RD (Rogue Detector) or RLDP (Rogue Location Discovery Protocol)

Hi all,
Cisco documentaion states that there are two ways for detecting Rogues.
Rogue Detector Access Point
You can make an AP operate as a rogue detector, which allows it to be placed on a trunk port so that it can hear all wired-side connected VLANs. It proceeds to find the client on the wired subnet on all the VLANs. The rogue detector AP listens for Address Resolution Protocol (ARP) packets in order to determine the Layer 2 addresses of identified rogue clients or rogue APs sent by the controller. If a Layer 2 address that matches is found, the controller generates an alarm that identifies the rogue AP or client as a threat. This alarm indicates that the rogue was seen on the wired network.
Rogue Location Discovery Protocol (RLDP)
RLDP is an active approach, which is used when rogue AP has no authentication (Open Authentication) configured. This mode, which is disabled by default, instructs an active AP to move to the rogue channel and connect to the rogue as a client. During this time, the active AP sends deauthentication messages to all connected clients and then shuts down the radio interface. Then, it will associate to the rogue AP as a client.
The AP then tries to obtain an IP address from the rogue AP and forwards a User Datagram Protocol (UDP) packet (port 6352) that contains the local AP and rogue connection information to the controller through the rogue AP. If the controller receives this packet, the alarm is set to notify the network administrator that a rogue AP was discovered on the wired network with the RLDP feature.
So how do you turn on the latter (RLDP)?
Many thx indeed
Ken
The following modes of operations exist:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml
Q. What are the different modes in which a lightweight access point (LAP) can operate?
A. An LAP can operate in any of these modes:
•Local mode—This is the default mode of operation. When an LAP is placed into local mode, the AP will transmit on the normally assigned channel. However, the AP also monitors all other channels in the band over a period of 180 seconds to scan each of the other channels for 60ms during the non-transmit time. During this time, the AP performs noise floor measurements, measures interference, and scans for IDS events.
•REAP mode—Remote Edge Access Point (REAP) mode enables an LAP to reside across a WAN link and still be able to communicate with the WLC and provide the functionality of a regular LAP. REAP mode is supported only on the 1030 LAPs.
•H-REAP Mode— H-REAP is a wireless solution for branch office and remote office deployments. H-REAP enables customers to configure and control access points (APs) in a branch or remote office from the corporate office through a WAN link without the need to deploy a controller in each office. H-REAPs can switch client data traffic locally and perform client authentication locally when the connection to the controller is lost. When connected to the controller, H-REAPs can also tunnel traffic back to the controller.
•Monitor mode—Monitor mode is a feature designed to allow specified LWAPP-enabled APs to exclude themselves from handling data traffic between clients and the infrastructure. They instead act as dedicated sensors for location based services (LBS), rogue access point detection, and intrusion detection (IDS). When APs are in Monitor mode they cannot serve clients and continuously cycle through all configured channels listening to each channel for approximately 60 ms.
Note: From the controller release 5.0, LWAPPs can also be configured in Location Optimized Monitor Mode (LOMM), which optimizes the monitoring and location calculation of RFID tags. For more information on this mode, refer to Cisco Unified Wireless Network Software Release 5.0.
Note: With controller release 5.2, the Location Optimized Monitor Mode (LOMM) section has been renamed Tracking Optimization, and the LOMM Enabled drop-down box has been renamed Enable Tracking Optimization.
Note: For more information on how to configure Tracking Optimization, read the Optimizing RFID Tracking on Access Points section.
•Rogue detector mode—LAPs that operate in Rogue Detector mode monitor the rogue APs. They do not transmit or contain rogue APs. The idea is that the rogue detector should be able to see all the VLANs in the network since rogue APs can be connected to any of the VLANs in the network (thus we connect it to a trunk port). The switch sends all the rogue AP/Client MAC address lists to the Rogue Detector (RD). The RD then forwards those up to the WLC in order to compare with the MACs of clients that the WLC APs have heard over the air. If MACs match, then the WLC knows the rogue AP to which those clients are connected is on the wired network.
•Sniffer mode—An LWAPP that operates in Sniffer mode functions as a sniffer and captures and forwards all the packets on a particular channel to a remote machine that runs Airopeek. These packets contain information on timestamp, signal strength, packet size and so on. The Sniffer feature can be enabled only if you run Airopeek, which is a third-party network analyzer software that supports decoding of data packets.
•Bridge Mode— Bridge mode is used when the access points are setup in a mesh environment and used to bridge between each other.

