Cisco for more than 2 years and has worked in the networking industry for 8 years. He holds CCNP, CCDP, and CCSP certification.
Remember to use the rating system to let Jacob, Richard and Raphael know if you have received an adequate response.
Jacob, Richard and Raphael might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the wireless mobility sub community forum shortly after the event. This event lasts through Oct 5th, 2012. Visit this forum often to view responses to your questions and the questions of other community members.OOPS !!
I will repost the whole messaqge with the correct external URL's:
In general, the Trustsec design and deployment guides address the specific support for the various features of the 'whole' Cisco TS (and other security) solution frameworks. And then a drill-down (usually the proper links are embedded) to the specifc feature, and then that feature on a given device. TS 2.1 defines the use of ISE or ACS5 as the policy server, and confiugration examples for the platforms will include and refer to them.
TrustSec Home Page
http://www.cisco.com/en/US/netsol/ns1051/index.html
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/at_a_glance_c45-654884.pdf
I find this page very helpful as a top-level start to what features and capabilities exist per device:
http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
The TS 2.1 Design Guides
http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
DesignZone has some updated docs as well
http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#~bng
As the SGT functionality (at this point) is really more of a router/LAN/client solution, the most detailed information will be in the IOS TS guides like :
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/sec-usr-cts-xe-3s-asr1000-book.html
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html
Maybe you are looking for
-
New Mac Pro 2.66 Ghz Nehalem Quad and FCP and Compressor
When something goes well for a change it deserves its rightful place in the posts of this discussion forum. I just completed my hook-up and an initial test on my new Nehalem quad Mac Pro, and I must say that once in a while things do work out. 1. The
-
White Screen: xf86-video-ati and Compiz After Trying fglrx? [SOLVED]
I have an ATI Radeon X1200 graphics card. I recently tired the ATI proprietary catalyst driver (and catalyst-utils) from the AUR. They did not work well for me, so I uninstalled them. I had run "aticonfig -initial" but, after removing catalyst and
-
How to install custom Resource Adapter
Hi I have writen the java class for the Custome Resource adapter and I loaded the .class file into web-inf classes folder.I followed the installation steps given in the deployement document.In that I am not understanding one step i.e "Install .class
-
First Arch install - networking locks up the computer...help!
Hi everyone, I've been wanting to try Arch for a while now and the latest versions of Ubuntu have severely annoyed me with their Windows like behaviour and wizards so I decided to give it a try. I've done my best to figure this out but am still stuck
-
Jni using progress bar problem
Hi i am new in jni application actually my project is j2ee(servlet,jsp) based. In my one of project module we need to call vb ocx for large processing in background so it is time taking and my framwork is pure mvc based so how i have to show progress