Prime\SNMP Monitoring of dynamic interfaces
Hi - Is anyone aware of a method of monitoring the bandwidth utilisation on a dynamic interface on a WLC?
I'd like to monitor the traffic on each dynamic interface to generate usage stats on centrally switched guest and employee SSID's.
Thanks
You have to get that stats from switch where you defined those SVI. WLC dynamic interface not terminate any L3 traffic & switch SVI is the place to go.
If you have netflow monitoring or simple snmp monitoring tool, you can get that stats from the switch.
HTH
Rasika
**** Pls rate all useful responses ****
Similar Messages
-
Cisco Prime Infrastructure is a damned nightmare of browser bugs (some features work in IE8, some in IE9, and some only in Firefox). And I am not sure if what I am experiencing is a browser bug - or a real bug - or something that I was able to do before and can't any more? I would love for someone to either explain why this is happening to me, or reproduce the bug!
I'm running Prime 2.1.1. I am doing this ...
Configure > Controller Template Launchpad
System > Dynamic Interface
Select a command > Add interface (GO)
Enter all the properties - roll to the bottom of the page, and click Apply to Controllers
I have four controllers. And normally I would add an interface for each controller. But I can only create two out of the four. It doesn't matter which two I choose. When I click Add under Manage Interfaces for the third controller, I cannot click the Done button to apply it (see screenshot, attached). I have found that if I change the VLAN to something else, it will let me save it. But ... why? I went back and reviewed all of my existing interface templates and I am not doing anything different. Although, they were all created a long while ago using WCS 7.x.
Any help, guidance, or confirmation of insanity would be appreciated.
-Steve BallantyneI doubt I will get any hits on this here but I always try. I opened a TAC case. I will come back and comment on whatever they find.
-
Issue Apply Dynamic Interface from Prime
Hi all,
I have some problems applying a Dynamic Interface Template from prime to my WLC:
Prime: 1.3.0.20 Update 4
WLC 5508 / 7.4.110.0
I can Apply this template to older WLC versions.
The LAG mode is enabled on my WLC.
Any Idea?
WillemIf I click on "apply to controllers..." there is a list of controllers but the controller I want to apply the template to is not in this list (new controller, the first 7.4 connected to this prime, the other controllers are 4402 or 5508 all with 7.0.235.0) .
If I clear the LAG flag, there is one controller in the list but also not the one I want to apply the template to.
The controller will show up in other lists like "NTP".
I can also apply NTP Servers to this controller, what means that in general the communication is possible. -
Cisco Prime SNMP Traps Best Pratice
The Cisco Prime documentation recommends configuring switches to send SNMP traps. However it does not give any more details.
I was wondering what sorts of SNMP traps people in the community are using with Cisco Prime 2.1. I'm looking for some sort of best practice or for an idea of what traps would be the most useful to configure on the switches, to send to Prime.Hi ,
Snmp traps need to be configured only on device end , there is no config need to be done on PI.
you can enable all the traps that you want. for e.g
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
etc......
and you can monitor then in PI (Administration > System Settings > Severity Configuration, Link down)
check the below link as well:
https://supportforums.cisco.com/discussion/11919481/prime-infrastructure-20-link-status-alarms
Thanks-
Afroz
***Ratings Encourages Contributors *** -
Wrt54g - snmp monitor performance??
I am looking for a way to monitor my WRT54G v5 via SNMP.
CPU/Memory, Interface statistics.
I found the linksys mib, but i can't find in the web gui a way to enable snmp.....
Is this possible? If so, any idea on the community name??No. AFAIK the standard Linksys firmware does not allow you to activate snmp. You may check some 3rd party firmware.
-
SNMP Monitoring shows bandwidth x2
I have tried a couple SNMP monitoring applications on both my Mac and Windows machines and both are showing my WAN usage as double what it should be. I have a 15Mbps connection to the Internet and when I do a speedtest it shows as 30Mbps on the mgi1 interface. I have noticed this for awhile (pretty sure several firmware versions) but thought I would reach out to the community finally. I am running 7.6.4 on my TC Gen4.
Hi deepu vc,
For bandwidth monitoring you should use the SNMP Traffic Sensor or a NetFlow Sensor. PRTG offers various versions:
NetFlow 5
NetFlow 9
IPFIX
I linked the corresponding pages of the PRTG manual. Within the next few weeks there will also be a new Trap Receiver Sensor.