Found this in another post here on the forum :
There are 3 ways to detect rogue Aps:
1. Ap in monitor mode (sits and scans all channels. Can detect rogue Aps under 30 seconds
2. RLDP (done passively from normal Aps. Can take up to 15 minutes to detect rogue AP)
3. Rogue Detector (looks for broadcast packets from wireless clients on wired network)
For case number 2, a normal AP would be one in local or h-reap connected mode that normally have clients attached, but that are going off channel occasionally to scan for rogues / noise. The process of trying to validate that there is a network attached rogue (RDLP enabled) could likely be service interrupting depending on your AP layout.
-John

Similar Messages

LabVIEW Implementation of VXI-11 Discovery Protocol

Has anyone implemented the VXI-11 discovery protocol using LabVIEW? I know I can use MAX to detect LXI instruments, but I like my code to be able to perform inventory functions independent of MAX. Is there a way to call the discovery routine within MAX from LabVIEW?
Chris
Practical Physics, LLC
www.practicalphysicsllc.com
National Instruments Alliance Partner
Certified LabVIEW Developer

Hello Chris,
If the device is not registered in MAX, then it will not show up using this method. However, if you know the IP address of the instrument, then you can add it manually. There is no way to have MAX scan for instruments programmatically. Here is a tutorial on LXI.
Thank you,
Ryan
National Instruments
Applications Engineer

HP printers support LLDP (e.g. Link Layer Discovery Protocol)?

Hi,
We need to know if when a HP printer is connected to a network swtich or not and hence enable LLDP? But, I still don't see the HP printer? Do HP printers support LLDP?
Thanks,
Jason

Hello @jmui!
Thank you for posting on the HP Forums!
Would you be able to provide me with the full model number of the printer?
If you are unsure of how to locate the model number please click here: Locating the Model Number
Thanks again!
Cbert
I work on behalf of HP.
Please click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos, Thumbs Up" at the bottom of this post to say “Thanks” for helping!

Link Layer Discovery Protocol (LLDP)

Hello !
Have anybody any info regarding LLDP support on Cisco switches ?

Hi !
>We have CDP already running , we dont need LLDP :-)
I guess many other customer need LLDP when they
have a mixed enviroment with switchs from other vendors.
More and more switches (non Cisco) have support for LLDP, and they have NOT support for CDP.

Rogue Detector question

I have 2 controllers 2106 both with the same mobility group, I have 3 APs in one controller and 3 APs on the other. I have just one rogue detector. Do I need a rogue detector on both or just in one controller?

Rogue detection is not bound by any regulations and no legal adherence is required for its operation. However, rogue containment usually introduces legal issues that can put the infrastructure provider in an uncomfortable position if left to operate automatically. Cisco is extremely sensitive to such issues and provides these solutions. Each controller is configured with a RF Group name.Once a Lightweight AP registers with a controller, it embeds an authentication Information Element (IE) that is specific to the RF Group configured on the controller in all its beacons/probe response frames. When the Lightweight AP hears beacons/ probe response frames from an AP either without this IE or with wrong IE, then the Lightweight AP reports that AP as a rogue, records its BSSID in a rogue table, and sends the table to the controller. There are two methods, namely Rogue Location Discovery Protocol (RLDP) and passive operation. These two are described in detail in the link below.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml
As you can see from above all APs listen for rogues based on the above criteria but this is costly in resource overhead and is better solved by placing certain APs in rogue detection mode. This will become even more invaluable with the advent of the IDS/IPS solution.

Rogue APs/Clients

A couple of quick questions here (5508 WLC, 1142N APs).
I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore. Ideas?
Thank you,

Q1 ans:
#Both are different technique to find rogue on wire.
#Rogue detector is an AP mode that is applicable per AP.
#RLDP is an global feature that is applicable on AP modes - local, hreap & monitor. Security>> WPS>> General>> RLDP>> drop down menu.
#AP on Rogue Detector mode(listens arp on wire) is not similar to RLDP(that uses wireless).
#AP on Rogue Detector mode will not enable their Radios, so wireless client connection is not possible. The AP will be connected to trunk port of the switch and listens for arp entries on all VLANs, it compares the arp entry against Rogue AP & client info collected by WLC through APs, if it matches then it will make rogue on wire. its not very accurate method.
#AP on RLDP serves client but don't enable this feature on Local/hreap mode AP servicing voice clients(since AP goes off channel and connect to rogue AP that interrupts client service), use dedicated Monitor mode AP for this purpose. When RLDP feature is enabled cisco AP act as wireless client and connect to rogue AP and ping the management interface of WLC, on reply the Rogue AP will be marked as 'Rogue on wire'.
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b40901.shtml
Q2 ans:
Check First & Last Time Reported On WCS/NCS that stores the history of Rogues.
If you've external trap server setup then it should be there as well.
Security>> WPS>> General>> Expiration Timeout for Rogue AP and Rogue Client entries - configurable between 240 & 3600 secs. If the rogue is not reported/refreshed with in this time frame then it will get deleted from WLC.
Q3 ans:
It is suggested to talk to them to reduce their AP power levels if they're seen very high.
If your client talks to their AP(which is detected as Rogue by WLC) then your own client will be marked as rogue client.
Enable MFP - global Infrastructure mfp for AP & per wlan mfp for Client as mandatory to avoid attacks.

How to Prevent or Block Rogue APs from Joining Your Wired or Wireless WLANs

Hi all, I deployed a WLAN with 1 WLC 4400 and 5 1252AP. I do not see the way to Block Rogue APs from Joining the Wired or Wireless WLANs

PART 1
There are three parts to this:
1. detect - automatic
2. classify - by default APs are untrusted/unknown, various methods can be configured to classify them as trusted and threat (connected to wired network).
3. over the air contain (aka mitigate) - in 4.x this is manual, in 5.x you can configure auto-containment
First you need to detect. WLC does this automatically out of the box. It listens the air for unknown APs, clients and ad-hocs. Are you seeing Rogue APs under Monitor > Rogues > Rogue APs?
Next, you can manually classify rogue APs as "known" (internal or external). Starting with 5.0 you can also build rogue rules based on RSSI, SSID, Clients, etc. If an AP is classified as "known" (internal or external), WCS stops alerting you.
Another key classification piece is to detect whether or not the rogue AP is physically connected to your network which is a high security risk. There are three ways WLC can detect it and neither of them is automatic. You must configure these methods manually.
1. Rogue AP Detector, aka ARP sniffing. You have to dedicate one AP as "Rogue Detector" (change AP mode from local to rogue detector). Configure the port the AP is connected to as switchport mode trunk (normally it's switchport mode access). Rogue Detector AP turns off and doesn't use its radios. When WLC detects rogue APs it can also detect the MAC addresses of any clients associated to that rogue APs, and the rogue detector AP simply watches each hardwire trunked VLAN for ARP requests coming from those rogue AP clients. If it sees one, WLC automatically classifies the rogue AP as "threat" indicating that the rogue AP is physically connected to your network. It doesn't actually do anything with the rogue AP, it simply classifies it and alerts you. Also, keep in mind that this method doesn't work if the rogue AP is a Wireless Router, because Wireless Routers NAT and ARP requests don't propagate to the wire.
2. RLDP. Rogue Location Discovery Protocol. This feature is by default turned off and can be enabled under Security > Wireless Protection Policies > Rogue Polices. This feature works only when the rogue SSID is open, meaning that it's not using WEP/WPA/802.1x. When you enable RLDP, your WLC will pick some AP (you can't pick manually) which hears Rogue AP traffic, it will temporarily shut off its radio, turn it into a client, and instruct it to associate to the Rogue AP as client (this is where the requirement comes in for the Rogue SSID to be open authentication). Once associated, AP gets a DHCP IP through Rogue AP, it then sends a special small UDP port 6352 RLDP packet to every possible WLC's IP address (mgmt ip, ap manager ip, dynamic int IPs). If WLC gets one of those packets, it means that rogue AP is physically connected to your network. This method will work when Rogue AP is a Wireless Router. But this method is not recommended. It has an adverse effect on your wireless clients because RLDP AP goes offline for a period of time disconnecting your clients and forcing them to associate to another AP. Also, keep in mind, that WLC runs this RLDP process *once* per detected rogue AP. It doesn't periodically do this, it only does it once. In some later WLC versions, you can configure RLDP to run only on "monitor mode" APs, eliminating impact on your clients. Also, you can manually trigger RLDP for a rogue AP from CLI "config rogue ap rldp initiate ". You can "debug dot11 rldp" to see the process.
3. Switchport Tracing (need WCS, and WLC 5.1). This is a later feature that requires WCS. You can add your Catalyst switches to WCS, and WCS will look at CDP information and MAC tables on your switches to detect whether or not Rogue AP is connected to your network. This works with secured and NAT rogues. You can also *manually* instruct WCS to shut down the switchport that Rogue AP is connected to.