I hope this helps...
Kind regards,
Florian from Paessler AG -
Bandwith monitoring on physical interface or on tunnel interface ?
Hi All,
I would like to ask you a question .i am using solarwind monitoring tool for bandwith monioring.
I would like to know which interface we should use for monitoring ? Physical interface or tunnel interface .
I am using GRE tunnel in each of my remote locations.
and in some locations when i compare my physical interface graph and tunnel interface graph ,there is always hugh difference ,tunnel interface always has high utilization. but for some sides physical interface and tunnel interface graph are same .
please do let me know which is the best for monitoing .Hi ,
Genrally it can be posible due bandwidth configuration on tunnel interface but ther is no harm in monitoring both the interface,it is genarlly a benfit only for you as if tunnel goes down it will raise an alarm also for the same.
For exact monitoring for tunnel interface i would suggest you to check - VPNTTG (VPN Tunnel Traffic Grapher).
Advantage of VPNTTG over other SNMP based monitoring softwares is following: Other (commonly used) softwares are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peers IP address and it stores for each VPN tunnel historical monitoring data into the Database.
Hope that helps out your query !!
If helpful do rate the valauble post.
Regards
Ganesh.H -
Doubt with Dynamic Interfaces and VLANs
Hello.
I am trying to get wirelles clientes and APs to be on the same VLAN/subnet, now is working with management interface on my WLC 5508. My problem comes up when I change them to a new dynamic interface.
Before any change:
VLAN: 8
Management Interface IP: 192.168.9.2/23
Gateway: 192.168.8.1
DHCP Server: 192.168.8.2
WLAN SSID linked to Managment interface: Ray123
APs on VLAN 8 and subnet static IP range192.168.9.0/23
There is no dynamic interface.
After changes.
VLAN: 0
Management Interface: 192.168.6.2/23
Gateway: 192.168.6.1
DHCP Server: 192.168.6.2
Dynamic interface name: Wireless-1
VLAN: 8
Management Interface IP: 192.168.9.2/23
Gateway: 192.168.8.1
DHCP Server: 192.168.8.2
WLAN SSID linked to Dynamic interface: Ray123
APs still on VLAN 8 and subnet static IP range192.168.9.0/23
After all this done i can see by cdp neighbors all my APs i can ping them and management interface too, but APs are not registered, no clients too.
According to this guide:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml
Dynamic interfaces and APs should be on the same VLAN.
But this another guide states the opposite:
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html
"Set the APs in a VLAN that is different from the dynamic interface configured on the Controller. If the APs are in the same VLAN as the dynamic interface, the APs are not registered on the Controller and the 'LWAPP discovery rejected' and 'Layer 3 discovery request not received on management VLAN' errors are logged on the Controller"
I cant understand why VLANs for APs and dynamic interfaces should be on different, it has no sense to configure a vlan intended for APs which shouldnt be on the same vlan.
Please tell me what is wrong.
Thanks in advance.You have to tell the APs where the WLC lives now, 192.168.6.2.
You can do this in the following ways:
Manual Prime the APs
option 43
dns
ip forward udp 5246
move the aps to the same vlan as the management interface let them join and then chnage the vlan
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection." -
ISE and WLC dynamic interface group assignment ?
I have a somewhat large deployment coming up with several WLC dynamic interfaces assigned to an interface group, replicated across for multiple sites. I understand that ISE can return the VLAN ID to the WLC to place the client in, but if I'm using interface groups, this seems to negate the usefulness of the interface group to load clients across multiple VLANs. Not only that, but with the number of dynamic interfaces (VLAN ID's), multiplied by the number of sites, would seem to be overwhelming on the ISE side policy configuration.
Is it possible for ISE to return an Interface name/group to the WLC instead of just a VLAN ID ?
TIAI understand that WLC 7.2 code can now accept the interface group name as a AAA override, which is great, but it doesn't specify the AAA source (ISE vs. ACS).