AP Rogues 'On Network'

We see several Rogue APs in our network which are, according to WCS, not 'On Network'. However, most of them do turn out to be 'On Network': their MAC address appears as connected&active in a switch port. I wonder if this is because the 'On Network' status is never re-examined after first detection? Any suggestions?

A couple of questions
1) What LWAPs are you using
2) Have you enabled Rogue Location Discovery protocol
3) Have you configured dedicated Rogue detector LWAPs
4) Have you got legacy Autonomous APs on your network

Rogue Policies Configuration

While creating Rogue policies based on SSIDs or RSSI value, should we select "AllAps" for Rogue Location Discovery Protocol ?

The access points will detect rogue AP's by default. Enabling RLDP can and will cause issue in your environment if the access point is also serving clients. Please review what RLDP does before enabling that. Typically it would be enabled an access points that are in monitor mode, not set I sing clients.
Scott

Anyone captured an RLDP trace

I have not been able to get WiSM controllers on 4.x code to detect a wire-side rogue with open auth (Cisco AP and Apple Airport Express). It did find the open Airport AP once when running 3.x code, but has not since the upgrade.
Has anyone succcessfully captured the Rogue Location Discovery Protocol in action (and has a trace they can share)? Anyone seen an LWAPP AP associate through a Rogue and report it back to the controller?
Thanks,

In order for an AP to be detected as a rogue, the following conditions must be present :
-the AP must be 'seen' at least 2 times (through beacons or probes)
-the AP's mac must also be seen on the wired segment
-the AP must be sending beacons or probes
-the AP must be on channel & band that is being monitored.
you may refer to the configuration guide for more information, hope this helps :
http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_chapter09186a00806b0757.html#wp1107407

Config air-lap1041n-e-k9 with cisco 5500 (5508) series wireless controller. how to?

Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9    (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number                          : 73-14034-04
PCA Assembly Number                  : 800-34273-05
PCA Revision Number                  : A0
PCB Serial Number                    : FOC16075VZ3
Top Assembly Part Number             : 800-34284-03
Top Assembly Serial Number           : FCZ1611W414
Top Revision Number                  : A0
Product/Model Number                 : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
        ^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name                   Port Vlan Id IP Address      Type    Ap Mgr Gu
est
ap-manager                       2    untagged 209.165.200.231 Dynamic Yes    No
management                       1    untagged 209.165.200.230 Static Yes    No
service-port                     N/A N/A      192.168.1.157   Static No     No
virtual                          N/A N/A      1.1.1.1         Static No     No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, Gracias

Hi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis"    , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
           STP   Admin   Physical   Physical   Link   Link
Pr Type   Stat   Mode     Mode      Status   Status Trap     POE    SFPType
1 Normal Forw Enable Auto       1000 Full Up     Enable N/A     1000BaseTX
2 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
3 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
4 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
5 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
6 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
7 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
8 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name             Slots AP Model             Ethernet MAC       Location
     Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID          Interface          Network Admission Control
1               management           Disabled
AP Name             Slots AP Model             Ethernet MAC       Location
     Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
      802.11a Low Band........................... Enabled
      802.11a Mid Band........................... Enabled
      802.11a High Band.......................... Enabled
802.11a Operational Rates
    802.11a 6M Rate.............................. Mandatory
    802.11a 9M Rate.............................. Supported
    802.11a 12M Rate............................. Mandatory
    802.11a 18M Rate............................. Supported
    802.11a 24M Rate............................. Mandatory
    802.11a 36M Rate............................. Supported
    802.11a 48M Rate............................. Supported
    802.11a 54M Rate............................. Supported
802.11n MCS Settings:
    MCS 0........................................ Supported
    MCS 1........................................ Supported
    MCS 2........................................ Supported
    MCS 3........................................ Supported
    MCS 4........................................ Supported
    MCS 5........................................ Supported
    MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
    MCS 7........................................ Supported
    MCS 8........................................ Supported
    MCS 9........................................ Supported
    MCS 10....................................... Supported
    MCS 11....................................... Supported
    MCS 12....................................... Supported
    MCS 13....................................... Supported
    MCS 14....................................... Supported
    MCS 15....................................... Supported
802.11n Status:
    A-MPDU Tx:
        Priority 0............................... Enabled
        Priority 1............................... Disabled
        Priority 2............................... Disabled
        Priority 3............................... Disabled
        Priority 4............................... Disabled
        Priority 5............................... Disabled
        Priority 6............................... Disabled
        Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
   Voice AC - Admission control (ACM)............ Disabled
   Voice max RF bandwidth........................ 75
   Voice reserved roaming bandwidth.............. 6
   Voice load-based CAC mode..................... Disabled
   Voice tspec inactivity timeout................ Disabled
   Voice Stream-Size............................. 84000
   Voice Max-Streams............................. 2
Video AC:
   Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
   Video max RF bandwidth........................ Infinite
   Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
    Minimum...................................... unknown
    Average...................................... unknown
    Maximum...................................... unknown
Channel Dwell Times
    Minimum...................................... unknown
    Average...................................... unknown
    Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
    Allowed Channel List......................... 36,40,44,48,52,56,60,64
    Unused Channel List.......................... 100,104,108,112,116,120,124,
                                                  128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
    802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
    802.11b/g 1M Rate............................ Mandatory
    802.11b/g 2M Rate............................ Mandatory
    802.11b/g 5.5M Rate.......................... Mandatory
    802.11b/g 11M Rate........................... Mandatory
    802.11g 6M Rate.............................. Supported
    802.11g 9M Rate.............................. Supported
    802.11g 12M Rate............................. Supported
    802.11g 18M Rate............................. Supported
    802.11g 24M Rate............................. Supported
    802.11g 36M Rate............................. Supported
    802.11g 48M Rate............................. Supported
    802.11g 54M Rate............................. Supported
802.11n MCS Settings:
    MCS 0........................................ Supported
    MCS 1........................................ Supported
    MCS 2........................................ Supported
    MCS 3........................................ Supported
    MCS 4........................................ Supported
--More or (q)uit current module or to abort
    MCS 5........................................ Supported
    MCS 6........................................ Supported
    MCS 7........................................ Supported
    MCS 8........................................ Supported
    MCS 9........................................ Supported
    MCS 10....................................... Supported
    MCS 11....................................... Supported
    MCS 12....................................... Supported
    MCS 13....................................... Supported
    MCS 14....................................... Supported
    MCS 15....................................... Supported
802.11n Status:
    A-MPDU Tx:
        Priority 0............................... Enabled
        Priority 1............................... Disabled
        Priority 2............................... Disabled
        Priority 3............................... Disabled
        Priority 4............................... Disabled
        Priority 5............................... Disabled
        Priority 6............................... Disabled
        Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
   Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
   Voice Stream-Size............................. 84000
   Voice Max-Streams............................. 2
   Voice max RF bandwidth........................ 75
   Voice reserved roaming bandwidth.............. 6
   Voice load-based CAC mode..................... Disabled
   Voice tspec inactivity timeout................ Disabled
   Video AC - Admission control (ACM)............ Disabled
   Video max RF bandwidth........................ 50
   Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
    Minimum...................................... unknown
    Average...................................... unknown
    Maximum...................................... unknown
Channel Dwell Times
    Minimum...................................... unknown
    Average...................................... unknown
    Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
    802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address        IP Address       Group Name                        Multicast
IP     Status
c4:64:13:8f:93:40 209.165.200.230 hosp                              0.0.0.0
        Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Disabled
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
   802.11 Authentication:........................ Open System
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Enabled
         AES Cipher.............................. Enabled
      Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT(802.11r)............................. Disabled
         FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   H-REAP Local Switching........................ Disabled
   H-REAP Learn IP Address....................... Enabled
   Infrastructure MFP protection................. Enabled
   Client MFP.................................... Optional
   Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID     IP Address            Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
    Test Mode.................................... Off
    Probe User Name.............................. cisco-probe
    Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address    Port    State     Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address    Port    State     Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address    Port    State     Tout
Authorization Servers
Idx Server Address    Port    State     Tout
Accounting Servers
Idx Server Address    Port    State     Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
    Primary ..................................... Local DB
Timer:
    Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
    EAP-FAST:
      Server key ................................
      TTL for the PAC ........................... 10
      Anonymous provision allowed ............... Yes
      Authority ID .............................. 436973636f00000000000000000000
00
      Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name                # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network          Netmask               Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
      KEY: * = Channel is legal in this country and may be configured manually.
           A = Channel is the Auto-RF default in this country.
           . = Channel is not legal in this country.
           C = Channel has been configured for use by Auto-RF.
           x = Channel is available to be configured for use by Auto-RF.
         (-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
    802.11bg     :
    Channels     :                   1 1 1 1 1
                 : 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E   ,-E   ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
    802.11a      :                         1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
    Channels     : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
                 : 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E   ,-E   ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address        Classification     # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID         State              # APs   Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address        State              # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name               State    Type          Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
        ^
% Invalid input detected at '^' marker.
logging facility kern
        ^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established