This is the example I'm questioning: (they use the VLAN ID only, instead of an interface name)
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml#topic17
Edit:
Found the correct Attribute Under "Adv. Attribute Settings" in the Airspace Authorization Profiles (Airespace:Airespace-Interface-Name). -
Mgmt Via Dynamic Interface not working on 5505 version 7.2.111.3
Folks,
I have posted this question a couple of times on the forum but did not get a solution. I am trying to manage my 5508 controller from a dynamic interface which is assigned to port 7 of the controller. I have a switch connected to that port which has a PC on the same subnet as the dynamic interface. From the PC, I can ping the dynamic interface IP Address, but can not telnet,SSH,http or https to it. There is no clear doc that specifics how to effectly use the command "config network mgmt-via-dynamic-interface" command.
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Enable
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
173 7 173 172.16.101.100 Dynamic Yes No
management 1 172 172.16.100.100 Static Yes No
service-port N/A N/A 0.0.0.0 DHCP No No
virtual N/A N/A 1.1.1.1 Static No No
7 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
Any guidence would be highly appreciated.Im having a similar issue and have 2 TAC cases open.
TAC CASE#1: issue is that even when disbaled I can still access the dynmic interface via HTTPS/HTTPS/TELNET/SSH. But this is on a WISM1.
Thanks a lot for your quick and prompt response, I see that there is an internal Bug with an ID CSCty32586.
I see that the bug is fixed told be fixed in 7.0.230.0, but it’s not fixed. The bug is fixed in 7.2.x version.
I understand that you are using Wism on which 7.1.x version and above is not supported.
As 7.0.235.3 is released recently to overcome some of the changes and to fix some of the Bugs with older version on these devices.
Kindly try to upgrade the software version of the WLC to 7.0.235.3 and check the compatibility.
Please do let me know in case of any concerns and I will be glad to assist you.
TAC CASE#2: Just like you I can not access the dynamic interface. Still working that one .. The holiday dropped when I just opened that case.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection." -
Dynamic interface port assignment
Good Day,
I am setting up a 4402 (50 ap license ver 5.0) that will manage about 40 aps. Following the Cisco docs, I have created two ap manager intefaces for load balancing. Each physical port is attached to one of two Cat 6509s (no lag).
Our network ultimately connects to a router (over which I have no control) with six 100 mps ports each representing a subnet/vlan. So my intent is to create six dynamic interfaces each coresponding to a vlan for load balancing and bandwidth optimization.
My question regards assinging each dynamic interface to a physical port. Simple logic would have me assinging 3 interfaces to port #1 and three to port #2, then assigning a proportionate number of aps to each interface.
Is it that simple, or are there other considerations.
ThanksYou're correct. Creating a dynamic interface for each VLAN is exactly what you need to do. This will load-balance the traffic from the multiple VLANs across your links.
I would highly recommend that you consider LAGging the two uplinks. It provides better load-balancing and better redundancy. Since you're connecting to a 6509, you can LAG between two blades for redundancy purposes.
Whether you LAG or not is completely up to you, of course. But you seem to be good to go if you want to leave them unLAGged.
Jeff -
I wonder why we need Dynamic Interfaces. I have created two WLANs. One is WPA2-Enterprise obtaining vlan id's per user from Radius server and the other WEP wlan for guest users whose traffic should go to a specific guest vlan. I am using an external DHCP server and configured WLC not to proxy dhcp requests and to act as a bridge.
I had to create dynamic interfaces on WLC (we are using 5508 with software version 7) for all the VLANs which radius server returns. I could make it with only defining the dynamic interfaces and entering 0.0.0.0 for ip addresses.
For the other WLAN with WEP, I have to enter and IP for the dynamic interface to work. I am not sure if this is a requirement or my misconfiguration, but I do want a way not to set an IP address for the dynamic interface. I do not want to waste addresses and also do not want the clients to be able to access wlc through that IP address.
I appreciate any comment on why I need IP addresses for dynamic interfaces.Vadood... The WLC does use that IP address as it needs to have layer 2 connection to any subnet it will place users on. Even is your doing AAA override, the radius tell the WLC that that device needs to be on vlan x and the WLC will put that device on vlan x, but if the WLC has no IP address on that subnet, well then the communication stops there. The user will never get an IP address if using dhcp or if the device has a static, the WLC has no way to communicate to that subnet.
By the way, users can't access the dynamic interface by default. You have to enable that. But then again, they can try to access the management interface also, unless you disable globally management over wireless.