802.11b/g interface reset periodically on same AP

Hi;
We use wlc4404 with 1242ag AP series.
Only on two AP which located remote site, (we have dedicated 20 mbit metro ethernet line between main site and remote site) periodically we get these logs. meanwhile clients is reconnect of course
'802.11b/g' interface of AP 'IST_TEM_3' associated to controller 'WLC4404-1 (10.50.1.4)' is down. Reason: Radio channel set.
'802.11b/g' interface of AP 'IST_TEM_3' associated to controller 'WLC4404-1 (10.50.1.4)' is up. Reason: Radio channel set.
'802.11b/g' interface of AP 'IST_TEM_3' associated to controller 'WLC4404-1 (10.50.1.4)' is down. Reason: Rogue Location Discovery Protocol start.
'802.11b/g' interface of AP 'IST_TEM_3' associated to controller 'WLC4404-1 (10.50.1.4)' is up. Reason: Rogue Location Discovery Protocol stop.
what do you suggest to solve this issue ?
Best regards
Umut

7.0.250.0
AP ios : 12.4(23c)JA8

ITunes 11 Stops Responding to Bonjour Discovery Multicast Broadcasts, Why? This stops the the Apple TV 3 from being able to start a new stream from the home share and the iPad remote app can no longer see the home share too.

I'm having an issue where my Apple TV 3 and all our iPads periodically seem to loose connectivity to an iTunes home share on a Windows 7 PC. Using a network protocol analyser on the PC I have identified that the point of failure corresponds to the ATV3 sending a bonjour discovery request and getting no reply from iTunes. Why the ATV3 'forgets' where the home share is is possibly another issue but the root cause of the failure is that iTunes, or more specifically the mDNSResponder service, is not responding to the UDP multicast port 5353 broadcast discovery packet sent by the ATV3 or iPad. The mDNSResponder service does start responding again after iTunes is restarted thus making the home share accessible once more, however, this frequent drop out is unacceptable and often happens after only a single TV show has been watched from the home share making the solution unworkable for a family, we simply cannot be restarting iTunes constantly it ruins the user experience completely!
The nature of this failure indicates that the ATV3, the iPads, the host PC and network are all working correctly and the point of failure here is the lack of response to the bonjour discovery protocol with the net result of either a spinning 'connecting to home share' message or the home share just disappearing from the computers section.
If there is a configuration fix for this please let me know as I haven't located a fix! Otherwise this seems very much to be a code flaw in iTunes 11 or the mDNSResponder and I would appreciate some input from Apple! Going on other questions in these forums it would seem the problem is not limited to Windows PCs but also Macs too. NB: This is not a TCP issue, when the ATV3 or iPad knows the IP of the iTunes server all works flawlessly, it just periodically they seem to refresh the list of home shares and at this point they loose the information about the home share they have just been using because of the non-response to the UDP multicast discovery broadcast packet, that is arriving at the host PC and isn't being blocked by the firewall.
Many Thanks!

In my case there was no import from a former mac.
My problem (at least mine) is that no app that offers media sharing works properly. Neither itunes home sharing nor AirVideo nor EyeTV sharing.
So I'm pretty sure that this is network issue.
Adding another user on my mac and sharing a new library works not also. But sharing from another laptop in my WiFi works. So this has to be a network issue on my mac, not only my user, but an issue of the whole system.
But I'm not willing to reinstall MacOS X for that if I don't have to.

2008 R2 GPO - Turn network discovery on not working

Hi
I'm migrating several computers into a new domain with ADMT but all computer migrated (XP,7 and 8) could not enable network discovery.
I've made a GPO (found on technet) that should work but users still are unable to browse network. Gpo is applied (checked with rsop) and sincerly i've no ideas on what to check to understand why the GPO is not working. Any idea on something to check or change?
I copy the gpo here to check it.. thanks in advance
Computer Configuration (Enabled)hide
Policieshide
Windows Settingshide
Security Settingshide
Windows Firewall with Advanced Securityhide
Global Settingshide
Policy
Setting
Policy version
2.10
Disable stateful FTP
Not Configured
Disable stateful PPTP
Not Configured
IPsec exempt
Not Configured
IPsec through NAT
Not Configured
Preshared key encoding
Not Configured
SA idle time
Not Configured
Strong CRL check
Not Configured
Inbound Ruleshide
Name
Description
Network Discovery (Pub-WSD-In)
Inbound rule for Network Discovery to discover devices via Function Discovery. [UDP 3702]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
17
Local port
3702
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
fdrespub
Allow edge traversal
False
Group
Network Discovery
Network Discovery (LLMNR-UDP-In)
Inbound rule for Network Discovery to allow Link Local Multicast Name Resolution. [UDP 5355]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
17
Local port
5355
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
dnscache
Allow edge traversal
False
Group
Network Discovery
Network Discovery (WSD-In)
Inbound rule for Network Discovery to discover devices via Function Discovery. [UDP 3702]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
17
Local port
3702
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
fdphost
Allow edge traversal
False
Group
Network Discovery
Network Discovery (SSDP-In)
Inbound rule for Network Discovery to allow use of the Simple Service Discovery Protocol. [UDP 1900]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
17
Local port
1900
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
Ssdpsrv
Allow edge traversal
False
Group
Network Discovery
Network Discovery (WSD Events-In)
Inbound rule for Network Discovery to allow WSDAPI Events via Function Discovery. [TCP 5357]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
6
Local port
5357
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Allow edge traversal
False
Group
Network Discovery
Network Discovery (WSD EventsSecure-In)
Inbound rule for Network Discovery to allow Secure WSDAPI Events via Function Discovery. [TCP 5358]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
6
Local port
5358
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Allow edge traversal
False
Group
Network Discovery
Network Discovery (NB-Datagram-In)
Inbound rule for Network Discovery to allow NetBIOS Datagram transmission and reception. [UDP 138]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
17
Local port
138
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Allow edge traversal
False
Group
Network Discovery
Network Discovery (NB-Name-In)
Inbound rule for Network Discovery to allow NetBIOS Name Resolution. [UDP 137]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
17
Local port
137
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Allow edge traversal
False
Group
Network Discovery
Network Discovery (UPnP-In)
Inbound rule for Network Discovery to allow use of Universal Plug and Play. [TCP 2869]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Authorized users
Protocol
6
Local port
2869
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Allow edge traversal
False
Group
Network Discovery
Outbound Ruleshide
Name
Description
Network Discovery (Pub WSD-Out)
Outbound rule for Network Discovery to discover devices via Function Discovery. [UDP 3702]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Protocol
17
Local port
Any
Remote port
3702
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
fdrespub
Group
Network Discovery
Network Discovery (LLMNR-UDP-Out)
Outbound rule for Network Discovery to allow Link Local Multicast Name Resolution. [UDP 5355]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Protocol
17
Local port
Any
Remote port
5355
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
dnscache
Group
Network Discovery
Network Discovery (WSD-Out)
Outbound rule for Network Discovery to discover devices via Function Discovery. [UDP 3702]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Protocol
17
Local port
Any
Remote port
3702
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
fdphost
Group
Network Discovery
Network Discovery (UPnPHost-Out)
Outbound rule for Network Discovery to allow use of Universal Plug and Play. [TCP]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Protocol
6
Local port
Any
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
upnphost
Group
Network Discovery
Network Discovery (SSDP-Out)
Outbound rule for Network Discovery to allow use of the Simple Service Discovery Protocol. [UDP 1900]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
%SystemRoot%\system32\svchost.exe
Action
Allow
Security
Require authentication
Authorized computers
Protocol
17
Local port
Any
Remote port
1900
ICMP settings
Any
Local scope
Any
Remote scope
Local subnet
Profile
All
Network interface type
All
Service
Ssdpsrv
Group
Network Discovery
Network Discovery (WSD Events-Out)
Outbound rule for Network Discovery to allow WSDAPI Events via Function Discovery. [TCP 5357]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Protocol
6
Local port
Any
Remote port
5357
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Group
Network Discovery
Network Discovery (WSD EventsSecure-Out)
Outbound rule for Network Discovery to allow Secure WSDAPI Events via Function Discovery. [TCP 5358]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Protocol
6
Local port
Any
Remote port
5358
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Group
Network Discovery
Network Discovery (NB-Datagram-Out)
Outbound rule for Network Discovery to allow NetBIOS Datagram transmission and reception. [UDP 138]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Protocol
17
Local port
Any
Remote port
138
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Group
Network Discovery
Network Discovery (NB-Name-Out)
Outbound rule for Network Discovery to allow NetBIOS Name Resolution. [UDP 137]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Protocol
17
Local port
Any
Remote port
137
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Group
Network Discovery
Network Discovery (UPnP-Out)
Outbound rule for Network Discovery to allow use of Universal Plug and Play. [TCP]
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled
True
Program
System
Action
Allow
Security
Require authentication
Authorized computers
Protocol
6
Local port
Any
Remote port
Any
ICMP settings
Any
Local scope
Any
Remote scope
Any
Profile
All
Network interface type
All
Service
All programs and services
Group
Network Discovery
Connection Security Settingshide
Administrative Templateshide
Policy definitions (ADMX files) retrieved from the local machine.
Network/Link-Layer Topology Discoveryhide
Policy
Setting
Comment
Turn on Mapper I/O (LLTDIO) driver
Enabled
Allow operation while in domain
Enabled
Allow operation while in public network
Enabled
Prohibit operation while in private network
Enabled
Policy
Setting
Comment
Turn on Responder (RSPNDR) driver
Enabled
Allow operation while in domain
Enabled
Allow operation while in public network
Enabled
Prohibit operation while in private network
Enabled
User Configuration (Enabled)hide
No settings defined.