Sent from Cisco Technical Support iPhone App -
WLC DHCP Settings - Under Dynamic Interface configuration
Hi Guys,
If I have a dynamic interface that is connected to a subnet where the router interfaces have DHCP servers configured under the helper address commands, do I need to configure the DHCP fields under the dynamic interface configuration?
I have helper address configured on the connected routers AND these fields configured with the same DHCP servers.
Just wondering if I can take the IPs out of the WLC configuration?
Many thx indeed,
KenKen, the DHCP address under the dynamic interface, is the address the WLC will unicast the DHCP request to when a client tries to use that interface. Under normal operation this address is needed. There is a way to get the WLC to bridge the packet to the wire so that it is a broadcast instead of a unicast packet. CLI command is config dhcp proxy disable.
But I do believe that even if you issue the CLI command, the software wants the DHCP address listed under the dynamic interface.
HTH,
Steve -
Adding (dynamic) interfaces to WLC 2504 causes loss of network
I'm trying to add a new dynamic interface, that I will tie a specific WLAN to so that clients on that WLAN is in the correct vlan. After adding it I loose connectivity both to the main management address (10.99.0.60) and to the ip address of the dynamic interface (10.99.12.4). In fact, the dynamic interface address responds and prompts me to login, but after doing so all I get is a blank page. Here's the two interfaces pulled from the CLI - what am I doing wrong?
And oh, not adding an IP to the dynamic interface makes it impossible to use within a WLAN.
Interface Name................................... management
MAC Address...................................... c0:8c:60:c7:99:00
IP Address....................................... 10.99.0.60
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.99.0.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 31
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 10.99.0.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
IPv4 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
Interface Name................................... lan
MAC Address...................................... c0:8c:60:c7:99:04
IP Address....................................... 10.99.12.4
IP Netmask....................................... 255.255.252.0
IP Gateway....................................... 10.99.12.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 33
Quarantine-vlan.................................. 0
NAS-Identifier................................... mob-wlc
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
IPv4 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... No
Guest Interface.................................. NoSo take a look at this. I have the dynamic interface used in wlan 2 (mytestssid as shown above). Now the management address, 10.99.0.60 cant be reached:
Nmap scan report for 10.99.0.60
Host is up.
PORT STATE SERVICE
22/tcp filtered ssh
443/tcp filtered https
After removing wlan 2 and the dynamic interface, mgmt access starts to work again:
config wlan disable 2
config wlan delete wlan 2
config interface delete lan
Nmap scan report for 10.99.0.60
Host is up (0.0037s latency).
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
So... here's me adding the dynamic interface in cli AGAIN:
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 someotherssid / someotherssid Enabled management
(Cisco Controller) config> interface create lan 33
(Cisco Controller) config> interface address dynamic-interface lan 10.99.12.4 255.255.252.0 10.99.12.1
(Cisco Controller) >config wlan disable 1
(Cisco Controller) >config wlan interface 1 lan
(Cisco Controller) >config wlan enable 1
Voila, management access lost again:
Nmap scan report for 10.99.0.60
Host is up.
PORT STATE SERVICE
22/tcp filtered ssh
443/tcp filtered https
This time, there's no physical port assigned to the dynamic interface 'lan':
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
lan - 33 10.99.12.4 Dynamic No No
management 1 31 10.99.0.60 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
Adding that:
(Cisco Controller) config interface port lan 1
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
lan 1 33 10.99.12.4 Dynamic No No
Still no management access..:
Nmap scan report for 10.99.0.60
Host is up.
PORT STATE SERVICE
22/tcp filtered ssh
443/tcp filtered https
For reference, the detailed interface config (which clearly shows that 'management' should be ap mgmt.. and dynamic interface 'lan' shouldn't (and thus shouldn't affect it - RIGHT?)):
Interface Name................................... lan
MAC Address...................................... c0:8c:60:c7:99:04
IP Address....................................... 10.99.12.4
IP Netmask....................................... 255.255.252.0
IP Gateway....................................... 10.99.12.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 33
Quarantine-vlan.................................. 0
NAS-Identifier................................... mob-wlc
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
IPv4 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... management
MAC Address...................................... c0:8c:60:c7:99:00
IP Address....................................... 10.99.0.60
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.99.0.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 31
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 10.99.0.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
IPv4 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
By the way, the switchport of my (C3560G) doesnt specifically allow some VLANs - meaning they allow all vlans:
interface GigabitEthernet0/28
description cisco_wlc
switchport trunk encapsulation dot1q
switchport mode trunk
And the vlans in question are present:
31 enet 100031 1500 - - - - - 0 0
32 enet 100032 1500 - - - - - 0 0
33 enet 100033 1500 - - - - - 0 0
34 enet 100034 1500 - - - - - 0 0 -
SNMP monitoring of Oracle 10g?