Hi,
To enable Network Discovery, we need to make sure that the following dependency services are started on clients:
DNS Client
Function Discovery Resource Publication
SSDP Discovery
UPnP Device Host
Regarding this point, the following article can be referred to for more information.
You cannot turn on Network Discovery in Network and Sharing Center in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012
http://support.microsoft.com/kb/2722035
We can use group policy to control these services.
Regarding this point, the following article can be referred to for more information.
How to use Group Policy to control Services
http://www.grouppolicy.biz/2010/08/how-to-use-group-policy-to-control-services/
Best regards,
Frank Shen

E4200 - IPv6 Neighbor Discovery

Hi,
I am currently developping an embedded IPv6 stack and I needed to get an IPv6 compatible router to perform different tests. I purchased an E4200 router, knowing that the latest firmware includes Native IPv6 support. On Cisco blog, I read that the router should now support RFC6204:
"While many of the base IPv6 specifications have been available for years, the IETF published RFC 6204 which defines the basic requirements for an IPv6 home router as recently as April 2011. IP is one of the most important protocols to the Internet, and IPv6 is the biggest change in IP in over 30 years. We want to be careful that the implementations we ship work well and adhere to the latest standards so that we do not hinder the adoption of IPv6 by content providers and ISPs."
Source: http://blogs.cisco.com/consumer/linksys-e4200-wireless-router-supports-ipv6/
My first test step involved the Neighbor Discovery Protocol and RFC6204 clearly states the following:
"The IPv6 CE router MUST support router behavior according Neighbor Discovery for IPv6 [RFC4861]"
My first question is the following: Is it normal that I don't see any 'Router Advertisement' messages send by the router? According to RFC4861, it is not.
It must day that my ISP doesn't support IPv6 so it doesn't assign a global IPv6 address to my router. However, I only require to have a link-local IPv6 link (at least for now). Can it explain why the router doesn't send periodic "Router Advertisement" messages?
Second, the router correcty responds to my "Neighbor Solicitation" messages when I try to ping the link-local address. But
it is not responding to my "Router Solicitation" messages. It's also conflicting with RFC4861.
Does someone know what is going on with Neighbor Discovery on that router? I will appreciate any comments & replies.
Many thanks!

Many thanks for you input. We decided to return the consumer router and we purchased a CISCO 881. The IOS software is much more flexible and it actually do what we want.
IPv6 experts are not easy to find so if you don't mind, I would have another question on a behavior I observed recently with our CISCO 881 router.
I implemented the ICMPv6 echo request functionnality and it works fine when I try to reach different hosts on my network.
However, I also tested it by using the link-local IP address of my router as the target. First, my stack sends a Neighbor Solicitation message (using IPv6-MCAST dest MAC address) to resolve the router IP address (assuming it is not yet on the router list) . The router reply back with a Neighbor Advertisement message, but does not includes the 'Target link-layer address' option into its message.
However, according the the RFC4861 (page 25), in Neighbor Advertisement messages, the Target link-layer address "option MUST be included on link layers that have addresses when responding to multicast solicitations."
It looks like a bad implementation; I was expecting the Neighbor Advertisement message, even if sent by a router, to include the Target link-layer option when responding to my multicast Neighbor Solicitation. Do you agree with that?
Simon

RD (Rogue Detector) or RLDP (Rogue Location Discovery Protocol)

Similar Messages

Maybe you are looking for