Hi there,
I'm curious about using SNMP technology to monitor Oracle 10g databases.
I've done some light reading on the subject and I'm now at the stage
where I have a few questions.
-What exactly do I need to configure in my Oracle 10g environment?
-Is Enterprise Manager the best and/or only UI available for me
to carry out configuration chores?
-I see no SNMP specific documentation for 10g; why is that?
-I do see a good document for 9i:
Oracle SNMP Support Reference Guide Release 9.2.0 Part Number A96672-01
http://download-west.oracle.com/docs/cd/B10501_01/em.920/a96672/toc.htm
Is the above document suitable for configuring SNMP monitoring of Oracle
in a 10g environment?
-moiI'm able to set up traps via the EM website following these instructions:
http://download-west.oracle.com/docs/cd/B19306_01/em.102/b40002/notification.htm
However, what I'm really looking for is the ability to do snmp gets. I need functionality similar to how the old school DBSNMP under OMS used to work. These commands seem to be totally missing. I found the following documentation:
http://download-east.oracle.com/docs/cd/B19306_01/em.102/b16244/chap2.htm#sthref74
Which indicates there should be an snmp subfolder under $ORACLE_HOME/sysman, but that folder does not exist in my installation. I installed Oracle EE. Is there another package I need to install in order to make the subagent run like a normal snmp agent?
So far if I do a:
emctl start dbconsole
that starts up the EM Website and I can use that no probelm. If I...
emctl start agent -- I get:
Starting agent ... started.
issuing a 'emctl staus agent' gives me a normal status message. Things start to get strange when I try to start the subagent, which to my understanding is what I need running in order to to talk to net-snmp, which is the master agent running on this host. Here's what happens:
[zaro@cheetah bin]$ ./emctl start subagent
Oracle Enterprise Manager 10g Database Control Release 10.2.0.1.0
Copyright (c) 1996, 2005 Oracle Corporation. All rights reserved.
Starting sub agent .....started
[zaro@cheetah bin]$ ./emctl status subagent
Oracle Enterprise Manager 10g Database Control Release 10.2.0.1.0
Copyright (c) 1996, 2005 Oracle Corporation. All rights reserved.
Sub agent is not running..
I guess my question is how do I get to have the ability I used to have back in 8i to start up dbsnmp and then have my SNMP monitoring app "discover" the agent and use its instrumentation to get data?
Maybe you are looking for
-
If I have a 10% Gross Margin formula can I change one task to calculate at 15%
I am working in MS Project 2010 Pro, I have set a column with a custom field to a 10% Gross Margin formula, is there a way I can change one task to a 15% Gross Margin formula? I am also having a problem opening two project schedules at once, for some
-
Using multiple SSID with AP 1100 (standalone mode).
Hi, need to configure 2 SSID on the same 1100 AP: open authentication and WPA2. It's possible to configure these 2 SSID without configuring VLAN's ? On CCO I've read the following: http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_
-
Kinect protection - Can it be built in a Panel PC
hi I have some questions regarding Kinect and its certifications and brand protection. We are developing medical grade software (http://www.adora-med.com) Can Kinect V2 sensor be embedded in a case or panel PC (such as Kiosk implementation or similar
-
Opening InDesign 2.0 document in InDesign CS4 - is it possible?
Someone sent me an InDesign 2.0 document and I cannot open it using InDesign CS4, which is the version I have. The error message I get reads: "Cannot open [filename]. The document was edited by a pre-release version of InDesign." Is there any way to
-
Does upgrading to new pages on iPad remove older version of pages
Does upgrading to new pages on iPad remove older version of pages. In other words, after upgrading will I be able to open older Pages documents on the iPad?